Domain separation and Software Asset Management

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Software Asset Management

    Domain separation in Software Asset Management (SAM) allows service providers and large organizations to manage their software and hardware assets by logically grouping data, processes, and administrative tasks into distinct domains. This feature enhances security and control over data access, enabling organizations to tailor their asset management according to their specific needs.

    Show full answer Show less

    Key Features

    • Data and Process Separation: Both data and processes are domain-separated, ensuring that users can only access information relevant to their domain.
    • Role-Based Access: Users with the samintegrator role can create and modify SaaS integration profiles, but this role should be assigned cautiously to maintain security.
    • Logging and Monitoring: Users can view logs related to domain separation by configuring a system property for log levels, allowing for better oversight of domain activities.
    • Required Plugins: Essential plugins include Domain Separation Extension, Performance Analytics – Domain Support, and others that enhance the functionality of domain separation.

    Key Outcomes

    Implementing domain separation in SAM helps customers manage assets effectively across different domains, ensuring that configurations are fail-safe and do not impact other tenants. It empowers organizations to modify business logic according to their specific use cases, ultimately leading to improved operational efficiency and security in managing software assets.

    Domain separation is supported in Software Asset Management. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Enhanced

    • Includes all aspects of Basic and Standard levels of support.
    • Data-driven process enables service provider customers to modify business logic that is based on defined use cases. These configurations are UI-based and fail-safe so that configurations by one customer cannot affect another.
    • Tenants of the instance must be able to configure minimum viable product (MVP) business logic and data parameters for themselves. This logic and parameters would be expected for the application's normal function.

    Sample use case: Tenant-customers of a shared environment must be able to modify the impact, urgency, or priority matrix to set priority within their domain.

    For more information on support levels, see Application support for domain separation.

    Overview

    Domain separation support in the product enables service providers to offer managed services for software and hardware asset management to their customers. This feature also caters to large organizations who manage their subsidiaries as independent domains.

    How domain separation works in Software Asset Management

    In SAM, domain separation occurs in two stages: data separation and process separation. From the Paris release, both data and process are domain-separated.

    Any user with sam_integrator role has access to create and modify the SaaS integration profiles. Since users with this role can also access the Oauth application registry (currently not domain-separated, so records across all domains are visible), this sam_integrator role should be assigned with caution. The user should be in the service provider organization and satisfy high permissions criteria.

    To view logs for domain separation, you need to create a system property titled asset.log_level and set its value to debug, trace or info. Based on the value that you set, logs are shown when any scheduled job that extends the AssetManagementBaseJobscheduled job runs.

    In a domain-separated instance, the content data service (CDS) should populate data in the instance with domain set as global.

    Note:

    The Recommended practice is to avoid customizing the base system domain configuration record.

    Multitenant support for IT Asset Management

    Required plugins

    • Domain separation extension (com.glide.domain.msp_extensions.installer)
    • Performance Analytics – Domain Support (com.snc.pa.domain_support)
    • SAMP (com.sn_samp_master)
    • HAMP (store app)

    Other supported plugins

    • Service Catalog – Domain Separation (com.glideapp.servicecatalog.domain_separation)
    • Procurement (com.snc.procurement)
    • Cost Management (com.snc.cost_management)
    • Contract Management (com.snc.contract_management)

    To learn more, see Domain separation explained, Contains queries and domain access, and Importance of Default domain.