System requirements

Before you deploy the product, make sure that your environment meets the hardware and software requirements.

Setting-up-BMC-Deployment-Engine

Sizing-and-scalability-considerations

System requirements

Make sure that your environment meets the following requirements:

Component

Supported Versions

Orchestration platforms

Kubernetes 1.23 – 1.29

OpenShift 4.10 – 4.14

Important:

If you are using BMC Helix Service Management in Kubernetes version 1.25, 1.26, 1.27, or 1.28 make sure that you use the baseline pod security standard for the namespace where it is being deployed.
If you are performing a fresh installation of BMC Helix Service Management on Kubernetes 1.27 or OpenShift 4.13, we recommend that you use BMC Helix Platform Common Services 23.4.00. Do not use the BMC Helix Platform Common Services version 23.2.02.

Supported Kubernetes and OpenShift platforms

The following Kubernetes and OpenShift based platforms are supported with the underlying Kubernetes or OpenShift versions as listed in the previous row.

Kubernetes management tools
- VMware Tanzu
- Rancher Kubernetes
OKD (Community Edition OpenShift)
- Due to a lack of vendor support, BMC recommends that you do not use OKD for enterprise production usage.
  Refer to additional system requirements for OpenShift in Preparing-to-install-in-an-OpenShift-cluster.
Public Cloud Managed Kubernetes
- Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with underlying Kubernetes 1.24.x – 1.29.x

- Amazon Elastic Kubernetes Service (EKS) with underlying Kubernetes 1.24.x – 1.29.x

- Google Kubernetes Engine (GKE) with underlying Kubernetes 1.24.x – 1.29.x

- Microsoft Azure Kubernetes Service (AKS) with underlying Kubernetes 1.24.x – 1.29.x

Important: Kubernetes clusters that use only the Internet Protocol version 4 (IPv4) are supported.

Ingress controller

Ingress

NGINX Ingress Controller¹	1.7.0, 1.9.3, 1.8.1, 1.9.5, 1.9.6, 1.11.5 Important: BMC has certified using the Nginx Ingress Controller version 1.9.6 and 1.11.5 with Kubernetes version 1.29. BMC has certified using the Nginx Ingress Controller version 1.9.5 and 1.11.5 with Kubernetes version 1.28. BMC has certified using the Nginx Ingress Controller version 1.9.3 and 1.11.5 with Kubernetes version 1.27. BMC has certified using the Nginx Ingress Controller version 1.8.1 and 1.11.5 with Kubernetes version 1.26. BMC has certified using the Nginx Ingress Controller version 1.7.0 with Kubernetes versions 1.24 and 1.25.
server-name-hash-bucket-size	1024
ssl-redirect	false

NGINX Ingress Controller is installed by default in the ingress-nginx namespace. Review the following parameter value requirements in the nginx-configuration configmap:

enable-underscores-in-headers: "true"
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"

ssl-redirect: "false"
use-forwarded-headers: "true"
proxy-connect-timeout: "300"
proxy-read-timeout: "600"
proxy-send-timeout: "600"

You can use the following command to view the parameters in the nginx-configuration configmap:

kubectl describe cm nginx-configuration -n ingress-nginx

Package Manager

Helm 3.11 for Kubernetes 1.23 – 1.25
Helm 3.12 for Kubernetes version 1.26
Helm 3.13 for Kubernetes version 1.27
Helm 3.14 for Kubernetes version 1.28 and 1.29

Load Balancer

Load Balancer

F5 Load Balancer or other Load Balancer.

The following load balancer SSL methods are supported:

SSL Offloading at the load balancer
SSL Passthrough to offload at the Ingress Controller
SSL Full Proxy
Allow X-Forwarded- Headers Upstream of Ingress
Reverse Proxy http back to https

Important: Make sure that you configure the following headers for SSL Offloading at the load balancer:

X-Forwarded-Proto—https
X-Forwarded-Host
X-Forwarded-Port—443

Storage and security certificates

Persistent or Elastic Storage

BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS.

CephRBD is certified by BMC

Security Certificates

DigiCert and R3 certificates.

Custom CA signed certificates and self-signed certificates are supported.

Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

Other system requirements

Java

Java 11 and later for AR System clients, such as Developer Studio, and Atrium Integrator.

Container Host OS

BMC Helix Innovation Suitehas no specific dependencies on the underlying Linux OS or release running on your Worker Nodes.

You can use any x86_64 GNU/Linux OS supported by your Kubernetes or OpenShift platform and release version.

Host OS Bash Shell

Bash Shell 4.2 or later

Docker Registry

Direct access to BMC's Docker Trusted Registry (DTR) at https://containers.bmc.com
OR
Latest version of Harbor synchronized with BMC’s Docker Trusted Registry
A docker client is required.

DB Support

Oracle Database 19.16

Microsoft SQL Server 2019
Microsoft SQL Server 2017
Microsoft SQL Server 2016 (SP2)
PostgreSQL 13

Notes:

You must set up the database server outside the Kubernetes clusters on a physical or virtual machine.
In general, BMC recommends running on the latest Service Pack, Maintenance Level, or other such update to listed databases.
AR System server and BMC Helix CMDB support 'AlwaysOn' for Microsoft SQL Server.
Remedy AR System and BMC Helix CMDB server support Oracle Real Application Clusters (Oracle RAC) feature of Oracle Database.
Oracle database pluggable/un-pluggable are supported.

Email Engine

Microsoft Exchange Server 2016 (64-bit) and Microsoft Office 365 Exchange

Notes:

BMC internally certifies Email Engine with Microsoft Exchange Server and Microsoft Office 365 Exchange. Because Email Engine makes use of JavaMail API that is capable of working with other SMTP servers, SMTP servers that are not listed in this table might still operate correctly with AR System. You might be able to run AR System in a configuration not listed as supported. However, BMC has not certified the integration of Email Engine with such SMTP servers in their labs.

Microsoft has discontinued MAPI support in Microsoft Exchange Server 2016; Support for EWS (exchange web service) is available for Microsoft Exchange Server 2016 only.
See, https://docs.microsoft.com/en-us/exchange/new-features/discontinued-features?view=exchserver-2016.
OAuth 2.0 based authentication is required for Microsoft Office 365 Exchange starting with 20.02.01 and later
Starting with AR System 20.02.01 (also known as 20.02 Patch 1), Email Engine supports OAuth 2.0 based authentication for the Exchange Web Services (EWS) protocol to access Microsoft Office 365 Exchange.
For more information, see AR System 20.08 enhancements in the AR System online documentation.

BMC Helix Platform

BMC Helix Platform 23.2.02

BMC Helix Platform 23.4.00

BMC Helix Platform 24.1.00

BMC Helix Service Managementinstallation uses the following services provided by BMC Helix Platform:

Foundational services such as user management, tenant management, and BMC Helix Single Sign-On

Data lake such as Elasticsearch, PostgreSQL, and MinIO

Metrics Server

BMC Helix uses the HorizontalPodAutoscaler (HPA) for its services so that the product can scale based on the customer usage. For the HPA to function, Kubernetes must expose metrics that are used to trigger scaling activities, for which a Metrics Server is required.

For information about the HPA, seethis page in the Kubernetes documentation.

For information about the Metrics Server, seethis page in the Kubernetes documentation

The supported Ingress and Helm versions with the Kubernetes orchestration platforms are as follows:

Orchestration platform	Ingress	Helm
Kubernetes 1.29	1.11.5 1.9.6	3.14
Kubernetes 1.28	1.11.5 1.9.5	3.14
Kubernetes 1.27	1.11.5 1.9.3	3.13
Kubernetes 1.26	1.11.5 1.8.1	3.12
Kubernetes 1.25	1.7.0	3.11
Kubernetes 1.24	1.7.0	3.11

The supported Ingress and Helm versions with the OpenShift orchestration platforms are as follows:

Orchestration platform	Ingress	Helm
OpenShift 4.14	1.9.5	3.13
OpenShift 4.13	1.9.3	3.13
OpenShift 4.12	1.7.0	3.11
OpenShift 4.11	1.7.0	3.11
OpenShift 4.10	1.6.4	3.11

Network port requirements

Review the following components and the ports used:

Source component	Destination	Port	Direction
Local image registry (Harbor) with internet access	BMC Docker Trusted Registry (DTR) (containers.bmc.com)	443	Outbound
Kubernetes cluster (Worker nodes)	Local image registry (Harbor) with internet access	443, 80 The default Harbor port is 80 if Secure Socket Layer (SSL) is not enabled.	Outbound
End user traffic	Load balancer or HA proxy	443	Incoming
Load balancer	Ingress controller	Ingress controller service port The port varies based on your Kubernetes platform and Ingress controller service.	Incoming
Kubernetes cluster (Worker nodes)	Database server	Database port The port varies based on your database type and service.	Outbound
AR Clients (Developer Studio)	BMC Helix Innovation Suite server Admin service	46262 You can expose this port through EXTERNAL-IP or Nodeport for the platform-admin-ext service.	Inbound
Kubernetes cluster (Worker nodes)	SMTP server	SMTP server port	Outbound
BMC Deployment Engine	Kubernetes cluster	Kubernetes API server port	Outbound
HDM virtual machine	Staging database server	Database port The port varies based on your database type and service.	Outbound

Ports used by BMC Helix Service Management services

You might use the following ports to set your network policy:

Important

All service types are ClusterIP unless specified otherwise.

Service name	Port and protocol
atriumwebsvc	8080/TCP
catalog-itsm-plugin	9822/TCP
clamav	3310/TCP
dwp-tomcat	9000/TCP
midtier-int	8080/TCP
midtier-int-dns-lookup	5701/TCP
midtier-user	8080/TCP
midtier-user-dns-lookup	5701/TCP
openfire	5222/TCP
openfire-dns-lookup	5701/TCP
openfire-ext	7001/TCP,7070/TCP
platform-admin	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-admin-ext	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP,9999/TCP,9556/TCP This service requires either EXTERNAL-IP, Nodeport, or Load balancer to access external clients like the Developer Studio.
platform-fts	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP,9977/TCP
platform-fts-ext	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP,9977/TCP
platform-int	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-int-ext	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-sr	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-sr-ext	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-user	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
platform-user-ext	46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP
smartit	9000/TCP
smartit-dns-lookup	5701/TCP
smartreporting	8080/TCP
virtualchatplugin	9822/TCP
virtualchatserver	8080/TCP,6226/TCP,6225/TCP
virtualchatserver-ext	8080/TCP,6226/TCP,6225/TCP

To get more information about the ports used by the BMC Helix Service Management services, run the following command:
kubectl get svc -n <Innovation suite namespace>

Ports used by BMC Helix Platform Common Services

You might use the following ports to set your network policy:

Important

All service types are ClusterIP unless specified otherwise.

Service name	Ports and protocol
adeauthsvc	8000/TCP
adereporting	8080/TCP,8000/TCP
adereporting-apiservice	8080/TCP
adereporting-renderer-service	8081/TCP
adereporting-report-generator-service	3002/TCP,3003/TCP
aif-api-service	50197/TCP,60197/TCP,8094/TCP,9094/TCP,11000/TCP
aif-clustering-ingestion-service	50220/TCP,60220/TCP,11000/TCP
aif-clustering-query-service	50219/TCP,60219/TCP,11000/TCP
aif-clustering-service	50221/TCP,60221/TCP,11000/TCP
aif-core-service	50177/TCP,60177/TCP,11000/TCP
aif-incident-ingestion-service	50197/TCP,60197/TCP,11000/TCP
aif-job-manager-service	50207/TCP,60207/TCP,11000/TCP
aif-machine-learning-utilities	50052/TCP,60052/TCP,11000/TCP,8080/TCP,9080/TCP
aif-ticket-service	50217/TCP,60217/TCP,11000/TCP
ans	8000/TCP
aud	8000/TCP
efk-elasticsearch-coordinating-hl	9200/TCP,9300/TCP
efk-elasticsearch-data-hl	9200/TCP,9300/TCP
efk-elasticsearch-efk-elasticsearch-coordinating-hl	9200/TCP,9300/TCP
efk-elasticsearch-ingest-hl	9200/TCP,9300/TCP
efk-elasticsearch-kibana	5601/TCP
efk-elasticsearch-master-hl	9200/TCP,9300/TCP
efk-fluent-bit	9880/TCP
elasticsearch-events-opendistro-es-client-service	9200/TCP,9300/TCP,9600/TCP,9650/TCP
elasticsearch-events-opendistro-es-data-svc	9300/TCP,9200/TCP,9600/TCP,9650/TCP
elasticsearch-events-opendistro-es-discovery	9300/TCP
elasticsearch-logs-opendistro-es-client-service	9200/TCP,9300/TCP,9600/TCP,9650/TCP
elasticsearch-logs-opendistro-es-data-svc	9300/TCP,9200/TCP,9600/TCP,9650/TCP
elasticsearch-logs-opendistro-es-discovery	9300/TCP
featureflag	8000/TCP
ims	8000/TCP
imsportal	8000/TCP,9000/TCP
kafka	9092/TCP
kafka-headless	9092/TCP,9093/TCP
kafka-zookeeper	2181/TCP,2888/TCP,3888/TCP
kafka-zookeeper-headless	2181/TCP,2888/TCP,3888/TCP
metric-gateway-service	50059/TCP,60059/TCP,8093/TCP,9093/TCP,11000/TCP,8080/TCP
metric-gateway-service-svc	50059/TCP,60059/TCP,8093/TCP,9093/TCP,11000/TCP,8080/TCP
metric-ingestion-service	50051/TCP,60051/TCP,8080/TCP
metric-ingestion-service-svc	50051/TCP,60051/TCP,8080/TCP
metric-query-service	50051/TCP,60051/TCP,8091/TCP,8080/TCP
metric-query-service-svc	50051/TCP,60051/TCP,8091/TCP,8080/TCP
minio	9000/TCP,9001/TCP
minio-headless	9000/TCP,9001/TCP
postgres-bmc-pg-ha	5432/TCP
postgres-bmc-pg-ha-config	<none>
postgres-bmc-pg-ha-pool	5432/TCP
postgres-bmc-pg-ha-repl	5432/TCP
redis-redis-ha	6379/TCP,26379/TCP
redis-redis-ha-announce-0	6379/TCP,26379/TCP
redis-redis-ha-announce-1	6379/TCP,26379/TCP
redis-redis-ha-announce-2	6379/TCP,26379/TCP
redis-redis-ha-haproxy	6379/TCP
rsso	8080/TCP
smart-graph-api	8000/TCP
smart-graph-controller	25210/TCP,25677/TCP
tas	8000/TCP
tms	8000/TCP,9000/TCP
tmsportal	8000/TCP
ucs	8000/TCP
victoria-metrics-cluster-vminsert	8480/TCP,2003/TCP,2003/UDP,8189/TCP,8189/UDP
victoria-metrics-cluster-vmselect	8481/TCP
victoria-metrics-cluster-vmstorage	8482/TCP,8401/TCP,8400/TCP

To get more information about the ports used by the BMC Helix Platform Common Services , run the following command:

kubectl get svc -n <Platform Common Services namespace>

Jenkins server requirements

Review the following requirements for the Jenkins server:

Component	Node	vCPU	Operating System	RAM (GB)	Disk space (GB)
Jenkins server	1	2	RHEL 7.x and 8.x are certified. CentOS 7.x and CentOS Core 8.x are certified.	Minimum 8	100

For information about setting up BMC Deployment Engine, see Setting-up-BMC-Deployment-Engine.

Harbor repository requirements

Use Harbor latest version. For information about Harbor installation requirements, see Harbor Installation and Configuration and Harbor Installation Prerequisites in Harbor documentation.

To access images from a local Harbor repository, make sure that your system has minimum 4 CPU with 8 GB memory and the following disk space:

750 GB disk space when you are setting up the Harbor repository for the first time.
100 GB approximately when you are synchronizing the container images in BMC DTR with the Harbor repository for an upgrade.

For information about setting up Harbor repository, see Setting-up-a-Harbor-repository-to-synchronize-container-images.

Controller machine requirements

If you are using BMC Helix Platform Common Services 24.1.00, make sure that the controller machine supports the following operating systems:

Operating System	Version
Linux	8.5 or higher
Red Hat Enterprise Linux (RHEL)	8 or higher
Ubuntu	20.04.6 or higher

Browser support

Operating System	Browsers
Windows	Firefox Chrome Microsoft Edge HARMAN Packaged Browser
Macintosh OS X	Safari

Namespaces

Review the following requirements for the namespaces in your cluster:

Namespace to install BMC Helix Platform Common Services and EFK for logging.
For information about creating a namespace to install BMC Helix Platform Common Services and EFK, see Installing-BMC-Helix-Platform-Common-Services-23-2-02.

Namespace to install BMC Helix Service Management.
Make sure that the namespace name consists of only lowercase alphanumerics and hyphens. Example, 'bmc-itsm'.

Important

In your network policy, you must allow communication between the two namespaces - namespace where you will install BMC Helix Platform Common Services and the namespace where you will install BMC Helix Service Management.
If you are using BMC Helix Service Management in Kubernetes version 1.25, make sure that you use the baseline pod security standard for the namespace where it is being deployed.

The actual namespace names are specific to your environment.

Important

To support Elastic deployment, increase the maximum number of memory maps on each worker node by running following command:

# echo vm.max_map_count=262144 > /etc/sysctl.d/es-custom.conf

# sysctl -w vm.max_map_count=262144

For more information, see https://www.elastic.co/guide/en/elasticsearch/reference/current//vm-max-map-count.html.

^{1. In this documentation, NGINX Ingress Controller refers to the Open-Source NGINX Ingress Controller maintained by Kubernetes.}

Where to go from here

Next task	Proceed with Downloading-the-installation-files.
Back to process	If you are finished understanding the Persistent Volume Claim requirements, return to the appropriate installation or upgrade process: Installing Migrating-Remedy-on-premises-to-BMC-Helix-Service-Management-on-premises

System requirements

Network port requirements

Ports used by BMC Helix Service Management services

Harbor repository requirements

Controller machine requirements

Browser support

Namespaces

Where to go from here

On this page