Forum Discussion
Deena
Altocumulus
AltocumulusIntergrating Service Now
Hi All, we recently received a request from our Service Now team to allow Service Now Discovery and Service Mapping to BigIP. The request is for SSH access to tmsh. This poses a security risk as we restrict the access to command line to the network team only. My question is, has anyone worked with Service Now Discovery and Service Mapping, and what would be best practice to enable the adequate access without compromising security.
Thank you in advance for any information and advice you guys can provide.
Thanks
Deena
- zamroni777
Nacreous
as alternatives, they can use the AS3, FAST or iControl management API, instead of SSH.
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/
https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/
https://clouddocs.f5.com/api/icontrol-rest/
boneyardMVP
Here is some information form the service now community, it seems SNMP and API are possible, although there seem to be some issues:
https://www.servicenow.com/community/itom-forum/f5-big-ip-load-balancer-discovery-using-api/td-p/2626489
DeenaThank you for the suggestions.
I have found that the ServiceNow discovery uses the following APIs:
- https://" get_attr {"managementIP"}"/mgmt/tm/sys/global-settings
- https://" get_attr {"managementIP"}"/mgmt/tm/sys/hardware
- https://"get_attr {"managementIP"}"/mgmt/tm/sys/failover
- https://"get_attr {"managementIP"}"/mgmt/tm/cloud/net/self
- https://"get_attr {"managementIP"}"/mgmt/tm/net/interface
- https://"get_attr {"managementIP"}"/mgmt/tm/net/self
- https://"get_attr {"managementIP"}"/mgmt/tm/net/vlan
- https://"get_attr {"managementIP"}"/mgmt/tm/ltm/pool
- https://"get_attr {"managementIP"}"/mgmt/tm/gtm/wideip
- https://"get_attr {"managementIP"}"/mgmt/tm/cm/traffic-group/
- https://"get_attr {"managementIP"}"/mgmt/tm/cm/device
Based on those APIs, what would be the minimum Role that should be defined for ServiceNow? Would the role of Manager, be adequate?
