Seamlessly Integrate with ServiceNow

DDI Automation in ServiceNow

Enterprises using the TCPWave IPAM 11.31 P1 can leverage the seamless integration into the ServiceNow workflows. Activities such as Change Request Approval or Reporting an Incident or Planning a corrective plan of action that are performed in ServiceNow can be chained into the TCPWave Script Include Functions to invoke an appropriate API in a secure authenticated manner.

Architecture Overview

The architectural diagram above illustrates how user actions in ServiceNow can be chained to invoke outbound HTTP Rest Calls to TCPWave IPAM. The ServiceNow instance and TCPWave IPAM communicate using HTTPS (HTTP with SSL) to enforce industry standard security for mission critical operations. Here is an example of a workflow. When a change request to define a new static object is approved by a privileged user.

  • Description of the change request contains the JSON payload and the Short Description contains the type of the request.
  • A workflow is configured in such a way that it gets invoked when the change request is approved.
  • The workflow script will identify the workflow as an “Add a static object” action by inspecting the JSON Payload and initiates an outbound REST Call to the TCPWave IPAM to perform the corresponding action.
  • Both the ServiceNow Instance and the TCPWave IPAM first perform an SSL Handshake exchanging the certificates in their corresponding key stores to establish a mutual authentication trust.
  • Upon authentication, the TCPWave IPAM accepts the “Add a static object” HTTP Request and performs the desired action.
Getting Started
Authentication Setup

The example below illustrates the functionality using self-signed SSL certificates. However, TCPWave highly recommends the usage of valid certificates signed by trusted authorities for security reasons.

1. Create a root certificate using the following commands

  • openssl genrsa -des3 -out snowAppCA.key 4096
  • openssl req -x509 -new -nodes -key snowAppCA.key -sha256 -days 1024 -out snowAppCA.crt

above figure illustrates importing snowAppCA.crt and snowAppCA.key files as an appliance certificates into TCPWave IPAM. Please ensure that Trust CA is selected in the above screen during the Import.

2. Create the user certificate using the following commands

  • openssl genrsa -out snowApp.key 2048
  • openssl req -new -key snowApp.key -out snowApp.csr

3. Sign the user certificate by root CA certificate using the following command

  • openssl x509 -req -in snowApp.csr -CA snowAppCA.crt -CAkey snowAppCA.key -CAcreateserial -out snowApp.crt -days 500 -sha256

above figure illustrates importing snowApp.crt as an user certificate into TCPWave IPAM. This step is required to associate all the incoming HTTP Requests using this certificate to a user in the IPAM.

4. Generate the PKCS12 format certificate sing the following command

  • openssl pkcs12 -export -in snowApp.crt -inkey snowApp.key -name snowWave -out snowWave.pkcs12

5. Import TCPWave SSL Certificate in ServiceNow.


The above figure illustrates importing TCPWave SSL Certificate into the ServiceNow Instance. This certificate is in the default pkcs12 Format.

5. Define Mutual Authentication Protocol in ServiceNow


The above figure illustrates defining a unique protocol and a key store to a default port.

Configuring Script Includes in ServiceNow

Define Script Include Functions to invoke the TCPWave API


Script Includes are runnable JavaScript Functions that can be defined in the ServiceNow Web UI. They make use of the native ServiceNow JavaScript API to perform executable actions such as invoking an outbound HTTP REST Call. The above figure illustrates adding Script Include Functions in ServiceNow to perform various RESTful Actions on TCPWave DDI. Note: The TCPWave Git Repo provides example JavaScript code snippets for reference.

Configuring Workflows in ServiceNow

TCPWave DDI Integration with change events in ServiceNow is achieved using simple workflow transitions that implement JavaScript directives to capture change request information and invoke the appropriate Script Includes. Workflows in ServiceNow can be configured to be invoked on demand based on various ongoing activities in the application such as Approval of a Change Request, Implementation of a Change Request etc. The conditions to invoke a specific workflow are formulated from the business requirements in an enterprise.


As illustrated in the figures above, a simple workflow called TCPWave_Integration has been defined to operate on the Change_Request Table. This workflow runs on two definitive conditions where the short_description is add_domain and the state of the Change Request is approved.


A diagrammatic representation of the TCPWave_Integration workflow is demonstrated in the above figure. This workflow is going to invoke a JavaScript that would capture the Change Request Information such as the JSON Payload and the type of integration request such as add_domain/add_static_object by looking at the short_description and description fields respectively.


The Run Script definition presented in the figure shown above is going to derive the description and short_description fields of the current change request item and invoke the corresponding Script Include function.

Defining Change Requests in ServiceNow

The screenshot above is going to illustrate how a new change request is defined in ServiceNow by attaching short_description and description field with the appropriate values required for the TCPWave Integration.


Once the authorized administrator approves the Change Request - The workflow kicks in to complete the automation request - the above figure illustrates a successful execution of the workflow.


Because of a successful workflow execution, the screenshot above shows that a static object of type AWS Instance with the name has been added to the TCPWave IPAM.

Business advantage

The Webservices offered by TCPWave DDI can be extensively leveraged from applications such as ServiceNow to combine and automate Change Request Management and day to day DDI workflows without compromising security. The SSL Based authentication between ServiceNow and TCPWave IPAM enforces encrypted data exchange thus ensuring a trusted conduit. Enterprises using TCPWave DDI can now seamlessly integrate with ServiceNow and engineer custom workflows with endless possibilities to accomplish 100% safe and secure DDI Workflow Automation.

ServiceNow logo and the screenshots posted in this page belong to the ServiceNow corporation. Enterprises are expected to have a ServiceNow contract to leverage this technology. TCPWave provides API methods to integrate with ServiceNow. TCPWave does not provide any bundled software with ServiceNow.