Hi Mohamed,
If I am understanding you correctly, you are looking to make Service Desk available outside of your network. If so, you have a few choices to do that. The first thing I would advise is to ensure that SSL is configured all around (IIS, and each Tomcat instance in the environment for SDM, Visualizer, Support Automation, Process Automation, Xflow, Elastic Search etc.) to ensure connections are secure. Then, you have a few options - first you can simply expose the web interface port (port 443 for IIS or port 8443 for tomcat) to the internet through your firewall. Second, you can create one app server in the DMZ so only that server is exposed. That DMZ app server would then need to be able to communicate internally with the background, standby, database, and any other servers for any other applications that are integrated with SDM. Basically the key here is that any port that will be accessed by the end user's browser would need to be exposed to the internet.
Here is a documentation page showing the ports for all the different apps - you would only need to expose the ones for the apps that you are using: CA SDM Supported Port and Port Ranges - CA Service Management - 17.0 - CA Technologies Documentation
Hope this helps,
Thanks,
Jon I.