- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2024 07:23 PM
What is the best suggestion to install MID in the client network. Is it behind the firewall or outside the firewall? If there is a firewall between MID server and target host, what ports should be open for Discovery?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2024 06:10 AM
Hi @Sandeep _1
(1) If Interfacing INFRA is On Prem -- Place Mid Server at On Prem and in Closet or Same VLAN.
(2) If Interfacing INFRA is on some cloud -- Place Mid Server at On same cloud and in Closet or Same network.
Purpose here is to make sure less network hops for packets which will boost the performance.
Details are below.
Best practice around MID Server host selection
The MID server host is the foundation to which your discoveries will be executed from and should be the only task that this host should provide within your environment or environments. As of the Istanbul of Service Now
Best practice around MID Server host selection
- Virtual Host
- 8Gb RAM
- 40Gb Disk Allocation
- Multi Core/CPU share
- Ensure that the virtual environment has capacity to provide for allocation
- Operating System
- Current Windows Server OS (64 bit)
- Provisioned to customers local policies around patches and security
- Network
- 100MB or greater connection
- External internet access on port 443 to your service-now instance
- All ports and protocol access to targets within your environment
It’s all about location
MIDServer host placement is key to any successful discovery deployment. The best practice is summed up in a simple statement. Place your MIDServers as close to the targets that has the most available bandwidth between it and what you are looking to discover. Deploying a MIDServers in Kansas to discover your Datacenter in Singapore is not the best idea. By keeping your MIDServer close to targets helps you get the most out of the local resources.
Items to consider around MIDServer placement include
- Available bandwidth
- Geographic location
- IP access to targets (DMZs)
How many?
There are three simple rules to determining how many midservers you will need to deploy.
- The number of targets you are looking to discover and how often you want to discover them
- You want to have midservers at minimum the continent level when looking at a global deployment
- Being that the mid communicates outbound only it’s a best practice to place midservers inside secure zones other than opening up many security rules to allow access.
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thanks
AJ
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2024 08:35 PM - edited 01-15-2024 08:36 PM
Hi Sandeep
Long Story Short ...Since Mid Server Needs Internet so i would place my Mid Server in DMZ of My N/W. Many times when you place Mid Server with InterNet Enabled Security team do not like it or Approve it 😞 .
From DMZ to Actual Infrastructure - :Ports needs to be Opened based on Source IP (Mid Server Here) for . Since discovery touches many kind of Infrastructure so here is the comprehensive list here from Discovery Stand point.
This list is Super set and you may need less ports opened based on Discovery needs.
| Name | Service name | Port | Details | Creates | Protocol |
|---|---|---|---|---|---|
| afp | Apple File Protocol | 548 | TCP | ||
| BEA Weblogic | 7001 | cmdb_ci_app_server | TCP | ||
| dns | Domain Name Service | 53 | To resolve the name of each IP Address | TCP/UDP | |
| epmap | Microsoft RPC (WMI, DCOM) | 135 | Windows Systems | TCP | |
| ftp | 21 | TCP | |||
| hp-pdl-datastr | Printer PDL Data Stream | 9100 | HP Printers | TCP | |
| http | HyperText Transfer Protocol | 80 | Web Servers | cmdb_ci_web_server | TCP |
| https | HyperText Transfer Protocol over Secure Socket | 443 | Secure Web Servers | cmdb_ci_web_server | TCP |
| IBM DB2 | 50000 | TCP | |||
| IBM MQSeries | 1414 | TCP | |||
| IBM Web sphere SSL | 9443 | TCP | |||
| IBM Websphere | 9080 | TCP | |||
| IMAPS | 993 | TCP | |||
| LDAP | 389 | TCP | |||
| LDAPs | 636 | TCP | |||
| Microsoft netbios | 139 | TCP | |||
| Microsoft SQL server | 1433 | TCP | |||
| Microsoft-ds | 445 | TCP | |||
| ms-nb-ns | 137 | UDP | |||
| MySQL | 3306 | TCP | |||
| Nagios NRPE | 5666 | TCP | |||
| nfs | 2049 | TCP/UDP | |||
| Oracle TNS | 1521 | TCP | |||
| pip (Internet Print Protocol) | IP Phone/ Session Initiation Protocol | 5060 | TCP | ||
| POP3 | 110 | TCP | |||
| postgresql | 5432 | cmdb_ci_database | TCP | ||
| printer | Printer | 515 | Printers | TCP | |
| sip | SIP (Session Initiation Protocol) | 5060 | TCP | ||
| slp | Service Location Protocol (SLP) | 427 | TCP/UDP | ||
| smtp | TCP | 25 | |||
| smux (SNMP multiplexing) | 199 | ||||
| snmp | Simple Network Management Protocol | 161 | Network Devices | UDP | |
| snmptrap | 162 | UDP | |||
| ssh | Secure Shell Service | 22 | Unix Systems | TCP | |
| sunrpc | 111 | TCP | |||
| telnet | 23 | TCP | |||
| TIBCO Rendezvous | 7500 | TCP | |||
| Tomcat HTTP | 8080 | TCP | |||
| vmapp6_https | 9443 | TCP | |||
| vmapp_https | vCenter Server Appliance Web Interface using https | 5480 | TCP | ||
| wbem_https | CIM-XML via HTTPS(WBEM) | 5989 | CIM Classification | TCP | |
| wins | Windows Internet Name Service | 137 | NetBIOS Name Resolver | UDP |
One Special PORT Needs for Windows WMI Discovery-- WMI discovery Start at Port 135 but later communications happened on higher ports and those also needs to be Opened.
49152-65535 for both TCP and UDP.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2024 07:13 PM
I understand all what you mean and what community is used for :-).
Pattern Decoded :-0
Regards
RP
