All application integrations in the Now Platform use connection
information, credentials, and aliases to enable their respective applications to access
resources.
Before you can execute an application integration in your instance, you must create and
configure the corresponding connection information and credentials. Connections pertain to an
integration with a system, such as an IP address or endpoint with protocols. It contains
specific details, such as database particulars, when integrating with a database. The
associated credentials are the authentication data required to make the connection.
Connection information and credentials can vary between QA/Development/Production environments
for the same integration. The tight coupling between this data and application metadata, such
as workflow or job scheduling, make application metadata obsolete when you change
environments. To alleviate this problem, the concept of an alias is introduced, to decouple
connections and credentials from application metadata. These aliases allow customers to design
their application metadata to pair with an alias, which resolves to connection and credential
data during runtime.
There are two types of aliases, a
connection and credential alias and a
credential alias. Business rules enforce certain constraints on these aliases.
Names must contain letters, numbers, and underscores, but cannot use special characters. The
alias must be unique in a scope. If you choose to have multiple active connections, you can
have more than one active connection in the same domain. If you do not choose this option, you
can have only one active connection per domain.
Note: If you enable multiple active
connections, the application picks one connection based on an established order. This order
depends on the API you use to retrieve connection data.
You can add additional
connection attributes to an alias, which are available in connection data during run time.
Variables overridden by connection administration during run time should not affect the
alias.
The credential alias resolves only credential data. Along with the alias data model, you can
use a scriptable API that gets connection and credential data at runtime.
Upgrading credential tags
The upgrade process migrates credential tags to credential
aliases. All credential tags in the Credentials [discovery_credentials] table have a
corresponding credential alias with this information:
- Name: Unique alias name
- Scope: global
- ID: Alias name
Note: The credential tag field type changes from string to GlideList in the Credential
table and the credential alias field refers to the created alias records.
Credential synchronization on MID Servers
Each MID Server in your network synchronized with the instance keeps a copy of every
credential that you create. This synchronization speeds up the reading of credentials when
applications like Discovery or Service Mapping need to access multiple
devices on the network. The MID Servers synchronize when they find a
credentials_reload job in the ECC Queue. The reload job instructs the
MID Server to make a SOAP call to the instance to get the entire list of credentials in the
Credentials [discovery_credentials] table, including all the field values.
The SOAP response that your instance sends to each MID Server also includes custom fields
that you added to any credential form that you customized. If you added reference fields,
the data in the referenced table is also sent as part of the SOAP response. This can lead to
performance issues when credential synchronization occurs with multiple MID Servers. To
control this, manually add these properties to the System Properties [sys_properties]
table:
Note: To change the values in these properties, add them to the System Properties
[sys_properties] table. If you do not add them, the system uses the default
value.
| Property |
Description |
com.snc.credentials_user_fields |
Includes all customized fields in credential sync. Set this to false if you
do not want to include the fields that you added to credential forms.
- Type: true | false
- Default value: true
|
com.snc.credentials_recursion_depth |
Defines the number of tables to traverse when the credential sync mechanism
collects fields from reference tables. Lower this number if you are experiencing
performance issues and you have customized credential forms that include reference
fields to tables that also have reference fields.
- Type: integer
- Default value: 3
|
