MID Server & Firewall requirements

Suvetha S · ‎02-21-2023

Hi All,

What is the best approach to install MID in the client network. Is it behind the firewall or outside the firewall? If there is a firewall between MID server and target host, what ports should be open for Discovery?

Rahul Priyadars · ‎02-22-2023

It will be on Client nw in DMZ or in Internal n/w depends on Security policy.

If there is no Firewall between Mid Server and Discoverable IPs not much hassle on Port opening.

High level architecture will help you.

List of Port Requirement- https://docs.servicenow.com/en-US/bundle/tokyo-it-operations-management/page/product/discovery/refer...

Regards

RP

View solution in original post

SoniaShridhar13 · ‎02-21-2023

Hi @Suvetha S

MID Server deployment best practices, like the rest of the ServiceNow platform, continue to evolve. We have recently updated a high-level best practices guide for MID servers and posted to Now Create.

Following are some of the highlights from the presentation:

MID Server Installation

Have a single MID Server tasked with a single purpose e.g. Discovery, Service Mapping, etc. Deploy on Linux or Windows As a best practice, deploy on a Windows server A Windows MID Server can perform Discovery and Automation on both Windows and Unix but a Linux MID Server can only perform operations on Unix. Deploy the MID Server application on a local drive on the host within a unique folder name with no space in it (i.e. c:\ServiceNow\MID_Server_Agent). For Production environments, install one (1) MID Server application per host. It is recommended to cluster ‘like’ MID Servers Take advantage of Guided Setup

MID Server Estimator

The MID Server calculator has been updated and is available here.

The number of MID Servers required for “standard” deployments depends on the number of targets to interact with and frequency of interaction. Products like Discovery and Service mapping are considered "standard" because their MID Servers share the same disk space and memory requirements Cloud Provisioning and Governance, Event Management, and ACC require more resources than standard. Refer to docs for more details. Multiple MID Servers should be separately hosted within each network segment so they do not need to go over a firewall to access target machines.

Performance Tuning

Increase the number of threads in the MID Server if you need more patterns and probes. Customers often increase OOTB threads in Discovery, which ships with 25 to 50—or even as many as 100—to enhance performance. Increasing this number will increase the number of tasks (discovery probes) that it will do at any one time speeding up the discovery jobs. This can be found in the deployed application in the <agent_dir>\config.xml file The MID Server JVM memory default is 1 GB. This configuration can be found in the <MID Server name>\agent\conf\wrapper-override.conf configuration file. Increasing this number will allow the application to allocate itself more memory resources from the host. This is done in conjunction with increasing the threads as needed. Monitor the effects of increased threads and memory by using the MID Server Dashboard by navigating to MID Server > Dashboard.

Please mark it helpful if it helps...

Thanks,

Sonia