Administration and Management This section describes the security practices and guidelines for administering and managing the MID Server in your environment. Create an account with a mid_server roleCreate a user account in the instance that contains a mid_server role.Setting up a MID server on a Windows hostWhen you install the MID Server on a Windows host, it creates a Windows service. By default, this service is running as the local Windows system account. After the installation completes, change the newly created Windows service to an account with the least number of privileges required to run the MID Server on the Windows host.Windows Discovery and Orchestration credentialsSet up a local Windows or Active Directory account on the target systems with the least number of privileges necessary. It may not be necessary to use domain admin credentials.Linux Discovery and Orchestration credentialsUse a non-root account with limited sudo privileges on target Linux systems when performing discovery and orchestration.Encrypt MID server login credentialsBy default, the MID Server login credentials are encrypted in the config.xml file.Set the minimum size of DH Group to 2048 bitsThe National Standard Institute of Technology (NIST) disallowed the use of Diffie-Hellman (DH) 1024 bits key after year 2013. Set the minimum size of DH group to 2048 bits instead.Disable outbound SSLYou can disable SSLv2 and SSLv3 in the ServiceNow AI Platform. Setting this property forces the MID Server to use TLS, taking advantage of its increased security, when making outbound connections, such as REST and SOAP requests.Disable weaker algorithmsYou can disable the weaker algorithms so that requests to any non-TLS 1.2 compliant HTTP server would fail where it used to work.
Administration and Management This section describes the security practices and guidelines for administering and managing the MID Server in your environment. Create an account with a mid_server roleCreate a user account in the instance that contains a mid_server role.Setting up a MID server on a Windows hostWhen you install the MID Server on a Windows host, it creates a Windows service. By default, this service is running as the local Windows system account. After the installation completes, change the newly created Windows service to an account with the least number of privileges required to run the MID Server on the Windows host.Windows Discovery and Orchestration credentialsSet up a local Windows or Active Directory account on the target systems with the least number of privileges necessary. It may not be necessary to use domain admin credentials.Linux Discovery and Orchestration credentialsUse a non-root account with limited sudo privileges on target Linux systems when performing discovery and orchestration.Encrypt MID server login credentialsBy default, the MID Server login credentials are encrypted in the config.xml file.Set the minimum size of DH Group to 2048 bitsThe National Standard Institute of Technology (NIST) disallowed the use of Diffie-Hellman (DH) 1024 bits key after year 2013. Set the minimum size of DH group to 2048 bits instead.Disable outbound SSLYou can disable SSLv2 and SSLv3 in the ServiceNow AI Platform. Setting this property forces the MID Server to use TLS, taking advantage of its increased security, when making outbound connections, such as REST and SOAP requests.Disable weaker algorithmsYou can disable the weaker algorithms so that requests to any non-TLS 1.2 compliant HTTP server would fail where it used to work.