New Instance Checklist

in ,

There is often a tremendous gap in the planning and implementation of a new ServiceNow instance. Whether you are setting up the first instance for your organization or the seventh, this is a helpful guide to make sure you check all the boxes.

Provisioning - How do you get a new instance?

  1. New ServiceNow instances are generally bought through a contract/purchase order, and are denoted as being a production or sub-production instance. Also the instance availability SLA and sizing (at least initially) are determined at this step. If the instance is a net new instance, once provisioned the denoted administrator on the account will receive the account password.

  2. New instances could also be zBooted (aka wiped) ServiceNow instances, which are reverted back to OOB. To request a zBoot, you submit an automated form on ServiceNow Support (HI) site. It is strongly recommended to zBoot with Demo data enabled. You can always submit a request to remove the demo data at a later time. To zBoot a new production instance, a HI case is required as it is a manual request. As part of the zBoot completion the denoted administrator on the account will receive the account password.

  3. Change Default Login Credentials - Sounds obvious, but so many people skip this step. The password should be changed to a new lengthy complex password, and store this in your companies secure credential vault. Either a software vault or physical vault for a rainy day.

Setup

  1. Instance Naming - A short thoughtful name should be defined and should represent the purpose of the Instance. ServiceNow best practice is not name instances exactly as the company name. Once a name has been selected and accepted, one of the HI Account Admins for should submit an Instance Rename request. Be aware that changing an instance name can break the SSO configuration, MID Servers, and REST consumers, and email of that instance. There are also a number of rules around instance names, review KB0550841 for more info.

  2. Process Usage - Define and document what use cases this environment will solve. Is is a production, qa, test, dev, sandbox, lab, poc, etc? What are the rules around moving code? Who is allowed to have admin in this environment? Who is going to support the environment? You need to have all these questions answered and be able to clearly describe the scope of use.

  3. Cloning - This may not immediately apply, but if you plan to clone from an existing instance onto this new instance, it speeds up a ton of configuration steps. Define if this environment will be a clone source or target or never touched by a clone. Also consider what the cadence for the clone should be (quarterly, twice yearly, etc).

  4. Firewall/Network Whitelisting - To even access your instance, your IT team needs to whitelist it the instance name, or the entire *.service-now.com domain. It’s also strongly advised that you do the reverse, and whitelist your network from ServiceNow via the IP Address Access Control.

  5. Authentication Approach (SSO, MFA, Local Login, etc) - Decide how users are going to authenticate, and if you are going to allow more than one option. Many organizations I have seen stick primarily to using SSO as it provides the best user experience. You likely will have to coordinate with your infosec team to set this up properly.

  6. Branding - Based on the name and usage, you may want to consider to set the browser title property and the banner header property to denote the instance. For UI16 you may also want to set a different default theme so users can clearly distinguish (hopefully next experience UI comes out with more themes soon).

  7. Development Group - Define what your admin group and developer group is going to be, and setup those accesses. Setting up a new instance doesn’t have to be a solo gig!

  8. Remote Sources - As part of your process, define what instance you are going to allow code movement from. Example for a QA instance you may only allow update sets from Test and Dev.

  9. MID Server - As part of this new instance, you need to decide if you need MID servers for what your use cases are. Do you need to support integrationhub, discovery, orchestration? Also determine the specs and how many. For subprod environments like Test, Sandbox, you may only need a couple MID servers, and in some cases just a single server will do.

  10. LDAP? - I added a question mark because depending on the authentication approach you may not authenticate/load users from Active Directory. Many companies use Active Directory, and then consume Active Directory data into ServiceNow to load the users.

  11. User Setup - Besides LDAP, you might consider doing an initial load of users manually via XML from another instance, using an excel spreadsheet with a transform map, or set them up manually. It really all depends the usage strategy. It is also strongly advised you set up some local system accounts, such as admin, integration users, mid server users, backup admin account, etc.

  12. Email Configuration - OOB ServiceNow comes configured with their own email server capabilities. You can use and enable theirs, and verify it passes through to your network with a whitelist, or hook it up to your own email server. There is an email diagnostics page you can check for the current status.

  13. Install Plugins - Regardless what use cases you defined, chances are high you are going to need to install a list of plugins and apps from the store. To pull a list of plugins from the instance you can reference sys_plugins.list and sys_scope.list. Some plugins require manual requests through ServiceNow Support such as Application Insights has to be manually requested.

  14. Security Center Checklist, Instance Scan and Health Scan - Wrapping it all up, you should step through ServiceNow’s Instance Security Center capability, and lock down the properties in your instance as best you can. ServiceNow also provides a suite of Instance Scan checks you can run as part of that. Additionally ServiceNow has a more detailed paid service, called Health Scan, and that can show many more additional findings related to security.

Final Remarks

Setting up a new instance can be a hassle, and also be a multi-month process to get all the capabilities spun up. At the end though, it’s very rewarding knowing all the interworkings of the instance.

Introduction: What is a PDI?

in ,

This article is for all those new to ServiceNow, just getting their feet wet into the platform! (And for you experts, I’ll have a section at the bottom for you too!)

You may have heard the acronym, PDI, which stands for Personal Developer Instance. It’s almost kind of like one of those small personal pizzas! These are small instances you can request using a ServiceNow Developer account. These are one of the best tools to use, so you can get hands on, live experience in a ServiceNow instance, without worrying about impacting a company instance.

To get a PDI, it’s pretty straightforward.

  1. Navigate to https://developer.servicenow.com/dev.do and create a new account

  2. Click the button to Request an Instance

  3. Pick the version you want (you may consider the same version your company is using, or the newest available)

  4. Wait for the provisioning to occur (usually is pretty fast under 5min)

  5. Click the “Open Instance” button to be directed to the instance

  6. You’ll be automatically logged in as an admin user to your own personal instance!

See ServiceNow’s PDI Guide to learn more!

Things to be aware of

  • 10 Day Inactivity Period and TOS - To be able to provide these instances, ServiceNow had to restrict their capabilities, so that they could be released when not in use, and could be put in hibernation. There are jobs that check usage like clicks/activity. Tampering with these jobs and keeping your instance alive is against their terms of service.

  • PDIs have limited system resources - These instances are extremely small, single node instances, low CPU, RAM, DB capabilities. Really just don’t expect too much, and they are not intended to be used by multiple users at the same time.

  • PDIs have a unique instance naming scheme - They will also look like “dev12345.service-now.com”. Technically you could wrap a proxy to make it look like a different URL, but the instance URL is unique to PDIs.

  • Don’t expect a high level of support for PDIs, it’s a free offering from ServiceNow, so it’s mostly understood that it’s a “YOU” problem for better or for worse.

  • PDIs don’t have access to the application repository, any apps you want to publish, you will need to save off and publish as an update set.

  • PDI Data centers - You don’t get a PDI based on your location, you just get one. This could also have some impacts on latency. You can always check the datacenter code from the node name under stats.do

PDI Best Practices

  • Backup everything. Use github or export your XMLs after every development session at the end. Just think of it like saving your work. PDIs can be very unreliable, and you could quickly lose your work if you miss the inactivity window, the restore fails, or your instance gets killed by some back luck.

  • Don’t put any company/sensitive data in a PDI. While they should be safe, protect yourself out there!

  • Try out your code in a PDI first - if it goes rogue in a PDI, it is pretty easy to just release the instance if something goes terribly wrong and start over.

Advanced PDIs

If you’ve spent much time in PDIs, you might start to consider how you can automate all the setup steps and get back up and running fast.

Props to Mark Roethof, he has written a series of articles about the scripts and things you can write to automate loading PDI settings.

Here are list of things you could automate on your PDI:

  • Installing Plugins

  • Setting user settings (favorites, timezone, date/time format)

  • Applying your favorite utilities via a batch update set

  • System config like MID server, email config, or more!

I’m so thankful for PDIs, that enable learning, hobby development, and as a proof of concept instance, and more!