Design Considerations
Information that will help you design and plan the implementation of 1E ITSM Connect in your organization.
This page is part of the design phase of implementation.
The implementation of 1E ITSM Connect is straightforward. Assuming you have already implemented the 1E infrastructure and the 1E Core, the only significant choices required before installing 1E ITSM Connect are described below.
For a full list of requirements, please refer to Requirements. Once you have made the implementation choices below, satisfied Requirements, completed Preparation steps, then you can continue with Installing.
1E Users and Roles
1E ITSM Connect provides ServiceNow with access to 1E instructions in order to ask questions about devices and run actions. It does this by using a proxy user specified in 1E which act on behalf of the 1E ITSM Connect app user in ServiceNow.
You have a choice of how to configure the proxy user in 1E, depending on whether you want ServiceNow users to run any instruction on any device, or only have access to some instructions or some devices. Either way, your 1E Administrator will need to create a 1E user with its own domain account. This proxy user can be regarded as a service account and does not require an email address.
Within 1E, access to instructions and devices are permissioned using roles.
The following table describes the 1E ITSM Connect app roles:
Role name | Additional ServiceNow roles required | Description |
|---|---|---|
x_1e_connect.Tachyon_Admin | <None> | This role allows its users to configure the 1E ITSM Connect app, in addition to having the same rights as the x_1e_connect.Tachyon_User role. ServiceNow admin users must change their application scope to 1E ITSM Connect in order to configure the app, and retrieve instructions. |
x_1e_connect.Tachyon_User | ITIL (for access to ITSM incidents) | This role grants its users access to incidents and the ability to run 1E instructions. This role maps on to the proxy 1E actioner. |
x_1e_connect.Tachyon_Approver | <None> | This role allows its users to approve 1E instructions that require approval. |
x_1E_core_connect.user | <None> | When adding any of the above roles to a user, the x_1E_core_connect.user role is also inherited automatically. Refer to 1E Core 4.0.11 - Requirements for more details. |
Instruction sets
1E question and action instructions are permissioned by assigning their instructions sets to roles. You can permission the proxy roles for All sets or specific instruction sets.
You will very likely select specific instruction sets if you are using 1E for purposes other than ServiceNow, for example integration of 1E with other 1E products such as Shopping, AppClarity, NightWatchman and more.
Your 1E administrator will need to upload instructions into 1E, and assign them to instruction sets. Each instruction can be assigned to only one instruction set. Typically, instruction set names match the names of the Product Pack zips, which tend to represent their use-cases (Product Packs are available on the 1E Exchange and uploaded into 1E by an Instruction Set administrator). Users are able to see the names of instruction sets, which helps when searching for instructions to use. Therefore, you should avoid the temptation to consolidate instructions into fewer instructions sets just to simplify the one-off process of configuring roles.
Your 1E installation should already have some instruction sets available, with at least the Platform verification instructions used to verify the installation of 1E and its Agents.
Note
A 1E user with either Full Administrator or All Instructions Actioner role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.
You do not need this role if a 1E administrator has already added instruction definitions for you to use.
Refer to the relevant 1E version documentation for how to upload instructions and manage Instruction Sets.
Management groups
Management groups are used by 1E as logical holders for the grouping of devices. The management groups have the following properties:
Each device known to 1E can be assigned to any number of management groups, or be left unassigned.
Roles can be associated with one or more specific management groups, so that users with those roles will only be available to target the devices in their role's management groups.
Management groups can only contain devices, and they are completely independent of any other management group, even if they contain the same devices.
A user with the Management Group Administrators role can create management groups in the 1E Portal using rules.
When creating a custom role for an instruction set, you must remember to assign one or more management groups to the role. This can be the built-in management group called All devices.
Note
A user with either Global Administrators or Management Group Administrators role is required to create, delete and update management groups.
You do not need this role if a 1E administrator has already created management groups for you to use.
Refer to the relevant 1E version documentation for how to create and manage Management groups.
Options for configuring 1E ITSM Connect roles
1E roles can be System or custom. System roles have permissions on all instructions sets and all devices. Custom roles can be configured for all instruction sets or limited instruction sets, and all devices or management groups.
You have the following options for assigning 1E roles to the proxy user, which can be changed at any time.
Assign proxy user to a custom role, for example called 1E ITSM Connect Actioner. In this case, assign role to All sets and All devices.
To the same custom role, assign the following role (if required):
Specific instructions sets - to limit ServiceNow users to specific instructions, for example to prevent their access to system instructions
Specific management groups - to limit ServiceNow users to specific groups of devices.
Note
Please refer to:
Design Considerations to understand more about app roles, their proxy users, 1E roles, instruction sets and management groups
Permissions Menu for 1E 8.1 for details on how to permission roles in 1E.
1E ITSM Connect post-installation tasks for details on how to configure proxy users in ServiceNow
User Management for information on how to set up users in ServiceNow.
Note
A 1E user with either Full Administrator or All Instructions Actioner role is required to add product packs; add, modify and delete instruction sets; and delete instruction definitions.
You do not need this role if a 1E administrator has already added instruction definitions for you to use.
Compatibility matrix for 1E and ServiceNow integration applications
Integration | Version | 1E on-premises | 1E SaaS | ServiceNow | Purpose |
|---|---|---|---|---|---|
1E Core | 4.0.11 | 9.0 | 23.11 | Vancouver, Utah, Tokyo | Platform enabler, prerequisite for all other integrations. Provides a copy of Tachyon instructions. Support for domain separation (multi-tenant). Support for 1E CMDB Connect apps (new in 2.1) including Service Graph Connector for 1E Tachyon. Support for OAuth2 required by 1E SaaS (new in 3.0.0). Support for multi-authentication and experience scores compatibility (new in 3.0.6) Supports OAuth Authentication in domain separated instances; OAuth Authentication request through MID Server for on-premise environment is included; Displays Experience score for new and old API's (new in 4.0.8). Enhanced internal thumbprint verification criteria (new in 4.0.11). |
4.0.8 | 8.1, 9.0 | 23.7 | Vancouver, Utah, Tokyo | ||
3.0.6 | 8.0, 8.1 | 8.2 | Utah, Tokyo | ||
3.0.2 | 8.0, 8.1 | 8.2 | Utah, Tokyo | ||
3.0.0 | 8.0, 8.1 | 8.2 | Tokyo | ||
1E ITSM Connect | 5.0.8 | 9.0 | 23.11 | Vancouver, Utah, Tokyo | Integrates ServiceNow ITSM with Tachyon, to provide real-time inventory and pre-approved automated fixes to first line teams from within the ServiceNow Incident page. Tachyon Device View and Experience integration. Support for domain separation (multi-tenant). Support for 1E CMDB Connect. ROI Dashboard; Device views (Hardware, network, s/w installations etc.); Flexible Quick fixes menu; Guided Setup; Prioritized Recommended actions; Device History; Configurable retrieval of device stats (Online status, Last reboot, Last seen etc.); Scheduled retrieval of 1E Tachyon instructions; Improved error handling logic; (new in 4.0.0). Agent Workspace features not available in San Diego release (new in 4.1.0). CI selector based on Caller name. Instruction segmentation based on user role. Support for OAuth2 required by 1E SaaS. Requires 1E Core 3.0 (new in 4.2.0). Instruction segmentation based on user roles (new in 4.3.0). Support for Experience trend chart, Experience score and Interaction records in Service Operations Workspace (new in 4.4.0). OAuth authentication support via MID Server; Multi-authentication support for multi-tenant configuration; Parameterized instructions are included in 1E Quick Fixes (new in 4.5.7). MID Server is not supported on-premise 1E platform (new in 4.5.9). Device details and perform instruction executions without saving the incident form. Improved logic for managing the role mapping for instruction sets. Removed duplicate entries for devices in Device Info tab on Service Operations Workspace while using a custom connector. Execute instruction, show an experience and run a Quick Fix only on CI field of incident form in Service Operations Workspace (new in 5.0.8). |
4.5.9 | 8.1, 9.0 | 23.7 | Vancouver | ||
4.5.7 | 8.1, 9.0 | 23.7 | Utah, Tokyo | ||
4.4.0 | 8.1, 9.0 | 8.2 | Utah, Tokyo, | ||
4.3.0 | 8.0, 8.1 | 8.2 | Utah, Tokyo | ||
1E Service Catalog Connect | 3.2.4 | 9.0 | 23.11 | Vancouver, Utah, Tokyo | Integrates ServiceNow Service Catalog with Tachyon. Provides a UI like 1E Shopping – allows WSA to be invoked by ServiceNow and report WSA requests. Guided Tour, and running any Tachyon instruction. Installation of software applications via 1E Shopping (new in 3.0.0). Support for OAuth2 required by 1E SaaS. Requires 1E Core 3.0 (new in 3.1.1) Compatible with 1E Core 4.0.8 (new in 3.2.3) Support for multiple domain and non-domain devices for shopping orders (new in 3.2.4). |
3.2.3 | 8.1, 9.0 | 23.7 | Vancouver, Utah, Tokyo | ||
3.1.1 | 8.0, 8.1 | 8.2 | Tokyo | ||
Service Graph Connector for 1E | 3.0.4 | 8.1, 9.0 | 23.7 | Utah, Tokyo, San Diego | 1E Tachyon CMDB Connect, and Service Graph Connector for 1E Tachyon, provide identical capabilities, your choice depends on your licensing. Either one can be optionally used for the following, among other features:
The latter requirement may also be met by any third party app capable of populating the device FQDN in the ServiceNow CMDB cmdb_ci_computer table. Change target from cmdb_ci_pc_hardware to cmdb_ci_computer. Populates installed software, disk usage and network attributes. Also provides custom table for uninstalled software (new in SGC 2.0.0). Supports OAuth2 required by 1E SaaS (new in 3.0.2) Compatible with 1E Core 4.0.8 (new in 3.0.4). |
3.0.3 | 8.0, 8.1 | 8.2, 8.4 | Utah, Tokyo | ||
3.0.2 | 8.0, 8.1 | 8.2 | Utah, Tokyo | ||
1E CMDB Connect | 2.0.1 | 9.0 | 23.11 | Vancouver, Utah, Tokyo | See above, details as Service Graph Connector for 1E. Compatible with 1E Core 4.0.8 (new in 1.2.2). |
1.2.2 | 8.1, 9.0 | 23.7 | Vancouver, Utah, Tokyo | ||
1.1.6 | 8.0, 8.1 | 8.4 | Utah, Tokyo | ||
1.1.5 | 8.0, 8.1 | 8.2, 8.4 | Utah, Tokyo | ||
1E Virtual Assistant | 3.1.1 | 8.1, 9.0 | 23.7 | Vancouver, Utah, Tokyo | Provides a Virtual Agent for ServiceNow, supporting various topics, some of which use Tachyon instructions. Support for OAuth2 required by 1E SaaS. Requires 1E Core 3.0 (new in 3.0.2). Compatible with 1E Core 4.0.8 (new in 3.1.1). |