Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Securing and encrypting MID Server data

Log in to subscribe to topics and get notified when content changes.

Securing and encrypting MID Server data

After configuring your MID Server, you can add security by encrypting MID Server parameter values in the config.xml file. Encryption protects data that the MID Server returns to the ECC Queue. Other available security options include the authorization of SOAP requests, restricting access to the MID Server configuration file, and establishing secure socket layer (SSL) connections.

Set-up indicator for security phaseEnsure that the MID Server can connect to elements inside and outside your networkDownload and install the MID Server on a Linux or Windows hostConfigure your MID ServerConfigure MID Server securityEnsure that the MID Server can connect to elements inside and outside your networkDownload and install the MID Server on a Linux or Windows hostConfigure your MID ServerConfigure MID Server security

How MID Server password encryption works

The username and password are initially set in the config.xml file on the MID server. When the MID server retrieves the credentials, it replaces the clear-text password with an encrypted password automatically, using an AES128 encryption algorithm. The MID server also maintains an encryption key that is generated each time it starts and remains in memory and not on the hard disk. When credentials need to be sent from the instance to the MID server, the following process takes place:
  1. The instance retrieves the encrypted password and the unencrypted username from the instance database table.
  2. The instance decrypts the encrypted password, and then re-encrypts it using the MID server encryption key. 

  3. The username and re-encrypted password are sent to the MID Server through the encrypted TLS session was already established between the MID server and the instance. 

  4. The MID server receives the credentials and decrypts the password in memory before using the credentials for remote operations. At no point is the credential password stored on the disk in an unencrypted format.

Security options

The MID Server provides built-in security options for other content in the configuration file, such as the default encryptor, Windows Data Protection API, and options for custom encryption.

Encrypt or decrypt MID Server configuration file values
You can encrypt and decrypt any value in the MID Server config.xml file.
ECC queue data encryption with the automation API
Use the automation API to encrypt sensitive probe data that is sent from an instance to the MID Server through the ECC Queue.
MID Server configuration file security
Protect sensitive MID Server configuration data in the config.xml file using internal and external data encryption and external data storage.
Rekey a MID Server
Rekey a MID Server to force it to restart and generate a new private key. Typically, this process is only necessary if the MID Server keystore is compromised.
Add SSL certificates for the MID Server
Add certificates to the MID Server to communicate over SSL.
MID Server authentication credentials and SOAP requests
For added security, enforce basic authentication on each incoming SOAP request to the MID Server.
Attach a script file to a file synchronized MID Server
Attach a script file and synchronize it to a MID Server to prevent Windows enhanced security from blocking MID Server download files it determines are dangerous.
Feedback