On prem devices discovery using the mid server which is hosted in the cloud (AWS/Azure/Oracle)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2022 03:28 AM
Hello,
I have one requirment for Discovery as like On prem devices discovery using the mid server which is hosted in the cloud (AWS/Azure/Oracle).
So the question here is it is possible to get discover the on prem devices if the mid server is hosted in the cloud and the connection is in place. (note: it is told us that the connection is present with IPSEC Tunnel feature , this IPSEC Tunnel concept is very new for me).
if it is present then can you please let me know the pre-requisite i have to take care while implementating this like any security,risk approval I will have to take as safer side.
. As i am aware generally this kind of connectivity (cloud to on prem discovery) does not provide any customer & this is first time I am trying , hence any suggestion/inputs/help will be great help.
Thank you in advance!.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2022 04:30 AM
Just login to the MID Server and if you are able to telnet the target servers with the required port. You are good to go
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2022 10:16 AM
Hello,
To do this testing the mid server is not ready, we are in step of solution design and hence i want to confirm on this part. as i have worked for on prem mid server for discovery.
They are saying that the connection is there but i have a doubt on it as connection from cloud to all ip's generally security team don't give.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2022 08:35 PM
Hi Shital,
In theory it's possible as it is just IP traffic, although the recommendation is always to have the MID servers close to the discovery targets if you can.
If connecting from an cloud hosted MID VM (Azure, GCP, Oracle, AWS etc), there are more likely to be obstacles that prevent your traffic from reaching the targets such as firewalls etc, but if your network team sat that they are allowing all traffic through, then in theory it can work. Just need to watch out for traffic loads generated by the MID server across the links as well as any possible charges for data egress from the cloud provider.
Still, given the low overhead of a VM/MID server, I'd lean towards putting a MID in both cloud and on-prem and let them discover their respective datacenters. Less traffic between sites, less potential for connectivity issues.
Regards,
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2022 03:16 AM
So the question here is it is possible to get discover the on prem devices if the mid server is hosted in the cloud and the connection is in place---> why not if all Pre- Requisites of Discovery is fulfilled.
Service Now Instance <----Mid Server ------> Infra to be Discovered
Conceptually Mid Server can be hosted anywhere and just follow the Pre- Requisites of discovery.
Best Practice wise its not a good solution as at N/W layer work will be more and security wise not advisable.
Put Mid server close to the subnet IP Range.
Regards
RP
