Configuring MID Servers

Release version: Yokohama

Updated January 30, 2025

4 minutes to read

Summarize

Summarized using AI

Summary of Configuring MID Servers

After installing and validating MID Servers, it is essential to ensure they have adequate system resources, can probe intended targets, and communicate properly with your ServiceNow instance. Configuration involves setting selection criteria, creating clusters for load balancing and failover, and implementing domain separation to protect data. Changes require a MID Server restart to take effect. Configuration controls can be applied individually or across all MID Servers in your environment.

Show full answer Show less

Selection and Assignment

MID Servers are selected based on three key criteria:

Applications: Assign MID Servers to specific applications like Discovery or Orchestration.
IP Address or Range: Restrict MID Servers to operate within certain IP ranges.
Capabilities: Define specific functions that MID Servers can perform, restricting applications to MID Servers with required capabilities.

Additional configurations include automatic IP range assignment, mapping host DNS names to IP addresses for resource management, and configuring MID Servers as WinRM trusted hosts for Discovery and Service Mapping.

Security and Permissions

Windows MID Servers enforce file permission restrictions to enhance security by limiting access to only necessary files, preventing compromised accounts from unauthorized access.

Clusters and Load Balancing

MID Server clusters enable load balancing and failover protection by grouping MID Servers that support each other. Workload is distributed automatically among cluster members, and failover order is configured for seamless recovery in case of server failure.

You can configure the number of threads a MID Server uses to optimize performance based on hardware capacity and other applications.

Domain Separation

Domain separation restricts MID Servers’ access to records and credentials based on their domain, as defined in the MID Server’s configuration file. This ensures MID Servers only use policies and credentials applicable to their assigned domains, enhancing data security and governance.

File Synchronization and Credential-less Discovery

You can synchronize JAR files from the instance to all connected MID Servers, enforcing domain-specific usage policies.

MID Servers used for credential-less Discovery require installation of the Network Mapper (Nmap) tool on Windows hosts. With proper capabilities, these MID Servers can gather basic configuration item information even without authentication.

MID Server Extensions

vCenter Event Collector: Listens to vCenter server events and updates the CMDB accordingly, reducing the need for full vCenter Discovery runs and enabling efficient virtual machine state tracking.
SNMP Trap Collector: Captures SNMP traps from network devices and forwards them to the instance for Event Management processing. Without Event Management, traps are discarded.

After installing and validating your MID Servers, ensure that they have access to sufficient system resources, probe the proper targets, and communicate with the instance as expected. Configure MID Server selection criteria, create clusters for failover protection, and set up MID Servers in different domains to protect data.

Some of these configuration procedures rely on data found in the MID Server references home page. See that page for links to the parameters, properties, and privileged commands you need to fine tune the behavior of your MID Servers. You can apply controls to individual MID Servers or to all the MID Servers in your environment. Remember to restart the MID Server after any configuration change for those changes to take effect.

MID Server selection

MID Servers are selected for use based on three criteria: applications, IP address or range, and capabilities. You can designate specific applications for a given MID Server, such as Discovery or Orchestration. You can specify an IP address or a range that a MID Server is allowed to work within. Some applications require specific capabilities, and so are restricted to MID Servers with those capabilities.

MID Server selection: Configure the way your instance selects a MID Server, either by application, IP address ranges, network capability, or behavior.
MID Server capabilities: Create capabilities that define the specific functions of a MID Server within an IP address range.
MID Server IP range auto-assignment: Configure the system to automatically assign a qualified MID Server to a subnet by that subnet's IP address range.
Map an IP address to a DNS name: Map host server DNS names to IP addresses if your MID Server manages resources within defined IP ranges.
Configure MID Server as WinRM trusted host: Add servers, which are part of WinRM, as trusted hosts on all MID Servers that Discovery or Service Mapping use for discovery.
File permission enforcement for Windows MID Servers: To improve security, Windows MID Servers will enforce Windows file permission restrictions. This will prevent compromised accounts from accessing unauthorized files by restricting their permissions to the minimum necessary for their role.

MID Server clusters

MID Server clusters are groups of MID Servers which provide support to each other in the forms of load balancing and fail-over protection. Work sent to a MID Server that is part of a cluster is automatically balanced between all the MID Servers in that cluster. MID Servers in a fail-over cluster each have a configured order that the platform uses to determine which MID Server to use next in case of failure.

Create a MID Server cluster: Create a MID Server cluster for load balancing and fail-over protection.
Set thread use: Set the number of threads your MID Server uses for the desired MID Server speed, based on hardware capabilities and competing applications running on the host.

Domain separation

Domain separation segregates MID Servers based on the records they can access. The credentials configured in a MID Server's config.xml file determine which records that MID Server can read, update, or create. You can specify MID Server policy records that only MID Servers from the same domain can use.

MID Server domain separation: Set up your MID Servers in different domains to restrict the records and credentials that a MID Server can access.
Synchronize a JAR file to MID Servers: Upload a JAR file to an instance and synchronize it to all MID Servers connected to that instance. Use JAR file synchronization to create policies that only a MID Server from the same domain can use.

MID Servers used for credential-less Discovery

MID Servers that are used for credential-less Discovery require special configuration to run Network Mapper (Nmap) commands on target computers.

Install and uninstall Nmap on a MID Server

You must install Nmap on each MID Server running on a Windows host. When given the proper capability, those MID Servers can discover some basic information about CIs in your network if normal authentication fails.

MID Server extensions

vCenter event collector: The vCenter event collector listens for vCenter-related events and updates the CMDB accordingly. The event collector allows the CMDB to be updated with changes to virtual machines (VMs), in addition to the updates detected by Discovery. A change to a VM is sent as an event from the vCenter server to the vCenter event collector. When an event is received, the CMDB is updated accordingly. Full vCenter Discovery does not need to rerun. For some events, such as powered on and powered off events, Discovery does not need to run again at all. For most events, Discovery runs only on the necessary vCenter resource.
SNMP trap collector extension: The SNMP trap collector is a MID Server extension that listens for SNMP traps from the devices on your network. Upon receiving a trap, the MID Server sends the trap to the instance for further processing by Event Management. If Event Management is not active, traps are not processed and are discarded by the instance.