Requirements for the BeyondTrust Integration with ServiceNow
You must purchase this integration separately from both your BeyondTrust software and your ServiceNow solution. For more information, contact BeyondTrust sales.
Outlined below are requirements for the enterprise versions of the BeyondTrust ServiceNow integration. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.
Base Integration Requirements
- ServiceNow instance with:
- Version Fuji or later
- A working Service Desk application
- A working email configuration
- Secure Remote Access Appliance (physical or virtual) with:
- Version 14.2.1 or later
- At least one usable representative console which can generate session keys
- A working BeyondTrust public site through which users can connect to representatives
- Network firewall rules to allow:
- TCP 443 traffic from the Secure Remote Access Appliance to reach the appropriate ServiceNow instance
- TCP 443 traffic from the appropriate ServiceNow instance to reach the Secure Remote Access Appliance
- Optionally, ServiceNow MID Servers can be used for this integration. For more information on MID Servers, see docs.servicenow.com/bundle/jakarta-servicenow-platform/page/product/mid-server/concept/c_MIDServerConfiguration.html
Additional Integration Requirements
The enterprise version of BeyondTrust's ServiceNow integration has some additional features which require that certain ServiceNow functions be operational in order to work correctly. If these functions are not set up or actively used, the integration can still be installed and the basic features will work, but the enterprise features will not be usable until the necessary ServiceNow functionality is implemented. This can be done after the initial installation of the integration update set(s), and the additional features should immediately be usable, assuming the appropriate setup steps were taken during the integration setup as described in this guide.
- A working ServiceNow configuration management database (CMDB)
- One or more ServiceNow Configuration Items on which BeyondTrust Jump Client services can be or have been installed
- A working ServiceNow Employee Self Service (ESS) application and portal
The CMDB is used to launch BeyondTrust sessions based on the hostname of the machine added to the Configuration Item field of an incident. If the CMDB is not populated with any available hosts, BeyondTrust Jump cannot be used to remotely access them through ServiceNow's interface. These hosts can be added after the initial setup without making any changes to the integration.
BeyondTrust's supported operating systems include all of the major modern versions of Microsoft, Apple, and Linux. One or more computers running one of these operating systems must be populated in ServiceNow's CMDB in order for BeyondTrust's Jump features to work through ServiceNow. As mentioned above, this can be done after initial installation of the integration.
ServiceNow's ESS portal is leveraged by the integration to allow ServiceNow users of the portal to request remote support from logged-in BeyondTrust representatives. This is not always desired, so some administrators prefer not to use the ESS portal. This is perfectly acceptable for the purposes of installation, and the ESS portal can be deployed after the integration setup to enable the associated BeyondTrust features.
It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and ServiceNow administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place.
- Log into a machine either external to the Secure Remote Access Appliance's network or in the same VPN as the ServiceNow instance, depending on how ServiceNow is connecting to the appliance's network.
- Log into the Secure Remote Access Appliance's /appliance interface.
- Browse to Support > Utilities :: TCP Connection Test.
- Enter the hostname of the ServiceNow instance, enter the port number of 443, and click Test. The result should be a Connected status message.
Do not enter the protocol of the ServiceNow instance (e.g., https://servicenow.example.com/). Instead, use the fully qualified domain name only (e.g., servicenow.example.com). In most environments, the Secure Remote Access Appliance resides in a DMZ network and has a public DNS address which ServiceNow contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should contact ServiceNow about implementing a VPN connection to your internal network for ServiceNow. Please see https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/encryption/concept/c_SetUpAVPN4SNowBusNet.html.