ServiceNow discovery
- Thread starter Logicman
- Start date
Hi @Logicman , you can absolutely create a user who is limited to "list/query" only ability. It is a good idea for the service you are talking about.
You may need to experiment with specific permissions but in the end - the less the better.
Cheers
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
You may need to experiment with specific permissions but in the end - the less the better.
Cheers
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
This is a question for your compliance and management team. There is no universal answer to your concern. Are you in Finance, Pharma, Defense, or is this a medium size SaaS business. There are many variables here.
Sometimes an agent based solution that communicates with control server via proprietary API is a better system than local user access. Especially considering all the latest local exploit discoveries.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
I have a technical concern; I'm being asked to create a user so that ServiceNow can login at the OS level and get OS information; files and changes that could happens. I'm concern that since this is an hypervisor, it could make it unstable; maybe not, I'm not sure, so that's why I'm inquiring here.
Any access can cause denial of service. Even read-only might allow too many network requests that cripple the system eventually. You'll have to do your own attack surface and thread vector analysis. That said: you do kind of trust the co-workers (that you might even know personally) that need to scan the system (for a good cause) and giving them read-only access is probably mandatory by the company rules.
EDIT: If this is a phone scam telling you that "the police" or "microsoft support" needs access to your systems for your own safety then just hang up immediately and ignore them.
EDIT: If this is a phone scam telling you that "the police" or "microsoft support" needs access to your systems for your own safety then just hang up immediately and ignore them.
Last edited:
The company I work for want ServiceNow to have access to everything and, myself, as a rule I would not allow anything to have ssh access to an hypervisor unless specifically approved by the make of the hypervisor; but I'm being force to comply and I'm looking for opinions/experience from others.
Welcome to the world of having a boss.
Depending on your role, your job is to INFORM the decision makers or MAKE decisions. if you're in the former, voice your concern in writing and then do what is decided (and dont bitch! once the decision is made, no one cares about your "I told you so's".) If you're a decision maker, stand your ground. its your position (and responsibility) to protect the company from themselves.
If you need other's opinions you havent done your due diligence and are not prepared to make a recommendation.
Hey @Logicman ,
We understand your requirement. Many volunteers on this forum work in similar environments and face comparable constraints. However, the audience overlap for your specific question is relatively small: business PVE users, ServiceNow users, organizations that require SSH access for ServiceNow integration, people who happen to see this thread, and those who have both encountered and resolved similar issues.
So far, you have received general guidance on how to approach the situation. In summary: follow your organizational requirements, document your architectural or operational concerns clearly and professionally for management and compliance purposes (as outlined in @alexskysilk’s summary above).
If you need an official position or supportability statement, the appropriate path would be to contact Proxmox Server Solutions GmbH through a support subscription/channel, as well as reaching out to ServiceNow directly.
Good luck.
PS ServiceNow is a $13Billion revenue company, I'd hope they got the basic Linux system scraping down by now...
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
We understand your requirement. Many volunteers on this forum work in similar environments and face comparable constraints. However, the audience overlap for your specific question is relatively small: business PVE users, ServiceNow users, organizations that require SSH access for ServiceNow integration, people who happen to see this thread, and those who have both encountered and resolved similar issues.
So far, you have received general guidance on how to approach the situation. In summary: follow your organizational requirements, document your architectural or operational concerns clearly and professionally for management and compliance purposes (as outlined in @alexskysilk’s summary above).
If you need an official position or supportability statement, the appropriate path would be to contact Proxmox Server Solutions GmbH through a support subscription/channel, as well as reaching out to ServiceNow directly.
Good luck.
PS ServiceNow is a $13Billion revenue company, I'd hope they got the basic Linux system scraping down by now...
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Last edited:
In any case, the "ServiceNow" manual surely details what kind of access and privileges the user needs. In the end PVE is "just" Debian, so they should have clearly defined instructions on what's needed for ServiceNow to work properly in this scenario.