LogoLogo
LearnDocumentationSupportCommunity
Version 6.30
Version 6.30
  • Welcome
  • Nexthink V6
  • Overview
    • Software components
    • Collector
    • Finder
    • Engine
    • Portal
    • Nexthink Library
    • Digital Experience Score
  • Installation and configuration
    • Planning your installation
      • Overview of the installation process
      • Hardware requirements
      • Connectivity requirements
      • Software requirements
      • Reference architectures
    • Installing Portal and Engine Appliances
      • Installing the Appliance
      • Installing the Appliance on Azure
      • Installing the Appliance on AWS
      • Installing the Appliance on OTC
      • Managing Appliance accounts
      • Setting the names of the Portal
      • Setting the names of the Engines
      • Specifying your internal networks and domains
      • Federating your Appliances
      • STIG compliance in Web Console
      • Connecting the Portal to the Engines
      • Configuring session performance storage
      • Configuring device performance storage
      • Setting up a software license
      • Sending email notifications from the Appliance
      • Allocating resources for the Portal
    • Installing the Collector
      • Installing the Collector on Windows
      • Installing the Collector on macOS
      • Installing the Collector for a Proof of Value
      • Assigning Collectors to Engines
      • Assignment of roaming Collectors
      • Collector MSI parameters reference table
      • Nxtcfg - Collector configuration tool
      • Inspecting the connection status of the Collector
      • Querying the status of the TCP connection of the Collector
      • Reporting the URL of HTTP web requests
      • Auditing logon events
      • Viewing user interactions in virtualized and embedded environments
      • Engage notifications on macOS
      • Configuring Collector level anonymization
    • Collector remote connectivity
      • Redirecting and anonymizing Collector traffic
      • Redirecting the Collector TCP channel
      • Support for DirectAccess
      • Windows Collector proxy support
      • Mac Collector proxy support
    • Installing the Event Connector
      • Installing the Event Connector on Linux
    • Installing the Finder
      • Installing the Finder on Windows
      • Enabling Cross-Engine Finder features
      • Expanding the time frame of investigations in the Finder
      • Enabling Finder access to the Library
      • Finder proxy support
    • Updating from V6.x
      • Updating the Appliance
      • Content centralization when updating the Appliance
      • Updating the Collector
      • Viewing Collector deprecated fields
      • Updating the Finder
    • Security and user account management
      • Importing and replacing certificates
      • Hierarchizing your infrastructure
      • Adding users
      • Enabling SAML authentication of users
      • Just-In-Time provisioning of user accounts
      • Enabling Windows authentication of users
      • Multi-factor authentication for local accounts overview
      • Provisioning user accounts from Active Directory
      • Establishing a privacy policy
      • Disabling local accounts for interactive users
      • Setting the complexity and minimum length of passwords for local accounts
      • Protecting local accounts against brute force attacks
      • Preventing password saving in the Finder
      • Controlling session timeouts in the Portal
      • Security settings in the Appliance
      • Setting the Do Not Disturb periods between campaigns
    • Data retrieval and storage
      • Data retention
      • Increasing the maximum number of metrics
      • Establishing a data retention policy in the Engine
      • Storing Engine data in a secondary disk drive
      • Importing data from Microsoft Active Directory
      • Setting the locale in the Portal
      • Changing the Time Zone of the Portal
      • Time Zones and data collection
      • Changing the data collection time of the Portal
      • Nightly task schedules timetable
      • Changing the thresholds of High CPU warnings
      • Automatic restart of unresponsive Engine
    • Maintenance operations
      • Logging in to the CLI
      • Special operation modes for the Engine and the Portal
      • Changing the default ports in the Appliance
      • Centralized Management of Appliances and Engines
      • Monitoring the performance of the Appliance
      • Resizing partitions in Appliance
      • Configuring the system log
      • Examining the logs in the Portal
      • GDPR - Retrieving or anonymizing personal data
      • Finding out unlicensed devices
      • Removing devices
      • Installing third-party software in the Appliance
      • Installing VMware Tools in the Appliance
      • Operational data sent to Nexthink
      • Sending additional data to Support
    • Disaster recovery
      • Planning for disaster recovery
      • Web Console backup and restore
      • Engine backup and restore
      • Portal backup and restore
      • Rule-based assignment backup and restore
      • License backup and restore
      • PKI backup and restore
    • Branding
      • Branding the Portal
      • Branding of campaigns
  • User manual
    • Getting started
      • Logging in to the Finder
      • Logging in to the Portal
      • Enabling STIG in Webconsole
    • Querying the system
      • Searching the subject of interest
      • Executing an investigation
      • Creating an investigation
      • Editing the options of an investigation
      • Combining logical conditions in investigations
      • Navigating through the results of an investigation
      • Properties of users and devices
    • Visualizing system activity in the Finder
      • Getting a quick overview
      • Graphically observing the activity of users and devices
      • Observing service performance
      • Viewing network connections
      • Viewing web requests
      • Viewing executions
    • Monitoring IT custom metrics
      • Creating a metric
      • Examples of metrics
      • Session performance
      • Device performance
      • Following the evolution of a metric
      • Finding the visuals of a metric
    • Monitoring IT services
      • Analyzing service quality
      • Creating a service
      • Following the evolution of a service
      • Specifying URL paths of web-based services
    • Engaging with the end user
      • Getting feedback from the end users
      • Types of campaigns
      • Creating a campaign
      • Editing a campaign
      • Types of questions
      • Controlling the flow of questions
      • Translating a campaign
      • Triggering a campaign manually
      • Limiting the reception rate of campaigns
      • Scrutinizing the results of a campaign
      • Continuously measuring the satisfaction of employees
    • Rating devices and users with scores
      • Computing scores
      • Creating a score
      • Checking and comparing ratings
      • Computing potential savings
      • Score XML Reference
      • Documenting scores
    • Remotely acting on devices
      • Scenarios for remote actions
      • Creating a remote action
      • Executing remote actions
      • Triggering a remote action manually
      • Writing scripts for remote actions on Windows
      • Writing scripts for remote actions on Mac
      • Example of self-healing scenario
      • Example of self-help scenario
      • Application control and remote actions
    • Organizing objects with categories
      • Classifying objects of the same type
      • Creating categories and keywords
      • Tagging objects manually
      • Tagging objects automatically
      • Importing tags from text files
    • Getting notified by the system
      • Receiving Engage campaigns
      • Receiving email digests
      • Receiving alerts
      • Creating a service-based alert
      • Creating an investigation-based alert
    • Building web-based dashboards
      • Introducing dashboards in the Portal
      • Creating a dashboard
      • Examining metrics in depth
      • Documenting dashboards
      • Assessing license use
      • Computing dashboard data
      • Reusing dashboard content
    • Importing and exporting authored content
      • Methods for reusing authored content
      • Manually sharing Finder content
      • Importing a content pack
      • Conflict resolution
      • Exporting a content pack
  • Library packs
    • Compliance
      • Device Compliance
    • Configuration Manuals
      • Overview (Configuration Manuals)
      • Installing A New Version Of A Library Pack
    • Digital Employee Score (DEX score)
      • DEX Score Installation And Configuration
      • Detailed Library Pack Changelog
    • Device management
      • Reduce logon duration
      • Group Policy Management
      • Hardware Asset Renewal
      • Hardware Asset Renewal Advanced
      • Application Auto-Start Impact
    • Remote Employee Experience
      • Remote Worker Experience
      • Home Networking
      • Change Log And Upgrade Process
      • Remote Worker Vs Office Worker Device Category
      • Remote Worker Insights
      • DEX V2 Upgrade Of Remote Worker
    • Persona Insight
      • Persona Insight - Overview
      • Persona Insight - Library Pack
      • Persona Insight - Score Only Pack
      • Persona Insight - Without Campaign pack
      • Persona Insight - Getting Started and Upgrade Procedure
      • Persona Insight - Configuration Guide
      • Persona Insight - Troubleshooting - Multiple devices on multiple engines
      • Persona Insight - Reference Guide
      • Persona Insight - Example Pack
      • Persona Insight - Device Sizing
        • Persona Insight - Device Sizing Overview
        • Persona Insight - Device Sizing Configuration
      • Persona Insight - Application Sizing
        • Persona Insight - Application Sizing Overview
        • Persona Insight - Application Sizing Configuration
      • Legacy Persona documentation
        • Persona Insight - Library Pack (V.1.0.0.0)
        • Persona Insight - Base Pack
        • Persona Insight - Base Pack Advanced
        • Persona Insight - Customization Guide (V1.0.0.0)
        • Persona Insight - Configuration Guide (V1.0.0.0)
        • Persona Insight - Reference Guide (V1.0.0.0)
    • GSuite
      • GSuite: Health
      • GSuite: Services
      • GSuite: Sentiment
      • GSuite: Advanced Health
    • Support
      • Support: Level 1
    • Shadow IT
      • Shadow IT
    • Malware Protection
      • Malware Protection
    • Office 365 Health
      • Office 365 Health: Overview
      • Office 365 Health: Services
    • Office 365 OneDrive
      • OneDrive Summary
      • OneDrive Operations
      • OneDrive Advanced Health
      • OneDrive Migration
      • OneDrive Sentiment
      • OneDrive Management
      • OneDrive Advanced Operations
    • Office 365 Teams
      • Teams Overall Configuration
      • Teams - Migration
      • Teams - Health
      • Teams - Advanced Health
      • Teams - Adoption
    • Microsoft 365 Apps
      • Microsoft 365 Apps - Operate
    • Employee Self Service
      • Overview
      • Configuration
      • Usage
    • Onboarding Experience Management
      • OEM - Overview
      • OEM - Configuration
    • Office 365 Outlook
      • Outlook Troubleshooting
    • Virtualization
      • Virtualization: Operate
      • Virtualization: AVD - Advanced
      • Virtualization: Citrix Advanced
      • Virtualization: Project
      • Virtualization: Troubleshooting
        • Virtualization: Troubleshooting: Configuration
    • Windows
      • Win10: Configuration
      • Win10: Migration
      • Win10: Feature Update
      • Win10: Quality Update
      • Windows Defender Management
      • Administrators Management
    • Windows 11
      • Windows 11 - Readiness
      • Windows 11 - Migration Pilot
      • Windows 11 - Migration
      • Windows 11 - Operate
    • Webex
      • Webex Operate
    • Zoom
      • Zoom Operate
    • Remote Actions
      • Get Performance Monitor Data
      • Skype For Business
      • Restart Device
      • Upload Logs to S3 using PreSigned URLs
    • Software Asset Optimization
    • Collaboration Optimization
      • Collaboration Optimization - Solution Overview
      • Collaboration Optimization - Configuration
      • Collaboration Optimization - Usage / Troubleshooting
    • Systems Management
      • Manage Configuration Drift
      • MS ConfigMgr - Client Health
        • MS ConfigMgr - Client Health - Summary
        • MS ConfigMgr - Client Health - Configuration Guide
      • Intune
        • Intune - Health
          • Intune - Health - Summary
          • Intune - Health - Configuration Guide
    • Return to the office
      • Return to the office - Planning
      • Return to the office - Readiness
    • Green IT
      • Green IT - Overview
      • Green IT - Configuration Guide
    • Hybrid Working
      • Hybrid Working Experience
      • Hybrid Working Experience - Installation and upgrade procedure
  • Integrations
    • Nexthink ServiceNow Service Graph Connector
      • Overview
        • Roles and Permissions
        • Modules
      • Installation and Configuration Guide
        • Pre-requisites
          • Configure Identification Rules
          • Import and setup the CMDB categories in Finder
        • Setup
          • Configure the connection
          • Configure import properties
          • Configure additional engines
          • Set up scheduled import jobs
      • Data transformation and mapping by default
      • How to customize the behaviour of the Connector
      • FAQ
        • Why ServiceNow Service Graph Connector?
        • What about Nexthink CMDB Connector?
        • Why is the name the primary key for the devices?
      • Troubleshooting
        • IRE identification issues
          • [No Choice found in the sys_choice table for the target table](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/ire-identification-issues/ no-choice-found-in-the-sys_choice-table-for-the-target-table.md)
          • Identification rules not created
          • Discovery_source choice not created
        • Timeout Errors
          • ECCResponseTimeoutException
          • HTTP 0 error
        • MID server issues
          • java.lang.NullPointerException
          • MID Server memory issues
          • Not trusted certificates in Quebec release
        • Configure credentials issues
          • [Not allowing update of property authentication_choice](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-credentials-issues/ not-allowing-update-of-property-authentication_choice.md)
          • Invalid username/password combo (HTTP 401/403)
        • Configure Engines Issues
          • [The client secret supplied for a confidential client is invalid](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-engines-issues/ the-client-secret-supplied-for-a-confidential-client-is-invalid.md)
        • No Cis imported and no errors found in the log
    • Nexthink ServiceNow Incident Management Connector (IMC)
      • Installation and configuration guide (IMC)
      • Troubleshooting Guide (IMC)
      • Domain separation installation (IMC)
    • Nexthink ServiceNow CMDB Connectors
      • Installation and Configuration Guide
      • Troubleshooting Guide
      • Field transformation and normalisation examples
    • Nexthink Event Connector
      • High level overview
      • Installation and Configuration Guide
      • Troubleshooting guide
      • RPM installation
      • Splunk specific documentation
        • Upgrading from Splunk Connector to Event Connector
        • Splunk add-on installation and usage
    • Nexthink Chatbot SDK
      • Introduction and concepts
      • Installation, configuration and update guide
        • Installation and configuration
        • Update to newer version
        • Uninstallation
        • Authentication
        • Topics configuration
        • Remote action configuration
        • Advanced configuration
        • Additional resources and references
      • Dimensioning guide
      • Troubleshooting
      • Technical solution description
      • Downloads and release notes
  • Glossary and references
    • Search and information display
      • Search in Finder
      • Keyboard shortcuts for column display selection
      • Campaign display compatibility
      • Real-time and consolidated service data
      • Service errors and warnings
      • Errors and warnings for devices and executions
      • Types of widgets
      • Widget compute state in charts
      • Errors in the execution of remote actions
      • Top results of Cross-Engine investigations
      • Engine data history
    • Tooltips in the user and device views
      • Alerts tooltips
      • Warnings tooltips
      • Errors tooltips
      • Activity tooltips
      • Services tooltips
    • Database information and organization
      • Maximum supported values
      • Local and shared content
      • Device Identification
      • Local IP address of devices
      • Timestamping of events
      • Boot and logon duration
      • Application startup duration
      • Application not responding events
      • Memory and CPU usage
      • Status of TCP connections
      • Status of UDP connections
      • Network and port scan conditions
      • Binary paths
      • Maximum number of Binaries
      • Package Executable Mapping
      • Metro apps
      • Investigation with packages
      • Portal aggregation and grouping
      • Focus time metric
    • Security
      • Access rights and permissions
      • Active Directory authentication
      • Canonical domain names for Windows authentication
      • System alerts
      • Audit trail
      • Appliance hardening
      • STIG hardening
      • FIPS 140-2 compliance
      • Security bulletins
        • Is Nexthink affected by Okta breach
        • Is Nexthink affected by SolarWinds breach
        • Nexthink and Log4j - Security bulletin
        • CVE-2022-22965 - Security Vulnerability Spring4shell - Spring Framework
        • Version 6.22.2.10: Security Vulnerability Maintenance Release
        • The Collector V6.27.X Release – Security Bulletin
    • References
      • Components of the Collector
      • Server support
      • Compatibility mode
    • Glossary
      • Activity
      • Alert
      • Application
      • Binary
      • Campaign
      • Category
      • Connection
      • Dashboard
      • Destination
      • Device
      • Domain
      • Entity
      • Event
      • Executable
      • Execution
      • Focus time
      • Hierarchy
      • Installation
      • Investigation
      • Keyword
      • Metric
      • Module
      • Object
      • Package
      • Platform
      • Port
      • Printer
      • Score
      • Service
      • Session
      • System boot
      • User
      • User logon
      • Web request
      • Widget
  • API and integrations
    • Integrating with Nexthink
      • Event Connector
      • Getting data through the NXQL API
      • Bidirectional integration with the Finder
      • Count metrics API
      • Software metering API
      • Services API
      • List Engines API
      • GetSID API
      • Triggering campaigns via their API
      • Triggering remote actions via their API
      • Audit trail API
      • Integrating investigation-based alerts
      • Downloads
    • NXQL API
      • Introducing the NXQL API
      • NXQL Tutorial
      • NXQL language definition
      • NXQL Data Model
    • Integrations
      • Excel integration with NXQL
      • Power BI
      • Azure Data Lake Storage Gen2
      • Splunk Event Connector
    • ServiceNow
      • CMDB Connector
      • Incident Management Connector
      • Event Management
On this page
  • Introduction
  • Pre-requirements
  • Overall process
  • Considerations
  • Properties
  • Setup Scripts
  • Discovery
  • Device Tables
  • Device Properties
  • Score Definition
  • Score Query
  • Starting scenario
  • Enable Domain Separation
  • Version 1.3.1
  • Subdomain preparation
  • Setup Script
  • Portals
  • Engines
  • Finder Connection
  • Score Definitions
  • Scheduled Job
  • Considerations for this configuration
  • Fresh installation
  • Subdomain preparation
  • Setup Script
  • Portals
  • Engines
  • Score Definitions
  • Scheduled Job
  • Considerations for this configuration
  • Upgrading to IMC 2.0.0
  • Save the configuration
  • Update from the Store
  • Run Fix Scripts
  • Configure the Connector to work with Domain Separation
  • Global setup for all domains
  • Device Properties, Device Tables, and Properties
  • Score definitions
  • Portal
  • Engine
  • Discovery process
  • Access guidelines
  • MSP administrators (only them) should be able to:
  • IMC managers within a domain should be able to:
  • IMC viewers should be able to:
  • Add a new Domain
  • Create the new domain
  • Create Nexthink Portal for the new domain
  • Create Nexthink Engines for the new domain
  • Create Score Definitions for the new domain
  • Remove a Domain
  • Records to delete/move
  • CIs
  • Score definitions, Portals, and Engines
  • Users
  • Deleting the company and domain

Was this helpful?

  1. Integrations
  2. Nexthink ServiceNow Incident Management Connector (IMC)

Domain separation installation (IMC)

Last updated 9 months ago

Was this helpful?

© Nexthink

  • Privacy policy
  • Responsible Disclosure Policy

Introduction

This guide provides comprehensive information on how to install and configure the Nexthink Incident Management Connector in a ServiceNow instance with Domain Separation enabled. Following the process explained here, the Connector will work in different domains.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please contact for more information.

This document is intended for readers with a detailed understanding of both Nexthink and ServiceNow technologies, especially the Domain Separation concepts and the Nexthink Incident Management Connector itself. The configuration instructions must be executed by a ServiceNow certified professional.

Nexthink Incident Management Connector, officially, does not support multi-domain. However, according to the , the Connector is at Level 0 - Data only: "It enables the separation of tenant data only in an application. It is not domain separated in the truest sense, because the logic to route data to domains in the application is absent. All data created is placed in the current domain of the session creating the data." Every custom table includes the domain field, enabling the Connector to be run in different domains.

Since there are as many scenarios for Domain Separation as ServiceNow instances with it enabled, this document covers only the most frequent one: Nexthink Incident Management Connector working in final domains. That is A1, A2, and B in the following picture:

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

Pre-requirements

Nexthink Incident Management Connector requires a running implementation of the Nexthink product with the following pre-requisites:

  • An appliance with Nexthink version 6.12.2 or later

  • Integrate license to use the Web API

  • Act license to use Remediations. In addition, parametric remote actions require Nexthink version 6.29 or higher

Overall process

Following this process, Nexthink Incident Management Connector will work in a ServiceNow instance with Domain Separation enabled. The Connector itself is installed in the Global domain, however each final domain will have its own Engine and Finder records to connect to the appropriate Nexthink instance and also its own Score Definitions. All other components and records of the Connector remain at the Global domain (meaning that they will be visible to all the domains in the instance, please review the Considerations and Recommendations section for the details).

The process has 2 main parts:

  • First, Nexthink Incident Management Connector 2.0.0 must be installed in a ServiceNow instance with Domain Separation enabled. This can be achieved via:

    • Fresh installation of the Connector through the ServiceNow Store.

    • Upgrade from a previous version as detailed in Upgrading to IMC 2.0.0.

  • Next, it is necessary to configure the Connector to work with Domain Separation. The most relevant steps are:

    • Global setup for all the domains: Properties, Device Tables and Device Properties

    • Creation of specific records within a domain: Engine, Portal and Score Definition

    • Run Discovery and test the application

There is a highly recommended extra step: secure the Connector's custom tables — whose records remain in the global domain — so only the appropriate users can see and manage them. Generally, only MSP administrators should have the ability to perform these operations.

To clarify the sequence of the process, the following diagram shows the main steps and when they should be completed:

Considerations

As explained above, it is highly recommended to secure everything related to Nexthink Incident Management Connector that remains in the global domain. Only MSP administrators should be able to manage domains.

Properties

Connector's properties cannot be specified per domain. When a property is changed, it will affect all domains. Before starting Nexthink Incident Management Connector domain separation, it is best to plan how these properties will be configured.

Setup Scripts

The Default Configuration Setup Script inserts all the required data. Since the Connector logic does not take domains into consideration, everything is done globally. This has two implications:

  • Customizations done globally are overwritten and restored to the initial status.

  • Customizations done in a domain could be lost since the record will be created/updated in global.

As a recommendation, use this Setup Script only at the beginning of the process after installing the Connector.

Discovery

Nexthink Incident Management Connector uses the Scheduled Script Discover Engines - Devices to determine which CIs are present in the Nexthink Engines. This is key to the functionality of the Connector since the Engine is needed to query all the CI data from the incident form. The script only updates the fields NXT Engine and NXT Platform of the tables included in Device Tables.

As is the case with all the logic, the Discovery process is domain agnostic. Its behavior depends on the user who launched it (normally specified in the "Run As" field). The process queries all Nexthink Engines (that the user can see) to determine if any of the CIs (that the user can see) are related and, if they are, updates the record. With this, there are two recommended scenarios:

  • Both Discovery script and user are located in the global domain: Set in the "Run As" field an MSP administrator user can see all the Engines and CIs in the ServiceNow instance. Therefore, when Discovery runs, it will update the information for all the customers/domains. This is the easiest option to configure.

  • Specific Discovery script and user per domain: For MSPs that prefer to distinguish the Discovery process per customer (for instance, to define different schedules). To do so, two things are required:

    • Specific admin user per domain

    • Specific Discovery script per domain

  1. Go to Nexthink Incident Management Connector → Scheduled Jobs and click on Discover Engines - Devices.

  2. If the field "Run As" is not visible, enable it:

    1. Configure → Form Layout (this must be edited within the Global scope)

    2. Move the field “Run As” to the Selected column.

    <figure><img src="../../.gitbook/assets/image-20211005-061342 (1).png" alt=""><figcaption><p>Click on save.</p></figcaption></figure>
  3. Change the name, adding something related to the domain, such as "Discover Engines - Devices: Domain A1."

  4. Select in the "Run As" field the specific admin user of this domain.\

  5. To create a new record, remember to select Insert and Stay from the Additional Actions menu instead of pressing the Update button.

  6. To avoid confusion, it is recommended to remove the first (generic) Discovery script when every domain has its own Discovery created.

Be aware that CIs with the same values according to Nexthink - ServiceNow Mapping (defined in the Connector's properties), are considered the same for the Discovery and could lead to bad functionalities. To avoid this situation, make sure CIs for different domains differ.

Device Tables

The table x_nexsa_imc_device_table defines in which CMDB tables the devices stored will be considered for the data retrieval process. Due to the definition of this table, it is not possible to duplicate a selected table, even for different domains. Therefore, the configuration done in this table will be shared for all the domains in the instance.

Recommendation: While the table can be modified, ensure that only MSP users can see it and modify it since the changes will affect all the domains.

Device Properties

Similarly, as explained for the Device Tables, the definition of the Device Properties table does not allow for duplicated values. Thus, all these records must be left global and shared for all the domains in the instance. In practice, this means that fields shown in the Device Properties tab are the same for all the domains. With this in mind, it is recommended to ensure that only MSP users are allowed to see and modify the records of this table.

Score Definition

As with the other tables, the Score Definition table does not duplicate the value for the name field. There are two cases:

  • Score Definitions that are not Device Properties: As a good practice, the recommendation here is to add in the name value something related to the domain, like "L1 Checklist - Domain A1" so names won't be duplicated between domains. The caption field, which defines the text that users will see in the tab, allows for duplicated values: "L1 Checklist"\

  • The Device Properties Score Definition cannot be duplicated, leading to two options:

    • Deactivate the Score: it won't be shown in any domain. Before doing this, please consider that this tab is needed to retrieve the data required to launch remediations. Use this option only if remediations are disabled in the Connector's properties.

    • Share the Score (Recommended): Leave the score as it is created by the Setup Script and double-check the fields that will be shown here makes sense for all the domains (see the Device Properties section)

Score Query

Following the process described in this document, there is nothing to change regarding Score Queries: each domain will have its own score queries according to the Score Definitions.

Starting scenario

Enable Domain Separation

Once activated, navigate to Domain Admin → Domains. You will find a default MSP domain called TOP, which is the immediate child of the global domain and can be renamed or deleted as appropriate. When creating a new domain, pay special attention to the fields Type and Parent:

  • The Type will have to match the Type field in any company that is created for that domain. For final domains, it is recommended to set both the Domain and the Company to the customer type.

  • Setting the Parent will determine the hierarchy of the Domains.

The structure of the domains created for the instance can be verified by navigating to Domain Admin → Domain Map.

A Company needs to be created for each final domain — as in ServiceNow, CIs are separated by domain using the Company field out-of-the-box and configuration will be performed at final domains. Open each domain record and on the Companies tab create a record. As mentioned before, the Type field corresponding to the company's field should be set to true (as stated above, for companies in final domains this implies checking the Customer checkbox).

Version 1.3.1

For instances with domain separation enabled and version 1.3.1 of Nexthink Incident Management Connector installed, the configuration for the connector will be global for all domains. That implies that retrieving the score information for CIs in any subdomain will load the information for all score definitions, not only those scores defined for a particular subdomain. To separate score definitions by domain, it is required to upgrade the Connector to version 2.0.0; to do so, please follow the instructions in the section Upgrading to IMC 2.0.0 in this same document.

Subdomain preparation

Create the corresponding users for each subdomain and assign them the required roles (please see the section Roles and ACLs of the documentation for more information) and configure the properties as appropriate. While users are kept domain separated from the box, properties will be changed on the global domain. For instance, setting a property in Domain A2 will also modify it for Domain A1 and up to Global.

Bear in mind that if the subdomains require a different MID Server, each subdomain will also require a user with the mid_server role assigned.

Setup Script

The default records for Device Properties and Device Tables are loaded by executing the Default Configuration Setup setup script.

Click on the Setup Scripts module and open the Default Configuration Setup record.

Finally, click on the Execute Now button.

Portals

Portals are used for the execution of remote actions.

Engines

Engines are used to retrieve the data used for the scores.

Finder Connection

For the Open in Finder button in the Incident form to work, a Finder connection needs to be created. Click on the Finder Connection module and create a record with the following fields:

ServiceNow field
Value

Name

Portal

Reference to the Portal record

Click on Submit to save the record.

Score Definitions

The Nexthink tabs displayed when creating are defined by the records created in the x_nexsa_imc_score_definition table. Click on the Score Definitions module and create a new record per score to be displayed.

The form will only include a Name field to be completed. After entering the value, save the record and attach the XML Scores configuration file associated with it. The remaining fields in the form will be completed using the file that was attached.

Scheduled Job

Finally, to assign an NXT Engine and NXT Platform to CIs, the Discover Engines - Devices Scheduled Job needs to be configured and executed. Open the record by clicking on the Scheduled Jobs module and Discover Engines - Devices record. If the attribute Run as is not displayed, configure the Form Layout to add it to the form.

Set the Run as field to a user with the admin role and either click on the Execute Now button or configure a scheduling condition to set when the job runs. If the process is successful, the field Status in the Engines will be updated to Ok and the fields NXT Engine and NXT Platform of the devices will be updated accordingly.

Considerations for this configuration

After this configuration is finished, the Connector is ready to be used. Bear in mind that users and CIs will be domain separated from the box, but all Score tabs, properties, and remaining configured records will be located at the global domain. Therefore, any CI discovered by the Scheduled Job that is used on an incident form will see all score definitions.

Fresh installation

Bear in mind that Nexthink Incident Management Connector needs to be installed on the global domain, as it will flow down to all domains created on the instance (even for those added or removed after the installation).

Subdomain preparation

Create the corresponding users for each subdomain and assign them the required roles (please see the section Roles and ACLs of the documentation for more information) and configure the properties as appropriate. While users are kept domain separated from the box, properties will be changed on the global domain. For instance, setting a property in Domain A2 will also modify it for Domain A1 and up to Global.

Setup Script

The default records for Device Properties and Device Tables are loaded by executing the Default Configuration Setup setup script.

Click on the Setup Scripts module and open the Default Configuration Setup record.

Finally, click on the Execute Now button.

All Device Properties and Device Tables records will be created in the global domain and should remain there. Changing the domain of a record in the Device Properties table will result in the Device Properties score definition working incorrectly, which will, in turn, cause the execution of remediations to not be available for all remaining domains.

New records for the Device Tables table can be created manually, but they must be kept at the global domain.

Portals

Portals are used for the execution of remote actions.

Only one Portal can be created for each subdomain. Portals should only be visible from their original domain or a parent domain (i.e. global can see all records).

Engines

Engines are used to retrieve the data used for the scores.

Engines should only be visible from their original domain or a parent domain (i.e. global can see all records).

Score Definitions

All Names must be different (including from score definitions created in other domains) and should contain a reference to the subdomain to be more easily identifiable (e.g. "Overall IT Satisfaction A1"). On the other hand, the captions can be repeated as they are only used to give a name to the tab displayed on the incident form.

Scheduled Job

Please refer to the Discovery section of this guide to configure the script correctly.

Considerations for this configuration

The following considerations should be taken into account when using this configuration for a ServiceNow instance:

  • The application properties are defined on the global domain; therefore, any change made on a subdomain will be applied to the configuration of all the remaining subdomains.

  • The setup script should be launched only once or the records will be recreated and customizations will be lost. If it is executed after configuring the connector, the Score Queries for that domain will be copied onto the other subdomains. Please recreate Score Definitions to refresh the Score Queries and repeat any customizations done to Device Tables or Device Properties.

  • The Nexthink Incident Management Connector will be installed even on subdomains where the client may not use it. It is important to remember that users in this subdomain should not be assigned any "x_nexsa_imc" roles to avoid confusion by restricting access to the application's tables and ensuring the correct behavior of the incident form.

Upgrading to IMC 2.0.0

This chapter describes the upgrading process to Nexthink Incident Management.

Connector version 2.0.0. It assumes a previous version is already installed in the ServiceNow instance. An admin user is recommended for these steps since some special privileges are required within the instance.

Save the configuration

The very first thing to do is to save the configuration of the Connector. Select your preferred backup method, for instance, screenshots. Below there is a list of the elements to store:

  • Discovery setup: scheduled and "Run As" user. Go to Nexthink Incident Management Connector → Scheduled Jobs and select Discover Engines - Devices

  • Business Rules: Although they all should be enabled, it is best to double-check them. Nexthink Incident Management Connector → Business Rules

  • Score Definitions: For each Score Definition, remember to save both the name and the Score XML attached to it. Nexthink Incident Management Connector → Settings → Score Definitions

  • Device Properties: Only for the customizations, the OOB properties will be recreated during the configuration of the Connector. Nexthink Incident Management Connector → Settings → Device Properties

  • Device Tables: Again, only if anything has been customized here. Nexthink Incident Management Connector → Settings → Device Tables

  • Portals: Make sure to save the whole configuration, including the DNS or IP, the Finder Port, mid server, and authentication profile. Nexthink Incident Management Connector → Settings → Portals

  • Engines: Per engine, store DNS or IP, Port, _Auth Profile (_both user and password will be required later), and MID Server. Nexthink Incident Management Connector → Settings → Engines

  • Properties: Go to Nexthink Incident Management Connector → Properties

  • Other customizations: Any other customizations (UI Scripts, Client Scripts) should be annotated to be able to replicate them after the upgrade.

Update from the Store

Run Fix Scripts

Nexthink Incident Management Connector 2.0.0 provides two run Fix Scripts to facilitate the upgrade:

  1. NXT-Delete UI Sections & Update Scores: This script deletes old UI Sections created in previous versions and automatically updates the Scores Definitions. It must be executed from the Global application scope.

  2. NXT- Restore Portal & Engines: Since version 2.0.0, Portals and Engines are stored in the same table, x_nexsa_imc.endpoint. This Script reads the old tables, creates the appropriate records in the new one, and finally removes the unnecessary tables. Before running this script, double-check there is only one portal, otherwise it will not work (version 2.0.0 allows only one portal). It has to be executed from the Nexthink Incident Management Connector application scope.

To run them:

  • Log in to the ServiceNow instance with a user with an admin role.

  • Change to the appropriate scope:

    • NXT-Delete UI Sections & Update Scores: Global

    • NXT- Restore Portal & Engines: Nexthink Incident Management Connector

  • Go to Nexthink Incident Management Connector → Scripts → Fix Scripts.

  • Click the Fix Script name.

  • Set the Active field to true, save the record and reopen it.

  • Press the Run Fix Script button

Configure the Connector to work with Domain Separation

After updating version 2.0.0 of the Nexthink Incident Management Connector successfully, certain configurations needs to be updated for the connector to work correctly.

Global setup for all domains

Device Properties, Device Tables, and Properties

To create the Device Properties score definition, the Setup Script will have to be executed again. Be sure that any customization done to Device Properties, Device Tables, and Properties is saved before performing this step, as described in this section.

Click on the Setup Scripts module and open the Default Configuration Setup record. Finally, click on the Execute Now button. The score queries will be updated correctly when the score definitions are moved to the correct subdomain, so it's unnecessary to recreate them yet.

Score definitions

After executing the NXT-Delete UI Sections & Update Scores fix the script, the score definitions created on the global domain need to be edited and moved to the appropriate final domain. Please remember to not change the Device Properties score definition. It should be kept in the global domain. It is recommended to use a user with the x_nexsa_imc.manager role created at the same final domain in which you want to configure the score definition so that only the correct Domain will be available to be chosen. Navigate to the Score Definitions module to see a list of all the records. If the Domain field is not displayed, make it available by clicking on the Personalize list button (gear icon) and move the domain row to the Selected column by clicking on it on the Available list and clicking on the right arrow.

Confirm by clicking on OK.

Double click on the Name field and modify it to add a reference to the final domain in which the score definition needs to be kept (e.g. for a score affecting subdomain A1, change the name to Overall IT Satisfaction A1). Double click on the domain to also edit it and select the final domain (as it is being modified by a user at that domain, only the correct one should be available).

Portal

The Portal record that was created on version 1.3.1. should have been moved correctly to the new Endpoint table in version 2.0.0. Please remember that, as indicated in our documentation, the change in the connector's behavior dictates that although having more than one Portal defined as possible for the previous version, only one record should be kept before executing the NXT- Restore Portal & Engines fix the script.

Enter the record from the subdomain to which it should be configured and edit the Form layout to add the Domain field to the selected fields. Save the configuration and enter the record. Change the domain of the Portal from global to the final domain that is being configured.

Engine

The Engine record that was created on version 1.3.1. should have been moved correctly to the new Endpoint table in version 2.0.0.

Enter each record and change the Domain field from Global to the final domain that is being configured. The Portal field will also be mandatory for this version. The domain field was added to the Endpoint table in the previous section. Please refer to it if it is not displayed when configuring the engines.

Discovery process

Because the table in which the Engines are stored has changed from version 1.3.1. to version 2.0.0, the Discovery process needs to be run again, as the reference to NXT Engine contained in the appropriate CIs is lost.

Navigate to the Scheduled Jobs module and execute the Discover Engines - Devices script by following the instructions in the Discovery section of this guide.

After the process has been executed correctly, the connector will be ready.

Access guidelines

This section gathers who should be able to perform what within Nexthink Incident Management Connector:

MSP administrators (only them) should be able to:

  • Read and modify Properties.

  • See and run Setup Script.

  • See and run Discovery process. Unless a specific Discovery per domain has been created, as explained in Discovery; in this case, each Discovery can be run by the administrator of each domain.

  • See and manage Device Table records.

  • See and manage Device Properties records.

  • See and manage Device Properties records in the Score Definition table.

  • See Score Queries (since they are handled internally by the Connector, they should not be manipulated).

IMC managers within a domain should be able to:

  • See and manage Score Definitions (except the Device Properties one).

  • See and manage Engines within the domain or in global.

  • See and manage Portals within the domain or in global.

IMC viewers should be able to:

  • Read Score Definitions.

  • Read Engines.

  • Read Portals.

  • See CIs within the domain.

Add a new Domain

Create the new domain

Log in as an admin user working in the Global application scope Go to Domain Admin → Domains and click New

Complete the form:

  • Parent: Choose the desired domain as the parent.

  • Type: Domains, where Nexthink Incident Management Connector is used, are typically Customer type.

  • Active: Be sure this field is enabled, Click on Submit.

Create Nexthink Portal for the new domain

Select the new domain through the Domain Picker.

Go to Nexthink Incident Management Connector → Settings → Portals and click New.

Complete the form:

In addition to the usual fields, take into consideration:

  • Domain: It must be the new domain.

  • Default Portal: Do not mark this portal as the Default portal.

Create Nexthink Engines for the new domain

Select the new domain through the Domain Picker.

Go to Nexthink Incident Management Connector → Settings → Engines and click New.

Complete the form:

Please, pay attention to:

  • Portal: Must be the specific portal for the domain (see Create Nexthink Portal for the new domain)

  • Domain: The new domain

  • Must be maintained as Active

Create Score Definitions for the new domain

Select the new domain through the Domain Picker.

Go to Nexthink Incident Management Connector → Score Definitions and click New.

  • Name: Since duplicated names are not allowed in this table, please add something related to the domain name.

  • Caption: This will be shown in the Connector tabs. In this case, it is better to not distinguish between domains so the user in each domain will have the feeling of own ServiceNow instance.

  • Domain: This is the new Domain.

  • Maintain the Score Definition as Active.

  • Remember to attach the Nexthink Score file, the other fields will be filled automatically.

Remove a Domain

Records to delete/move

When a domain is removed, all the information that was stored at that domain is moved to its most immediate parent domain (e.g., Engines set to Domain A1 would be moved to Domain A). To avoid this behavior, it is recommended to delete these records:

CIs

For all CIs that were set to the Domain to be deleted and not saved, deleting the records will stop the records being moved to a higher domain.

Navigate to cmdb_ci.list and — if it is not already displayed — add the domain field to the view by clicking on the Personalize List button (gear icon) and moving the Domain option to the Selected column using the right arrow. Click on OK to save the changes.

Click on the Search column search row button (magnifying glass icon) and enter the search box for the Domain column the name of the domain to be deleted. Press the Enter key.

Select all records to be deleted, click on the dropdown list Actions on selected rows... at the bottom of the page → Delete and confirm.

Score definitions, Portals, and Engines

Using a user with the x_nexsa_imc.manager role assigned to it that was created on the domain to be deleted, navigate to the Score Definitions module. If a user with those characteristics is unavailable, impersonate or log in as a user with the x_nexsa_imc.manager role with visibility over the domain to delete and change to it.

Select all records — except for the Device Properties score definition —, click on the dropdown list Actions on selected rows... at the bottom of the page → Delete and confirm.

Then, navigate to the Portals module, select the only record there and delete it following the same steps.

Finally, navigate to the Engines module, select all Engines created for that final domain and delete them.

Users

Navigate to sys_user.list. Add the domain field by clicking on the Personalize List button (gear icon) and move the Domain option to the Selected column using the right arrow. Click on OK to save the changes.

Click on the Search column search row button (magnifying glass icon) and enter the search box for the Domain column the name of the domain to be deleted. Press the Enter key.

Select all records to be deleted, click on the dropdown list Actions on selected rows... at the bottom of the page → Delete and confirm.

Deleting the company and domain

Firstly, the Company that was created for the domain needs to be deleted. Navigate to Organization → Companies and search for the company's name using the search bar at the top of the page. Alternatively, add the Domain field to the list and filter by the domain to be deleted.

Select all records to be deleted, click on the dropdown list Actions on selected rows... at the bottom of the page → Delete and confirm.

Finally, to delete the domain itself, navigate to the Domains module, enter the record for the domain to be deleted and click on the button labeled Delete.

To verify that the process was correct, navigate to Domain Map and verify that the diagram has been updated correctly.

On the other hand, the Connector must be installed in a ServiceNow instance with Domain Separation enabled. To do so, please follow the official

Before installing Nexthink Incident Management Connector, domain separation should be enabled in the ServiceNow instance by installing the Domain Support - Domain Extension Installer plugin. The request can be made from the HI Service Portal Service Catalog. You can find more information on the .

As explained in the ServiceNow , go to System Applications → All Available Applications → All. Look for Nexthink Incident Management Connector and click Update.

ServiceNow documentation.
ServiceNow official documentation
official documentation
Nexthink Support
ServiceNow Domain Support Levels