Cloning instances with AES
Summarize
Summary of Cloning instances with AES
This guide explains how to securely clone ServiceNow instances using App Engine Studio (AES), focusing on protecting your custom data, tables, and templates when copying production instances to non-production environments. Proper cloning practices help prevent data loss, maintain collaboration settings, and ensure development continuity.
Show less
Key Requirements and Best Practices
- Ensure all AES plugins are installed on all instances involved in the cloning process.
- Set up data preservers on target instances to protect Automated Test Framework (ATF) and Instance Scan properties, avoiding accidental test runs on production systems.
- Install the App Engine Management Center (AEMC) plugin on all instances if you are collecting development and deployment data.
- Create a cloning strategy to avoid overwriting non-production data, especially when cloning from production.
Data Preservation and Clone Exclusions
ServiceNow provides data preservation for key collaboration tables to retain essential data in development instances:
- Collaboration Descriptor tables (sysappcollabdescriptor, sysappcollabpermissionm2m)
- Collaboration Users and Groups tables (sysappcollabuser, sysappcollabgroup)
Clone exclusions prevent production data from overwriting development data in these same tables.
For credentials, if AES is the sole user of the Credentials table, consider creating preservers for Credential Alias, Basic Auth, and Discovery credentials to prevent data loss.
User Role Reassignment and Post-Clone Sync
- After cloning, reassign roles to users in AES Users, AES User Limited groups, and those with the snappengstudio.user role in non-production instances.
- An automatic “ReSync Collaborations Permissions” post-clone script synchronizes collaborators for applications present on both production and development instances, enabling developers to resume work immediately.
- The collaboration plugin must be enabled on cloned instances for this synchronization to work.
- Use UI actions such as “Resync collaboration permissions” and “Clean up records with empty references” to manage collaboration data integrity after cloning and application restoration.
Preserving App Templates
To prevent loss of custom AES templates during cloning:
- Recognize that AES templates are stored as scoped applications on the Custom Applications table and treated like standard apps during cloning.
- Protect these templates by creating clone preservers using established ServiceNow processes to ensure they are not overwritten.
Additional Resources
ServiceNow offers extensive resources including knowledge articles, tips, FAQs, and a whitepaper on AES data preservation during cloning to assist customers in implementing effective cloning strategies. Access to some materials requires ServiceNow University login.
Learn how to protect the data, tables, and templates you've created in App Engine Studio when using System Clone to copy instances from production to non-production.
Preserving data and tables when cloning
- Verify that all of your AES plugins are installed across all instances.
- If you're cloning a production instance, verify that you've set up a data preserver on the target instances to preserve the Automated Test Framework (ATF) and Instance Scan properties. For more information about data preservers, see Create a clone preserver and Create a data preserver (legacy).Important:By default, the ATF system property is disabled to prevent you from accidentally running these tests on a production system. Running ATF on a production instance is neither recommended nor supported due to the potential for data corruption or outages.
- If you're collecting development and deployment data, the App Engine Management Center (AEMC) plugin must be installed on all instances.
- The following tables have data preservation to ensure that the tables are correctly cloned between instances:Note:For the following tables, preservation is for global scope only.
- Collaboration Descriptor tables:
- App Collaboration Descriptors (sys_appcollab_descriptor)
- App Collaboration Descriptor Permissions (sys_appcollab_permission_m2m)
- Collaboration Users and Groups tables:
- App Collaboration Users (sys_appcollab_user)
- App Collaboration Groups (sys_appcollab_group)
- Collaboration Descriptor tables:
- The following tables have clone exclusions:
- Collaboration Descriptor tables:
- App Collaboration Descriptors (sys_appcollab_descriptor)
- App Collaboration Descriptor Permissions (sys_appcollab_permission_m2m)
- Collaboration Users and Groups tables:
- App Collaboration Users (sys_appcollab_user)
- App Collaboration Groups (sys_appcollab_group)
- Collaboration Descriptor tables:
- If AES is the only application using the Credentials table, consider creating data preservers for Credential Alias, Basic Auth, and Discovery credentials. Otherwise, you must ensure that these tables aren't overwritten when the production instance is cloned to non-production instances.
- The following users must be reassigned their roles after cloning:
- Users in the AES Users group
- Users in the AES User Limited group
- Users who have the sn_app_eng_studio.user role in non-production instances
- After cloning, a ReSync Collaborations Permissions post-clone clean-up script runs automatically, so any applications that were the same on production and development
instances are automatically have collaborators synced. Developers can resume development on them immediately. Note:The cloned instance must have the collaboration plugin enabled.
- If some applications were backed up prior to cloning and retrieved after cloning, you can use the Resync collaboration permissions related link on the sys_app record to reassign users and groups to their appropriate delegated development permissions.
- If a collaboration descriptor is no longer associated with a user or group after cloning (in the event that development apps were wiped out during cloning as they were not in the source instance), select the Clean up records with empty references related link to remove the unreferenced user or group from the collaboration table. You should run this UI action after the cloning is done and all preserved applications have been retrieved (with Resync collaboration permissions already run on them).
- Pipeline Instance
- Request Authorization Key
- Deployment Request
- Deployment Environment Request
Preserving app templates when cloning
Admins must protect custom templates from being overwritten during the cloning process. Without protection, templates created in AES (both from existing applications and from scratch) are in danger of disappearing during a clone.
When you create a template in AES, a scoped app is automatically generated on the Custom Applications [sys_app.list] table in your instance. Though they have different contents, template applications and standard custom applications are treated similarly on the ServiceNow AI Platform. So, preserving app templates during a system clone works the same way as preserving an application.
To protect app templates on your non-production instances, follow the process in Create a clone preserver or Create a data preserver (legacy).
More information on cloning and data preservation
- For more information on using the System Clone tool, see Instance Clone.
- For more information on data preservation, see Create a clone preserver.
- For more details on cloning instances with AES, see the App Engine Studio System Administrator Guide on ServiceNow University.
| Learn more about cloning instances with AES | Additional ServiceNow resources |
|---|---|
| ServiceNow provides several additional resources on cloning instances with App Engine Studio. | |
Note: You must log in to ServiceNow University to access this resource. |