ServiceNow Proxy Integration Prerequistes
Before you deploy Skyhigh CASB for ServiceNow via Proxy, make sure the following prerequisites are in place.
- To connect with IAM tenants, see Add Domains or URLs to Allow List for Skyhigh CASB.
- Third-Party integration with ServiceNow. Provide the list of all the third-party integration in ServiceNow to be supported to Skyhigh Security Support.
- Single Sign-On for ServiceNow instance. Enable SSO and configure IDP for SSO integration. The IDP should support SAML 2.0.
- KMIP-supported Key Management Appliance. A key management appliance that supports the latest version of KMIP is required to manage encryption keys.
- Key Management Server(KMS). This server can be either deployed in the cloud or on-premises.
- On-Premises KMS. This is required to support customer-owned key management through integration with enterprise key management systems and hardware security modules (HSM) via the key management interoperability protocol (KMIP).
- Install Skyhigh CASB Key Agent. Virtual Machines should install key agents to provide the encryption keys from the KMS and send them to Skyhigh CASB reverse proxy for encryption/decryption.
- Recommended Specifications. The following are the minimum specifications for the Skyhigh CASB Key Agent Virtual Machine.
Component Recommended Specification Number of processing cores
2 RAM 4 GB HDD 100 GB Operating System - Windows 8 and above (64-bit)
- Windows Server 2008 and above
- RedHat/CentOS 6 and above (64-bit)
-
This VM sends the key from the KMIP appliance to Skyhigh CASB.The key agent installed virtual machine should connect to:
-
Skyhigh CASB production environment (pstat.myshn.net) over port 443. Refer table below.
-
Key management server over port 5696.
-
Open outgoing ports to allow the VM to access the KMIP appliance on the KMIP port (default 5696) and Skyhigh CASB (HTTPS).
-
NOTE: If an on-premises Key management server is not available, then Skyhigh CASB can integrate with any cloud-based KMS vendors that support KMIP protocol.
- Fields to encrypt in ServiceNow. A final list of fields that require encryption should be ready at the time of deployment.
Skyhigh CASB supports encryption of unstructured data, Format Preserving Encryption (FPE), and Order Preserving Encryption (OPE) and Line Oriented Encryption (LOE) for structured data in ServiceNow. For details on ServiceNow Data Encryption, see Configure ServiceNow Encryption.
These are the prerequisites of Skyhigh CASB ServiceNow Data Encryption:
- Fields to encrypt in ServiceNow. A final list of fields that require encryption should be ready at the time of deployment.
- Files/documents to encrypt in ServiceNow. A final list of files/documents that required encryption should be stored and managed in ServiceNow.
- Inbound and Outbound emails to encrypt in ServiceNow. A final list of email servers used in your organization that required encryption should be ready at the time of deployment.
- Encryption as a Service (EaaS). This is required only for the third party application working with ServiceNow or the applications in ServiceNow.