Many organizations have successfully implemented the Venafi solutionsPlatform to address their machine identity management challenges, but users of ServiceNow generally centralize all IT processes within that single platform. Operating the two solutions separately for managing certificate requests and deployment presents several challenges:Users have two systems.
- One system handles requests, and the inventory of certificates or deployment locations are in another
- One system becomes the “source of truth,” while the other becomes a duplicatio
- The manual deployment necessary for certificate deployments removes all the benefits of automation
The Difenda Machine Identity Management Solution for ServiceNow
With sponsorship from the Machine Identity Management Development Fund, ServiceNow experts, Difenda, took up the task of integrating ServiceNow with Venafi. Difenda, a Canada-based managed security services provider serving customers across North America and Latin America since 2008, has been a partner of Venafi in the world of machine identity management for the last seven years.
ServiceNow is an industry leader in IT service management (ITSM) leader, and Venafi is the category-creator and leader of machine identity management. Integrating these two vital services provides users a seamless experience with a self-service and user-enabled way of requesting digital certificates—essentially achieving an easily adoptable machine identity management-as-a-service program. The resulting integration between ServiceNow and Venafi allows users to leverage Venafi’s certificate lifecycle management and automation deployment, while also enjoying a ServiceNow-centric ITSM experience on the platform they know with the core features they love.
Difenda choseelected three fundamental philosophies when building the integrated app to optimize adoption and enablement:
- A ServiceNow-centric experience
- Leveraging existing ITSM modules for managing machine identity lifecycles
- Control objectives achieved using ServiceNow’s access control framework
Let’s break them down.
ServiceNow centric experience
The ServiceNow application has a portal view. Forms can be integrated into the service catalog and requests can be entirely managed out of ServiceNow. Users can perform everyday tasks directly related to machine identities directly within the application. Whether that means creating a new certificate request, manually renewing a certificate, or accessing a list of all certificates a team is responsible for. Important data is available in this one application. Organizations that successfully implement this integrated solution do not have to actually go to Venafi for normal activities of the Trust Protection Platform. This unified experience means a user can do everything from the ServiceNow console.
Leveraging existing ITSM processes
ServiceNow offers request management, task approvals for various workflows, a CMDB with information on servers and applications, change management, and incident management as part of its core features. The question then was to make it possible to manage machine identities using capabilities already built into ServiceNow. Here’s Difenda’s approach:
- Associate Certificates with CI
This provides that self-service capability, because ServiceNow application owners that would typically approve a change associated with the application are the ones actually approving a certificate request. This promotes decentralized lifecycle management and gives each team more visibility and control over their certificates.
- Alignment with CMDB data
To perform automated deployments in ServiceNow using the Difenda machine identity management application, users can create a new installation request and select a server or a load balancer or a network object from their CMDB. This pulls information such as IP address, environment, location, and operating system to create that device object in Venafi. Every time it is renewed or redeployed, it is always using the latest information from the CMDB and can be updated in Venafi. This allows users to fully take advantage of CMDB and align with the existing organization structure.
- Approve requests through Change Management
Deployment requests can also integrate with change management, and it’s possible to indicate if an installation request should be approved via a change. This selection auto-generates a change request, the changes numbers are tracking, and it will be processed and deployed via Venafi once that request is approved. It can also be updated and closed while it’s still pending.
- Auto create Incidents
Within the integrated Difenda and Venafi app, users can also create incidents for expiring certificates, improving visibility and control over certificates and reducing outages.
Security and control
As always, the goal of Difenda’s integration was to leverage as many of ServiceNow’s existing capabilities as possible to provide users a seamless experience in utilizing its ITSM alongside Venafi’s machine identity management services. Out of the box with ServiceNow, application certificates are only accessible to owners, support groups, and approved groups. Individual users can tweak preferences to allow a wider framework, but the ServiceNow control framework is leveraged for maximum security. There are also unique roles that offer users various levels of access. So along with the functionality that comes with ServiceNow, full control of access is given to the application owner or custodian to support decentralized management of machine identities.
- Get Self-Service Access to Venafi from ServiceNow with New Difenda Integration
- ServiceNow Automation for the Venafi Platform: Interview with Difenda