Architecture

Application Instances

Each application instance is cloud-hosted and on the Internet by ServiceNow (i.e. SaaS). This includes a lot (but not all) supporting infrastructure and databases. The instances are administered by Yale, with virtual admin support by Fruition Partners, as well as software and platform support by ServiceNow.

Servers

There are a number of servers hosted at Yale which act as proxies for ServiceNow activity on the Yale intranet.

Architecture

Configuration Notes

Security

• SSO and SAML are used for general user authentication. Users are presented with a CAS login for SSO, and Shibboleth negotiates with ServiceNow instance to allow the user to login. See these documents for details:
  • https://isa.its.yale.edu/confluence/display/Shib/Logical+Architecture
  • https://isa.its.yale.edu/confluence/display/SN/Shibboleth+SAML+Integration
• Application-stored credentials are used for certain types of users. They are maintained by the Yale SN Admin:
  • Yale admin identities (generally of the form [netid]-admin)
  • API consumers
  • Service Accounts
  • external developers (Cloud Sherpas, other contractors)
• Yale Admin accounts are inherited from the production instance via cloning, and enabled/disabled on a per-instance basis as part of the post-clone procedure.

Backups/Restores

Backups/Restores are currently the responsibility of the cloud provider.

High Availability

Availability is currently the responsibility of the cloud provider.

Software Distribution

Platform Releases

Platform software releases, limited to supported versions, are available by request from ServiceNow.

Customer Updates

Customer updates (code & configuration) for defect resolution and new features (excluding OOB) are managed by a release process recorded elsewhere.