Domain separation and Software Asset Management

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain separation and Software Asset Management

    Domain separation in Software Asset Management (SAM) enables organizations, including service providers and large enterprises managing subsidiaries, to logically separate data, processes, and administrative tasks into distinct domains. This separation allows control over user access and visibility, facilitating managed services and independent domain management within a shared environment.

    Show full answer Show less

    How Domain Separation Works in SAM

    • Domain separation is implemented in two stages: data separation and process separation, both supported since the Paris release.
    • Users with the samintegrator role can create and modify SaaS integration profiles but should be assigned cautiously due to access to OAuth application registry data across domains.
    • Log viewing for domain separation requires setting the asset.loglevel system property to debug, trace, or info, which outputs logs when scheduled asset management jobs run.
    • Content Data Service (CDS) populates instance data with the domain set as global in domain-separated environments.

    Support and Configuration

    • Domain separation is supported at an enhanced level, including all basic and standard support features.
    • It provides data-driven, UI-based fail-safe configurations allowing tenants to adjust business logic and parameters, such as impact, urgency, or priority matrices, without affecting other tenants.
    • Recommended practice is to avoid customizing the base system domain configuration record to maintain system integrity.

    Required and Supported Plugins

    Enabling domain separation requires installing specific plugins, including:

    • Domain Separation Extension
    • Performance Analytics – Domain Support
    • Software Asset Management plugins (SAMP and HAMP)
    • Additional supported plugins such as Service Catalog Domain Separation, Procurement, Cost Management, and Contract Management

    Additional Considerations

    • Domain separation impacts software lifecycle reporting and should be considered when running these reports.
    • Understanding related concepts such as domain access, default domain importance, and domain separation for service providers helps optimize configuration and management.

    Domain separation is supported in Software Asset Management. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Enhanced

    • Includes all aspects of Basic and Standard levels of support.
    • Data-driven process enables service provider customers to modify business logic that is based on defined use cases. These configurations are UI-based and fail-safe so that configurations by one customer cannot affect another.
    • Tenants of the instance must be able to configure minimum viable product (MVP) business logic and data parameters for themselves. This logic and parameters would be expected for the application's normal function.

    Sample use case: Tenant-customers of a shared environment must be able to modify the impact, urgency, or priority matrix to set priority within their domain.

    For more information on support levels, see Application support for domain separation.

    Overview

    Domain separation support in the product enables service providers to offer managed services for software and hardware asset management to their customers. This feature also caters to large organizations who manage their subsidiaries as independent domains.

    How domain separation works in Software Asset Management

    In SAM, domain separation occurs in two stages: data separation and process separation. From the Paris release, both data and process are domain-separated.

    Any user with sam_integrator role has access to create and modify the SaaS integration profiles. Since users with this role can also access the Oauth application registry (currently not domain-separated, so records across all domains are visible), this sam_integrator role should be assigned with caution. The user should be in the service provider organization and satisfy high permissions criteria.

    To view logs for domain separation, you need to create a system property titled asset.log_level and set its value to debug, trace or info. Based on the value that you set, logs are shown when any scheduled job that extends the AssetManagementBaseJobscheduled job runs.

    In a domain-separated instance, the content data service (CDS) should populate data in the instance with domain set as global.

    Note:

    The Recommended practice is to avoid customizing the base system domain configuration record.

    Multitenant support for IT Asset Management

    Required plugins

    • Domain separation extension (com.glide.domain.msp_extensions.installer)
    • Performance Analytics – Domain Support (com.snc.pa.domain_support)
    • SAMP (com.sn_samp_master)
    • HAMP (store app)

    Other supported plugins

    • Service Catalog – Domain Separation (com.glideapp.servicecatalog.domain_separation)
    • Procurement (com.snc.procurement)
    • Cost Management (com.snc.cost_management)
    • Contract Management (com.snc.contract_management)

    To learn more, see Domain separation explained, Contains queries and domain access, and Importance of Default domain.