Managing namespaces in Hermes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Managing namespaces in Hermes

    Namespaces in Hermes provide a way to group Kafka topics logically to simplify topic management and control access on ServiceNow instances, especially in domain-separated environments. Each Kafka topic is linked to a namespace, which is used to organize topics by Kafka cluster or domain. This organization allows administrators to specify which ServiceNow domains can access particular topics.

    Show full answer Show less

    Key Features

    • Namespace Records: Stored in the Kafka Namespaces [syskafkanamespace] table, these records include namespace names and associated topic prefixes. Only administrators with the kafkanamespaceadmin role can create or manage namespace records.
    • Topic-to-Namespace Assignment: Topics are assigned to namespaces based on their name prefixes. A scheduled job scans Hermes for new topics, creates corresponding ServiceNow topic records, and assigns them to namespaces matching their prefixes.
    • Prefix Matching Rules: The longest matching namespace prefix determines namespace assignment. If no prefix matches, the topic is assigned to the Default Namespace in the global domain. If the Default Namespace is absent or modified, topics without a matching namespace are not created.

    Best Practices and Considerations

    • Plan namespace and topic organization carefully before creation because deleting a namespace requires deleting all its associated topics.
    • For domain-separated instances, create one namespace per ServiceNow domain to properly segregate topics.
    • Use namespaces to separate topics by both domain and Kafka cluster installation.
    • Consider deleting or deactivating the Default Namespace after configuring your namespaces to avoid configuration issues like mismatched topic prefixes and unintended topic creation in the global domain.
    • Deleting the Default Namespace enforces strict topic creation only when a matching namespace prefix exists, preventing orphaned topics.

    Practical Outcomes

    By using namespaces effectively in Hermes, ServiceNow customers can achieve clearer Kafka topic organization, enforce domain-specific access control, and avoid configuration pitfalls related to topic namespace assignments. This structured approach enhances manageability and security of Kafka integrations within ServiceNow environments.

    Group Kafka topics together for simplified topic management and access control specification using namespaces.

    In ServiceNow, all Kafka topics link to a namespace. You can use namespaces to organize topics in logical ways. For example, you can group topics together based on their Kafka cluster. You can also use namespaces to configure which domains can access which topics on a domain-separated instance. You assign topics to ServiceNow domains using the topic's namespace.

    Namespace records

    Namespace records are stored in the Kafka Namespaces [sys_kafka_namespace] table. This table shows a list of namespace records with each namespace's related topic prefix. An administrator with the kafka_namespace_admin role creates namespace records in the Kafka Namespaces [sys_kafka_namespace] table.

    Namespaces and topic prefixes

    A topic is assigned to a namespace based on the topic name's prefix. A scheduled job regularly checks Hermes for new topics. When it finds one, it creates a ServiceNow topic record for the topic and links the topic to a namespace. The prefix assigned to the topic is the basis for its namespace assignment in ServiceNow.

    This image shows an example of using the Kafka cluster name prefix to organize topics into different namespaces in ServiceNow.

    Figure 1. Kafka prefixes and topic namespaces
    Overview of how topic prefixes in Kafka are related to namespaces in ServiceNow.

    In this example:

    1. An instance administrator with the kafka_namespace_admin role creates namespace records for the Log Analysis group, the Fulfillment group, and another subsidiary in the ServiceNow instance.
    2. The instance administrator works with the Kafka administrator to replicate topics to Hermes using the Kafka cluster name as the namespace prefix.
    3. The Kafka cluster for the fulfillment group has a topic named material_orders. The topic is replicated to Hermes using fulfillment as the namespace prefix. A new topic is created in Hermes called fulfillment.material_orders.
    4. A scheduled job finds the fulfillment.material_orders topic in Hermes, creates a topic record, and assigns the record to the Fulfillment namespace to match its prefix.

    Prefix matching rules

    Topic name prefixes are matched to namespaces according to the following rules.

    • The namespace is selected based on the longest matching namespace prefix. If there's a matching namespace, the topic record is assigned to that namespace and that namespace's domain.
    • If there isn't a longer namespace prefix that matches, the zero-length prefix of the Default Namespace will match. The topic record is assigned to the Default Namespace in the global domain.
    • If the Default Namespace has been deleted or modified, so there’s no matching namespace at all, then no topic record is created.

    Namespace design considerations

    Plan how want to organize your namespaces and topics before you start creating them. Once you add a topic to a namespace, you can't delete the namespace without deleting the topics that are associated with it.

    Have a namespace for each domain on a domain-separated instance
    Create one namespace per ServiceNow domain.
    Use namespaces to organize topics by domain and Kafka installation
    Use namespaces to separate both topics that belong in separate ServiceNow domains and topics from separate Kafka installations.
    After you've configured your namespaces, consider deleting or deactivating the Default Namespace
    Keeping the Default Namespace could lead to configuration issues, such as a mismatched topic prefix. This mismatch could result in a topic that should have been created in one domain being created in the global domain.

    You can enforce tighter constraints on where topics are created by deleting the Default Namespace. For example, if you decide that all topics must have a prefix that matches a namespace, deleting the Default Namespace ensures that topics without a matching prefix aren't created.

    For details on using domain separation with namespaces in Hermes, see Hermes Messaging Service domain separation.