Domain separation and Service Level Management
Summarize
Summary of Domain separation and Service Level Management
Domain separation in Service Level Management (SLM) allows you to logically segregate data, processes, and administrative tasks into distinct domains. This ensures that users access only the data and functionality relevant to their domain, enhancing security and management in multi-tenant environments. SLM enables monitoring and reporting on Service Level Agreements (SLAs), helping customers track service expectations and performance within defined timeframes.
Show less
Key Features
- Domain-aware application properties: Properties adapt based on domain context to support isolated configurations.
- Business logic customization per tenant: Service providers can configure processes and parameters to meet specific tenant requirements.
- SLA Definitions and Task SLAs with domain fields: SLA definitions reside in tenant or global domains, while task SLAs inherit the domain of their associated task records.
- Delegated administration: SLA definitions from ancestor domains can be overridden in sub-domains to tailor SLAs for specific tenants.
How Domain Separation Works in Service Level Management
- SLA definitions must be created in tenant or global domains to generate task SLAs for related tasks.
- Task SLAs are created within the domain of their attached task record and follow the domain context of workflows.
- If a task moves domains, its associated task SLA moves accordingly.
- Users only see SLA records if their roles permit, typically Administrator, ITIL, SLA Administrator, or SLA Manager roles.
Use Cases
- An ESS user in a domain creates an incident; an SLA attaches in that domain but remains unreadable to the ESS user due to role restrictions.
- An ITIL user in the same domain can create incidents and view attached SLA records.
- SLA Administrators can override SLA definitions inherited from parent domains when the sub-domain requires specific SLA adjustments.
- Users setting their session domain to a sub-domain create task SLAs based on that sub-domain’s SLA definitions, ensuring accurate SLA application per tenant.
Practical Implications for ServiceNow Customers
By leveraging domain separation in SLM, ServiceNow customers can effectively manage multiple tenants or business units within a single instance while maintaining data isolation and bespoke SLA configurations. This ensures compliance with service agreements and operational governance tailored to each domain, enabling precise monitoring, reporting, and SLA enforcement aligned with organizational structure and policies.
Domain separation is supported in Service Level Management. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.
Support level: Standard
- Includes all aspects of Basic level support.
- Application properties are domain-aware as needed.
- Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
- The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.
Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.
For more information on support levels, see Application support for domain separation.
Service Level Management overview
- Service Level Management helps customers monitor, measure, and report on agreed service level agreements (SLAs); SLA definitions encapsulate these agreements.
- Users can see only content in the domain to which they have access.
How domain separation works in Service Level Management
The intention of SLM is to provide customers with an expectation of service within a known timescale and the ability to monitor when service levels are not being met. To learn specific terms and definitions see Service Level Management concepts.
- SLA definitions and task SLAs have domain fields. However, task SLAs are created only in the domain of its attached task record.
- SLA definitions must be defined in a tenant domain (or global) in order for task SLAs to be created and attached to a given task (or extensions).
- Task SLAs attach to a task if an SLA definition exists in the task records domain or in an ancestor domain.
- Task SLAs always inherit the domain of its attached task record, which includes the workflow running on the task SLA record. If a task record ever flips, the task SLA also slips.
- If an SLA definition exists in an ancestor’s domain, the definition can be overridden in a sub-domain (delegated administration).
Service Level Management domain-separated tables
- SLA definition [contract_sla]
- Task SLA [task_sla]
Service Level Management use cases
- An ESS user in the ACME domain logs in and creates an incident, at which point an SLA is
attached. The SLA is created in the domain of the associated task record (incident), which is
the ACME domain. The ESS user is not able to read SLA records. These are restricted to the
following roles:
- Administrator
- ITIL
- SLA Administrator
- SLA Manager
- An ITIL user in the Acme domain logs in and creates an incident. The process above is the same except that the ITIL user can read the SLA record attached to the incident.
- If an SLA definition exists in the Acme domain and doesn’t meet the needs of an Acme sub-domain (Acme child) an SLA Administrator can remediate. SLA Administrators can navigate to the ACME SLA definition when their session domain is ACME child, make the relevant changes, and save them. The SLA Administrator is alerted that an override has been created.
- An ITIL user sets the session domain to Acme child and creates an incident. The task SLA is created using the SLA definition from Acme child.