Requirements for the ServiceNow Basic Integration with BeyondTrust

Outlined below are requirements for the basic version of the BeyondTrust Remote Support ServiceNow integration. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.

Base Integration Requirements

  • ServiceNow instance with:
    • Version London or later
    • A working Service Desk application
    • A working email configuration
  • BeyondTrustRemote Support:
    • Version 17.x or later
    • At least one usable representative console which can generate session keys
    • A working Remote Supportpublic site through which users can connect to representatives
  • Network firewall rules to allow:
    • TCP 443 traffic from the B Series Appliance to reach the appropriate ServiceNow instance
    • TCP 443 traffic from the appropriate ServiceNow instance to reach the B Series Appliance
    • Optionally, ServiceNow MID Servers can be used for this integration.
  • For more information on MID Servers, please see https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/product/mid-server/concept/c_MIDServerConfiguration.html.

Firewall Test

It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the Remote Support and ServiceNow administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place.

  1. Log in to a machine either external to the B Series Appliance's network or in the same VPN as the ServiceNow instance, depending on how ServiceNow is connecting to the B Series Appliance's network.
  2. Log in to the B Series Appliance's /appliance interface.
  3. Browse to Support > Utilities :: TCP Connection Test.
  4. Enter the hostname of the ServiceNow instance, enter the port number of 443, and click Test. The result should be a Connected status message.

Do not enter the protocol of the ServiceNow instance (e.g., https://servicenow.example.com/). Instead, use the fully qualified domain name only (e.g., servicenow.example.com). In most environments, the BeyondTrust Appliance B Series resides in a DMZ network and has a public DNS address which ServiceNow contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should contact ServiceNow about implementing a VPN connection to your internal network for ServiceNow. Please see Setting Up a Virtual Private Network between ServiceNow and a Business Network.