Requirements for the ServiceNow Integration with BeyondTrust PRA
You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.
Outlined below are requirements for the BeyondTrust PRA and ServiceNow integration. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.
Base Integration Requirements
- ServiceNow instance with:
- Version Fuji or later
- A working Service Desk application
- BeyondTrust PRA Appliance (physical or virtual) with:
- Version 15.1 or later
- At least one usable access console
- Network firewall rules to allow:
- TCP 443 traffic from the BeyondTrust PRA Appliance to reach the appropriate ServiceNow instance
- TCP 443 traffic from the appropriate ServiceNow instance to reach the BeyondTrust PRA Appliance
- Optionally, ServiceNow MID Servers can be used for this integration. For more information on MID Servers, see docs.servicenow.com/bundle/jakarta-servicenow-platform/page/product/mid-server/concept/c_MIDServerConfiguration.html
Additional Integration Requirements
The PRA version of BeyondTrust's ServiceNow integration has some additional features which require that certain ServiceNow functions be operational in order to work correctly. If these functions are not set up or actively used, the integration can still be installed and the basic features will work, but the enterprise features will not be usable until the necessary ServiceNow functionality is implemented. This can be done after the initial installation of the integration update set(s), and the additional features should immediately be usable, assuming the appropriate setup steps were taken during the integration setup as described in this guide.
- A working ServiceNow configuration management database (CMDB)
- One or more ServiceNow Configuration Items on which BeyondTrust Jump Client services can be or have been installed
The CMDB is used to launch BeyondTrust sessions based on the hostname of the machine added to the Configuration Item field of an incident. If the CMDB is not populated with any available hosts, BeyondTrust Jump cannot be used to remotely access them through ServiceNow's interface. These hosts can be added after the initial setup without making any changes to the integration.
BeyondTrust's supported operating systems include all of the major modern versions of Microsoft, Apple, and Linux. One or more computers running one of these operating systems needs to be populated in ServiceNow's CMDB in order for BeyondTrust's Jump features to work through ServiceNow. As mentioned above, this can be done after initial installation of the integration.
It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and ServiceNow administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place.
- Log into a machine either external to the BeyondTrust Appliance's network or in the same VPN as the ServiceNow instance, depending on how ServiceNow is connecting to the appliance's network.
- Log into the BeyondTrust Appliance's /appliance interface.
- Browse to Support > Utilities :: TCP Connection Test.
- Enter the hostname of the ServiceNow instance, enter the port number of 443, and click Test. The result should be a Connected status message.
Do not enter the protocol of the ServiceNow instance (e.g., https://servicenow.example.com/). Instead, use the fully qualified domain name only (e.g., servicenow.example.com). In most environments, the BeyondTrust Appliance resides in a DMZ network and has a public DNS address which ServiceNow contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should contact ServiceNow about implementing a VPN connection to your internal network for ServiceNow. Please see docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/encryption/concept/c_SetUpAVPN4SNowBusNet.html.