Discovery on private network without access to internet

Go to solution
shill
Mega Sage

‎05-21-2016 04:08 PM

We are currently discovering our corporate network and we have an isolated network that is not allowed to connect to the internet that we would like to start discovering and possibly some orchestration.

Is it possible to install a mid server in the isolated network and have it talk to a corporate network mid server and then up to the instance?

I'm thinking I might be able to convince security to allow this via some firewall rules as other systems do communicate between the networks (very restrictively though).

If that is not possible, are there any other options?

Labels:
0 Helpfuls
  • 1,931 Views
1 ACCEPTED SOLUTION

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee

‎05-21-2016 09:36 PM

Steven,



Unfortunately not.. The only option you have is set up a proxy that allows the necessary access.   I had one friend whose servers were locked down mission impossible style, we worked with their security to setup a network proxy with full traffic monitoring that allowed only this one midserver out to their instances IP from their source IP over only a single port during only a specific time..



It passed their muster, maybe it can work for your security team...


View solution in original post

8 REPLIES 8

Go to solution
cynlink1
Tera Expert
In response to doug_schulze

‎12-03-2021 08:43 AM

Hi @doug.schulze,

We have just started Service Mapping for applications that have servers in the DMZ. In the past our Security team has not been open to allowing Discovery for servers in the DMZ or servers that are Domain Controllers. If ever allowed, I believe the solution will likely fall into the 'mission impossible' style bucket that you described in this post.

I tried to access the link above but the content doesn't seem to be available any longer. Would you be able to point me to some new resources that might help my move forward in my Discovery and Service Mapping journey?

Thanks in advance,

Cyn

P.S. Do you think the Agent Client Collector may ever provide enough data to support Service Mapping?

0 Helpfuls

Go to solution
fausto lozano2
Kilo Explorer

‎12-03-2018 10:44 AM

Hello I have a bigger problem, the servers i try to discovery don't even have communication between them, there is no internet access also, i have previously worked with ADDM for BMC and there i have a manual process to take information out, i was hopping something like that in Service Now, does any body know if there is something like that?

 

thank you!! sorry for not providing a solution

0 Helpfuls

Go to solution
DaveHertel
Kilo Sage
Kilo Sage
In response to fausto lozano2

‎12-03-2018 03:37 PM

Hello -- there are a variety of ways to populate CMDB CI's, ranging from full automation solutions like Discovery... to System integrations from other systems (Altris, SCOM, etc.) to manual import sets

Docs: Populate CMDB -> Integrate with existing CMDB and/or Import information from another source

Does this help?

0 Helpfuls