- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 07:58 AM
Our network does not use Service Now Discovery and therefore we do not have a MID server.
We still want to create some REST Outbound scripts on Service Now and get those messages on our network a REST Server inside our private network.
Can I just configure my VPN for NATing the requests coming in from Service Now, without using the MID server.
It doesn't make sense to 'require' a MID server, where a simple firewall configuration on our network would suffice.
I am asking this, because the MID server documentation indicates that (among Discovery and other functions) the MID server is recommended as a proxy REST server to receive the output REST messages from the instance, and then forward those messages on to the actual web server in my network - which is the ultimate destination
Thank you,
Service Now User.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 08:39 AM
Kundan,
Technically, you are welcome to open a port on your firewall to allow requests coming from ServiceNow. I have been implementing ServiceNow since 2009 and I would say 98 percent of companies I have implemented for had their security organization completely AGAINST allowing this. Mainly because ServiceNow does NOT allow these types of requests to go via a VPN, so the requests would need to run across the open internet and you would need a public facing endpoint for ServiceNow to hit.
If these configurations are allowed within your organization, then by all means you are allowed to do so. Though setting up a mid server is quite simple, and it is merely a Java app that runs on any server (Windows or Linux) and acts as a proxy for those requests which makes it so that no holes need to be punched in the firewall.
-Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 08:39 AM
Kundan,
Technically, you are welcome to open a port on your firewall to allow requests coming from ServiceNow. I have been implementing ServiceNow since 2009 and I would say 98 percent of companies I have implemented for had their security organization completely AGAINST allowing this. Mainly because ServiceNow does NOT allow these types of requests to go via a VPN, so the requests would need to run across the open internet and you would need a public facing endpoint for ServiceNow to hit.
If these configurations are allowed within your organization, then by all means you are allowed to do so. Though setting up a mid server is quite simple, and it is merely a Java app that runs on any server (Windows or Linux) and acts as a proxy for those requests which makes it so that no holes need to be punched in the firewall.
-Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 08:50 AM
Chris,
Yes. That makes sense. And thank you for responding!
A few follow up questions, if you don't mind:
1. In the sample scripts, I see 'http'. Is https/request-encryption not allowed?
2. Do I need to pay for a MID server license, if I am only using it to proxy REST requests and not for discovery etc.?
3. Is the communication between the instance and MID encrypted?
Thank you,
Kundan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 09:18 AM
1) yes you can definitely use https
2) no license is necessary to use a mid server. If you end up automating external systems, you may be subject to an orchestration license. But def not just import data.
3) mid server uses SSL to communicate with instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2015 09:22 AM
Thanks Chris. Appreciate your help.
Kundan
