MID Server - A walkthrough - Part 1

Anish Reghu
Kilo Sage
Kilo Sage

‎04-22-2022 12:10 AM - edited ‎06-29-2025 10:38 AM

To begin with, MID Server is not a hardware, it is just a piece of software!

There is no additional charge for MID server. Services utilizing it like Discovery, etc. of course incurs a charge..

Now, with those two element of doubts cleared, let's begin...

The Management, Instrumentation, and Discovery (MID) Server is a Java application
that runs as a Windows service or UNIX daemon on a server in your local network. The
ServiceNow® MID Server enables communication and the movement of data between
a ServiceNow instance and external applications, data sources, and services.

Since it is a Java program, it runs on any server and is cross-platform. The only difference is the version of Java that's included in the program.

MID Server uses the standard Java Service Wrapper, which makes it possible for any Java application to run itself as a Windows service or Unix daemon.

 

Some pointers:

  • ServiceNow interacts with external systems and applications.
  • These applications could be either hosted in the enterprise local network or in the public cloud.
  • Applications in ServiceNow such as Operational intelligence and Discovery interact with these systems.
  • ServiceNow which serves as a aPaas platform, since can host the data on it's own platform provides functionality like Import Sets to first import the data.
  • The data is imported from these external systems in Excel, XML, other formats.
  • While data can be imported, ServiceNow also can integrate or talk to applications hosted in external environment like LDAP and Microsoft SCCM and read/sync the data.
  • When ServiceNow is to access such systems, it does it via MID Server.

MID Server, once again:

 

  1. is a Java application.
  2. Runs as a Windows service or a UNIX daemon. (service or daemon both mean background process)
  3. and it runs on the enterprise's network.

 

Features of a MID Server in ServiceNow:

 

  1. Can have more than one MID server - to handle larger networks, segmented networks or heavier traffic (numerous queries to applications using MID server - allocate MID servers for a certain type of queries to specific applications instead of routing all of them through one single MID server).
  2. MID server establishes communication between external systems and ServiceNow applications.
  3. MID Servers can be configured with the specific applications they support like Service Mapping and Orchestration. This way you can break down the requests through multiple MID servers.
  4. MID Servers can also be configured on the capabilities that they can perform like VMware, REST, Resolve DNS, etc. This again enables further routing of matching requests through appropriate MID server.
  5. The MID Server automatically upgrades itself when the Service-now instance upgrades itself.
  6. THE MID Server constantly monitors for activity.
  7. The MID server acts as an intermediary:
    • which receives the request from multiple sources and sends those requests to the applications using it.
    • and also sends the requests from the ServiceNow applications to those external systems.
    • An example that could be cited here is the Discovery probe. The probe since is a query to the external system, by design reaches the MID Server first, which does the job of routing the request to the intended external system, waits for the response, fetches it and sends it back to the source from where the probe originated.

Note - Discovery in ServiceNow is used to discover the entire IT infrastructure, creating an accurate and up-to-date record in the ServiceNow CMDB. It discovers both physical and logical components.

 

 

find_real_file.png

         FigureHow Discovery works using a MID Server?

 

Security:

 

  1. The MID Server uses a 128-bit TLS security protocol to avoid tampering of the data being exchanged.
    • TLS uses Digital certificates for authentication. Digital certificates are electronic documents that show the link between an individual or entity and their public key. This link is validated by a certificate authority (CA), which is a trusted organization that verifies that the two are actually related, then uses its own reputation to grant trust to the certificate.
  2. MID Server communicates to the ServiceNow instance often over a firewall.
  3. An added security is that communication between the MID Server and the instance is always initiated by the MID Server, never by the instance (avoids higher risk inbound access through corporate firewall)
  4. the MID Server performs x.509 certificate validation on HTTPS traffic when connecting to ServiceNow®. If a network appliance or proxy exists between the MID Server and the instance, that appliance needs to present a digital certificate signed by a trusted CA.
  5.  If you are using a self-signed certificate or a certificate signed by an internal CA, please import the certificate to the MID Server trust store. 

MID Server system requirements:

  • Windows
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
  • Linux
    • Linux Red Hat 6 and above
    • Ubuntu 1404 (Ubuntu 14) and above
    • CentOS 6 and above

NoteServiceNow no longer supports new installations of 32-bit MID Servers. Following OS is no more supported:

  • CentOS 6
  • Windows server 2008
  • Windows server 2008 R2
  • Windows 8
  • Windows 10

MID Servers can be manually installed to any operating system with the ZIP file, however Windows 10 is unsupported. Unsupported MID Servers auto-upgrading to Rome create an issue record in MID Server Issues (ecc_agent_issue).

 

OSCP connectivity

  • The TLS certificates are to be validated if they are still validated or revoked.
  • When does a certificate gets revoked?
    • If it has expired (all certificates come with an expiry date) or
    • if the private key associated with the certificate has been compromised 
    • for e.g. private key shared by admins on GitHub.
  • CA is the certificate issuing authority as mentioned earlier.
  • MID server is the client here.
  • An OCSP responder is a server operated by CA.
  • MID server sends a request to the OSCP responder. (Client request to server)
  • The response from the OSCP responder to the MID server tells whether the certificate is valid or revoked.
  • Note - it is a MUST that the website certificate should be always validated by the client i.e. here the MID server.
  • So, that derives the FIRST reason why a MID server connection could fail - revocation status of a certificate is not validated.
  • Note - Firewall or proxy could also block the OSCP traffic.
    • Firewall - Ensure it is allowed (by doing a allow-list the FQDNs of the OSCP servers) to troubleshoot connectivity issues.
    • Web filter or proxy - Reset 'mid.security.validation.endpoints' to blank. (suggested as a workaround)
      • MID server will not validate any TLS  connections.
      • Issues warning on the MID issue table
      • This leaves the MID server vulnerable.
      • After issues with the firewall or proxy is resolved the property should be reset to '*.servicenow.com'

MID server access:

The MID server must have access to the following to complete the validation of the certificates:

    • servicenow.com
    • install.service-now.com
    • ocsp.entrust.net (or other OCSP CA)

The OSCP validation

 

OCSP runs over HTTP and it should return a response with "certStatus = good" on capturing the network traffic. The network team who can do the network traffic capture can observe this with tools like Wireshark.

 

Other requirements

 

find_real_file.png

 

Deployment of MID Server:

 

Deployment of MID Servers could be of two types:

 

Standard deployments

 

Following ServiceNow applications share the same minimum disk space and memory requirements and hence called Standard deployments.

  • Discovery
  • Event Management
  • Integrations
  • Orchestration
  • Service Mapping

High resource deployment

 

There are applications processing intensive and require more resources for each MID Server than the standard products.

E.g. Cloud Management Platform (CMP) and Operational Intelligence

Install MID Servers for these products on dedicated hosts that do not support MID Servers for other products.

 

 

MID Server Dashboard

 

find_real_file.png

 

Navigation: MID Server > Dashboard

 

The default dashboard looks like the below:

 

find_real_file.png

 

So, the MID Server dashboard tells about the status of the application, if running or facing issues, if there are issues, then the details of it. In short, this helps track the performance of MID Server(s) in active state.

 

In the next thread, we would talk about - the ECC queue which is where a MID Server picks it 'tasks to do' from and some more details specific to MID Server application. Until then...

 

 

Cheers,

Anish Reghu

Liked the article? please bookmark for future reference.

Hit the Like button, if you find the interpretation useful.

Labels:
Preview file
211 KB
Preview file
44 KB
Preview file
222 KB
Preview file
25 KB
Preview file
66 KB
Preview file
47 KB
Preview file
22 KB
  • 2,995 Views
Comments
Hardik Benani
Mega Sage
Mega Sage
‎04-23-2022 04:03 PM

Great article Anish.

Anish Reghu
Kilo Sage
Kilo Sage
‎04-23-2022 07:09 PM
Thank you Hardik...
0 Helpfuls
Version history
Last update:
‎06-29-2025 10:38 AM
Updated by:
Kilo Sage
Contributors