MID Server configuration for Service Mapping

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of MID Server configuration for Service Mapping

    The Management, Instrumentation, and Discovery (MID) Server is a Java application that runs as a Windows service or UNIX daemon within your enterprise private network. It enables communication between your network servers and ServiceNow applications such as Service Mapping and Discovery. Proper configuration of MID Servers is essential for effective Service Mapping operations, ensuring accurate discovery and mapping of configuration items (CIs) that comprise service instances.

    Show full answer Show less

    Key Features

    • MID Server Selection Criteria: Service Mapping selects the most appropriate MID Server for discovery based on three main criteria:
      • Application: Assign MID Servers specifically to Service Mapping or allow all applications to use them.
      • Capability: Define network capabilities such as SSH, WMI, SNMP, and Cloud Provisioning. Service Mapping requires these to be set to ALL or appropriate combinations.
      • IP Range: Restrict MID Server operation to specific IP address ranges to ensure discovery requests are handled correctly.
    • Default MID Server: You can configure a default MID Server that Service Mapping uses if no MID Servers match the selection criteria, improving discovery reliability in upgraded deployments.
    • PowerShell Integration: MID Servers can use PowerShell Remoting (WinRM) or WMI protocols to communicate with Windows servers, supporting PowerShell versions 3.0 through 5.1. This enhances discovery capabilities for Windows environments.
    • Credential-less Discovery with Nmap: When credentials are insufficient, MID Servers can run Nmap commands to collect basic device information without credentials, requiring additional Nmap installation and configuration.
    • Placement of MID Servers: Placement depends on organizational needs:
      • Inside private networks for internal device and application mapping.
      • In both DMZ and private networks for mapping devices in demilitarized zones.
      • In domain-separated environments, MID Servers must be deployed in the lowest (leaf) domain level.
    • MID Server Selection Algorithm: Service Mapping supports both new and legacy algorithms for selecting MID Servers, with legacy algorithms used in deployments upgraded from Istanbul or earlier. Organizations can choose the preferred algorithm based on operational requirements.
    • Language Setting Note: When Service Mapping and a language plugin are activated, ensure the MID Server user record language is set to English or None to avoid issues.

    Key Outcomes

    • Ensuring MID Servers are properly configured with the correct application, capability, and IP range settings enables Service Mapping to select the best MID Server for discovery tasks, improving accuracy and efficiency.
    • Using a default MID Server supports continuity in discovery processes, especially in upgraded environments where MID Server selection criteria may not always match discovery requests.
    • Leveraging PowerShell and credential-less Nmap options enhances discovery flexibility, allowing for broader coverage across different server types and security contexts.
    • Strategic placement of MID Servers within network segments and domain hierarchies ensures comprehensive and secure discovery of devices and applications.
    • Choosing the appropriate MID Server selection algorithm allows organizations to balance between legacy compatibility and newer, optimized discovery workflows.

    Configure Service Mapping and MID Servers to work together.

    What is the MID Server

    The Management, Instrumentation, and Discovery (MID) Server is a Java application that runs as a Windows service or UNIX daemon on a server. MID Servers, which are located in the enterprise private network, facilitate communication between servers on the network and some ServiceNow applications, such as Service Mapping, and Discovery.

    Note:
    If the Service Mapping (com.sn_itom_pattern) plugin is activated on the instance and a language plugin (for example, Spanish) is also activated, make sure that the MID Server language is also set to English/None on the user record.

    MID Server selection criteria

    Most environments require multiple MID Servers, with Service Mapping using the relevant MID Server for discovery. MID Servers have the following selection criteria that Service Mapping can use to choose the relevant MID Server:
    • Application — defines what application a MID Server works with. Set it to Service Mapping to reserve this MID Server exclusively to Service Mapping discovery requests. Alternatively, set it to ALL to allow any ServiceNow application to use this MID Server.

    • Capability — defines the network capability. For Service Mapping, set this parameter to ALL or any combination of SSH, WMI, SNMP, and Cloud Provisioning and Governance . See Configure MID Server capabilities.

    • IP range — limits operation of this MID Server to this IP range. Service Mapping does not choose this MID Server for a discovery request whose endpoint is outside this IP range. See Configure an IP address range for the MID Server.
      Note:
      For information on how to bypass MID Server configuration based on IP range, see Fine-tune Service Mapping with MID affinity and IP reuse.
    Service Mapping selects a MID Server using the following algorithm:
    • Service Mapping chooses the MID Server whose selection criteria best match the parameters of the discovery request.
    • If there are no MID Servers with matching selection criteria, Service Mapping chooses the default MID Server.
    • If there are no MID Servers with matching selection criteria or default MID Server, Service Mapping cannot start the discovery process.

    While by default Service Mapping uses this algorithm in all deployments upgraded from Istanbul or Jakarta, it can support both new and legacy algorithms for selecting a MID Server. For more information, see Choose MID Server selection algorithm.

    Default MID Servers for Service Mapping

    In addition to selection criteria, you can configure one of the MID Servers as the default server that Service Mapping uses. If there are no MID Servers with matching application, capability, or IP range, Service Mapping uses the default MID Server. See Configure a default MID Server for each application.

    Using PowerShell for discovery

    MID Servers can use PowerShell to directly communicate with Windows servers using both WMI and WinRM protocols. For Windows services using the WinRM protocol, the PowerShell process establishes a secure PSSession (PowerShell Remoting session) that stays open until the MID Server finishes querying a Windows server. For Windows servers using the WMI protocol, the PowerShell process sends every PowerShell command with credentials.

    If you do not configure MID Servers to use PowerShell and PowerShell Remoting, MID Servers use WMI.

    ServiceNow now supports PowerShell 3.0 up to 5.1.

    MID Server credential-less discovery with Nmap

    If the MID Server does not have sufficient credentials to access a device or application, it can run Network Mapper (Nmap) commands to collect basic information without using credentials. Credential-less discovery with Nmap requires additional configuration as described in Install and uninstall Nmap on a MID Server.

    ServiceNow applications refer to devices and applications that comprise a service instance as configuration items (CIs).

    Placing MID Servers

    The number of MID Servers that you require and where you place them depends on your organization needs. If you want to map devices and applications inside your private network, place the MID Servers inside the private network. If you want to map devices and applications located in the DMZ, place the MID Servers both in the DMZ and inside the private network.

    Figure 1. Placing MID Servers inside private network

    Placing MID Servers inside private network
    In deployments where domain separation is enabled and domains are configured to form a hierarchy, MID Servers must be placed in the lowest domain level, a "leaf domain".
    Figure 2. Placement of MID Servers in domain-seprated environments

    Placing MID Servers to support domain separation

    Once MID Servers MID Servers are installed, configure them to work with Service Mapping for the best discovery results.