Best Practices where to store Domain Names

Holger Buchner · ‎05-22-2024

Dear Community,

we are currently discussing, how and on which CI classes to document Domain Names. We want to cover the following:

Self hosted infrastructure (servers (virtual & physical), loadbalancers,
Self hosted endpoints (https, tcp) if not covered by the before (http servers, database instances)
Hyper scaler deployed endpoints (web application gateways, loadbalancers, application services, servers, database instances, docker instances
SaaS services and their endpoints provided by other third party providers (e.g. ServiceNow, SAP, Salesforce, Adobe)
TLS certificates (at least some of them are issued for domain names and aliases (alternate domain names)

One option would be to store all domain names (in most cases identical with FDQN) in a separate class cmdb_ci_endpoint, but that would create a large volume plus maintaining 10,000th of relationships (hard to keep update).

Are there best practices to focus on some base classes (e.g. server (generic), database instance (generic), cloud service (generic)) or use one common class like mapped application service to store the domain names with the downside, that 1 to many relationships are difficult to document.

Benefit would be, that we could do a full-text search across the CMDB & APM to find out, which application belongs to what domain name.

Processes like internet domain name services (ICAN) for ownership, risk mitigation and renewals would be easy to handle, similarly the handling and renewal of internal issued TLS certificates.
Does anyone have a recommendation to use either a separate object with relationships or in case of using pre-defined CI classes a recommendation for a subset of classes where to store the domain names.
Any hint highly appreciated.

CMDB Whisperer · ‎05-22-2024

This might help to put the picture together for you:

The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.

View solution in original post

CMDB Whisperer · ‎05-23-2024

SaaS services are best represented as Application Services, and there you can store the specific Endpoint (perhaps specifically an HTTP Endpoint). Worth mentioning: if you are using Service Mapping to create your Application Services, ServiceNow will not have access to map those services via the endpoints, and thus if you provide the endpoint it will result in an incomplete service map, as it is not discoverable.

The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.

View solution in original post

CMDB Whisperer · ‎05-22-2024

This might help to put the picture together for you:

The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.

Holger Buchner · ‎05-23-2024

Cool overview. Thanks for it. Where would you position SaaS services?

CMDB Whisperer · ‎05-23-2024

SaaS services are best represented as Application Services, and there you can store the specific Endpoint (perhaps specifically an HTTP Endpoint). Worth mentioning: if you are using Service Mapping to create your Application Services, ServiceNow will not have access to map those services via the endpoints, and thus if you provide the endpoint it will result in an incomplete service map, as it is not discoverable.

The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.

Holger Buchner · ‎05-23-2024

Thanks again, that helps.