The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Modeling Third Party Services Used by Application Services

Go to solution
Lyle Taylor
Tera Expert

‎11-08-2023 05:52 PM

Hi All,

 

We have a situation that we are wondering how to best model in the CMDB, especially in relation to CSDM recommendations. We have portions of some apps that rely on 3rd party services such as payment processors for an online store, etc. We are trying to determine the most correct way to represent the dependencies on those external services.  We need these represented for both operational and compliance purposes - we need to understand the architecture and dependencies of our applications, and we also need to be able to understand what data is being sent and stored to/in these services for data privacy and governmental compliance purposes. We don't track the data sent and stored in ServiceNow, but understanding the dependency on the services so we can ask the right questions is essential.

 

For SaaS applications and platforms where we have users directly interacting with the application/platform, we already represent those as Business Applications with associated Application Services. For example, ServiceNow is a Business Application, and our instances are all Application Services. However, in this case, we simply have a service provider that provides an API (or some kind of interface) for us to interact with - no users interact directly with the service. In this scenario it feels less appropriate to represent it as a business application, since there are no "deployed application stacks" for us to track, per se. We could see it potentially represented as a Business Service, or maybe a Technical Service, but both of those feel not quite right as well.

 

Below is a simple example of what we're dealing with. The Business Application and Application Service represent an in-house developed online store application. It does everything except the payment processing which is handled by a 3rd party service that we have contracted with. We want to be able to represent that payment processing service as a CI so that we can see that our application depends on it. The question is what kind of CI would be best to represent that external service? You could have a similar scenario with other kinds of services such as payroll processing, etc.

 

Thanks for all feedback!

 

Example.png

  • 4,154 Views
2 ACCEPTED SOLUTIONS

Go to solution
scott_lemm
ServiceNow Employee
ServiceNow Employee

‎11-14-2023 05:53 AM - edited ‎11-14-2023 05:55 AM

Hello @Lyle Taylor , thank you for your question!
There are key aspects to your use case I want everyone to understand:
1. Data is being sent to a 3rd party service through an API
2. The 3rd Party Service is a contractually obligated Vendor

 

That said, we want to ensure we can identify those unique aspects to this use case: the API and the 3rd party service. I have drawn our recommendation that takes into account the points above. Note: we are NOT recommending the use of an Application Service for this 3rd Party Service... Why?

One of the aspects of a Service Offering is identifying the Vendor providing said Offering and the contracts associated to the Service. If used within ITSM, there are tracking capabilities available to understand if a Vendor is performing their obligations. In this use case, the Technical Service Offering is a critical object to identify the 3rd Party Service and, if desired, manage them as a Vendor. The API object is a bonus. You mentioned this in the use case and we recently added API as a class within the CMDB. This enables you to identify the APIs (in-house or 3rd party provided) that you depend on. APIs can exist between Application Services (in-house use case) or a Service Offering (3rd party use case).

 

Regardless if you plan on using our Vendor Management features, this model is the recommended solution from ServiceNow.

 

Thank you again for the How Would I Model This using CSDM question.

 

I hope this helps.
Feel free to reach out directly if you have additional questions on this topic 

 

scott_lemm_0-1699970134445.png

 

View solution in original post

Preview file
467 KB

Go to solution
scott_lemm
ServiceNow Employee
ServiceNow Employee
In response to Stuart Tucker

‎11-14-2023 07:49 AM

@Stuart Tucker , the API tables were added as part of the CMDB CI Class Model app version 1.49 from the ServiceNow Store. I believe the time frame was September 7th 2023. The version notes contain the following list of API tables:

 

  • Core API data model classes:
    • cmdb_ci_api
    • cmdb_ci_managed_api
    • cmdb_ci_api_component
    • cmdb_ci_api_frontend
    • cmdb_ci_api_backend
    • cmdb_ci_api_gateway
    • cmdb_ci_unmatched_api_endpoint
  • Kong API Gateway related classes:
    • cmdb_ci_kong_gateway
    • cmdb_ci_kong_lb
    • cmdb_ci_kong_target

View solution in original post

10 REPLIES 10

Go to solution
Jim Zeigler1
Tera Expert

‎02-26-2024 08:31 PM - edited ‎02-26-2024 08:44 PM

I find that 3rd party hosted Services frequently have IPC tasks (Incident, problem, and change tasks) associated with them because they are operational services that are being Monitored and upgraded, just like on-prem services.  It is easy to model 3rd Party Hosted Services using Query-Based Mapping. They don't have any discoverable Entry Points so pattern based mapping is not an option. You can include any local supporting servers (e.g., ServiceNow MID Servers) in the list of Associated CIs for the Service (by adding them to the Query). In most cases, there will be no associated CIs so the Filter or Query and CMDB Group for the Dynamic CI Group will be empty.

 

The event Management team can map events coming from the monitoring of 3rd Party Hosted Services to the matching 3rd Party Hosted Application Service.  It is critical to make sure all your dependencies on 3rd Party Hosted Services are included in your Service Maps (either Query or Pattern Based).

 

My Service Mapping Questionnaire template includes a question asking if the service to be mapped depends on other Application Services. I would recommend seeding the choice list with all the known 3rd party and shared services. As a best practice, create all your 3rd Party Hosted Application Service CIs before you start mapping on-prem or Cloud Services that might depend on them.

 

Since the Service Classification field used by SPM is not defined for ITOM Services, I added a new Choice for "3rd Party Hosted Service" so they can easily be found if you need to create Dashboards for 3rd Party Services. I recommend creating Service Groups for similar 3rd Party Services so you can see the status for all related services (e.g. all your production SharePoint sites) on one tab of your Service Operations Workspace Dashboard.