Design Considerations
Information that will help you design and plan the implementation of 1E Service Catalog Connect 2.0 in your organization.
This page is part of the design phase of implementation.
The implementation of 1E Service Catalog Connect is straightforward. Assuming you have already implemented Windows Servicing Suite and the Tachyon infrastructure, the only significant choices required before installing 1E Service Catalog Connect are described below.
For a full list of requirements, please refer to Requirements. Once you have made the implementation choices below, satisfied Requirements, completed Preparation steps, then you can continue with Installing 1E Service Catalog Connect.
MID Server
When ServiceNow is not able to access the Tachyon Server (Master Stack) over the Internet, then you require a ServiceNow MID Server. In this scenario, you will install both the Tachyon Server and the MID Server on your local network, so that the MID Server can then access ServiceNow on the Internet, thereby acting as a bridge between the two.
You can use the same MID server for 1E Core and 1E Service Catalog Connect.
Users and roles
1E Service Catalog Connect uses 1E Shopping to invoke the Windows Servicing Assistant (WSA), and uses Tachyon to run instructions, each from newly created catalog items within 1E Service Catalog Connect 2.0.
The following table describes the 1E Service Catalog Connect app roles.
Role name | Additional ServiceNow roles required | Description |
|---|---|---|
x_1e_service_catal.shopping_admin | n/a | This role allows its users to configure the 1E Service Catalog Connect app, in addition to having the same rights as the x_1e_service_catal.shopping_user role. ServiceNow admin users must change their application scope to 1E Service Catalog Connect in order to configure the app. |
x_1e_service_catal.shopping_user | n/a | This role grants its users access to invoke WSA and select catalog items tied with tachyon instructions. |
Note
The x_1e_service_catal.shopping_user and x_1e_service_catal.shopping_admin roles are created automatically when you install the 1E Service Catalog Connect application.
The x_1e_core_connect.user role is automatically inherited when a user is granted any of the roles above.
Instruction sets
Tachyon instructions are permissioned by assigning their instructions sets to roles. You can permission the roles for All sets or specific instruction sets.
You will very likely use specific instruction sets if you are using Tachyon for purposes other than ServiceNow, for example integration of Tachyon with other 1E products such as Shopping, AppClarity, NightWatchman and more.
Your Tachyon administrator will need to upload the relevant instructions into Tachyon, and assign it to an instruction set. The instruction can be assigned to only one instruction set. Typically, instruction set names match the names of the Product Pack zips, which tend to represent their use-cases (Product Packs are available on the Tachyon Exchange and uploaded into Tachyon by an Instruction Set administrator). Users are able to see the names of instruction sets, which helps when searching for instructions to use. Therefore, you should avoid the temptation to consolidate instructions into fewer instructions sets just to simplify the one-off process of configuring roles.
Your Tachyon installation should already have some instruction sets available, with at least the Platform verification instructions used to verify the installation of Tachyon and its agents.
Note
A 1E user with either Global Administrators or Instruction Set Administrators role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.
You do not need this role if a 1E administrator has already added instruction definitions for you to use.
Please refer to the relevant Tachyon version documentation for how to upload instructions and manage Instruction Sets.
Management groups
Management groups are used by Tachyon as logical holders for the grouping of devices. Management groups have the following properties:
Each device known to Tachyon can be assigned to any number of management groups, or be left unassigned.
Roles can be associated with one or more specific management groups, so that users with those roles will only be available to target the devices in their role's management groups.
Management groups can only contain devices and they are completely independent from any other management group, even if they contain the same devices.
Note
A user with either Global Administrators or Management Group Administrators role is required to create, delete and update management groups.
You do not need this role if a 1E administrator has already created management groups for you to use.
Please refer to the relevant Tachyon version documentation for how to create and manage Management groups.
Options for configuring 1E Service Catalog Connect roles
Tachyon roles can be Global (system) or custom. Global roles have permissions on all instructions sets and all devices. Custom roles can be configured for all instruction sets or limited instruction sets, and all devices or management groups.
You have the following options for assigning Tachyon roles to the users, which can be changed at any time.
Assign users to corresponding Global Actioners role. This is the quickest and simplest option suitable as a temporary solution which can be changed later, or in a simple environment such as a lab, or if Tachyon is used only for ServiceNow where all instructions and devices are within the scope of ServiceNow.
Assign a user to the corresponding custom role, for example called 1E Service Catalog Connect Actioner. In each case, assign both roles to All sets and All devices.
The same custom roles as option 2, but assign the roles to specific instructions sets and / or management groups.
Note
When using custom roles, ensure you configure both roles with the same Instruction Sets and Management groups.
Note
Please refer to:
Preparation on setting up users in Tachyon,
Tachyon 8.1 - Permissions Menu for more detail of how to permission roles in Tachyon platform,
1E Service Catalog Connect post-installation tasks: API Configuration Page on how to configure users in ServiceNow,
User Management on setting up users in ServiceNow.
Note
A user with either Global Administrators or Permissions Administrators role is required to add or remove users, view all roles, add, modify and delete custom roles or assign roles to any instruction sets and define their permissions.
You do not need this role if a Tachyon administrator has already created your users and assigned them to necessary roles.
Permissions Readers role can be used to review permissions in Tachyon.