Deploying ServiceNow in a secure, on-premise environment is possible with some up front planning and design. There are a number of key considerations and challenges to consider, as well as some best practices that only apply to a secure, on-premise deployment of ServiceNow. This article covers these points at a high-level and provides a roadmap if you’re planning this type of ServiceNow implementation.
What is ServiceNow?
ServiceNow is a software platform for managing business workflows. Most customers consume ServiceNow via a Platform-as-a-Service (PaaS) model in order to avoid maintenance, stability and scalability tasks. However, for customers with use cases that require a restricted environment, it is an option to deploy ServiceNow onto private, on-premise infrastructure.
ServiceNow enterprise software offers IT Service Management (ITSM), IT Operations Management (ITOM), IT Asset Management (ITAM) and IT Business Management (ITBM). In addition it can enable companies in improving cyber resilience and vulnerability management via Security Operations (SecOps) among many other features and functionality.
Key Considerations
Why Deploy ServiceNow in a Secure On-Premise Environment?
The primary use case is security. Regulations or data and access restrictions mandate full control of infrastructure and flow of information in transit or at rest for many enterprise or government customers. If you’re willing to take on some additional responsibilities, deploying your own ServiceNow environment gives you enhanced security, compliance and better oversight of your data and infrastructure. In the cloud, release of new features, patches and bug fixes happens automatically with minimal customer interaction. With a self-hosted solution you have to ask yourself, do we have the resources to manage, maintain and support it? If the answer is yes, there are several advantages.
- Facilitated data sovereignty
- Increased security
- Increased control of solution availability
- Increased control of infrastructure
Architecture
Conduct interviews with stakeholders and business owners to get a better idea of what you need. An experienced ServiceNow resource can assist you in mapping your requirements to functionality in ServiceNow that will then provide a view into the required architecture.
For example, do you need redundancy? Do you need high availability? Backup and replication are not part of the ServiceNow on-premise deployment documentation but most enterprise customers need this. How many application servers and nodes do you need? How many MID servers and, if you will use Discovery, should you deploy on Windows or Linux OS? Is there a need for MetricBase?
In an air-gapped environment you will also need to plan for moving installers, packages and other required files to the various servers. In this type of environment there are also specific processes for the Application Repository as it will need to be internal.
Deployment Challenges
Experience lets us pave the most efficient path to success we can find, and with deployment of enterprise software of this size preparation is key! There is some information available on how to accomplish this but we found part of it lacking in detail and several areas with gaps. Note that there are some inherent limitations to deploying and running ServiceNow in a secure, self-hosted environment.
Some challenges our team overcame:
- FIPS mode compatibility
- Secure certificate generation
- SELinux Enforcing mode compatibility
- IPTables/Firewall/Antivirus port blocking
- Hardened system compatibility with ServiceNow prerequisites
- ServiceNow plugin activation/entitlements
- Air-gapped environment with no internet access
It’s important to plan for these and ensure you have access to knowledgeable ServiceNow resources during the deployment.
Implementation Best Practices
ServiceNow produces some KB articles for self-hosted deployment, though these are incomplete, and require partner access. A couple of KB articles we found useful are:
Start your ServiceNow on-premise deployment by defining the end goal and functionality your business stakeholders require. Your business requirements determine the application functionality you need. This may lead to areas companies often overlook such as additional license entitlements and external integrations. Additionally, reviewing your ITSM and ITOM processes has the added benefit of vetting business processes before you implement them in ServiceNow.
Example of high level tasks and advice to include in your deployment project:
- Define the end goal usage of ServiceNow (use cases)
- Does this require integration work?
- Do we have the licenses we need?
- Are there security constraints to the deployment?
- What are they and how does this affect our project tasks?
- Identify teams and resources needed for the project
- Who provisions additional VMs if needed and what does that process look like?
- Map business processes to resources
- Engage experienced and certified ServiceNow resources
- Identify (and correct) process gaps
- Describe the gap and if possible quantify the difference and have it corrected
- Leverage templates where available
- For interviews with business stakeholders
- To support application configuration
- To support governance
- Be inclusive and collaborative
- Be agile but limit project scope creep
- Include a plan for training of users and administrators
- Get everyone comfortable in their role with ServiceNow and how it fits with their responsibilities
- Create a plan for governance
- Who is responsible for what?
- How do we maintain a self-hosted environment and what are our paths to support?
Conclusion
Depending on functionality needed, a self-hosted deployment of ServiceNow is a big undertaking and one that needs thorough planning and business process owner involvement. You will need to ensure you have access to experienced ServiceNow developers and/or administrators.
For some organizations moving away from public cloud offerings to host infrastructure and critical data due to security or regulatory concerns on-premise deployment of ServiceNow is a viable option. If you have access to resources for administering and supporting such a solution it will definitely alleviate concerns around security and give you better control over your environment.
As noted above, our team of consultants implemented ServiceNow in a secure, on-premise environment with proper planning. Beyond the additional configuration required, ongoing maintenance and administration are key considerations. For further guidance, please contact us. Our ServiceNow Practice Team has significant experience with deployment, configuration, customization and integration of the Now platform for enterprise customers.