Enabling OT Discovery component communications

  • Release version: Australia
  • Updated March 24, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Enabling OT Discovery component communications

    This guide explains how to configure communication between OT Discovery components within your ServiceNow environment. Proper connectivity ensures that data flows securely and efficiently among MID Servers, the ServiceNow instance, the Discovery Console for OT, Sensors, Collectors, and the Service Graph Connector (SGC).

    Show full answer Show less

    Key Communication Requirements

    • MID Server to ServiceNow instance: The MID Server transmits discovery data to ServiceNow. If the Discovery Console for OT has internet access, the MID Server may be optional.
    • Service Graph Connector (SGC): Must communicate with the MID Server, Console, and ServiceNow instance for data integration.
    • Console to MID Server: Deploy a dedicated MID Server per network or segment, with firewall rules enabling cross-network communication.
    • Console to Sensors, Collectors, MID Server, SGC, and ServiceNow: The Console acts as a central hub and must maintain communication with all these components.
    • Sensor to Console: Deploy a separate Console per network or segment. Sensors push OT asset data to the Console, which is then forwarded to ServiceNow via the SGC.
    • Sensor to OT Assets: Each Sensor should be deployed per network or segment, with firewall rules allowing communication with OT assets.
    • Collector to Console: Collectors communicate with the Console and OT assets to gather discovery data.

    Network Port Configuration

    Configuring network ports and firewall rules is critical to enable secure and reliable communication:

    • Management Console: Ports 8443 (HTTPS) for web interface and 5671 (AMQP) for Sensor communication are required inbound. Optional ports include 123 (NTP) for time sync and 22 (SSH) for setup support.
    • Sensors: Must send outbound AMQP traffic on port 5671 to the Console. Ports 443 (HTTP) and 22 (SSH) inbound are needed for setup support.
    • MID Server: Requires bidirectional HTTPS (port 443) communication with the ServiceNow instance.

    Ensure firewalls allow these port communications across network boundaries to maintain operational integrity.

    This section describes how the OT Discovery components should be connected so they can communicate with each other.

    Component communications

    When determining the environment architecture for your deployment, consider how the following OT Discovery components interact.
    • MID Server-to-ServiceNow instance:
      • The MID Server needs to communicate with the ServiceNow instance to push the information from Discovery Console for OT.
        Note:
        If the Discovery Console for OT can reach the internet, the MID Server might not be needed in your OT configuration.
      • This configuration and deployment is the same as with any other MID Server.
      • The Service Graph Connector (SGC) needs to communicate with the MID Server, the Console, and the ServiceNow instance.
    • Console-to-MID Server communication:
      • Deploy a separate MID Server for each network or network segment.
      • Configure firewall rules to enable communication across networks or network segment boundaries.
      • The Console needs to communicate with the Sensors, the Collectors, the MID Server, the SGC, and your ServiceNow instance.
      Figure 1. Network communication setup
      Network setup
    • Sensor-to-Console communication:
      • Deploy a separate Console for each network, network segment, or system.
      • Configure firewall rules to enable communication across networks or network segment boundaries.
      • The Discovery Sensor for OT needs to communicate with OT assets and with the Discovery Console for OT.
      • Discovery Sensor for OT data is pushed to the ServiceNow instance by the Service Graph Connector.
    • Sensor-to-asset communication:
      • Deploy a separate Sensor for each network, network segment, or system.
      • Configure firewall rules to enable communication across network, network segment, or system boundaries.
    • Discovery OT Collector-to-Console communication:
      • Discovery OT Collector needs to communicate with the Console.
      • The Collector communicates with the Console and with your system's assets.

    Network port map

    The following table describes how to set up network ports.

    Table 1. Network port map
    Source Destination Port Direction Destination Required/Optional Description
    Management Console 8443 (HTTPS) inbound Bi <-> Workstation Required Console web interface
    Management Console 5671 (AMQP) inbound Uni <- Sensor Required Communications from Sensors to Console
    Management Console 123 (NTP) inbound Uni <- Time Server /Esxi Host Optional Clock synchronization, Not needed it time server or hypervisor will provide time.
    Management Console 8443 API Uni <- MID Server Required Import data from Management Console via the APIs.
    Management Console 22 (SSH) inbound <- Host Setup Computer Optional (setup) Additional support during deployment
    Sensor 5671 (AMQP) outbound Uni <- Management Console Required Communications from Sensors to Console
    Sensor 443 (HTTP) inbound <- Host Setup Computer Required Additional support during deployment
    Sensor 22 (SSH) inbound <- Host Setup Computer Required Additional support during deployment
    MID Server 443 Bi <-> NOW instance /Web Required Communications from the MID Server to the NOW fabric internet facing.