Requirements for the ServiceNow Integration with BeyondTrust PRA

 

You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust's Sales team.

Outlined below are requirements for the BeyondTrust PRA and ServiceNow integration. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.

Review Base Integration Requirements

Base requirements are a current version of a ServiceNow release with a working Service Desk application, and a current BeyondTrust Appliance B Series (physical or virtual) with at least one usable access console.

To configure network firewall rules for this integration, do the following:

  • Allow TCP 443 traffic from the B Series Appliance to the appropriate ServiceNow instance.
  • Allow TCP 443 traffic from the appropriate ServiceNow instance to the B Series Appliance.
  • Optionally, use ServiceNow MID Servers for this integration.

For more information on MID Servers, please see ServiceNow MID Server.

Review Additional Integration Requirements

The PRA version of BeyondTrust's ServiceNow integration has additional features which require that certain ServiceNow functions be operational in order to work correctly. If these functions are not set up or actively used, the integration can still be installed and the basic features work, but the enterprise features are not usable until the necessary ServiceNow functionality has been implemented. This can be done after the initial installation of the integration update set(s). The additional features should immediately be usable, assuming the appropriate setup steps are taken during the integration setup as described in this guide.

To successfully integrate theBeyondTrust services with ServiceNow, the following requirements must also be met and reviewed:

  • A working ServiceNow configuration management database (CMDB)
  • One or more ServiceNow configuration items on which BeyondTrust Jump Client services can be or have been installed

The CMDB is used to launch BeyondTrust sessions based on the hostname of the machine added to the configuration item field of an incident. If the CMDB is not populated with any available hosts, BeyondTrust Jump cannot be used to remotely access them through ServiceNow's interface. These hosts can be added after the initial setup without making any changes to the integration.

BeyondTrust's supported operating systems include all of the major modern versions of Microsoft, Apple, and Linux. One or more computers running one of these operating systems needs to be populated in ServiceNow's CMDB in order for BeyondTrust's Jump features to work through ServiceNow. As mentioned above, this can be done after initial installation of the integration.

Test the Firewall

It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and ServiceNow administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place.

  1. Log into a machine either external to the B Series Appliance's network or in the same VPN as the ServiceNow instance, depending on how ServiceNow is connecting to the B Series Appliance's network.
  2. Log into the B Series Appliance's /appliance interface.
  3. Browse to Support > Utilities :: TCP Connection Test.
  4. Enter the hostname of the ServiceNow instance, enter the port number of 443, and then click Test. A successful result is a Connected status message.

Do not enter the protocol when entering the ServiceNow instance, for example https://servicenow.example.com/. Instead, use the fully qualified domain name only, for example servicenow.example.com. In most environments, the BeyondTrust Appliance B Series resides in a DMZ network and has a public DNS address which ServiceNow contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, contact ServiceNow about implementing a VPN connection to your internal network for ServiceNow. For more information, please see Virtual Private Network (VPN).