Seamlessly Integrate with ServiceNow

TCPWave-ServiceNow
DDI Automation in ServiceNow

Enterprises that use TCPWave IPAM 11.31 P1 can leverage seamless integration with ServiceNow workflows. Activities, such as Change Request Approval, Reporting an Incident and Planning a Corrective Plan of Action, that are performed in a workflow in ServiceNow can invoke Script Include functions. These functions can securely make API calls to TCPWave IPAM to invoke DDI functionality in it.

To enable users to understand and take advantage of TCPWave’s integration with ServiceNow, information on the following topics is presented below:

  • Architecture and overview of TCPWave and ServiceNow integration.
  • Configuration of TCPWave and ServiceNow needed for integration.
  • Workflows in ServiceNow that TCPWave supports.
  • Example values in Change Requests in ServiceNow.
TCPWave Integration with ServiceNow
Architecture Overview

The architecture diagram below provides an overview of how user actions in a workflow in ServiceNow can invoke REST API calls to TCPWave IPAM. ServiceNow and TCPWave IPAM communicate securely over the API using HTTPS (HTTP with SSL).

TCPWave-ServiceNow

As an example, a summary of the main steps in a workflow for a Change Request to add a DNS domain in TCPWave IPAM is provided below. The Description field in the Change Request contains a JSON payload that contains the attributes and associated values that are needed to make the change in TCPWave IPAM.

  • A user approves a Change Request in the Change Request Approval activity.
  • In the Request Moderator activity, a Script Include function is invoked for an Add DNS Domain action.
  • The Request Moderator activity initiates an API REST call to TCPWave IPAM to add the domain.
  • ServiceNow and TCPWave IPAM perform authentication by doing an SSL handshake and exchanging certificates in their key stores.
  • TCPWave IPAM accepts the request to add the DNS domain and adds it.
ServiceNow Versions Supported by TCPWave

TCPWave supports the following versions of ServiceNow:

  • Jakarta
  • Kingston
  • London
  • Madrid
  • New York
  • Orlando
  • Quebec
Configuration of TCPWave and ServiceNow

To have ServiceNow invoke functionality in TCPWave, first, configure authentication in TCPWave and ServiceNow. Then configure Script Include functions, workflows, and Change Requests in ServiceNow.

Configuring Authentication

An example of configuring the authentication in TCPWave and ServiceNow using self-signed SSL certificates is presented in the steps below. However, for improved security, TCPWave highly recommends using valid certificates signed by trusted authorities.

1. Create a root certificate using the following commands

  • openssl genrsa -des3 -out snowAppCA.key 4096
  • openssl req -x509 -new -nodes -key snowAppCA.key -sha256 -days 1024 -out snowAppCA.crt

2. In TCPWave IPAM, import the files snowAppCA.crt and snowAppCA.key created in the previous step as a certificate for an appliance. When doing the import, ensure that Trust CA is selected as shown in the screenshot below.

TCPWave-ServiceNow

3. Create the user certificate using the following commands

  • openssl genrsa -out snowApp.key 2048
  • openssl req -new -key snowApp.key -out snowApp.csr

4. Sign the user certificate by root CA certificate using the following command

  • openssl x509 -req -in snowApp.csr -CA snowAppCA.crt -CAkey snowAppCA.key -CAcreateserial -out snowApp.crt -days 500 -sha256

5. Import the user certificate in the file snowApp.crt created in the previous step into TCPWave IPAM, as shown in the screenshot below. This step is required to associate all incoming HTTP requests that use this certificate with an IPAM user.

TCPWave-ServiceNow

6. Generate the PKCS12 format certificate sing the following command

  • openssl pkcs12 -export -in snowApp.crt -inkey snowApp.key -name snowWave -out snowWave.pkcs12

7. In ServiceNow, import the TCPWave SSL Certificate in the file snowWave.pkcs12 created in the previous step, as shown in the screenshot below.

TCPWave-ServiceNow

8. In ServiceNow, define an association between a unique protocol and a key store and default port, as shown in the screenshot below.

TCPWave-ServiceNow
Configuring Script Include Functions in ServiceNow

In ServiceNow, Script Include functions can be created to make API calls to TCPWave IPAM to invoke DDI functionality in it. These functions are runnable JavaScript functions that can be created in the ServiceNow web UI. They can use the native ServiceNow JavaScript API to perform executable actions, such as invoking outbound HTTP REST calls. Consequently, these functions can perform various RESTful actions in TCPWave IPAM.

The screenshot below shows an example Script Include function in ServiceNow for adding a domain in TCPWave IPAM. Additional example JavaScript code snippets are provided in the TCPWave Git Repository. You can use these examples as a basis to create the Script Include functions that you need.

TCPWave-ServiceNow
Configuring Workflows in ServiceNow

Workflows in ServiceNow can be configured to be invoked on demand based on various ongoing activities in ServiceNow, such as the approval or implementation of a Change Request. TCPWave IPAM integration with change events in ServiceNow is done by using workflow transitions that use JavaScript directives to retrieve Change Request information and invoke Script Include functions.

As an example of the configuration of a workflow in ServiceNow, the configuration of a simple one named TCPWave_Integration is presented in subsequent screenshots. You can use this example as a basis to create the workflows that you need. For TCPWave_Integration, general information on it is shown in the screenshot below, including that it operates on the Change Request Table.

TCPWave-ServiceNow

This workflow runs when two conditions are met: the Short Description is add_domain and the Approval status is Approved. These conditions are shown in the following screenshot.

TCPWave-ServiceNow

The TCPWave_Integration workflow is shown in the figure below. The activity named Run Script in the workflow invokes a script that retrieves information from a Change Request. This information includes the type of Change Request, which is in the Short Description field, and the JSON payload, which is in the Description field. Example values for Short Description are add_domain and add_static_object.

TCPWave-ServiceNow

The Script that Run Script runs is shown in the screenshot below. As seen in this Script, it checks the Short Description field for the value add_domain in a Change Request and then invokes an associated Script Include function to add the domain.

TCPWave-ServiceNow
Defining Change Requests in ServiceNow

An example of part of the definition of a Change Request in ServiceNow is shown in the screenshot below. In it, a value that identifies the type of request is specified in the Short Description field. Also, a JSON payload that contains the attributes and associated values that are needed to make the change in TCPWave IPAM is specified in the Description field. Additional example values for these two fields are presented in the appendix, and you can use these examples as a basis to define the Change Requests that you need.

TCPWave-ServiceNow
Resulting Workflow Output

After an authorized administrator approves a Change Request in ServiceNow, the configured workflow for it runs. The following figure shows the successful execution of a version of the TCPWave_Integration workflow that was modified to add a static object.

TCPWave-ServiceNow

As a result of completing the workflow, a static object named AWS00001Instance.aaa.com with an Object Type of AWS Instance was created in TCPWave IPAM, as shown in the screenshot below.

TCPWave-ServiceNow
Workflows Supported by TCPWave

TCPWave supports the workflows below. Example values for the Short Description and Description fields in Change Requests in ServiceNow for some of these workflows are presented in the appendix.

  • Network
    • Create Network
    • Delete Network
    • List Networks
  • DNS
    • Create "A" Record
    • Delete "A" Record
    • Create CNAME Record
    • Delete CNAME Record
  • DHCP
    • Create Scope
    • Delete Scope
    • Create DHCP Manual Object
    • Delete DHCP Manual Object
  • IPAM
    • Get Next Free Available IP
    • Create Static Object
    • Delete Static Object
    • Edit Object
    • Delete Object
    • Add Object RR
    • Edit Object RR
    • Delete Object RR
    • Add Zone RR
    • Edit Zone RR
    • Delete Zone RR
Advantages of ServiceNow Integration

The many web services offered by TCPWave DDI can be extensively leveraged from ServiceNow (and similar applications) to quickly, securely, and automatically perform Change Request management and needed DDI activities. Also, the SSL-based authentication and encrypted data exchange used by TCPWave and ServiceNow ensure a trusted connection between them. Enterprises that use TCPWave DDI can seamlessly integrate it with ServiceNow and create custom workflows to meet nearly any need to accomplish safe and secure DDI workflow automation.

Appendix: Example Values in Change Requests for DDI Operations

Example values for the Short Description and Description fields in Change Requests in ServiceNow are presented in the sections below. Each section is for a specific type of DDI operation. The Short Description field contains a value for the type of Change Request, which corresponds to the type of DDI operation. The Description field contains a JSON payload that contains the attributes and associated values needed to make the change in TCPWave IPAM.

These sections are organized by DDI topic in the following sequence:

  • Network
  • Zone Resource Record
  • DHCP Scope
  • DHCP Manual Object
  • IPAM Static Object