HITIDE Support Portal - SPP-AU Regulated Market Australia (APC/IRAP) customer specific access and network requirements.Summary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } How does SPP-AU (Australian Regulated Market/APC/IRAP) differ from Commercial NowSupport? Whitepaper: Accelerating digital transformation with the ServiceNow Protected Platform Cloud Security Customer Resources Cloud Security White Papers, Articles, Guides, and Other Resources Most of your security inquiries will be addressed in the "IRAP assessment report," which should be available with your organisation's ServiceNow Contacts. If necessary, request these documents from the ServiceNow Account team representatives. Also, you can coordinate with your SAM and ServiceNow Account representatives to set up a session with the ServiceNow Security team. If you need any architecture or dataflow documents specific to SPP boundaries, you should seek these through ServiceNow Account representatives, as they may be legally bound. The instance email address will be assigned a regulated market domain, such as instancename@servicenowcloud.com.auThe instance URL will also possess a regulated market domain, for example, instancename.servicenowcloud.com.auAccess to the instances will be limited and only available from pre-whitelisted IPs /IP ranges The instance IP will be changed if the instance is migrated from the Commercial Environment ( instancename.service-now.com) Support Portal Access/HITIDE Password Reset/Unlock HITIDE account. The NowSupport portal link is different for SPP-AU customers and is HITIDE. HITIDE access is restricted to ServiceNow employees and can only be accessed internally via Secure Virtual Machines. External customers can access HITIDE from the internet. https://hitide.servicenowcloud.com.au/hi_login.do External users can start the HITIDE password reset process through this "Forgot your Password" link https://hitide.servicenowcloud.com.au/reset_password.do?username= KB0547255: Resetting your Now Support user password Upon their first login, customers will be prompted to set up Multi-Factor Authentication (MFA) for HITIDE. HITIDE is a highly secure environment with a session timeout of 15 minutes if idle, which cannot be altered. User and Account contacts management from HITIDE Support portal? It is recommended that your organisation maintains more than one HITIDE customer_admin user. User/Account management direct link ==> https://hitide.servicenowcloud.com.au/now?id=ns_manage_account_details Existing HITIDE users with a customer_admin role within their organisation can manage other users. New users can be created from "Add new users" .If the partner company is not an SPP-AU customer, it is necessary to create the partner users as HITIDE users. These users should be linked to your organization with the customer or customer_admin role.The role of "Primary Customer Admin" /"Account Contacts" can be updated directly by an existing customer_admin. Navigate to Account Contacts, then Update Contacts, and click on the existing primary customer admin's username. This will provide you with a search button to select a new user. Please ensure that the new primary customer admin possesses the customer_admin role."Inactive" and "Locked-out" users can contact their HITIDE customer_admin to reactivate their accounts, as HITIDE ServiceNow support does not have a way to verify their legitimacy unless backed by approval from customer_admin/ServiceNow Account representatives. How to create Support Case from HITIDE? https://hitide.servicenowcloud.com.au/now?id=ns_guided_support You can find the option "Create a case" in the bottom right corner of the page. Just follow the on-screen prompts. Notifications from HITIDE ( SPP-AU Support portal) Any case email notification from HITIDE will not have any case details, and the notification will only say the case is updated. Please log in to HTIDE to see the details of the update. **This is to ensure any sensitive information on the case notes/short description ( personal information on signature/IPs/endpoints) is not communicated via email. These emails can be accessed from anywhere, and the watch list of a case can contain any email address. Instance Access for Customer Customers will receive a Welcome email from HITIDE with instance credentials. Once customers have obtained their HITIDE access, they must create a Customer Support case, including the IP information (only on the HITIDE case). ServiceNow will then whitelist it on our end (NGINX ADC V3) for their organisation, which will apply to all instances. This whitelist should include the public egress IP/CIDR from the customer organisation’s Proxy/VPN/NLB. This case should be created by the customer_admin/ns admin for the Organisation on the HITIDE Now Support Portal. If the instance is accessed from an IP that is not whitelisted, it will show a snow_adc error with "403 Forbidden" Customers (customer_admin/ns admin) can manage IP whitelisting through the HITIDE catalog. For more information, please refer to the knowledge base article KB90000488: Managing IP Whitelisting for your ServiceNow instance (SPP-AU), available within HITIDE. Instance OOB "System Administrator" Password reset ServiceNow does not handle Instance User Management. Customers can reset the instance ADMIN password using the admin password reset catalogue available at password reset catalogue from hitide.servicenowcloud.com.au. The catalogue permits HITIDE customer_admin to input the new instance “admin” password, which will generate a change on HITIDE. Another HITIDE Support Portal customer_admin must approve this change. Your organisation should maintain more than one HITIDE customer_admin user, as these requests should be initiated by one customer_admin and approved by another on the HITIDE Support Portal. Please note that due to HITIDE's secure environment, automated approval emails triggered from the Change for the Password reset catalogue change will not accept responses via email; therefore, the email recipient (second customer_admin) must log on to HITIDE to approve the request from the HITIDE change record created by the first customer_admin. Instance Access for Customer Support Customer support can access the instance only from SNCAV3 (Secure Virtual Machine) SNC Access Plugin-enabled customers should add Customer Support agent names to the SNC access list in the format firstname.lastname.snf.aus to allow SNC access IP Access control-enabled customers should add ServiceNow SNCAV3 VPN IPs for Customer Support to HOP on the instance. This KB provides more details. SPP IP Access Control restrictions during HOP External integrations to SPP-AU instances Access to SPP-AU instances is stringently regulated, permitting communication exclusively from whitelisted IP addresses. Consequently, should there be intentions to integrate external or third-party systems with the SPP instance, it is imperative to whitelist the endpoint IP/CIDR to ensure seamless connectivity. Customers can manage these IPs through their customer_admin or NS admin, utilizing the HITIDE catalogue as detailed in the knowledge base KB90000488: Managing IP Whitelisting for your ServiceNow instance (SPP-AU) available within HITIDE. KB90000509: SPP-AU : Network Connectivity Guidance is available within HITIDE. The Virtual IP (VIP) for the instance is provisioned at the ADCv3 container level and is allocated to the NGINX ADCv3 container specific to the organization. Each organization is assigned a pair of public instance IPs that remain consistent across all instances associated with that organization. When configuring the SPP instance endpoints for communication with external endpoints, it is crucial to consider both IPs. These IP pairs, sourced from each of the Primary and Secondary Datacenter pairs, guarantee high availability. Further insights into the "High Availability" architecture can be found in the document provided below. White paper: Delivering Performance, Scalability, and Availability on The ServiceNow Cloud KB0538621: Finding the IP information for your instance Release and Patch upgrade on SPP-AU instances install.service-now.com, the repository for WAR versions ( Releases and Patches), is hosted in the SPP network. For upgrades, the instance will access this SPP-hosted install.service-now.com repo, which doesn't need to be whitelisted on the customer network. Instance/Module(Plugin/Store Application) Go-Live in SPP-AU PROD instance KB0965738 - On-Boarding/Go Live Best Practice ( Tech Support Perspective) Most Plugins and Applications hosted on the Store are, by default, accessible on the customer's sub-production instances. The customer_admin must "GET" these applications from the Store( including all dependent applications listed within the store), irrespective of their entitlement status, to render them "installable" on the instance. A license or entitlement check governs the app's visibility within the Production environment. Consequently, installing the application on the sub-production instance does not automatically ensure its availability for installation in the Production environment. In preparation for a go-live in the Production environment, it is imperative to ensure that both the application and its dependencies, including any plugins, are visible in the Production environment well in advance. Even if you have entitlement to the application, the absence of the application in the Production environment can result in significant delays. The resolution of such issues involves coordination with various backend teams for contract verification and relies on daily data loads. Given the involvement of multiple backend systems in the data flow, timely remediation may not always be feasible. Plugins installations on SPP-AU instances KB0716626: Plugin FAQs This KB will assist in requesting Plugins for an instance from HIRISE using the Request plugin catalogue. KB0695388: Plugin Activation Overview If the Plugin and its dependency Plugin is "Installable" on PROD, the customer(instance admin) can install it as the license/entitlement check has already been completed. Plugin Activation on Regulated Markets-Australia (SPP-AU) Store Application installation on SPP-AU instances The SPP-AU Store differs from the NowSupport Commercial Customer ServiceNow Store. For further details, please visit the following link:https://hitide.servicenowcloud.com.au/now Scroll to the bottom of the page to find this option How to access the HITIDE (SPP-AU) ServiceNow Store This KB will assist in procuring the application and dependencies from Store. Application Store Procurement - Store Application Installation If the Application and its dependency applications are "Installable" on PROD, the customer(instance admin) can install it, as the license/entitlement check has already been completed. Also, for all monetary questions regarding licensing/subscriptions/entitlements, please check with the ServiceNow Account reps, as that doesn’t fall under Customer Support's Scope, and we do not have access to check these. SPP-AU ServiceNow AppRepo( Custom applications) SPP ServiceNow application repository (Custom Applications) Entitlement check MID server download/installation and Auto upgrade on SPP-AU instances. The MID server host (customer network) can obtain(manual download) the MID server WAR version from install.service-now.com for the installation. For MID server auto upgrades on SPP instances, please create or update the property mid.install_server.base_uri with the value https://install.servicenowcloud.com.au/. Alternatively, follow the knowledge base for manual steps to enable MID auto-upgrade. Accessing Regulated Market-specific Install servers for MID Server download, MID Server Upgrade and Nmap The MID server IP hosted on the customer network should be added to the SPP F5 whitelist to enable it to access install.servicenowcloud.com.au. If you require the static IPs of install.servicenowcloud.com.au, please create a case with us. For ocsp.entrust.net whitelisting, please refer to the knowledge base article "Required list of the IP address for ocsp.entrust.net for the firewall team to include the ocsp.entrust.net endpoint for mid-server communication." Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } R Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Additional Documents Commercial to Regulated Market(SPP) Instance migration FAQ (Technical Support perspective) KB0538621: Finding the IP information for your instance FAQ on penetration test (PEN) ServiceNow Maintenance Impact (Customer Support Perspective) KB0965738 - On-Boarding/Go Live Best practice ( Tech Support Perspective) KB1048209 : How to Report Security Incidents and Security Findings to ServiceNow