Setting up the installation environment

Verifying DNS for applications

Make sure that you configure DNS for the BMC Helix Service Management applications so that you can access the applications by using the following URL format. The target of DNS entries must be the external load balancer serving the Ingress controller.

• Mid Tier - <CUSTOMER_SERVICE>-<ENVIRONMENT>.<CLUSTER_DOMAIN>
• Mid Tier integration - <CUSTOMER_SERVICE>-<ENVIRONMENT>-int.<CLUSTER_DOMAIN>
• Smart IT - <CUSTOMER_SERVICE>-<ENVIRONMENT>-smartit.<CLUSTER_DOMAIN>
• Smart Reporting - <CUSTOMER_SERVICE>-<ENVIRONMENT>-sr.<CLUSTER_DOMAIN>
• Innovation Studio - <CUSTOMER_SERVICE>-<ENVIRONMENT>-is.<CLUSTER_DOMAIN>
• Innovation Suite REST API or CMDB - <CUSTOMER_SERVICE>-<ENVIRONMENT>-restapi.<CLUSTER_DOMAIN>
• Reporting - <CUSTOMER_SERVICE>-<ENVIRONMENT>-reporting.<CLUSTER_DOMAIN>
  The platform-sr pod is not available in Compact and Small deployment sizes, and the reporting URL does not apply to these sizes.
• Atrium Web Services - <CUSTOMER_SERVICE>-<ENVIRONMENT>-atws.<CLUSTER_DOMAIN>
• Digital Workplace - <CUSTOMER_SERVICE>-<ENVIRONMENT>-dwp.<CLUSTER_DOMAIN>
• Digital Workplace Catalog - <CUSTOMER_SERVICE>-<ENVIRONMENT>-dwpcatalog.<CLUSTER_DOMAIN>
• Live Chat - <CUSTOMER_SERVICE>-<ENVIRONMENT>-vchat.<CLUSTER_DOMAIN>
• Openfire Chat - <CUSTOMER_SERVICE>-<ENVIRONMENT>-chat.<CLUSTER_DOMAIN>
• Support Assistant tool - <CUSTOMER_SERVICE>-<ENVIRONMENT>-supportassisttool.<CLUSTER_DOMAIN>
  For example, if CUSTOMER_SERVICE=itsm, ENVIRONMENT=poc, and CLUSTER_DOMAIN=aus-ranch.bmc.com, the Mid Tier URL will be itsm-poc.aus-ranch.bmc.com

Before installing BMC Helix Service Management, make sure that you decide on the application domain and URLs. If you need to make changes after installation, you will have to reinstall BMC Helix Service Management.

You must specify the same CUSTOMER_SERVICE and ENVIRONMENT parameter values to the deployment pipeline while performing the installation.

Back to top

To configure BMC Helix Single Sign-On

Make sure that BMC Helix Single Sign-On is installed during the BMC Helix Platform services deployment. Configure BMC Helix Single Sign-On by performing the following steps:

1. Log in to BMC Helix Single Sign-On.
2. On the menu, click Tenant.
   
3. Click  under the Action column to select the SAAS_TENANT. 
   "Tenant SAAS_TENANT is selected" confirmation message is displayed on the screen.
4. On the main menu, click Realm.
5. Click Add Realm.

6. In the General tab, enter the following details:

   Field	Value
   Realm ID	<CUSTOMER_SERVICE>-<ENVIRONMENT> For example, if CUSTOMER_SERVICE=itsm, ENVIRONMENT=poc, the field value is itsm-poc
   Application Domain(s)	List of the following Innovation Suite application URLs separated by comma: <CUSTOMER_SERVICE>-<ENVIRONMENT>-atws.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-dwpcatalog.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-restapi.<CLUSTER_DOMAIN>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-is.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-sr.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-dwp.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-smartit.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-chat.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-vchat.<cluster domain>, <CUSTOMER_SERVICE>-<ENVIRONMENT>-int.<CLUSTER_DOMAIN> itsm-poc-atws.itsm-cluster.bmc.com, itsm-poc-dwpcatalog.itsm-cluster.bmc.com, itsm-poc.itsm-cluster.bmc.com, itsm-poc-restapi.itsm-cluster.bmc.com, itsm-poc-is.itsm-cluster.bmc.com,  itsm-poc-sr.itsm-cluster.bmc.com, itsm-poc-dwp.itsm-cluster.bmc.com, itsm-poc-smartit.itsm-cluster.bmc.com, itsm-poc-chat.itsm-cluster.bmc.com, itsm-poc-vchat.itsm-cluster.bmc.com, itsm-poc-int.cluster.bmc.com
   Tenant	BMC Helix Platform tenant name. Specify the tenant name that you view in the List of Tenants page on the Tenant tab. For example, photon2.170

   The following image shows an example:
   

7. Click the Authentication tab and enter the following details:

   Field	Value
   Authentication Type	Select Authentication Type as AR Server
   Host	platform-user-ext.<namespace>  Replace the namespace with the BMC Helix Innovation Suite namespace.
   Port	Port Number – 46262

8. Click Add.

The following video clip shows how to configure BMC Helix Single Sign-On: 

Back to top 

To enable realm identification by using patterns

You can control user access to BMC Helix Service Management applications based on user name patterns or IP ranges. Perform the following steps to enable the realm identification by using a pattern for user login:

1. Log in to BMC Helix Single Sign-On.
2. On the menu, click Tenant.
3. From the list of tenants, click the Edit icon corresponding to the tenant for which you want to enable the authentication.
   
4. On the Edit Tenant page, select the MSP server side check box, and click Save.
   
5. Go to the Realm tab.
6. On the Realm Configuration page, navigate to the MSP tab, and click Add.
   
7. On the MSP Configuration page, specify the values for the following fields:

   Field	Description
   Pattern	Specify the user name pattern or the IP range to authenticate users. Important:  You can use multiple patterns for a realm. Make sure that each pattern is unique. You cannot use the same pattern for more than one realm.  For multiple patterns, the first upper match is selected by the system while authentication. The user name pattern value must contain #login as a keyword.  For example, to allow login for all users with the domain local.com, the pattern is  #login.endsWith("@local.com"). To use the IP range for authentication, make sure that you are using BMC Helix Platform Common Services version 25.4 or later. The IP range pattern value must contain #clientIPRange as a keyword.  Multiple IP example: #clientIPRange.include("xx.xxx.xxx.xx","xx.xxx.xxx.xx") IP range example: #clientIPRange.include("xxx.xx.xxx-xxx.xx-xxx")
   Realm	Select the realm for which you want to apply the pattern.
   Actions	Click ✔ to activate the pattern authentication.

   

8. Click Save.

When a user accesses the URL, a textbox labeled Username and a Submit button is displayed. If the user name matches the defined pattern, the user is redirected to the login screen. If the user name does not match the pattern, the following error message is displayed:
Invalid username format. Please try again.

To create an external IP for FTS_ELASTICSEARCH

Elasticsearch is deployed when you install BMC Helix Platform services. You can leverage Elasticsearch to provide Full Text Search capabilities in BMC Helix Innovation Suite by using one of the following options:

• Use service name during BMC Helix Service Management installation
  To leverage Full Text Search capabilities, during BMC Helix Service Management installation, use the value opensearch-logs-data.<BMC Helix Platform namespace> in FTS_ELASTICSEARCH_HOSTNAME parameter value.

• Use external IP during BMC Helix Service Management installation
  Perform the following steps to create an external IP for Elasticsearch:

1. 
   
   1. Log in to the BMC Deployment Engine which is your Jenkins server.

   2. Run the following command:

      kubectl expose service opensearch-logs-data -n <BMC Helix Platform namespace> --name=elastic-loganalytics-ext --external-ip=<EXT IP>
      

      The following table describes the parameters used in the command:

      Parameter name	Description
      BMC Helix Platform namespace	Specify the namespace where BMC Helix Platform Common Services are deployed.
      EXT IP	Specify the IP address of any worker node in your Kubernetes cluster. This IP is used as the FTS_ELASTICSEARCH_HOSTNAME parameter value during BMC Helix Innovation Suite installation.

Back to top

To create an External IP for LOGS_ELASTICSEARCH

BMC Helix Innovation Suite Fluent Bit uses the Elasticsearch host deployed in the BMC Helix Logging namespace. You can leverage EFK service capabilities in BMC Helix Innovation Suite by using one of the following options:

• Use service name during BMC Helix Service Management installation
  To use the Elasticsearch host, during BMC Helix Service Management installation, use the service name as efk-elasticsearch-data-hl.<BMC Helix Logging namespace> in LOGS_ELASTICSEARCH_HOSTNAME parameter value.
• Use external IP during BMC Helix Service Management installation
  Perform the following steps to create an external IP for LOGS_ELASTICSEARCH:

1. 
   
   1. Log in to the BMC Deployment Engine which is your Jenkins server.

   2. Run the following command:

      kubectl expose service efk-elasticsearch-data-hl -n <BMC Helix Logging namespace> --name=elastic-logging-ext --external-ip=<EXT IP>
      

      The following table describes the parameters used in the command:

      Parameter name	Description
      BMC Helix Logging namespace	Specify the namespace where BMC Helix Logging services are deployed.
      EXT IP	Specify the IP address of any worker node in your Kubernetes cluster. This IP is used as the LOGS_ELASTICSEARCH_HOSTNAME parameter value during BMC Helix Innovation Suite installation. Make sure that this IP address is different from the one used for FTS_ELASTICSEARCH_HOSTNAME.

Back to top

Where to go from here