SPP: AU Regulated Market Australia (APC/IRAP) customer specific access and network requirements.SummaryHow does SPP: AU (Australian Regulated Market/APC/IRAP) differ from Commercial NowSupport? Whitepaper: Accelerating digital transformation with the ServiceNow Protected Platform Most of your security inquiries will be addressed in the "IRAP assessment report" which should be available with your organization's ServiceNow Contacts. If necessary, you may request these documents from the ServiceNow Account team representatives. Additionally, you may coordinate with your SAM and ServiceNow Account representatives to arrange a session with the ServiceNow Security team. Should you require any architecture or dataflow documents specific to SPP boundaries, it is advisable to seek these through ServiceNow Account representatives, as they may be legally bound. Support Portal Access The NowSupport portal link is different for SPP: AU customers and is HITIDE. HITIDE access is restricted to ServiceNow employees and can only be accessed internally via Secure Virtual Machines. External customers can access HITIDE from the internet. https://hitide.servicenowcloud.com.au/hi_login.do External users can start the HITIDE password reset process through this "Forgot your Password" link https://hitide.servicenowcloud.com.au/reset_password.do?username= Upon their first login, customers will be prompted to set up Multi-Factor Authentication (MFA) for HITIDE. Existing HITIDE users with a customer_admin role within their organization can manage other users. HITIDE is a highly secure environment with a session timeout of 15 minutes if idle, which cannot be altered. "Inactive" and "Locked-out" users can contact their customer_admin to reactivate their accounts, as HITIDE support does not have a way to verify their legitimacy unless backed by approval from customer_admin/ServiceNow Account representatives. It is recommended that your organization maintains more than one customer_admin user. Notifications from HITIDE ( SPP: AU support portal) Any case email notification from HITIDE will not have any case details, and the notification will only say the case is updated. Please log in to HTIDE to see the details of the update. **This is to ensure any sensitive information on the case notes/short description ( personal information on signature/IPs/endpoints) is not communicated via email. These emails can be accessed from anywhere, and the watch list of a case can contain any email address. Instance Access for Customer Customers will receive a Welcome email from HITIDE with instance credentials ServiceNow does not handle Instance User Management. Customers can reset the instance ADMIN password using the admin password reset catalogue available at password reset catalogue from hitide.servicenowcloud.com.au. It is advisable for your organisation to maintain more than one customer_admin user, as these requests should be initiated by one customer_admin and approved by another. Please note that due to HITIDE's secure environment, automated approval emails triggered from the Password reset catalogue change will not accept responses via email; therefore, the email recipient (customer_admin) must log on to HITIDE to approve the request from the HITIDE change record. Once customers have obtained their HITIDE access, they are required to create a Customer Support case including the IP information (only on the case). ServiceNow will then whitelist it on our end (ngnix adcV2) for their organization, which will apply to all instances. This whitelist should consist of the Public IP/IP Range from the customer organization’s Proxy/VPN/NLB. If the instance is accessed from an IP that is not whitelisted, it will show a snow_adc error with "403 Forbidden." Instance Access for Customer Support Customer support can access the instance only from SNCAV3 (Secure Virtual machine) SNC Access Plugin enabled customers should add Customer Support agent names to the SNC access list in the format firstname.lastname.snf.aus to allow SNC access IP Access control enabled customers should add ServiceNow SNCAV3 VPN IPs for Customer Support to HOP on the instance. This KB provides more details. SPP IP Access Control restrictions during HOP Release and Patch upgrade on SPP: AU instances. install.service-now.com, the repository for WAR versions ( Releases and Patches), is hosted in the SPP network. For upgrades, the instance will access this SPP-hosted install.service-now.com repo, which doesn't need to be whitelisted on the customer network. Plugins in SPP: AU Plugin Activation on Regulated Markets-Australia (SPP-AU) SPP: AU ServiceNow Store How to access the HITIDE (SPP: AU) ServiceNow Store Application Store Procurement - Store Application Installation How to procure app and dependencies How to Opt in for the app SPP: AU ServiceNow AppRepo( Custom applications) SPP ServiceNow application repository (Custom Applications) Entitlement check MID server download/installation and Auto upgrade on SPP: AU instances. The MID server host ( customer network) needs to get the MID server WAR version from install.service-now.com for the installation. There is a requirement to whitelist this for the WAR file download. As this repository does not have an external VIP, it cannot be whitelisted. Accessing Regulated Market specific Install servers for MID Server download, MID Server Upgrade and Nmap This KB will explain how to overcome this, as we have another repository called install.servicenowcloud.com.au within SPP, where the MID server files are hosted. If you need static IPs of install.servicenowcloud.com.au, please file a case with customer support. Static IPs of install.servicenowcloud.com.au are mentioned on this KB90000117 (Hosted on HITIDE) MID server IP should be added to our F5 whitelist for the MID server to access install.servicenowcloud.com.au. More info on this KB90000118 ( Hosted in HITIDE) For ocsp.entrust.net whitelisting, please check this KB Required list of the IP address for ocsp.entrust.net for firewall team to inclusion list the oscp.entrust.net endpoint for mid server communication Additional Documents Commercial to Regulated Market(SPP) Instance migration FAQ (Technical Support perspective) KB0538621: Finding the IP information for your instance FAQ on penetration test (PEN)