- ServiceNow IT Operations Management
- Ajaykumar Guggilla
- 425字
- 2021-07-02 23:49:55
Credentials
ServiceNow discovery and orchestration features require credentials to be able to access the enterprise network; these credentials vary depending on network and device. Credentials such as usernames, passwords, and certificates need a secure place to store these credentials.
ServiceNow credentials applications store credentials in an encrypted format on a specific table within the credentials table.
Credential tagging allows workflow creators to assign inpidual credentials to any activity in an orchestration workflow or assign different credentials to each occurrence of the same activity type in an orchestration workflow. Credential tagging also works with credential affinities. Credentials can be assigned an order value that forces the discovery and orchestration to try all the credentials when orchestration attempts to run a command or discovery tries to query.
Credentials tables contain many credentials, based on pattern of usage the credential applications knows which credential to use for a faster logon to the device next time.
Credentials are encrypted automatically with a fixed instance key when they are submitted or updated in the credentials (discovery_credentials) table. When credentials are requested by the MID Server, the platform decrypts the credentials using the following process:
- The credentials are decrypted on the instance with the fixed key.
- The credentials are re-encrypted on the instance with the MID Server's public key.
- The credentials are encrypted on the load balancer with SSL.
- The credentials are decrypted on the MID Server with SSL.
- The credentials are decrypted on the MID Server with the MID Server's private key.
A ServiceNow instance can store credentials used by discovery, orchestration, and service mapping in an external credential repository rather than directly in a ServiceNow credentials record.
Currently, the ServiceNow platform supports the use of the CyberArk vault for external credential storage
The ServiceNow credential application integrates with the CyberArk credential storage. The MID Server integration with CyberArk vault enables orchestration and discovery to run without storing any credentials on the ServiceNow instance.
The instance maintains a unique identifier for each credential, the credential type (such as SSH, SNMP, or Windows), and any credential affinities. The MID Server obtains the credential identifier and IP address from the instance, and then uses the CyberArk vault to resolve these elements into a usable credential.
The CyberArk integration requires the external credential storage plugin, which is available by request.
The CyberArk integration supports these ServiceNow credential types:
- CIM
- JMS
- SNMP community
- SSH
- SSH private key (with key only)
- VMware
- Windows
Orchestration activities that use these network protocols support the use of credentials stored on a CyberArk vault:
- SSH
- PowerShell
- JMS
- SFTP
- 大學(xué)計(jì)算機(jī)信息技術(shù)導(dǎo)論
- 精通MATLAB神經(jīng)網(wǎng)絡(luò)
- IoT Penetration Testing Cookbook
- 數(shù)據(jù)庫(kù)原理與應(yīng)用技術(shù)
- Windows環(huán)境下32位匯編語(yǔ)言程序設(shè)計(jì)
- MATLAB/Simulink權(quán)威指南:開(kāi)發(fā)環(huán)境、程序設(shè)計(jì)、系統(tǒng)仿真與案例實(shí)戰(zhàn)
- Mastering Game Development with Unreal Engine 4(Second Edition)
- Linux內(nèi)核精析
- Linux系統(tǒng)管理員工具集
- WOW!Photoshop CS6完全自學(xué)寶典
- Photoshop CS4數(shù)碼照片處理入門(mén)、進(jìn)階與提高
- 大數(shù)據(jù)素質(zhì)讀本
- Hands-On Microservices with C#
- QTP自動(dòng)化測(cè)試實(shí)踐
- Mastering Android Game Development with Unity