As an example, a summary of the main steps in a workflow for a Change Request to add a DNS domain in TCPWave IPAM is provided below. The Description field in the Change Request contains a JSON payload containing the attributes and associated values needed to make the change in TCPWave IPAM.
Configuration of TCPWave and ServiceNow
To have ServiceNow invoke functionality in TCPWave, first, configure authentication in TCPWave and ServiceNow. Then configure Script Include functions, workflows, and Change Requests in ServiceNow.
An example of configuring the authentication in TCPWave and ServiceNow using self-signed SSL certificates is presented in the following steps. However, for improved security, TCPWave highly recommends using valid certificates signed by trusted authorities.
1. Create a root
certificate using the following commands
- openssl genrsa -des3 -out snowAppCA.key 4096
- openssl req -x509 -new -nodes -key snowAppCA.key -sha256
-days 1024 -out snowAppCA.crt
2. In TCPWave IPAM, import the files snowAppCA.crt and snowAppCA.key created in the previous step as a certificate for an appliance. When doing the import, ensure that Trust CA is selected as shown in the screenshot below.
3. Create the user
certificate using the following commands
- openssl genrsa -out snowApp.key 2048
- openssl req -new -key snowApp.key -out snowApp.csr
4. Sign the user
certificate by root CA certificate using the following command
- openssl x509 -req -in snowApp.csr -CA snowAppCA.crt -CAkey
snowAppCA.key -CAcreateserial -out snowApp.crt -days 500 -sha256
5. Import the user certificate in the file snowApp.crt created in the previous step into TCPWave IPAM, as shown in the screenshot below. This step is required to associate all incoming HTTP requests that use this certificate with an IPAM user.
6. Generate the PKCS12
format certificate sing the following command
- openssl pkcs12 -export -in snowApp.crt -inkey snowApp.key
-name snowWave -out snowWave.pkcs12
7. In ServiceNow, import the TCPWave SSL Certificate in the file snowWave.pkcs12 created in the previous step, as shown in the screenshot below.
8. In ServiceNow, define an association between a unique protocol and a key store and default port, as shown in the screenshot below.
Include Functions in ServiceNow
Within ServiceNow, Script
Include functions can be developed to initiate API calls to
functions, created through the ServiceNow web interface, leverage
initiating outbound HTTP REST calls. As a result, these functions
enable a variety of RESTful operations within TCPWave IPAM.
The image below illustrates a sample Script Include function within ServiceNow for adding a domain into TCPWave IPAM.
Workflows in ServiceNow
As an example of the configuration of a workflow in ServiceNow, the configuration of a simple one named TCPWave_Integration is presented in subsequent screenshots. You can use this example as a basis to create the workflows that you need. For TCPWave_Integration, general information on it is shown in the screenshot below, including that it operates on the Change Request Table.
This workflow runs when two conditions are met: the Short Description is add_domain and the Approval status is Approved. These conditions are shown in the following screenshot.
The TCPWave_Integration workflow is shown in the figure below. The activity named Run Script in the workflow invokes a script that retrieves information from a Change Request. This information includes the type of Change Request, which is in the Short Description field, and the JSON payload, which is in the Description field. Example values for Short Description are add_domain and add_static_object.
The Script that Run Script runs is shown in the screenshot below. As seen in this Script, it checks the Short Description field for the value add_domain in a Change Request and then invokes an associated Script Include function to add the domain.
Requests in ServiceNow
An example of part of the definition of a Change Request in ServiceNow is shown in the screenshot below. In it, a value that identifies the type of request is specified in the Short Description field. Also, a JSON payload that contains the attributes and associated values that are needed to make the change in TCPWave IPAM is specified in the Description field. Additional example values for these two fields are presented in the appendix, and you can use these examples as a basis to define the Change Requests that you need.
Resulting Workflow Output
After an authorized administrator approves a Change Request in ServiceNow, the configured workflow for it runs. The following figure shows the successful execution of a version of the TCPWave_Integration workflow that was modified to add a static object.
As a result of completing the workflow, a static object named AWS00001Instance.aaa.com with an Object Type of AWS Instance was created in TCPWave IPAM, as shown in the screenshot below.