JDBC connection to Microsoft SMS/SCCM - Is it secure?

galvi024
Kilo Explorer

‎04-13-2012 10:03 AM

Hello,
We are looking into using the JDBC connection from our mid-server to a SCCM server, in order to import configuration management data into our CMDB. However, our group that manages the Windows SCCM server is concerned with our method of connecting. Specifically, they are asking if the JDBC connection uses SSL. From what I've read on JDBC, it can be set up either way in the applications code.

Does anyone know if ServiceNow encrypts the JDBC connection?
(We are running June 2011/Patch3)
Thanks!
Mike

0 Helpfuls
  • 1,855 Views
6 REPLIES 6

tony_fugere
Mega Guru

‎04-13-2012 10:34 AM

From the Wiki:

"A JDBC data source is a data source that retrieves its data via a JDBC driver (usually type 4 'network'), and has a requirement that the JDBC connection is available either directly from the ServiceNow instance (a VPN setup required), or via a MID Server installed inside your firewall that can access the database port."

So, if you are using a VPN tunnel between ServiceNow, then yes it is secure. If not, then, no it is not.

If you use the MID Server (easier to implement than VPN and no cost), it will use HTTPS to transmit XML between the MID and ServiceNow, so it is secure.


0 Helpfuls

galvi024
Kilo Explorer
In response to tony_fugere

‎04-13-2012 01:40 PM

Thanks Tony, that's certainly helpful, but how does the mid-server connect to the Windows SCCM server? This is what I assumed was the JDBC connection and this is what our SCCM support folks are concerned about.

They want to make sure our method of connecting from our Mid-Server to their SCCM host is not transmitting the username/password in plain text.


0 Helpfuls

JoeyMart
ServiceNow Employee
ServiceNow Employee
In response to galvi024

‎04-13-2012 05:13 PM

The connection between MID server and Windows SCCM is JDBC. If you want to know if it is being sent plain text or not, I would set up a packet capture with something like WireShark on the MID server to see what the packets look like.


0 Helpfuls

Christopher_Mal
ServiceNow Employee
ServiceNow Employee

‎04-14-2012 12:29 AM

This is one of the main reasons we do not make JDBC calls outside of internal networks without a VPN or a mid server. If my memory suits me right and you look at the payload in the ECC Queue for direct JDBC call via mid server you will see the connection string (with password) in all its glory.

All communication from mid server to instance is encrypted via HTTPS at the socket layer.

Hope that helps some.


0 Helpfuls