MId Server in DMZ

Ragav4
Tera Contributor

‎06-23-2021 03:49 AM

We are planning to deploy the DMZ MId Server , right now the DMZ is completed with the built process. Can someone help me to know what re the pre-requestees and pre-requirement I have to know before setting up this MID. 

I was referring to couple of documents on which they were referring to put the DMZ Mid Server inside the DMZ zone and block all the firewall ports. Could some one help me to know these requirements and also the software to be installed on the MID. 

Labels:
0 Helpfuls
  • 2,676 Views
11 REPLIES 11

Maik Skoddow
Tera Patron
Tera Patron

‎06-23-2021 03:58 AM

Basically there is no difference between the network types, and it really depends on your environment and the technical as far as the organizational restrictions on hw to install and configure a MID server.

I'm just wondering why you explicitly mentioned DMZ, because I cannot see any sense for that. The MID Server should be located as close as possible to the systems that it should connect to and NOT as close as possible to your ServiceNow instance.

For more information regarding installation and configuration of MID servers you can have a look on my page MID Server troubleshooting resources

Kind regards
Maik

If my answer replied your question please mark appropriate response as correct so that the question will appear as resolved for other users who may have a similar question in the future.

0 Helpfuls

Maik Skoddow
Tera Patron
Tera Patron
In response to Maik Skoddow

‎07-12-2021 12:51 AM

Hi Ragav,

Did my reply answer your question?

If so, please mark the appropriate response as "correct" so that the question will appear as resolved for other users who may have a similar question in the future.

If not, please tell me what you are still missing!

Many thanks & kind regards
Maik

Philip Scherry
Giga Contributor

‎06-23-2021 05:45 AM

I don't recall ever seeing any specific documentation for DMZ midserver configuration.  But here are a few of my thoughts.

  1. Work with your IT Security team to harden the server as much as possible.  It is going to have access to all the other DMZ servers and that makes it an attractive target for attacks.
  2. DMZs should have a different set of credentials utilized than the internal network.
  3. Getting login credentials for all of the DMZ devices is going to be the biggest challenge.  You may likely need a separate login for every individual device (depending on how your DMZ is configured for authentication).
0 Helpfuls

cynlink1
Tera Expert
In response to Philip Scherry

‎12-03-2021 02:36 PM

If separate logins must be used for each individual device within the DMZ, how can I prevent Discovery from attempting to use all available credentials until it finds the one that works? The failed login attempts could trigger alerts, etc.

0 Helpfuls