Setting up MID Server on cloud to discover on premise network

Shambo
Kilo Expert

Greetings All,

We got a query from clients that if they can deploy MID server on cloud to discover their on premise machines rather than having the on premise itself if then open required firewalls and ports between cloud host of MID server and on premise network.

Has anyone ever done this before and is it feasible at all?

Any advice on the same is very much appreciated.

Regards,

Shambo Maitra

 

 

3 REPLIES 3

DaveHertel
Kilo Sage
Kilo Sage

Hi Shambo -- Yes, its technically do-able... but like many things, just because you can, doesn't mean you should.   In the scenario you describe, various ports will need to be open between cloud-hosted MID and the on-prem infrastructure.  This is typically not desired and info security teams will not like it at all...  anytime the firewalls have to have ports opened to the outside world, it's always a concern/issue/struggle.

Even more so, if the customer has on-prem subnets behind secure firewalls, DMZ, or super-secure-networks, opening these up to the internet (even if just 1 MID on a cloud infrastructure is 'the internet' in this example), it'll be a big security concern.  I would never recommend the approach being suggested by your client.  No real advantage, and lots of drawbacks and grief that can easily be avoided by putting MIDS where they belong... on premise, as close to the target machines as possible.  My 2.5 cents.

Hope this helps?

FLP1
Tera Contributor

Hello Dave i have a similar question but is the other way. I have an on-prem mid server that i am using to discover GCP cloud. Inside my cloud i have different vpc's.

Doing discovery for cloud resources is ok but when the time comes to do ip based discovery for the virtual instances in these vpc's i will not be able to get their information. which may be my options?

If there are multiple VPC's i understand that placing the mid in the Network Connectivity Center  may be helpful.

Is ACC a solution that can help to get the information for these Servers?

The mid server has been installed on-prem because of the customer requirement and architecture.

 

I will appreciate any guide on this.

Thank you!

 

 

 

 

 

steveanderson
ServiceNow Employee
ServiceNow Employee

I'd agree with Dave.  Opening up inbound access from general public sources is not advisable.  If you have a VPN or Direct Connect setup between the VPC and the internal network, it *may* be more acceptable, but proceed with caution.