- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2023 11:10 PM
Hi All,
What is the best approach to install MID in the client network. Is it behind the firewall or outside the firewall? If there is a firewall between MID server and target host, what ports should be open for Discovery?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2023 12:16 AM
It will be on Client nw in DMZ or in Internal n/w depends on Security policy.
If there is no Firewall between Mid Server and Discoverable IPs not much hassle on Port opening.
High level architecture will help you.
List of Port Requirement- https://docs.servicenow.com/en-US/bundle/tokyo-it-operations-management/page/product/discovery/refer...
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2023 11:12 PM
Hi @Suvetha S
MID Server deployment best practices, like the rest of the ServiceNow platform, continue to evolve. We have recently updated a high-level best practices guide for MID servers and posted to Now Create.
Following are some of the highlights from the presentation:
MID Server Installation
Have a single MID Server tasked with a single purpose e.g. Discovery, Service Mapping, etc. Deploy on Linux or Windows As a best practice, deploy on a Windows server A Windows MID Server can perform Discovery and Automation on both Windows and Unix but a Linux MID Server can only perform operations on Unix. Deploy the MID Server application on a local drive on the host within a unique folder name with no space in it (i.e. c:\ServiceNow\MID_Server_Agent). For Production environments, install one (1) MID Server application per host. It is recommended to cluster ‘like’ MID Servers Take advantage of Guided Setup
MID Server Estimator
The MID Server calculator has been updated and is available here.
The number of MID Servers required for “standard” deployments depends on the number of targets to interact with and frequency of interaction. Products like Discovery and Service mapping are considered "standard" because their MID Servers share the same disk space and memory requirements Cloud Provisioning and Governance, Event Management, and ACC require more resources than standard. Refer to docs for more details. Multiple MID Servers should be separately hosted within each network segment so they do not need to go over a firewall to access target machines.
Performance Tuning
Increase the number of threads in the MID Server if you need more patterns and probes. Customers often increase OOTB threads in Discovery, which ships with 25 to 50—or even as many as 100—to enhance performance. Increasing this number will increase the number of tasks (discovery probes) that it will do at any one time speeding up the discovery jobs. This can be found in the deployed application in the <agent_dir>\config.xml file The MID Server JVM memory default is 1 GB. This configuration can be found in the <MID Server name>\agent\conf\wrapper-override.conf configuration file. Increasing this number will allow the application to allocate itself more memory resources from the host. This is done in conjunction with increasing the threads as needed. Monitor the effects of increased threads and memory by using the MID Server Dashboard by navigating to MID Server > Dashboard.
Please mark it helpful if it helps...
Thanks,
Sonia
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2023 11:13 PM
it depends on the customer. not every customer will have firewall.
If there is a firewall anyhow the mid server will be in client network
check these links
Configure MID Server network connectivity
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2023 12:16 AM
It will be on Client nw in DMZ or in Internal n/w depends on Security policy.
If there is no Firewall between Mid Server and Discoverable IPs not much hassle on Port opening.
High level architecture will help you.
List of Port Requirement- https://docs.servicenow.com/en-US/bundle/tokyo-it-operations-management/page/product/discovery/refer...
Regards
RP