Why do we use MID server? Purpose of using MID Server?

Go to solution
IamAmolB
Tera Guru

‎04-27-2016 12:12 AM

What is the exact need of MID server except discovery?
Is there any need of MID server while integrating with any tool?

0 Helpfuls
  • 17,374 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage
In response to Ashutosh Munot1

‎04-27-2016 01:47 AM

Here goes a complete list of options (from the wiki) of how the LDAP integration could be setup:



LDAP typically uses one of these types of communication channels: 

  •  A MID Server connection communicates over HTTP on port 80 by default. This communication channel does not require a certificate. The connection between the MID Server and the instance is over HTTPS (port 443). You can use the MID Server to import data over LDAP, but you cannot use the MID Server for LDAP authentication. Proceed to Define the LDAP Server. 
  •  A standard LDAP integration communicates over TCP on port 389 by default. This communication channel does not require a certificate. Proceed to Define the LDAP Server. 
  •  An SSL-encrypted LDAP integration (LDAPS) communicates over TCP on port 636 by default, This communication channel requires a certificate. Proceed to Upload the X.509 Certificate to obtain and upload the certificate. 
  •  A VPN connection communicates over an IPSEC tunnel. Purchase or create an IPSEC tunnel on your local network. Proceed to Define the LDAP Server. 
A MID server initiates one connection to an LDAP server via port 398, then initiates an encrypted HTTPS connection to an instance via port 443 to push data to the instance. When using a MID server, the instance does not make the connection to the LDAP server. The MID server does. 

The instance can also connect to the LDAP server directly, using LDAP or LDAPS, either over the internet or through a VPN tunnel. 

For more information about VPNs, Mid Servers, and LDAP, see You Don't Need A VPN Part II on the ServiceNow Community.

I hope this helps.



Thanks,


Berny


View solution in original post

0 Helpfuls
15 REPLIES 15

Go to solution
bernyalvarado
Mega Sage
In response to skylarbarth

‎07-28-2017 10:48 AM

Hi Skylar,



That's not quite like that. First there's multiple types of SSO available and also multiple types of LDAP configurations. Ultimately, users always have the option to use side_door to log into their instance using their instance credentials.



Thanks,


Berny


0 Helpfuls

Go to solution
skylarbarth
Kilo Expert
In response to bernyalvarado

‎07-28-2017 11:08 AM

So then why not just use.



  • A standard LDAP integration communicates over TCP on port 389 by default. This communication channel does not require a certificate. Proceed to Define the LDAP Server.


I am standing up a system and trying to decide what/why we would bother with a MID server, all users will be internal IT, and they will be located within/on our network.


So we just want to be able to connect to our AD and pull in the users / groups. And this is ... assumingly ... from the docs/wiki ... done via LDAP server integration -


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to skylarbarth

‎07-28-2017 11:26 AM

Hi Skylar,



A MID Server goes beyond LDAP. A MID Server is used to enable ServiceNow to execute some functions within your corporate network in a secure way. This is possible thanks to the way how the MID Server communicates to ServiceNow to pull work.



Some of the main uses for the MID Server are:


- Discovery


- ServiceMapping


- Orchestration


- Web Services



The MID Service will allow these modules to interact with systems/networks within your corporate network.



Thanks,


Berny


Go to solution
skylarbarth
Kilo Expert
In response to bernyalvarado

‎07-28-2017 11:30 AM

But if the LDAP is in your network.


And SN instance is ... hosted? so it's no in our network ... but ... we are ...? then ... is it not secure?



If we are not using discovery then ...



The other things are just high level and don't mean anything to me.



I'm curious about populating users within the tool.


How can I get my IT users into SN without manually making 100+ user accounts.


Can I pull them in from the AD structure we have now.


Create the accounts and assign them to groups.


Then go in and assign roles to groups - so on so forth.


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to skylarbarth

‎07-28-2017 11:42 AM

Hi Skylar,



I'm not sure I understand the first part of your question (if it's a question )



In regards "populating users within the tool",



Indeed, you can populate your users automatically using LDAP. It works based on OU definitions the ones can pull from the different AD structures you're interested on. You can also include filters so that you only pull the AD records you're interested on. Same occurs with group assignments, the individuals can automatically be assigned to groups these are member of in AD. In few words, all what describe can be done.



Thanks,


Berny


0 Helpfuls