Domain separation and Service Mapping

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Service Mapping

    Domain separation in Service Mapping allows ServiceNow customers to logically segregate data, processes, and administrative tasks into distinct domains. This separation controls user access and visibility, ensuring that data is properly isolated according to service provider and tenant requirements within a multi-tenant environment. It supports runtime separation across user interface, cache keys, reporting, rollups, and aggregations, enabling secure and organized management of service mapping data.

    Show full answer Show less

    How Domain Separation Works in Service Mapping

    • Users must switch to the relevant leaf domain (a domain without child domains) to perform mapping-related actions.
    • Creating a service instance automatically assigns it to the user's domain.
    • When manually adding Configuration Items (CIs) to a service instance, only CIs within the same domain are selectable.
    • Connections between CIs can only be added if the user belongs to the same domain as the application service.
    • Imported service instances and service groups are assigned to the user's domain during service definition transfers.

    Automated Service Suggestions and Domain Separation

    Automated Service Suggestions supports domain separation starting with version 1.9.0, allowing connections only when source and target processes reside within the same domain. Users can only view data in their current domain. Currently, domain separation support for Automated Service Suggestions is not available for on-premise instances. Customers should verify that all content is assigned to the proper domain after installing Service Mapping Plus with domain separation support.

    Practical Considerations for ServiceNow Customers

    • Instance owners must configure the application for multi-tenant use to enable domain separation.
    • Ensure users operate in the correct leaf domain to perform service mapping tasks effectively.
    • Review and verify domain assignment of service mapping content post-installation to maintain data integrity and access control.
    • Refer to operational topics such as enabling traffic-based discovery, tagging application services, and customizing patterns to optimize Service Mapping usage in domain-separated environments.

    Domain separation is supported in Service Mapping. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Basic

    • Business logic: Ensure that data goes into the proper domain for the application’s service provider use cases.
    • The application supports domain separation at run time. The domain separation includes separation from the user interface, cache keys, reporting, rollups, and aggregations.
    • The owner of the instance must set up the application to function across multiple tenants.

    Sample use case: When a service provider (SP) uses chat to respond to a tenant-customer’s message, the customer must be able to see the SP's response.

    For more information on support levels, see Application support for domain separation.

    How domain separation works in Service Mapping

    In domain-separated environments, switch into relevant leaf domains to access actions related to mapping performed by Service Mapping. A leaf domain is a child domain of the lowest level, meaning it does not have any child domains itself.

    Domain separation is handled in a slightly different way than simply configuring separate domains. Notice that you must select or specify the relevant leaf domain to perform the following mapping actions in domain-separated environments:
    • When creating an service instance, the service instance is assigned to the user's domain.
    • When manually adding a CI to an service instance, you can choose only CIs that belong to the service domain.
    • When manually adding connections to CIs to an service instance, users must belong to the same domain as the application service.
    • When transferring service definitions between instances, imported service instances and service groups are assigned to the user's domain.

    Domain separation and Automated Service Suggestions

    Automated Service Suggestions supports domain separation. This means that:
    • The source and target process must reside in the same domain to create a connection.
    • The user can view only the data in the current domain.
    Note:
    After installing Service Mapping Plus with domain separation support, verify that all content is in the appropriate domain. For a detailed explanation of the required steps, see the Service mapping plus for domain separated instance [KB1303398] article in the Now Support Knowledge Base.

    Automated Service Suggestions supports domain separation starting with version 1.9.0. No support is currently offered for on-premise instances. Reach out to product management for further information.

    For more context, refer to Discovery patterns used by ITOM Visibility topic and MID Server configuration for Service Mapping. The following topics provide operational information on how to use Service Mapping in deployments with domain separation: