- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 09:33 AM - edited 12-18-2024 09:22 PM
In one of the Discovery doc by ServiceNow, this statement is written:
"Assure you use a separate user account for each MID Server or share the same account across multiple MID Servers."
What exactly it means? I have heard many people saying to use separate mid server user account for each mid server,
but what does the later part in above statement mean - share the same account across multiple MID Servers? - isnt this an issue to share same account for multiple MIDs?
What is ServiceNow trying to say, I am confused 🙂
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 10:07 PM
Hi @Suggy ,
Separate User Account for Each MID Server
- Granular Control: Each MID Server can be managed and audited individually. Permissions, activity logs, and credentials are tied to a single MID Server.
- Security: If one account is compromised, only the associated MID Server is affected.
- Ease of Troubleshooting: Clear distinction in logs about which MID Server performed which task.
- Best Practice: This is the recommended approach in most environments.
Shared User Account Across Multiple MID Servers
- Why It Might Be Used:
- Simplified Management: Only one user account needs to be created, configured, and maintained, reducing administrative overhead.
- Legacy Configurations: Some organizations might use this approach due to historical setups or because they prioritize simplicity over security.
- Homogeneous Environment: In smaller or less complex environments, this might seem like an acceptable tradeoff.
- Potential Issues:
- Audit Complexity: It becomes challenging to identify which MID Server performed a specific task since all share the same account.
- Security Risks: If the shared account is compromised, all MID Servers that use it are at risk.
- Configuration Dependencies: Shared credentials mean any changes to the user account (e.g., password updates or access modifications) affect all MID Servers relying on it, potentially leading to widespread disruptions.
In most scenarios, sharing accounts across MID Servers is not recommended because of the security and audit concerns outlined above.
-------------------------------------------------------------------------
If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.
Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay
-------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 09:44 PM
It refers to 'using same service account' for your MID servers. This can depend on how you and Infra team want to setup. I have seen in many cases where multiple service accounts are not provided and hence only single account is used for all MID servers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 10:07 PM
Hi @Suggy ,
Separate User Account for Each MID Server
- Granular Control: Each MID Server can be managed and audited individually. Permissions, activity logs, and credentials are tied to a single MID Server.
- Security: If one account is compromised, only the associated MID Server is affected.
- Ease of Troubleshooting: Clear distinction in logs about which MID Server performed which task.
- Best Practice: This is the recommended approach in most environments.
Shared User Account Across Multiple MID Servers
- Why It Might Be Used:
- Simplified Management: Only one user account needs to be created, configured, and maintained, reducing administrative overhead.
- Legacy Configurations: Some organizations might use this approach due to historical setups or because they prioritize simplicity over security.
- Homogeneous Environment: In smaller or less complex environments, this might seem like an acceptable tradeoff.
- Potential Issues:
- Audit Complexity: It becomes challenging to identify which MID Server performed a specific task since all share the same account.
- Security Risks: If the shared account is compromised, all MID Servers that use it are at risk.
- Configuration Dependencies: Shared credentials mean any changes to the user account (e.g., password updates or access modifications) affect all MID Servers relying on it, potentially leading to widespread disruptions.
In most scenarios, sharing accounts across MID Servers is not recommended because of the security and audit concerns outlined above.
-------------------------------------------------------------------------
If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.
Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay
-------------------------------------------------------------------------
