Requirements for the ServiceNow Basic Integration with BeyondTrust
Outlined below are requirements for the basic version of the BeyondTrust ServiceNow integration. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.
Base Integration Requirements
- ServiceNow instance with:
- Version Fuji or later
- A working Service Desk application
- A working email configuration
- Secure Remote Access Appliance (physical or virtual) with:
- Version 14.2.1 or later
- At least one usable representative console which can generate session keys
- A working BeyondTrust public site through which users can connect to representatives
- Network firewall rules to allow:
- TCP 443 traffic from the Secure Remote Access Appliance to reach the appropriate ServiceNow instance
- TCP 443 traffic from the appropriate ServiceNow instance to reach the Secure Remote Access Appliance
- Optionally, ServiceNow MID Servers can be used for this integration. For more information on MID Servers, see docs.servicenow.com/bundle/jakarta-servicenow-platform/page/product/mid-server/concept/c_MIDServerConfiguration.html
It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and ServiceNow administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place.
- Log into a machine either external to the Secure Remote Access Appliance's network or in the same VPN as the ServiceNow instance, depending on how ServiceNow is connecting to the appliance's network.
- Log into the Secure Remote Access Appliance's /appliance interface.
- Browse to Support > Utilities :: TCP Connection Test.
- Enter the hostname of the ServiceNow instance, enter the port number of 443, and click Test. The result should be a Connected status message.
Do not enter the protocol of the ServiceNow instance (e.g., https://servicenow.example.com/). Instead, use the fully qualified domain name only (e.g., servicenow.example.com). In most environments, the Secure Remote Access Appliance resides in a DMZ network and has a public DNS address which ServiceNow contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should contact ServiceNow about implementing a VPN connection to your internal network for ServiceNow. Please see https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/encryption/concept/c_SetUpAVPN4SNowBusNet.html.