SPP-AU Regulated Market Australia (APC/IRAP) customer specific access and network requirements.Summary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #6e9db4; } a:visited { font-size: 12pt; color: #7057C7; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: 500px !important; width: auto; height: auto; } } How does SPP-AU (Australian Regulated Market/APC/IRAP) differ from Commercial NowSupport? Whitepaper: Accelerating digital transformation with the ServiceNow Protected Platform Cloud Security Customer Resources Cloud Security White Papers, Articles, Guides, and Other Resources Most of your security inquiries will be addressed in the "IRAP assessment report," which should be available with your organisation's ServiceNow Contacts. If necessary, request these documents from the ServiceNow Account team representatives. Also, you can coordinate with your SAM and ServiceNow Account representatives to set up a session with the ServiceNow Security team. If you need any architecture or dataflow documents specific to SPP boundaries, you should seek these through ServiceNow Account representatives, as they may be legally bound. The instance email address will be assigned a regulated market domain, such as instancename@servicenowcloud.com.auThe instance URL will also possess a regulated market domain, for example, instancename.servicenowcloud.com.auAccess to the instances will be limited and only available from pre-whitelisted IPs /IP ranges The instance IP will be changed if the instance is migrated from the Commercial Environment ( instancename.service-now.com) Support Portal Access/HITIDE Password Reset/Unlock HITIDE account. The NowSupport portal link is different for SPP-AU customers and is HITIDE. HITIDE access is restricted to ServiceNow employees and can only be accessed internally via Secure Virtual Machines. External customers can access HITIDE from the internet. https://hitide.servicenowcloud.com.au/hi_login.do External users can start the HITIDE password reset process through this "Forgot your Password" link https://hitide.servicenowcloud.com.au/reset_password.do?username= Upon their first login, customers will be prompted to set up Multi-Factor Authentication (MFA) for HITIDE. Existing HITIDE users with a customer_admin role within their organisation can manage other users. HITIDE is a highly secure environment with a session timeout of 15 minutes if idle, which cannot be altered. "Inactive" and "Locked-out" users can contact their HITIDE customer_admin to reactivate their accounts, as HITIDE ServiceNow support does not have a way to verify their legitimacy unless backed by approval from customer_admin/ServiceNow Account representatives. It is recommended that your organisation maintains more than one HITIDE customer_admin user. Notifications from HITIDE ( SPP-AU Support portal) Any case email notification from HITIDE will not have any case details, and the notification will only say the case is updated. Please log in to HTIDE to see the details of the update. **This is to ensure any sensitive information on the case notes/short description ( personal information on signature/IPs/endpoints) is not communicated via email. These emails can be accessed from anywhere, and the watch list of a case can contain any email address. Instance Access for Customer Customers will receive a Welcome email from HITIDE with instance credentials. Once customers have obtained their HITIDE access, they must create a Customer Support case, including the IP information (only on the HITIDE case). ServiceNow will then whitelist it on our end (NGINX ADC V3) for their organisation, which will apply to all instances. This whitelist should include the public egress IP/CIDR from the customer organisation’s Proxy/VPN/NLB. If the instance is accessed from an IP that is not whitelisted, it will show a snow_adc error with "403 Forbidden." Instance OOB "System Administrator" Password reset ServiceNow does not handle Instance User Management. Customers can reset the instance ADMIN password using the admin password reset catalogue available at password reset catalogue from hitide.servicenowcloud.com.au. The catalogue permits HITIDE customer_admin to input the new instance “admin” password, which will generate a change on HITIDE. Another HITIDE Support Portal customer_admin must approve this change. Your organisation should maintain more than one HITIDE customer_admin user, as these requests should be initiated by one customer_admin and approved by another on the HITIDE Support Portal. Please note that due to HITIDE's secure environment, automated approval emails triggered from the Change for the Password reset catalogue change will not accept responses via email; therefore, the email recipient (second customer_admin) must log on to HITIDE to approve the request from the HITIDE change record created by the first customer_admin. Instance Access for Customer Support Customer support can access the instance only from SNCAV3 (Secure Virtual Machine) SNC Access Plugin enabled customers should add Customer Support agent names to the SNC access list in the format firstname.lastname.snf.aus to allow SNC access IP Access control enabled customers should add ServiceNow SNCAV3 VPN IPs for Customer Support to HOP on the instance. This KB provides more details. SPP IP Access Control restrictions during HOP Release and Patch upgrade on SPP-AU instances. install.service-now.com, the repository for WAR versions ( Releases and Patches), is hosted in the SPP network. For upgrades, the instance will access this SPP-hosted install.service-now.com repo, which doesn't need to be whitelisted on the customer network. Plugins/Store Applications in SPP-AU KB0716626: Plugin FAQs KB0695388: Plugin Activation Overview This KB will assist in requesting Plugins for an instance from HITIDE using the Request plugin catalogue. Plugin Activation on Regulated Markets-Australia (SPP-AU) Most applications hosted on the Store are, by default, available on the customer's sub-production instances. The customer_admin must “GET” these applications from the Store, regardless of their entitlement status, for them to be "installable" on the instance. A license or entitlement check is imposed on the app visibility within the Production environment. Therefore, installing the application on the sub-production instance does not guarantee its availability for installation in the Production environment. This KB will assist in procuring the application and dependencies from Store. Application Store Procurement - Store Application Installation If a go-live is planned for a plugin or application in the Production environment, please ensure that the application and its dependencies /plugin is visible in the Production environment well in advance. Even if you are entitled to the application, if it is missing in the Production environment, resolving the issue may take some time. This process involves various backend teams for contract verification and depends on daily data loads, as several backend systems are involved in the data flow until it reaches an instance or store. How to access the HITIDE (SPP-AU) ServiceNow Store How to procure the app and dependencies How to Opt in for the app If the Application and its dependency applications or Plugin is "Installable" on PROD, the customer(instance admin) can install it as the license/entitlement check has already been completed. Also, for all monetary questions regarding licensing/subscriptions/entitlements, please check with the ServiceNow Account reps, as that doesn’t fall under Customer Support's Scope and we do not have access to check these. SPP-AU ServiceNow AppRepo( Custom applications) SPP ServiceNow application repository (Custom Applications) Entitlement check MID server download/installation and Auto upgrade on SPP-AU instances. The MID server host (customer network) can obtain(manual download) the MID server WAR version from install.service-now.com for the installation. For MID server auto upgrades on SPP instances, please create or update the property mid.install_server.base_uri with the value https://install.servicenowcloud.com.au/. Alternatively, follow the knowledge base for manual steps for enabling MID auto-upgrade Accessing Regulated Market specific Install servers for MID Server download, MID Server Upgrade and Nmap The MID server IP hosted on the customer network should be added to the SPP F5 whitelist to enable it to access install.servicenowcloud.com.au. If you require the static IPs of install.servicenowcloud.com.au, please create a case with us. For ocsp.entrust.net whitelisting, please refer to the knowledge base article Required list of the IP address for ocsp.entrust.net for the firewall team to include the oscp.entrust.net endpoint for mid server communication. Additional Documents Commercial to Regulated Market(SPP) Instance migration FAQ (Technical Support perspective) KB0538621: Finding the IP information for your instance FAQ on penetration test (PEN) ServiceNow Maintenance Impact (Customer Support Perspective) Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #6e9db4; } a:visited { font-size: 12pt; color: #7057C7; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: 500px !important; width: auto; height: auto; } } R