Site Integration Services
Hornbill's Site Integration Service (SIS) is a Windows NT Server service installed on a server behind an organisation's firewall. It runs as a standard Windows NT Service and, once paired with a Hornbill instance, monitors the ITOM Job Queue. The SIS connects to the instance order to retrieve jobs that have been placed on the job queue for execution.
- OS: Windows Server 2012, 2012 R2, 2016 or 2019
- RAM: 4GB
- Free Disk: 10GB
- CPU load is minimal
- Can be run on virtual as well as physical machines.
- The SIS communicates with a Hornbill instance using the secure HTTPS protocol.
- Hornbill instances will only respond to a successfully paired SIS.
- Currently, support for communications via a proxy service is not available.
Discovery and Package Deployment
The SIS is capable of discovering the following devices:
- Windows 32/64bit Computers
- Currently supported by Microsoft
- Unix/Linux/Mac Computers running ssh
Depending on the content of the deployment package, there may be additional OS requirements.
A Windows firewall rule for Inbound traffic (Local subnet) that allows all TCP traffic into the SIS service executable is created on installation and named:
- Hornbill SIS Server - Context Callback (TCP - In).
The following outbound ports between the SIS server and the cloud instance are required:
- HTTPS TCP 443
The following ports between the SIS server and Managed Devices are required, dependant on which method is adopted to retrieve Inventory details:
- WinRM - TCP 5985
- DCOM - TCP 135
- DCOM - Range of dynamic ports:
- TCP 49152-65535 (RPC dynamic ports – Windows Vista, 2008 and above)
- TCP 1024-65535 (RPC dynamic ports – Windows NT4, Windows 2000, Windows 2003)
- Site Integration Service Discovery (Dependant on the discovery mode used)
- Active Directory / LDAP
- TCP Port 389 (Between the SIS and the AD Domain Controller / LDAP Server)
- Secure Shell (ssh)
- TCP Port 22 (Between the SIS and target devices)
The following is required to support the TCP Ping test used during discovery (only required if the feature is in use):
- ICMP Echo Reply
- A refresh of the list may be required to display any new devices discovered while you are viewing the list
- Displays Connectors from the selected Group
- + Create Group
- (Selectable via the drop-down) allows for the Creation of SIS Groups'
- Paired / Not Paired
- Toggle button that allows the display of Paired or Not Paired SIS
- Download Site Integration Server
- Downloads the on-premise SIS Installer
- Move Selected To...
- Moves the selected SIS entries to the selected Group
- Deletes the selected SIS entries
- The name of the Connector
- The group that the Connector belongs to
- The user-provided description for the connector
- Service Type
- Operating system architecture of the Server hosting the SIS installation
- Service State
- Toggle to enable or disable the SIS
- Online Status
- The current status of the link to the SIS service.
- Service Build
- SIS Server build version. Any Service showing an older build may highlight that there is an issue with automatic updates for that service
- Last Seen On
- this will display the last time there was communication between the Hornbill SIS Service and the SIS Server
Creating an SIS Service Profile on the Hornbill Instance
- Navigate to Hornbill Administration > Home > ITOM > Site Integration Services
- Click the button to create a new SIS Connector
- Enter the following details:
- Name - name used to identify the SIS server to the Hornbill Instance
- Group - Should be a least one default group, others can be selected via drop down if created previously
- Click the Create Site Integration Service button
- The Authorisation Code is displayed, and should be recorded for later use
- See the next section for details of how to pair your SIS with your Hornbill instance
- Should you choose not to complete the pairing at this time, the connector can be found by selecting the Not Paired filter in your list of SIS Connectors
- The Authorisation Code is valid for 1 hour. Should the SIS connector and SIS installation not be paired during this time, the key will expire. To generate a new Key, remove the SIS connector and recreate it.
Downloading and Installing the SIS Service
The Hornbill SIS is installed as a Windows NT Service and will require local administration rights for installation on the target computer.
- Navigate to the following Hornbill Administration page: Home > ITOM > Site Integration Services
- Click the "Download Site Integration Server" button on the toolbar
- Locate the downloaded executable (.exe), and double click to begin
- Click Install
- Click Ok to Confirm the Installation
- Close the Install dialog
- Open the 'Services mmc Console
- Start the EspSisService
Pairing an SIS Server with a Hornbill Instance
Once the ESPSisService is running, the process of pairing the service with a Hornbill instance can begin, which will require an Authorization Code. This code will have been provided while creating an SIS connector. See the section Creating an SIS Connector on the Hornbill Instance.
- Open the Browser and navigate to http://localhost:11117. After a short pause, a prompt for the Instance Id and an Authorization Code appears
- Enter the Instance ID and Authorization Code
- Click the Pair with Instance button
Grouping Site Integration Servers
The creation of groups enables SIS connectors and SIS installations to be logically grouped; each SIS entry must belong to a single group. A "Default" group is provided with the option to create additional groups as required. Generally, the network infrastructure, load balancing and failover requirements will determine the number and grouping of SIS installations.
- Load Balancing
- When more than one server is placed within a group, Jobs sent to the group for processing will be processed by the next available SIS server spreading the load.
- Failover protection
- SIS servers poll the Job queue for available jobs, and thus if a server fails, any other server within the same group will pick the next available job. Any job currently being processed by the SIS server will fail, and the status set accordingly. If the job has already been pushed to a client and executed, then it will potentially be orphaned, and the status set to Timed-Out.
- If a standalone SIS server fails then all jobs aimed at that server will be left in the Job queue and will not be processed until the server is up and running again.
Creating a Group
- From the ITOM page select Site Integration Services
- Click the Show dropdown
- Click +Create Group option
- Enter the New Group Name
- Click Apply
Removing an SIS Server Installation
If you want to remove the SIS server from your instance. simply navigate to the SIS servers tab in the admin tool and delete the SIS server you want to remove.
The removal of the SIS server software from your server(s) requires manual steps in order to remove the service and all related files.
- Open Windows Powershell console
- Enter the following:
- Stop-Service ESPSisService
- sc.exe delete EspSisService
- Remove-Item "$env:ProgramFiles\Hornbill\Site Integration Server" -Recurse
- Remove-Item "$env:ProgramData\Hornbill\Site Integration Server" -Recurse
- Care should be taken with these steps as they will perform a recursive delete on the two folders specified. Once the service is removed don't forget to remove the SIS entry on the instance.