Download to read offline
Domain separation training
- 1. Service Now Domain Separation ©2015 Contender Solutions - Confidential & Proprietary
- 2. Agenda ◦ Whatis Domain Separation? ◦ Domain Hierarchy ◦ Record Segregation ◦ Process Flow ◦ Data Flow ◦ Best Practices ◦ Requirements for use ◦ Important Information © 2015 Contender Solutions - Confidential & Proprietary
- 3. Allows multipleorganizations to share one instance leveraging global properties and global processes across the entire instance ◦ Allows each organization to segregate data within the single instance Mainly used by Managed Service providers (MSPs) to host smaller customers ◦ Lowers the cost of using ServiceNow ◦ Centralizes instance administration ◦ Accommodates instance upgrades Technical Information ◦ Domain Separation is the implementation of domains within a single ServiceNow instance ◦ A domain is a unique qualifier used within a single instance to separate data and processes while still sharing global properties and global processes across the entire instance © 2015 Contender Solutions - Confidential & Proprietary What is Domain Separation?
- 4. Parent andchild relationships are created by the domain hierarchy © 2015 Contender Solutions - Confidential & Proprietary Domain Hierarchy
- 5. 1 ServiceNowInstance (1 Database, 1 Schema) © 2015 Contender Solutions - Confidential & Proprietary Record Segregation Instance
- 6. © 2015 ContenderSolutions - Confidential & Proprietary Process Flow
- 7. © 2015 ContenderSolutions - Confidential & Proprietary Data Flow
- 8. © 2015 ContenderSolutions - Confidential & Proprietary Best Practices If the table is a base instance table do not change its domain status. ◦ Exception to user created tables. These tables will need to be domain separated due to them usually being data tables. Just because a table has the sys_domain field does not mean its records should be domain separated. ◦ Example: All workflows should be developed as global using conditions to determine when workflows should execute. For better performance client scripts should be used as little as possible. ◦ Display Business rules should be used where possible Limit synchronous calls as much as possible ◦ Better: GlideRecord and getRefrence should be used with a callback option ◦ Best: Replace GlideRecord and getRefrence with GlideAjax calls to return less data
- 9. © 2015 ContenderSolutions - Confidential & Proprietary Best Practices Always use ServiceNow coding standards ◦ Never overwrite base instance process, override it where needed The sys_overrides field indicates that a policy, application, or module at a lower level in the hierarchy overrides a record at a higher level Once a child domain overrides a parent process the new child process runs for itself and all of its child domains ◦ Do not overwrite base instance classes, extend them when needed You cannot override and set Active = False ◦ The system will ignore the override because it is inactive ◦ To override and deactivate: Set a condition of false or sys_id | is | empty Tables that extend from a domain separated table will not have the sys_domain on them, the base table sys_domain field value is used ◦ Exception: Inbound Actions are extended from a domain separated table but cannot be domain separated
- 10. © 2015 ContenderSolutions - Confidential & Proprietary Best Practices Always update choice lists in DEV in the global domain ◦ If you change a choice state in PROD and then capture an update in DEV, all choice states in PROD will be overwritten When troubleshooting lists consider there are multiple views ◦ Personal ◦ Global ◦ Domain specific When troubleshooting forms consider there are multiple views ◦ Global ◦ Domain specific When creating applications and tables consider if a sys_domain field is needed for separation
- 11. © 2015 ContenderSolutions - Confidential & Proprietary Requirements For Use
- 12. © 2015 ContenderSolutions - Confidential & Proprietary When Not To Use
- 13. An existinginstance can become domain-separated technically but is NOT recommended. You should start with a new instance. A domain-separated instance has a control for converting data back to a non-domain-separated instance however this is NOT recommended. You should start with a new instance. The Domain Separation plugin must be activated through a ServiceNow Technical Support request © 2015 Contender Solutions - Confidential & Proprietary Important information
- 14. Contender Solutions isa ServiceNow partner, providing expert services in the ServiceNow platform space. If you’re looking to stand up ServiceNow for the first time, upgrade to the latest version, or add functionality to an existing instance, we can help. Data Storage Built around our core competencies, we take a strong approach to federal enterprise architecture services by addressing all aspects of your IT needs. Our delivery process can help guide you in a system’s correct implementation and our certified professionals can create effective solutions for a full spectrum of federal enterprise architecture needs. Consulting Services Our industry experts will help you secure and optimize the most strategic component to success, your people. We begin our partnership by seeking to understand your business targets, hardware and software needs and the gaps between your current and future state. We then develop a game plan with our Subject Matter Experts to close those gaps with the right people, skills and a solution. © 2015 Contender Solutions - Confidential & Proprietary Who We Are
- 15. Contact Us 1511 N.Westshore Blvd., Suite 220 Tampa, Florida 33607 813.642.3837 info@contendersolutions.com www.contendersolutions.com © 2015 Contender Solutions - Confidential & Proprietary
Editor's Notes
- #4 For a domain-separated instance owned by an MSP, customers are organizations that are independent from each other. One administration team oversees the entire DS stack, including the DEV > TEST > PROD instances and that one SDLC is used. A domain separated instance is one instance, (one database with one set of tables) that is shared across multiple organizations. It is not multiple independent virtual machines sharing a server.
- #6 Domain Separation does not physically separate the data at the database level. Queries from ServiceNow applications to the database include a WHERE clause that limits the data returned to the user making the request, based on their domain access rights. Direct database access is never allowed. Tables 1, 1A, 2 and 3 are domain enabled tables. This means records on those tables can be isolated from users in different domains. Table 4 is not a domain enabled table. Any records created on table 4 are available to all users of the instance given the appropriate roles/permissions. With the use of ACLs and domain fields you can control read access to table 4 to only process users of a certain domain if required.
- #7 Processes and UI elements flow DOWN through a domain hierarchy (child domains inherit the process and UI of their parents) Properties that are global in scope are the same for all users of an instance. Process is any platform element that when changed generates a sys_update_xml record in an Update set. Some process records are not moved with update sets; for example, any custom table with a sys_overrides is process and custom tables records are not moved with Update sets.
- #8 Data Flows UP through a Domain hierarchy (Parent Domains can see the data of children domains) Any table that contains a domain field inherits data separation. Data is records that when changed do not generate an Update Set record such as those generated by Incident, Problem, Change.
- #9 Data Flows UP through a Domain hierarchy (Parent Domains can see the data of children domains) Any table that contains a domain field inherits data separation.
- #10 The Show tables with a domain field option in the Domain configuration module can be used to get a list of domain separated tables.
- #11 The Show tables with a domain field option in the Domain configuration module can be used to get a list of domain separated tables.
- #14 DS is a one-way street.