SPP: AU Regulated Market Australia (APC/IRAP) customer specific access and network requirements.SummaryHow does SPP-AU (Australian Regulated Market/APC/IRAP) differ from Commercial NowSupport? Whitepaper: Accelerating digital transformation with the ServiceNow Protected Platform Most of your security inquiries will be addressed in the "IRAP assessment report," which should be available with your organisation's ServiceNow Contacts. If necessary, request these documents from the ServiceNow Account team representatives. Also, you can coordinate with your SAM and ServiceNow Account representatives to set up a session with the ServiceNow Security team. If you need any architecture or dataflow documents specific to SPP boundaries, you should seek these through ServiceNow Account representatives, as they may be legally bound. The instance email address will be assigned a regulated market domain, such as instancename@servicenowcloud.com.*The instance URL will also possess a regulated market domain, for example, instancename.servicenowcloud.com.*Access to the instances will be limited and only available from pre-whitelisted IPs /IP ranges The instance IP will be changed if the instance is migrated from the Commercial Environment ( instancename.service-now.com) Support Portal Access/HITIDE Password Reset/Unlock HITIDE account. The NowSupport portal link is different for SPP-AU customers and is HITIDE. HITIDE access is restricted to ServiceNow employees and can only be accessed internally via Secure Virtual Machines. External customers can access HITIDE from the internet. https://hitide.servicenowcloud.com.au/hi_login.do External users can start the HITIDE password reset process through this "Forgot your Password" link https://hitide.servicenowcloud.com.au/reset_password.do?username= Upon their first login, customers will be prompted to set up Multi-Factor Authentication (MFA) for HITIDE. Existing HITIDE users with a customer_admin role within their organisation can manage other users. HITIDE is a highly secure environment with a session timeout of 15 minutes if idle, which cannot be altered. "Inactive" and "Locked-out" users can contact their HITIDE customer_admin to reactivate their accounts, as HITIDE ServiceNow support does not have a way to verify their legitimacy unless backed by approval from customer_admin/ServiceNow Account representatives. It is recommended that your organisation maintains more than one HITIDE customer_admin user. Notifications from HITIDE ( SPP-AU Support portal) Any case email notification from HITIDE will not have any case details, and the notification will only say the case is updated. Please log in to HTIDE to see the details of the update. **This is to ensure any sensitive information on the case notes/short description ( personal information on signature/IPs/endpoints) is not communicated via email. These emails can be accessed from anywhere, and the watch list of a case can contain any email address. Instance Access for Customer Customers will receive a Welcome email from HITIDE with instance credentials. Once customers have obtained their HITIDE access, they must create a Customer Support case, including the IP information (only on the HITIDE case). ServiceNow will then whitelist it on our end (NGINX ADC V3) for their organisation, which will apply to all instances. This whitelist should include the public egress IP/CIDR from the customer organisation’s Proxy/VPN/NLB. If the instance is accessed from an IP that is not whitelisted, it will show a snow_adc error with "403 Forbidden." Instance OOB "System Administrator" Password reset ServiceNow does not handle Instance User Management. Customers can reset the instance ADMIN password using the admin password reset catalogue available at password reset catalogue from hitide.servicenowcloud.com.au. The catalogue permits HITIDE customer_admin to input the new instance “admin” password, which will generate a change on HITIDE. Another HITIDE Support Portal customer_admin must approve this change. Your organisation should maintain more than one HITIDE customer_admin user, as these requests should be initiated by one customer_admin and approved by another on the HITIDE Support Portal. Please note that due to HITIDE's secure environment, automated approval emails triggered from the Change for the Password reset catalogue change will not accept responses via email; therefore, the email recipient (second customer_admin) must log on to HITIDE to approve the request from the HITIDE change record created by the first customer_admin. Instance Access for Customer Support Customer support can access the instance only from SNCAV3 (Secure Virtual Machine) SNC Access Plugin enabled customers should add Customer Support agent names to the SNC access list in the format firstname.lastname.snf.aus to allow SNC access IP Access control enabled customers should add ServiceNow SNCAV3 VPN IPs for Customer Support to HOP on the instance. This KB provides more details. SPP IP Access Control restrictions during HOP Release and Patch upgrade on SPP-AU instances. install.service-now.com, the repository for WAR versions ( Releases and Patches), is hosted in the SPP network. For upgrades, the instance will access this SPP-hosted install.service-now.com repo, which doesn't need to be whitelisted on the customer network. Plugins in SPP-AU Plugin Activation on Regulated Markets-Australia (SPP-AU) SPP: AU ServiceNow Store How to access the HITIDE (SPP-AU) ServiceNow Store Application Store Procurement - Store Application Installation How to procure the app and dependencies How to Opt in for the app SPP-AU ServiceNow AppRepo( Custom applications) SPP ServiceNow application repository (Custom Applications) Entitlement check MID server download/installation and Auto upgrade on SPP-AU instances. The MID server host (customer network) can obtain(manual download) the MID server WAR version from install.service-now.com for the installation. For MID server auto upgrades on SPP instances, please create or update the property mid.install_server.base_uri with the value https://install.servicenowcloud.com.au/. Alternatively, follow the knowledge base for manual steps for enabling MID auto-upgrade Accessing Regulated Market specific Install servers for MID Server download, MID Server Upgrade and Nmap The MID server IP hosted on the customer network should be added to the SPP F5 whitelist to enable it to access install.servicenowcloud.com.au. If you require the static IPs of install.servicenowcloud.com.au, please create a case with us. For ocsp.entrust.net whitelisting, please refer to the knowledge base article Required list of the IP address for ocsp.entrust.net for the firewall team to include the oscp.entrust.net endpoint for mid server communication. Additional Documents Commercial to Regulated Market(SPP) Instance migration FAQ (Technical Support perspective) KB0538621: Finding the IP information for your instance FAQ on penetration test (PEN) ReleaseR