Network Segmentation

Jeff Boltz1
Mega Guru

Hello Everybody,

I have a challenge that I was wondering if other folks had encountered and had some advice for me.

Our Audit team has mandated that we separate sub-production from production environments; a network segmentation policy.   At some point, neither environment will be able to "talk to each other".

In terms of discovery, this would mean that I have a production ServiceNow instance with production MID servers doing production discovery and a sub-production ServiceNow instance with sub-production MID servers doing sub-production discovery - two separate systems, and no single system of engagement, or single version of the truth.

Our goal (ITSM) is to have all CI data (sub-production and production) in one place to manage cost, maintenance, etc. in the production instance.  

I am not able to have a sub-production MID server talk to the production ServiceNow instance, so I am wondering what other options there are, or a way around this.

I see a few options:

Option 1:   Do nothing, i.e, maintain the two discovery solution for sub-production and production, but not attain the goal of one system of engagement, one version of the truth.

Option 2: Utilize some sort of ETL, or Web Service to pull discovery data from the sub production SN instance and then populate the production SN instance.   This would enable the goal of one version of the truth, but has cost in terms of software, maintenance, added complexity etc.

Option 3:   Seek an exception to the network segmentation policy and utilize a sub production MID server to feed the production ServiceNow instance.   This is not likely to be approved.

Has anyone else encountered this situation, and are there other potential options/solutions?

Thanks everyone.

Best,
Jeff

1 ACCEPTED SOLUTION

angeliccharm
Giga Expert

Hi Jeff,



My apologies that you started this thread some time ago and haven't received a response. In our opinion you may want to pursue option 3, even though the target environment itself is Sub Production the actual discovery mechanism is production.



Are your monitoring, DNS, AD services also sectioned out into Prod and Sub Prod, or are they excluded due to being infrastructure services? If they are excluded, then you can consider Discovery to be in the same category. Hope this helps.



Feel free to reach out directly with any other Discovery, Operations and/or Service Management questions or to discuss your needs and ServiceNow implementation roadmap.



View solution in original post

1 REPLY 1

angeliccharm
Giga Expert

Hi Jeff,



My apologies that you started this thread some time ago and haven't received a response. In our opinion you may want to pursue option 3, even though the target environment itself is Sub Production the actual discovery mechanism is production.



Are your monitoring, DNS, AD services also sectioned out into Prod and Sub Prod, or are they excluded due to being infrastructure services? If they are excluded, then you can consider Discovery to be in the same category. Hope this helps.



Feel free to reach out directly with any other Discovery, Operations and/or Service Management questions or to discuss your needs and ServiceNow implementation roadmap.