What is the best Solution to install MID in the client network?

Sandeep _1 · ‎01-14-2024

What is the best suggestion to install MID in the client network. Is it behind the firewall or outside the firewall? If there is a firewall between MID server and target host, what ports should be open for Discovery?

AJ-TechTrek · ‎01-15-2024

Hi @Sandeep _1

(1) If Interfacing INFRA is On Prem -- Place Mid Server at On Prem and in Closet or Same VLAN.

(2) If Interfacing INFRA is on some cloud -- Place Mid Server at On same cloud and in Closet or Same network.

Purpose here is to make sure less network hops for packets which will boost the performance.

Details are below.

Best practice around MID Server host selection

The MID server host is the foundation to which your discoveries will be executed from and should be the only task that this host should provide within your environment or environments. As of the Istanbul of Service Now

Best practice around MID Server host selection

Virtual Host
1. 8Gb RAM
2. 40Gb Disk Allocation
3. Multi Core/CPU share
4. Ensure that the virtual environment has capacity to provide for allocation
Operating System
1. Current Windows Server OS (64 bit)
2. Provisioned to customers local policies around patches and security
Network
1. 100MB or greater connection
2. External internet access on port 443 to your service-now instance
3. All ports and protocol access to targets within your environment

It’s all about location

MIDServer host placement is key to any successful discovery deployment. The best practice is summed up in a simple statement. Place your MIDServers as close to the targets that has the most available bandwidth between it and what you are looking to discover. Deploying a MIDServers in Kansas to discover your Datacenter in Singapore is not the best idea. By keeping your MIDServer close to targets helps you get the most out of the local resources.

Items to consider around MIDServer placement include

Available bandwidth
Geographic location
IP access to targets (DMZs)

How many?

There are three simple rules to determining how many midservers you will need to deploy.

The number of targets you are looking to discover and how often you want to discover them
You want to have midservers at minimum the continent level when looking at a global deployment
Being that the mid communicates outbound only it’s a best practice to place midservers inside secure zones other than opening up many security rules to allow access.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.

Thanks

AJ

View solution in original post

Rahul Priyadars · ‎01-15-2024

Hi Sandeep

Long Story Short ...Since Mid Server Needs Internet so i would place my Mid Server in DMZ of My N/W. Many times when you place Mid Server with InterNet Enabled Security team do not like it or Approve it 😞 .

From DMZ to Actual Infrastructure - :Ports needs to be Opened based on Source IP (Mid Server Here) for . Since discovery touches many kind of Infrastructure so here is the comprehensive list here from Discovery Stand point.

This list is Super set and you may need less ports opened based on Discovery needs.

Discovery ports and protocols
Name	Service name	Port	Details	Creates	Protocol
afp	Apple File Protocol	548			TCP
BEA Weblogic		7001		cmdb_ci_app_server	TCP
dns	Domain Name Service	53	To resolve the name of each IP Address		TCP/UDP
epmap	Microsoft RPC (WMI, DCOM)	135	Windows Systems		TCP
ftp		21			TCP
hp-pdl-datastr	Printer PDL Data Stream	9100	HP Printers		TCP
http	HyperText Transfer Protocol	80	Web Servers	cmdb_ci_web_server	TCP
https	HyperText Transfer Protocol over Secure Socket	443	Secure Web Servers	cmdb_ci_web_server	TCP
IBM DB2		50000			TCP
IBM MQSeries		1414			TCP
IBM Web sphere SSL		9443			TCP
IBM Websphere		9080			TCP
IMAPS		993			TCP
LDAP		389			TCP
LDAPs		636			TCP
Microsoft netbios		139			TCP
Microsoft SQL server		1433			TCP
Microsoft-ds		445			TCP
ms-nb-ns		137			UDP
MySQL		3306			TCP
Nagios NRPE		5666			TCP
nfs		2049			TCP/UDP
Oracle TNS		1521			TCP
pip (Internet Print Protocol)	IP Phone/ Session Initiation Protocol	5060			TCP
POP3		110			TCP
postgresql		5432		cmdb_ci_database	TCP
printer	Printer	515	Printers		TCP
sip	SIP (Session Initiation Protocol)	5060			TCP
slp	Service Location Protocol (SLP)	427			TCP/UDP
smtp	TCP	25
smux (SNMP multiplexing)		199
snmp	Simple Network Management Protocol	161	Network Devices		UDP
snmptrap		162			UDP
ssh	Secure Shell Service	22	Unix Systems		TCP
sunrpc		111			TCP
telnet		23			TCP
TIBCO Rendezvous		7500			TCP
Tomcat HTTP		8080			TCP
vmapp6_https		9443			TCP
vmapp_https	vCenter Server Appliance Web Interface using https	5480			TCP
wbem_https	CIM-XML via HTTPS(WBEM)	5989	CIM Classification		TCP
wins	Windows Internet Name Service	137	NetBIOS Name Resolver		UDP

One Special PORT Needs for Windows WMI Discovery-- WMI discovery Start at Port 135 but later communications happened on higher ports and those also needs to be Opened.

49152-65535 for both TCP and UDP.

Regards

RP

View solution in original post

chetanb · ‎01-14-2024

@Sandeep _1

A management, instrumentation, and discovery—or MID-Server, is a Java application that runs as a Windows service or UNIX daemon. The MID Server facilitates communication and movement of data between the ServiceNow platform and external applications, data sources, and services.

You may check -https://www.youtube.com/watch?v=x9YK-xAzp6I&source_ve_path=Mjg2NjY&feature=emb_logo

To set up your MID Server:

1. Download the appropriate install files from your ServiceNow instance onto the computer that hosts the MID Server. Extract the download after it completes. The agent folder contains all the files needed for the MID Server, including some that you must modify before starting the service.

2. Create a new folder at the root level of the C drive on the host. Copy the agent folder into this folder, so that you can modify the copied files and preserve the original MID Server install files.

3. Rename the folder after the copying completes. After you start the MID Server service, you can’t rename the agent folder without removing the service and re-installing it.

4. Open the config file, which is an XML document, in text editor.

5. In the required parameters section, replace the value that you need to modify with the name of the ServiceNow instance that the MID Server connects to.

6. Set up a user name and password on your ServiceNow instance that the MID Server can use to log in.

7. Back in your instance, add a new user to the User table. Assign the mid_server role to allow proper access. Best practice is to assign the mid_server role—instead of admin—for proper tracking of activities and limited access to the instance. The mid_server role inherits all other required roles.

8. Enter the MID Server user name and password in the config file.

9. The encrypt parameter is set to true by default. Your password is encrypted when you save the file. If you do not want to encrypt your password, change this value to false.

10. Establish the MID Server name, which shows up in the MID Servers list. It is best to use a consistent naming convention for all MID Server names. For example, include the name of the host machine and the type of ServiceNow instance the MID Server connects to, such as Prod1, Dev1, and so forth.

11. Configure optional parameters. It is best to leave threads.max set to the default value provided in the config file. Increasing this value allows the MID Server service to consume more system resources, which may degrade performance.

12. If you plan to use a proxy for your MID Server to connect to your ServiceNow instance, this is where you provide the pertinent information. Some proxies require a host name and port, while others require a username and password. Check the requirements for your system before completing this section. Again, encryption is set to true by default to protect the password.

13. If you want to use a proxy for no other purpose than to download upgrades, do not enter any information in the option parameters. Instead, enter it in the downloading upgrades section. If you want upgrades to go through a different proxy than the one used to connect to your ServiceNow instance, fill in both sections.

Note: To receive downloads from the install server, make sure the port is open for HTTP protocol.

You may want to modify the Java Service Wrapper, or JSW, to give your MID Server service a unique name. If only one MID Server is installed on the host, it is not necessary to modify the Java Service Wrapper.

1. The wrapper.conf file contains the default configuration for the MID Server. Any configuration changes should be made to the wrapper-override.conf file. MID Server upgrades overwrite the content of the wrapper.conf file but do not modify the wrapper-override.conf file.

2. The default wrapper.name is snc_mid. Edit this file to give the MIDServer service a unique name.

When you save this, you’re done configuring our MID Server, and ready to start it up.

To start up the MID Server and verify that the service is running:

1. Open a command prompt as administrator.

2. Even if you’re logged in as administrator, right-click Command Prompt and click Run as administrator to make sure you get the Administrator Command Prompt.

3. Navigate to your MIDserver directory’s SNC_MIDServer_Prod1 folder.

4. For Windows, these two batch files—start and stop—start and stop your MID Server service. In Linux, you would start and stop the MID Server by executing these shell script files. Also, on Linux, there is no service. Instead, everything is handled in the terminal. In Windows, there are other ways to start and stop the service, but ServiceNow recommends that you start it this way the first time because the console displays progress, and any installation or start errors would be noted here.

5. Confirm that the MID Server has started by checking the services running on this machine. Service should be listed by the display name you entered in the wrapper-override.conf file.

6. Status indicates that it has Started.

7. The Properties General tab lists both the service name and display name from the wrapper-override.conf file.

8. The Startup type should be Automatic, so that if the host computer restarts, the MID Server starts itself.

9. On the Log On tab, specify the credentials used to run the MID Server on the host machine. Best practice is to use a specific account that has permission to read and write to the MID Server directories on the host.

10. Select This account and enter the credentials here.

11. Restart the service with the new credentials and verify that the MID Server is connected to your ServiceNow instance.

AJ-TechTrek · ‎01-15-2024

Hi @Sandeep _1

(1) If Interfacing INFRA is On Prem -- Place Mid Server at On Prem and in Closet or Same VLAN.

(2) If Interfacing INFRA is on some cloud -- Place Mid Server at On same cloud and in Closet or Same network.

Purpose here is to make sure less network hops for packets which will boost the performance.

Details are below.

Best practice around MID Server host selection

The MID server host is the foundation to which your discoveries will be executed from and should be the only task that this host should provide within your environment or environments. As of the Istanbul of Service Now

Best practice around MID Server host selection

Virtual Host
1. 8Gb RAM
2. 40Gb Disk Allocation
3. Multi Core/CPU share
4. Ensure that the virtual environment has capacity to provide for allocation
Operating System
1. Current Windows Server OS (64 bit)
2. Provisioned to customers local policies around patches and security
Network
1. 100MB or greater connection
2. External internet access on port 443 to your service-now instance
3. All ports and protocol access to targets within your environment

It’s all about location

MIDServer host placement is key to any successful discovery deployment. The best practice is summed up in a simple statement. Place your MIDServers as close to the targets that has the most available bandwidth between it and what you are looking to discover. Deploying a MIDServers in Kansas to discover your Datacenter in Singapore is not the best idea. By keeping your MIDServer close to targets helps you get the most out of the local resources.

Items to consider around MIDServer placement include

Available bandwidth
Geographic location
IP access to targets (DMZs)

How many?

There are three simple rules to determining how many midservers you will need to deploy.

The number of targets you are looking to discover and how often you want to discover them
You want to have midservers at minimum the continent level when looking at a global deployment
Being that the mid communicates outbound only it’s a best practice to place midservers inside secure zones other than opening up many security rules to allow access.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.

Thanks

AJ

Rahul Priyadars · ‎01-15-2024

Hi Sandeep

Long Story Short ...Since Mid Server Needs Internet so i would place my Mid Server in DMZ of My N/W. Many times when you place Mid Server with InterNet Enabled Security team do not like it or Approve it 😞 .

From DMZ to Actual Infrastructure - :Ports needs to be Opened based on Source IP (Mid Server Here) for . Since discovery touches many kind of Infrastructure so here is the comprehensive list here from Discovery Stand point.

This list is Super set and you may need less ports opened based on Discovery needs.

Discovery ports and protocols
Name	Service name	Port	Details	Creates	Protocol
afp	Apple File Protocol	548			TCP
BEA Weblogic		7001		cmdb_ci_app_server	TCP
dns	Domain Name Service	53	To resolve the name of each IP Address		TCP/UDP
epmap	Microsoft RPC (WMI, DCOM)	135	Windows Systems		TCP
ftp		21			TCP
hp-pdl-datastr	Printer PDL Data Stream	9100	HP Printers		TCP
http	HyperText Transfer Protocol	80	Web Servers	cmdb_ci_web_server	TCP
https	HyperText Transfer Protocol over Secure Socket	443	Secure Web Servers	cmdb_ci_web_server	TCP
IBM DB2		50000			TCP
IBM MQSeries		1414			TCP
IBM Web sphere SSL		9443			TCP
IBM Websphere		9080			TCP
IMAPS		993			TCP
LDAP		389			TCP
LDAPs		636			TCP
Microsoft netbios		139			TCP
Microsoft SQL server		1433			TCP
Microsoft-ds		445			TCP
ms-nb-ns		137			UDP
MySQL		3306			TCP
Nagios NRPE		5666			TCP
nfs		2049			TCP/UDP
Oracle TNS		1521			TCP
pip (Internet Print Protocol)	IP Phone/ Session Initiation Protocol	5060			TCP
POP3		110			TCP
postgresql		5432		cmdb_ci_database	TCP
printer	Printer	515	Printers		TCP
sip	SIP (Session Initiation Protocol)	5060			TCP
slp	Service Location Protocol (SLP)	427			TCP/UDP
smtp	TCP	25
smux (SNMP multiplexing)		199
snmp	Simple Network Management Protocol	161	Network Devices		UDP
snmptrap		162			UDP
ssh	Secure Shell Service	22	Unix Systems		TCP
sunrpc		111			TCP
telnet		23			TCP
TIBCO Rendezvous		7500			TCP
Tomcat HTTP		8080			TCP
vmapp6_https		9443			TCP
vmapp_https	vCenter Server Appliance Web Interface using https	5480			TCP
wbem_https	CIM-XML via HTTPS(WBEM)	5989	CIM Classification		TCP
wins	Windows Internet Name Service	137	NetBIOS Name Resolver		UDP

One Special PORT Needs for Windows WMI Discovery-- WMI discovery Start at Port 135 but later communications happened on higher ports and those also needs to be Opened.

49152-65535 for both TCP and UDP.

Regards

RP

Rahul Priyadars · ‎01-16-2024

@AJ-TechTrek & @Sandeep _1 I see both of you work for same company as per profile.

MS Teams CHAT can also be a quick help.

Regards

RP

Sandeep _ · ‎01-16-2024

Hi @Rahul Priyadars ,

I agree with you but I am working on a different project for which I cannot go to them again and again.

And ServiceNow has given a platform where we can put our questions and these questions and answers are not only for me, if anyone has any issue related to this topic then he will also get help.