Integration with Service Desk Plus' CMDB

PAM360 provides the option to integrate with ManageEngine Service Desk Plus's configuration management database (CMDB). This integration enables you to export SSL certificate details from PAM360's repository to Service Desk Plus's CMDB thereby allowing administrators to monitor the usage, expiry and other aspects of SSL certificates across the organization directly from Service Desk Plus interface.

At the end of this document, you will have learned the following:

  1. How does this Integration Work?
  2. Creating CI type in SDP's CMDB
  3. Enabling Certificate Sync
  4. Deleting Certificates from CMDB

1. How does this Integration Work?

To export SSL certificates from PAM360 to Service Desk Plus's (SDP) CMDB, you have to first provide the server details where SDP instance is running and the user account details (technician key). Once the integration takes effect, a new parent CI type and a corresponding child CI type will be created in Service Desk Plus which will house all the certificates exported from PAM360's repository. You can also export SSL certificates from PAM360 into an already existing CI type in SDP by appropriately mapping the certificate attributes to that of the existing CI. Exporting certificates into CMDB renders visibility over SSL environment and allows administrators manage all IT assets from a single, central repository.

Prerequisite : Before proceeding to set up CMDB integration, PAM360 requires the details of the server in which ServiceDesk Plus is running and the technician key.

To provide the above details, go to Admin >> Integration >> Ticketing System Integration. In the page that loads, enable ServiceDesk Plus integration and enter the details. The technician key should be generated from SDP's interface and the user account for which the key is generated should have SDAdmin privilege in SDP.

2. Creating CI type in SDP's CMDB

After providing SDP server configuration details, the next step iscreate a new CI type in SDP's CMDB or use an already existing CI type in SDP's CMDB to export certificates from PAM360's repository. To create a CI type,

  1. Navigate to Admin >> SSH/SSL >> CMDB Integration in PAM360's interface.
  2. In the dialog box that opens, click 'Enable' beside Certificate Sync option.
  3. You can either choose to create a new configuration item (CI) type in SDP or export certificates into an already existing CI type.
  4. To create a new CI type, select 'Create New CI Type' option, provide a name for the CI type and an optional parent CI name. By default, child CI type PAM360_SSL is created under the parent CI type PAM360. You can choose to modify the names according to your requirements.

  5. Click Save. A new CI type in created in SDP's CMDB consisting of the following attributes: Common name, DNS name, signature algorithm, organization, certificate from date, expiry date, key size, key algorithm, creation time and description. All the SSL certificates from PAM360's repository will them be exported to SDP's CMDB. 
  6. To export certificates into an already existing CI type in SDP, select Use Existing CI Type option and specify its name.
  7. Click Fetch attributes to fetch the attributes of the existing CI type.
  8. You then have to map the certificate attributes available in PAM360 (common name, DNS name etc.,) with the attributes of the chosen CI type by choosing appropriate options from the Select Attribute drop-down.
  9. After the mapping is done, click Save. All the certificates from PAM360's repository will be exported to SDP's CMDB. 

3. Enabling Certificate Sync

To enable certificate synchronization with SDP's CMDB, 

  1. Navigate to SSH/SSL >> CMDB Integration in PAM360's interface.
  2. Switch to CMDB tab and click 'Enable' besides Certificates Sync. All certificates in PAM360 are synced with SDP's CMDB. Also, certificates that are added to PAM360 in future will be automatically exported and synchronized with SDP's CMDB.

In addition, you can choose to sync certificates manually whenever you want by carrying out the below steps: 

  1. Navigate to Certificates tab and click the More option available above the table view.
  2. Select Sync  with CMDB from the dropdown menu. All the certificates in PAM360's repository will be synced with SDP's CMDB.

4. Deleting Certificates from CMDB

Similarly, when you delete unwanted certificates from PAM360's repository, the certificate gets deleted from SDP's CMDB also.

  1. Navigate to Certificates tab.
  2. Select the certificate(s) that you wish to delete. Click the More option available above the table view and select Delete from the dropdown menu.
  3. A dialog box will appear asking you to confirm the deletion of certificate from CMDB also.
  4. Enable the check-box and click Ok. The selected certificates are deleted from PAM360 and SDP's CMDB.