Skip to content

Cookie Settings

This site uses cookies that need consent.

Service Specification - CI Synchronizer to ServiceNow

— Last updated: May 27th, 2024

1. Service overview

CI Synchronizer (CI Sync) is a Software-as-a-Service (SaaS) offering made available through various Subscription Plans.

As a general description, CI Sync is a SaaS integration application which processes records between a source system (one that holds automatically discovered IT assets and associated data) and a destination system (one that holds a transformed version of the source records in the form of Configuration Items (CI or CIs) and associated data).

This Service Specification relates specifically to the version of CI Sync that processes records between various source systems and ServiceNow (as the destination system). That is, this Service Specification relates to CI Sync for ServiceNow (CI Sync for SN).

The source and destination systems, both of which are owned and managed by You, do not form part of the Service. The ability for the Service to successfully perform its functions, is dependent upon Your systems and data which are outside of Our control.

The diagram below provides an overview of the major components which make up the Service, including which components are owned and/or managed by You or Us.

App screenshot
CI Sync for ServiceNow High Level Topology Diagram

2. Detailed description of services

The Service consists of the following components provided by Us:

  • The CI Synchronizer SaaS application (CI Sync SaaS application or CI Sync) in the Cloud.

  • The CI Synchronizer Agent (CI Sync Agent) hosted in Your environment.

For the CI Sync SaaS application

  • We will provide You with a logical instance of the CI Sync SaaS application within a hosted environment (Hosted Environment) provided by Our hosting provider (Cloud Host) and make the logical instance (Your Instance) available to You. Refer to "Overview of Service Provisioning and Initial Service Use" for additional details. Your Instance may consist of a combination of dedicated and non-dedicated technology components.

  • You will be able to access to Your Instance through an authenticated login. You will also be able to make Your Instance available to other users You provision with an authenticated login (an End User). All user access and authentication to Your Instance is controlled by You, not Us. Refer to “Overview of Authentication and Security” for additional details.

  • You will be able to use a web browser user interface to configure Your Instance and perform synchronisation of Your source system records into Your ServiceNow Configuration Management Database (CMDB). You will also be able to define a schedule of automated recurring synchronisation events, provided it complies with any fair use requirements set out in this Service Specification.

  • Your Instance, working in conjunction with the CI Sync Agent, will generate data for Your source system records (i.e. those source system records which match the configuration rules You have defined), process that data (by attempting to match them with existing Configuration Items (CIs) stored in Your ServiceNow CMDB) and either insert new CIs or update existing CIs. Refer to “Overview of data used within the Service” for additional details.

  • The CI Sync SaaS application will transform Your data, persist Your data, and store logs and metrics as part of its processing operations. Refer to “Overview of data used within the Service” for additional details.

For the CI Sync Agent

  • We will provide You with one or more copies of the CI Sync Agent (Agent) which You will be required to install onto a Microsoft Windows Server within Your environment. As part of the Agent installation process, You will be directed to register the Agent as an application within Your Azure Active Directory (AAD).

  • When an installation of Your Agent first authenticates and connects to Your Instance, the specific installation of the Agent is automatically registered in Your Instance (this allows Your users to visually differentiate Agent installations and ensures the CI Sync SaaS application can authenticate individual Agent installations).

  • The Agent requires read access to Your source system repository (i.e. a Microsoft SQL server in the case of SQL based source systems, or a cloud account/subscription for cloud based source systems records).

  • The Agent also requires read and write access to either a Microsoft SQL or MongoDB database which is automatically created during the installation process. This additonal database is used by the CI Sync Agent to track and process Delta Synchronisations which is a key feature of CI Sync.

  • The Agent will periodically poll Your Instance looking for synchronisation jobs to perform (i.e. jobs You have configured using the user interface of Your Instance).

  • When the Agent receives a synchronisation job it will determine which of Your source system records have changed since the previous synchronisation job and send the relevant records as data payloads to Your Instance for processing.

Overview of Record & Field Types in the Service

The Service differentiates between the following Record & Field Types:

  • Source system records and fields that are oriented towards assets (Asset Oriented Record & Field Types).

  • Source system records and fields that are oriented towards events (Event/Activity Oriented Record & Field Types).

The Record & Field types available to You is governed by the particular Subscription Plan You have purchased.

Asset Oriented Record & Field Types

These are typically parent records and objects discovered and/or present in source systems and primarily consist of any of the following:

  • Computing devices (servers, hosts, VMWare vCenter Servers, virtual machines, nodes, personal computers, and similar).

  • Network connected devices (SAN, NAS, printers, switches, firewalls, IP phones, IP cameras, IoT devices, other IP connected devices, and similar).

  • Mobile devices (mobile phones, tablets, and similar).

  • Cloud resources (virtual machines, resource groups, VPCs, and similar).

These also consist of child records and objects directly related to, or installed upon the records described above such as any of the following:

  • Installed software packages (on computing devices).

  • Installed applications (on mobile devices).

  • Hardware and virtualised components (displays/monitors, memory modules, network adapters, directly attached storage devices and volumes, VMWare components such as datacenter, datastore, clusters, virtual networks, and similar).

  • Asset groups, tags and similar (if applicable to a given source system).

  • The Last Logged on Username field/value (if applicable to a given source system).

Asset Oriented Record & Field Types exclude any records or fields identified as an Event & Activity Oriented Record Type.

Event & Activity Oriented Record & Field Types

These are typically date, time or transactional events and activities which directly relate to Asset Oriented Record & Field Types. These consist of any of the following:

  • Event Fields such as the following:

    • Last Seen Date/Time.

    • Last Logged On Date/Time.

    • And similar.

  • Event Records such as the following:

    • Log records (e.g. Windows Event Logs).

    • Monitoring records (e.g. Windows Performance Monitor logs and metrics).

    • And similar.

3. Overview of Service Provisioning and Initial Service Use

The Service is initially provisioned through the following general process:

  • You will provide Us with the following details:

    • Contact details of a primary point of contact, and an alternative contact, for the service within Your organisation (Your Service Owner contact details). We also recommend You provide Us with an alternative contact who can act on behalf of Your Service Owner if they are not available.

    • An email address, which may be a Distribution List email address, within Your organisation that We will use to send service-related notifications (Your Service Notification contact details).

    • The Tenant ID of Your Azure Active Directory (AAD). That is, the Tenant ID of the ADD that will be hosting the Enterprise Application registration (see below for further details on this topic).

  • We will initialise Your Instance within the Hosted Environment and make the instance accessible by You. 

  • We will provide You with a URL, which is specific to Your organisation, to the user interface for Your Instance.

  • Using the URL We provide, a privileged user in Your Azure Active Directory (AAD) will register Your Instance of the CI Sync SaaS application as an Enterprise Application within Your AAD. The Enterprise Application will contain any roles needed to provide authorisation into Your Instance. Such roles will be used by You to control access Your Instance.

  • We will also provide You with an installable copy of the CI Sync Agent (Agent) (or make it available for download by You):

    • You will install the Agent on a Microsoft Windows Server within Your environment and You will provide the Agent access one or more of Your source asset repositories.

    • As part of the installation process, You will need to register the Agent in Your Azure Active Directory (AAD) and grant it the relevant role under the CI Sync enterprise application registration.

    • You may install the Agent on multiple servers within Your environment (e.g. if necessary to support the specifics of Your environment).

    • Each install of the Agent will have a “friendly name”, initially the NETBIOS name of the server it is installed on, so You can identify it in the user interface of Your Instance.

The initial use of the Service, for the purpose of performing synchronisation of data, will take place through the following general process:

  • You will configure the following:

    • The connection details (including URL and various authentication information) for Your ServiceNow.

    • The name of each Agent You have installed.

    • The one or more source systems You will connect to from the Agent.

    • The source record types, and related data objects, You want synchronised into Your ServiceNow CMDB.

    • The synchronisation schedule You wish to use.

  • With respect to the above, and in accordance with the inclusions of Your Subscription Plan:

    • We will provision You a single instance of the CI Sync SaaS application which is suitable for connection to both Your Non-Production ServiceNow instance and then Your Production ServiceNow instance.

    • We will provide You with comprehensive planning and setup instructions, and work with you to prepare for the implementation of the Service initially using the default configuration of the CI Sync SaaS application which You will initially connect Your Non-production ServiceNow instance.

    • Once the configuration of the CI Sync SaaS application has been validated against Your Non-Production ServiceNow You can create a second connection between Your instance of CI Sync and Your Production ServiceNow instance. The production connection will utilise the configuration of CI Sync which was validated with your Non-Production ServiceNow instance.

    • It is Your responsibility to assess the potential impact on Your environment, including but not limited to Your business processes, Your operational services and Your data, prior to performing synchronisation/s against any of Your ServiceNow instances.

    • It is Your responsibility to make any changes to Your ServiceNow CMDB if such changes are required to successful use the Service.

    • Refer also to “Subscription Plans” for additional details about inclusions of each CI Sync edition.

4. Support Services

Unless stated otherwise, all Subscription Plans for the Service include the following Support Services:

Types of Support Services

First level support is made available to You via articles in Our knowledge base (available via Our Website).

Second level support is provided via a support email address (or any other communication medium chosen by Us). This email address is monitored (during the Support Services Availability Times specified below) and We will use reasonable efforts to resolve Your support requests.

In exceptional cases and at Our sole discretion, third level support may be provided by Us via an online meeting.

In all cases Our Support Services will entail reasonable advice and guidance concerning the use of the Service, and troubleshooting of the Service in an attempt to resolve the issue, either by providing You with the possible steps to resolve the issue, or undertaking the necessary measures on Our end and notifying You accordingly.

Support Services Availability Time

Our Support Services are available on Business Days (in Australia) from 09:00 AM till 05:00 PM, Australian Eastern Standard Time (AEST) (Business Hours) (Support Services Availability Time).

Requirements and Exclusions

We will only provide the Support Services when: (i) You have not made any modifications to Your installation, where "modifications" mean: changes or additions that are not entailed in Our documentation or that are made outside of the Service’s configuration settings; (ii) You use the Service in accordance with the terms of the Subscriber Agreement (including this Service Specification) and Our knowledge base (iii) We received the support request in English from a person authorised by Your Service Owner; and (iv) first level support made available through Our knowledge base has been exhausted.

We may also require You to upgrade to the latest version of the CI Sync SaaS application and/or the latest version of the CI Sync Agent for LS prior to providing You with Our Support Services.

Support requests that meet the above requirements are defined as Valid Support Request.

Cooperation

You must cooperate with Us in the performance of the Support Services including by providing reliable, accurate, and complete information regarding Your Valid Support Request, and You acknowledge that the delivery and the quality of the Support Services depend upon Your cooperation. If You do not provide Us with such information as reasonably requested by Us, We may not be able to assist You with the resolution of Your Valid Support Request.

Severity Levels

Upon receipt of a Valid Support Request, We shall determine, in good faith, the severity level of the request in accordance with the following criteria: (i) “High” means that the Service or a major part of the Service is not functioning; (ii) “Medium” means that there is a malfunction in the Service which degrades the Service’s performance or functionality, affecting Your usage of the Service; (iii) “Low” means issues or questions with no or limited impact on the functioning of the Service, such as general questions, change or improvement requests in relation to the Service. You are allowed to give an indication of the severity level You consider applicable to Your Valid Support Request, which may be taken into account by Us when We determine the severity level of Your Valid Support Request.

Initial Response Time

We shall employ reasonable efforts to meet the following initial response times to respond to Valid Support Requests, according to the severity levels as determined above:

  • High: 4 Business Hours, during the Support Services Availability Time

  • Medium: 24 Business Hours, during the Support Services Availability Time

  • Low: 40 Business Hours, during the Support Services Availability Time

Confirmation of Receipt

The Initial Response Time starts to run, during the Support Services Availability Time, from the moment that You receive a confirmation of receipt email from Us.

Initial Response Inclusions

The Initial Response to the Valid Support Request may include: (i) possible solutions which should allow You to resolve the issue; and/or (ii) a request for more information if no possible solutions can be provided based on the information available at that point.

5. Overview of Planned Maintenance

Unless agreed otherwise, We will perform Planned Maintenance according to the details below:

  • We will aim to provide at least 48 hours’ notice prior to any planned maintenance. We may provide less notice if We determine an urgent requirement for planned maintenance.

  • During the planned maintenance period Your Instance may be unavailable for use (either via the user interface of Your Instance or for the performance of synchronisation activities).

  • We will provide an email notification of planned maintenance to each of the following:

    • The email address provided by You for the Service Owner (both the Primary Contact and Alternate Contact)

    • The email address, which may be a Distribution List email address, provided by You for Service Notifications

6. Overview of Service Upgrades

Unless agreed otherwise, We will perform Service Upgrades according to the details below:

  • From time to time, We may implement upgrades to the Service (Service Upgrade), including any enhanced, improved, modified or new versions of the Service.

  • We may contact You in advance of a Service Upgrade and recommend Your participation in non-production testing of the upgrade. In such circumstances:

    • We will provide You with a reasonable period of advanced notice so You can prepare for Your involvement in such non-production testing.

    • In the unlikely situation that We determine an entirely separate instance of the CI Sync Saas application is required, We will offer You a temporary instance of the CI Sync (Temporary Test Instance) for You to perform testing of Our upgrade against a non-production clone of Your ServiceNow.

    • We will also provide You with a reasonable period to perform such non-production testing. Upon completion of this period, We will de-provision the Temporary Test Instance.

    • If You do not participate in such non-production testing, for whatever reason, then We may proceed to implement an upgrade to Your Instance (Production Instance) at Our sole discretion.

  • Refer also to “Subscription Plans” for additional details on the various instance types.

  • From time to time, We may also perform a Service Upgrade without requesting Your participation in non-production testing.

  • We will provide an email notification of an upgrade to each of the following:

    • The email address provided by You for the Service Owner (both the Primary Contact and Alternate Contact)

    • The email address provided by You for Service Notifications

7. Overview of data used within the Service

The Service relies upon the following data:

  • Service Owner contact details

  • Service Notification contact details

  • Transient synchronisation data

  • Persisted synchronisation data

  • Logging data

  • Metrics and billing data

Service Owner contact details

Topic

Details

Basic description of the data

Contact details

Purpose within the Service

For Us to contact an accountable party within Your organisation in relation to fees, billing thresholds approaching or exceeded, billing and Notices under the terms of the Subscriber Agreement for the Service. In addition, for Us to send notifications about planned maintenance and service upgrades.

Additional details of the data

Primary Contact

  • First Name

  • Last Name

  • Email address

  • Phone (Optional)

Alternate Contact

  • First Name

  • Last Name

  • Email address

  • Phone (Optional)

Service Notification contact details

Topic

Details

Basic description of the data

Contact details

Purpose within the Service

For Us to send notifications about billing thresholds approaching or exceeded, planned maintenance and service upgrade notifications.

Additional details of the data

Email address (which may be a distribution list email provided by You).

Transient Synchronisation Data

Topic

Details

Basic description of the data

All in-scope fields (and field values) for each individual source system asset/record selected by You for synchronisation using the CI Sync User Interface.

Purpose within the Service

Used by the CI Sync Agent to package the source records into payloads and send to Your instance of the CI Sync. Once the payloads are received, they are processed by CI Sync which includes the data being automatically read, matched for update against existing ServiceNow CIs (or if not matched then treated as a new CI) and written to Your ServiceNow CMDB. Once each payload is processed it is automatically deleted unless You have selected the option to retain Message Payloads for 24 hours (via the Settings page in Your instance).

By default, CI Sync does not transit any user related attributes. If You have requested that We include an attribute that represents the Last Logged On User, the Most Frequently Logged on User, User Principal Name, Owner (or somthing similar depending on the attributed available in each given source system) so it can be mapped to the Assigned_To attribute (or other similar attribute) on a CMDB CI record, then Your CI Sync instance will also be transiting the user values in the related attribute. This attribute will be contained within each source system record payload (along with all other attributes of the particular source system record). 

We will obtain Your confirmation of the source system attribute name before the user values are transited. 

It is Your responsibility to assess the values contained within the user attribute, and therefore Your responsibility to determine whether the values constitute Personal Data (pD), Personally Identifiable Information (PII) or other similar definitions. 

If no other user related data is held within Your CI Sync instance, it potentially means the values in this attribute meets the definition of pseudonymisation in any particular jurisdiction legislation or standard. It is Your responsibility to make such determination.

Additional details of the data

Each source system record and attributes in-scope for synchronisation to ServiceNow CMDB (where in-scope relates all required fields for each asset type, and related records, selected via the user interface of Your Instance.

Persisted Synchronisation Data

Topic

Details

Basic description of the data

Correlation data such as serial numbers, device names, MAC Addresses and source/destination system internal record identifiers. The persisted synchronisation data takes on two forms within the Service (1) SearchKeys and (2) MatchedKeys.

Purpose within the Service

This data is used by CI Sync to identify matching records between Your source system records and Your ServiceNow CMDB CI records. This data is automatically created and managed via logic within Your Instance to (a) initially match source and destination records and (b) increase the speed of subsequently matching source and destination records. The primary purpose of persisting this data is system level performance and efficiency.

Additional details of the data

For SearchKeys 

A number of uniquely identifiable CI attributes as read from Your ServiceNow CMDB. 

  • The attribute values vary on a CI Class-by-CI Class basis but generally include values such as Serial Number, Device Name, MAC Address (etc) for each CI related to the in-scope synchronisation configuration. 

A number of uniquely identifiable reference data attributes as read from Your ServiceNow Reference Data tables. 

  • The attribute values vary on a record set-by-record set basis but generally include a correlation value from Choice Lists (from sys_choice), CMDB Groups (from cmdb_group), Companies (from core_company for matching manufacturer records), Locations (from cmn_location), Models (from cmdb_model).  The single correlation value is a searchable key in each of these tables (e.g. core_company.name, cmn_location.name, etc). 

The potential inclusion of a user related attribute as read from your ServiceNow User table (this section only applies if You have requested the functionality be implemented).

  • By default, SearchKeys do not include any user related attributes.  If You have requested that We include a user-related attribute that represents the Last Logged On User or Most Frequently Logged on User, User Principal Name, Owner (or something similar depending on the attributes available to each given source system) so it can be mapped to the Assigned_To attribute (or other similar attribute) on a CMDB CI record, then Your CI Sync instance will also be persisting a correlation value from Your sys_user table in ServiceNow. We will obtain Your confirmation of the both the source system attribute name and the sys_user attribute name before the values from the sys_user attribute are persisted.

  • It is Your responsibility to assess the values contained within the confirmed sys_user attribute, and therefore Your responsibility to determine whether the values constitute Personal Data (pD), Personally Identifiable Information (PII) or other similar definitions.

  • if no other user related data is held within Your CI Sync instance, it potentially means the values in this attribute meet the definition of pseudonymisation in any particular jurisdiction legislation or standard. It is Your responsibility to make such determination.

For MatchedKeys

  • Non-identifiable unique attributes from the source system (i.e. the internal record ID or GUID value) and ServiceNow (i.e. the sys_id).

  • In both cases the MatchedKeys exist for every record matched by Your Instance (i.e. every matched SearchKey).

Logging data

Topic

Details

Basic description of the data

Application Logs created during the processing activities of Your instance of CI Sync. You can define the Logging Level, including whether meta data is logged, within Your instance using the Settings page.

In addition, System Logs created by Our Cloud Host as part of the normal operation of the hosting platform and services.

Purpose within the Service

Application Logs are used to record and manage most application processing activities and events to render a subset of such details to Your End Users of the Service via the user interface.

System Logs are used to record and manage activities and events associated with the Hosted Environment.

Additional details of the data

For Application Logs

  • Job execution details (commencement date/time, completion date/time, info/warning/error details, completion status, and similar)

  • Task execution details (commencement date/time, completion date/time, info/warning/error details, completion status, and similar).

For System Logs

  • Cloud resource execution events, user authentication and authorisation events and similar.

Metrics and Billing Data

Topic

Details

Basic description of the data

Metrics and billing data created by the processing activities of Your Instance.

Purpose within the Service

Metrics are used by the Service to determine the progress and success (or not) of synchronisation jobs and tasks. Some of these metrics are presented via Application Logs to You as part of Your usage of the Service. Metrics are used by Us for performance tuning, scaling analysis and cost analysis of Your instance. Metrics may also be aggregated across all instances in the Service for the purpose of whole-of-platform performance tuning, scaling analysis, cost analysis and communication of total Service scale to potential customers.

Billing data, which is primarily based on the same metrics, is used by Us to ensure Your usage of the Service is in accordance with Your Subscription Plan.

Additional details of the data

Metrics includes counts of records by record type, processing durations and similar.

Billing data includes the number of unique records synchronised per record type.

8. Overview of Authentication and Security

The Service includes security controls as generally described below:

  • Authentication of Your Instance based on the Tenant ID of Your Azure Active Directory

  • Authentication and authorisation of Your End Users and the user interface of Your Instance

  • Authentication and authorisation between Your installed CI Sync Agent and each of Your configured source system data repositories

  • Authentication and authorisation between Your installed CI Sync Agent and Your CI Sync SaaS Instance

  • Authentication and authorisation between Your CI Sync SaaS Instance and Your ServiceNow

  • Cryptographic controls

Authentication of Your CI Sync SaaS Instance based on the Tenant ID of Your Azure Active Directory

You will be asked to provide Your Azure AD Tenant ID (GUID value) prior to Your Instance being provisioned. The Tenant ID is used by our provisioning process, so Your Instance knows to only accept tokens presented by Your Azure AD. This token validation process is used by Your Instance to authenticate Your End Users (accessing the user interface of Your Instance) and Your installed CI Sync Agent.

Authentication and authorisation of Your End Users and the user interface of Your Instance

User authentication and authorisation in the Service is based on the OAuth protocol and token-based identity management backed by Azure Active Directory (AAD) with role-based access controls.

The Service is designed so that only authenticated users can interact with the user interface of Your Instance. Your Instance will only accept a valid authentication token issued by Your Azure Active Directory (i.e. authentication to the Service is controlled by You based on Your End Users being authenticated to Your Azure Active Directory).

Your Instance applies roles to control authorisation and access to features of the Service. The roles generally consist of (1) those End Users expected to create synchronisation jobs and (2) the CI Sync Agent. Your AAD administrator will manage Your End User’s authorisation to Your Instance by assigning the required role.

Authentication and authorisation between Your installed CI Sync Agent and each of Your configured source system repositories

During the setup process You will create an authentication credential in each source system for use by the CI Sync Agent. You will grant this authentication credential permissions to access the source data repository. These permissions are granted within each given source system. The default permissions afforded to the authentication credential, and therefore the CI Sync Agent consist of the following (in high level terms):

  • The ability to read from all tables and resource object structures in the source system schema (this typically includes by default the ability to read all asset related data and user related data).

If the CI Sync default configuration settings are implemented, the CI Sync Agent will only query asset and asset related records (and associated attributes). For example, this includes serial numbers, MAC addresses, installed software, hostnames and so on. The CI Sync default configuration does not query user related data.

If You have requested that We include an attribute that represents the Last Logged On User or Most Frequently Logged on User, User Principal Name, Owner (or similar) so it can be mapped to the Assigned_To attribute (or other similar attribute) on a CMDB CI record, the CI Sync Agent will also query at least one user related attribute for the purpose of correlation.

We offer system documentation to explain the above concepts in detail.  If You do not have a copy of this documentation is Your responsibility to request it from Syncfish.  

It is also Your responsibility to assess the source system access rights afforded to the CI Sync Agent and determine if You wish to implement fine-grain access controls within source system to restrict greater than what is provided by the defaults. We offer system documentation to explain how You might go about implementing fine-grain access controls, however such controls are entirely dependent on the original vendor/s.

Authentication and authorisation between Your installed CI Sync Agent and You CI Sync SaaS Instance

Agent authentication and authorisation in the Service is also based on the OAuth protocol and token-based identity management via Azure Active Directory and role-based access controls.

The Service is designed so that only an authenticated Agent can interact with the relevant APIs in Your Instance. Your Instance will only accept a valid authentication token issued by Your Azure Active Directory (i.e. authentication of Agent/s to Your Instance is controlled by You based on Your installation of each Agent being authenticated to Your Azure Active Directory).

Your Instance applies roles to control authorisation and access to features of the Service. The roles generally consist of (1) those End Users expected to create synchronisation jobs and (2) the CI Sync Agent. Your AAD administrator will manage Your Agent/s authorisation to Your Instance by assigning the required role.

Authentication and authorisation between Your CI Sync SaaS Instance and Your ServiceNow

The authentication type used between Your Instance and Your ServiceNow is selected and managed by You. The following authentication types are supported by Your Instance:

  • Basic Authentication (username and password)

  • OAuth (Client ID and Client Secret)

  • Multi-factor Authentication (digest token)

We will provide You with Our recommended authorisation details in the form of a dedicated role within Your ServiceNow. You will be responsible for creating, maintaining and assigning this role to the related authentication credentials in Your Instance.

During the setup process You will create an authentication credential for use by Your Instance of CI Sync. You will grant this authentication credential permissions to access the ServiceNow destination data repository. These permissions are granted within ServiceNow by applying Roles to the user account You have created to permit Your Instance of CI Sync to access Your ServiceNow. The default permissions afforded to the authentication credential, and therefore Your Instance consist of the following (in high level terms):

  • The ability to read and write to the CMDB CI tables in ServiceNow.

  • The ability to read and write to various Reference Data tables in ServiceNow, including (but potentially not limited to) the following:

    • Choice lists [sys_choice]

    • CMDB Groups [cmdb_group]

    • Company [core_company

    • Location [cmn_location]

    • Model [cmdb_model]

    • Users [sys_user]

If the CI Sync default configuration settings are implemented, CI Sync will only access CIs and CI related records (and associated attributes). For example, this includes serial numbers, MAC addresses, installed software, hostnames and so on.  The CI Sync default configuration does not query user related data.

If You have requested that We include an attribute that represents the Last Logged On User or Most Frequently Logged on User, User Principal Name, Owner (or similar) so it can be mapped to the Assigned_To attribute (or other similar attribute) on a CMDB CI record, the Agent will also query at least one user related attribute from sys_user for the purpose of correlation.

We offer system documentation to explain the above concepts in detail.  If You do not have a copy of this documentation is Your responsibility to request it from Syncfish.  

It is also Your responsibility to assess the ServiceNow system access rights afforded to Your Instance of CI Sync and determine if You wish to implement fine-grain access controls within ServiceNow to restrict greater than what is provided by the defaults. We offer system documentation to explain how You might go about implementing fine-grain access controls, however such controls are entirely dependent on the original vendor/s (in this case ServiceNow for the database schema details and ServiceNow for role based access controls and ACLs on a table by table basis).

Cryptographic controls

We will use cryptographic controls in various components of the Service as detailed below:

  • HTTPS is used to secure data in transit between the user interface and Your Instance.

  • HTTPS is used to secure data in transit between each Agent and Your Instance.

  • All data at rest, including transient data and persisted data, is encrypted using functionality provided by the Cloud Host of the relevant storage technology.

9. Cloud Hosts

We use the following Cloud Hosts as part of the Service.

  • Microsoft (for the provision of Azure services)

  • MongoDB Atlas (for the provision some data storage services)

We may, at Our discretion, change Cloud Hosts from time to time.

10. Hosting Location

We can provision Your Instance in any location where Our Cloud Host/s offers the Hosted Environment. 

Some aspects of the Hosted Environment are provided globally by Our Cloud Host and not from a specified location (i.e. some services and components cannot be nominated at a specific location). We can provide You details of such services and components upon request.

We will work with You during the ordering process of the Service to agree upon the Hosting Location for Your Instance. The agreed hosting location will be reflected in Your Order (Initial Hosting Location).

You may request Us to change the Initial Hosting Location to a new location. Such request, and subsequent action to move the Initial Hosting Location, will be agreed in writing. Once the Initial Hosting Location has been moved it will be Your current hosting location (Current Hosting Location). Any subsequent change to the Current Hosting Location will use the same process. Fees apply to changes of Hosting Location as set out in this Agreement.

11. Subscription Plans

We offer the Service to You based on the following subscription plans:

  • CI Synchronizer (Professional Edition)

  • CI Synchronizer (Enterprise Edition)

  • Trial Subscription

11.1 Detailed Description of CI Synchronizer (Professional Edition)

Topic

Details

General Description

An instance of CI Synchronizer (Professional Edition) presented via a single unique URL for Your organisation. 

Furthermore:

  • An unlimited number of CI Sync Agents, and

  • An unlimited number of source system connectors (via the CI Sync Agent/s), and

  • An unlimited number of End Users.

  • Not including some features, functionality and record sets only available in CI Synchronizer (Enterprise Edition).

Record & Field Types Available to this Subscription Plan

The following Record and Field Types are included in this Subscription Plan:

  • Asset Oriented Record & Field Types (except for any identified in the “Not Available” section directly below)

Record & Field Types Not Available to this Subscription Plan

The following Record and Field Types are excluded from this Subscription Plan:

  • Any/all Event & Activity Oriented Record & Field Types.

The following Asset Oriented Record & Field Types are excluded from this Subscription Plan:

  • Digital Certificate (including Digital Certificate relationships)

  • Application Service Mappings

  • Operating System Services

  • Operating System Processes

  • Operating System Scheduled Tasks

  • Any Installed Software or Installed/Discovered Applications

  • Any Patches/Hotfixes

  • Common Exposures and Vulnerabilities

Billable Records

A Billable Record is each unique record synchronised by Your Instance which meet the criteria below.

 

For this Subscription Plan the following are deemed Billable Records:

  • All Asset Oriented Record & Field Types (except for those identified below as being excluded as a Billable Record).

For this Subscription Plan the following are not Billable Records (i.e. are not charged as extra records):

  • Hardware and virtualised components (displays/monitors, memory modules, network adapters, directly attached storage devices and volumes, VMware components such as datacenter, datastore, clusters, virtual networks, and similar).

  • Asset groups, tags and similar (if applicable to a given source system).

  • The Last Logged on Username field/value (if applicable to a given source system).

Quantity of Included Records

As identified on Your Order for this Subscription Plan.

Price Per Billable Record

As identified on Your Order for this Subscription Plan.

Initial Term

As identified on Your Order for this Subscription Plan.

Renewal Term

As identified on Your Order for this Subscription Plan.

Metering

We will monitor the number of Billable Records You are using via the synchronisation process in Your Instance.

 

In the event Your usage of the Service causes the number of Billable Records to exceed the Quantity of Included Records You ordered (as identified on Your Order):

  1. The Service may not synchronise beyond the number of Billable Records purchased in Your Order, and

  2. We will contact you to discuss remediation of the overconsumption.

For the purpose of Billable Record monitoring, We will provide an email notification of the following:

  • When Your usage of the Service is approaching the Quantity of Included Records You ordered.

  • When Your usage of the Service has exceeded the Quantity of Included Records You ordered.

Such notifications will be sent to the following parties in Your organisation:

  • The email address provided by You for the Service Owner (Primary Contact and Alternate Contact); and

  • The email address provided by You for Service Notifications.

Service Commissioning Inclusions

We will provision You a single instance of the the CI Synchronizer (Professional Edition) SaaS application which is suitable for connection to both Your Non-Production ServiceNow instance and then Your Production ServiceNow instance.

 

We will provide You with comprehensive planning and setup instructions, and work with you to prepare for the implementation of the Service initially using the default configuration of CI Sync which can be connected to Your Non-production ServiceNow instance.

 

Once the configuration of CI Sync has been validated against Your Non-Production ServiceNow You can create a second connection between Your instance of CI Sync and Your Production ServiceNow instance. The production connection will utilise the configuration of CI Sync which was validated with your Non-Production ServiceNow instance.

 

This process is called Service Commissioning and attracts a fee which will be specified in Your Order Form for the Service.

Fair Use Policy for Your Instance

For Synchronization of data into your Production ServiceNow instance:

  • Up to one Delta Synchronization per day (either scheduled or executed manually) per CI Sync Agent.

  • Up to one Full Synchronization per quarter (either scheduled or executed manually) per CI Sync Agent into your Production ServiceNow instance.

  • You are allowed to perform synchronizations up to the Quantity of Included Records stated in Your Order.

For Synchronization of data into your Non-Production ServiceNow instance:

  • You are expected to synchronize into one non-production ServiceNow instance only (not multiple ServiceNow instances).

  • The intent of non-production synchronization jobs into is for either (a) testing ServiceNow upgrades or (b) testing CI Sync configuration changes.

  • Non-production synchronization jobs are not intended for ongoing synchronization of data to keep your non-production ServiceNow CMDB up to date.

  • You should not create scheduled synchronization jobs for non-production ServiceNow instances.  Instead, you should only perform “run now” synchronization jobs.

  • You are expected to limit the number of records synchronized to non-production. 

The Fair Use limits are as follows:

  • No more than 10% of the Quantity of Included Records stated in Your Order per month.

  • No more than 150% (one and one half) the Quantity of Included Records stated in Your Order in one year.

Other Information:

  • The very first Delta synchronization will result in a synchronization of all in-scope records (Full Synchronisation).

  • Subsequent Delta synchronizations will result in a synchronization of only those in-scope records which have changed since the previous synchronization (Delta Synchronization).

  • A request by You to perform synchronizations in excess of this Fair Use Policy will be assessed on a case-by-case basis and require approval from Us.

11.2 CI Synchronizer (Enterprise Edition)

Topic

Details

General Description

An instance of CI Synchronizer (Enterprise Edition) presented via a single unique URL for Your organisation. 

Furthermore:

  • An unlimited number of CI Sync Agents, and

  • An unlimited number of source system connectors (via the CI Sync Agent/s), and

  • An unlimited number of End Users, and

  • Including features, functionality and record sets only available in CI Synchronizer (Enterprise Edition).

Record & Field Types Available to this Subscription Plan

The following Record and Field Types are included in this Subscription Plan

  • Asset Oriented Record & Field Types

Record & Field Types Not Available to this Subscription Plan

The following Record and Field Types are excluded from this Subscription Plan

  • Any/all Event & Activity Oriented Record & Field Types

Billable Records

A Billable Record is each unique record synchronised by Your Instance which meet the criteria below.

 

For this Subscription Plan the following are deemed Billable Records:

  • All Asset Oriented Record & Field Types (except for those identified below as being excluded as a Billable Record).

For this Subscription Plan the following are excluded as being a Billable Records (i.e. are not charged as extra records):

  • Digital Certificate (including Digital Certificate relationships)

  • Application Service Mappings

  • Operating System Services (capped quantity)

  • Operating System Processes (capped quantity)

  • Operating System Scheduled Tasks (capped quantity)

  • Installed Software

  • Installed/Discovered Applications

  • Any Patches/Hotfixes

  • Common Exposures and Vulnerabilities

  • Hardware and virtualised components (displays/monitors, memory modules, network adapters, directly attached storage devices and volumes, VMWare components such as datacenter, datastore, clusters, virtual networks, and similar).

  • Asset groups, tags and similar (if applicable to a given source system).

  • The Last Logged on Username field/value (if applicable to a given source system).

Quantity of Included Records

As identified on Your Order for this Subscription Plan.

Price Per Billable Record

As identified on Your Order for this Subscription Plan.

Initial Term

As identified on Your Order for this Subscription Plan.

Renewal Term

As identified on Your Order for this Subscription Plan.

Metering

We will monitor the number of Billable Records You are using via the synchronisation process in Your Instance.

In the event Your usage of the Service causes the number of Billable Records to exceed the Quantity of Included Records You ordered (as identified on Your Order):

  1. The Service may not synchronise beyond the number of Billable Records purchased in Your Order, and

  2. We will contact you to discuss remediation of the overconsumption.

For the purpose of Billable Record monitoring, We will provide an email notification of the following:

  • When Your usage of the Service is approaching the Quantity of Included Records You ordered.

  • When Your usage of the Service has exceeded the Quantity of Included Records You ordered.

Such notifications will be sent to the following parties in Your organisation:

  • The email address provided by You for the Service Owner (Primary Contact and Alternate Contact); and

  • The email address provided by You for Service Notifications.

Service Commissioning Inclusions

We will provision You a single instance of the CI Synchronizer (Enterprise Edition) SaaS application which is suitable for connection to both Your Non-Production ServiceNow instance and then Your Production ServiceNow instance.

We will provide You with comprehensive planning and setup instructions, and work with you to prepare for the implementation of the Service initially using the default configuration of CI Sync which can be connected to Your Non-production ServiceNow instance.

Once the test configuration of CI Sync has been validated against Your Non-Production ServiceNow You can create a second connection between Your instance of CI Sync and Your Production ServiceNow instance. The production connection will utilise the configuration of CI Sync which was validated with your Non-Production ServiceNow instance.

This process is called Service Commissioning and attracts a fee which will be specified in Your Order Form for the Service.

Fair Use Policy for Your Instance

For Synchronization of data into your Production ServiceNow instance:

  • Up to one Delta Synchronization per day (either scheduled or executed manually) per CI Sync Agent.

  • Up to one Full Synchronization per quarter (either scheduled or executed manually) per CI Sync Agent into your Production ServiceNow instance.

  • You are allowed to perform synchronizations up to the Quantity of Included Records stated in Your Order.

For Synchronization of data into your Non-Production ServiceNow instance:

  • You are expected to synchronize into one non-production ServiceNow instance only (not multiple ServiceNow instances).

  • The intent of non-production synchronization jobs into is for either (a) testing ServiceNow upgrades or (b) testing CI Sync configuration changes.

  • Non-production synchronization jobs are not intended for ongoing synchronization of data to keep your non-production ServiceNow CMDB up to date.

  • You should not create scheduled synchronization jobs for non-production ServiceNow instances. Instead, you should only perform “run now” synchronization jobs.

  • You are expected to limit the number of records synchronised to non-production. The Fair Use limits are as follows:

  • No more than 10% of the Quantity of Included Records stated in Your Order per month.

  • No more than 150% (one and one half) the Quantity of Included Records stated in Your Order in one year.

Other Information:

  • The very first Delta synchronization will result in a synchronization of all in-scope records (Full Synchronisation).

  • Subsequent Delta synchronizations will result in a synchronization of only those in-scope records which have changed since the previous synchronization (Delta Synchronization).

  • A request by You to perform synchronizations in excess of this Fair Use Policy will be assessed on a case-by-case basis and require approval from Us.

11.3 Trial Subscription

Topic

Details

General Description

A temporary instance of CI Synchronizer (Enterprise Edition) (Trial Instance) presented via a single unique URL for Your organisation for the purpose of trailing the Service (e.g for beta testing, for a pilot or other similar purposes).

Furthermore:

  • An unlimited number of CI Sync Agents, and

  • An unlimited number of source system connectors (via the CI Sync Agent/s), and

  • An unlimited number of End Users.

Billable Records

Not applicable

Record & Field Types Available to this Subscription Plan

Asset Oriented Record & Field Types

Record & Field Types Not Available to this Subscription Plan

Event & Activity Oriented Record & Field Types

Quantity of Included Records

As identified on Your Order for this Subscription Plan.

Price per Billable Record

As identified on Your Order for this Subscription Plan.

Initial Term

As identified on Your Order for this Subscription Plan.

Metering

We will monitor the number of records You are using via the synchronisation process in Your Trial Instance.

In the event Your usage of the Service exceeds the intent of a trial, as determined through Our discussions with You, We may limit and/or suspend Your use of the Service.

Service Commissioning Inclusions

We will provision You a single instance of CI Synchronizer (Enterprise Edition) which is suitable to connect to Your Non-Production ServiceNow instance.

We will provide You with comprehensive planning and setup instructions, and work with You to prepare for a trial implementation of the Service using the default configuration of CI Sync which can be connected to Your Non-Production ServiceNow instance.

This process is called Service Commissioning and attracts a fee which may be waived for a Trial. Any fees for Service Commissioning will be specified in Your Order Form for the Service.

Trial Instance

We will provide You with Trial Instance for the purposes described within this Trial Subscription Plan.

You must not use the Trial Instance for any production purpose.

Fair Use Policy for Trial Test Instance

Unless stated otherwise the Trial Instance will be subject to the following fair usage rules:

  1. Is not intended for use beyond two weeks.

  2. Is not intended for synchronisation of more than 5,000 source system assets.

12. Other Fees (in addition to Subscription Plans and Fees)

We provide the following services, for an additional fee, beyond the inclusions of Your Subscription Plan.

Professional Services

We can also provide a variety of professional services assistance to You in relation to source systems, ServiceNow and generally the integration and synchronisation of data between Your systems.

We will provide You with a Statement of Work for Our professional services and deliver such services based on receipt of a Your Purchase Order.

Change of Hosting Location

You may request Us to change the hosting location of Your Instance. Each change of location will incur a one-time fee of $2,000 USD plus any third party costs We incur in implementing the change.

Additional Instances

We are able to provide You with additional instances of the CI Sync SaaS application (i.e. beyond the instances included with Your Subscription Plan). Upon Your request for an additional instance/s, We will provide You with a Quotation and/or Order Form including the associated fees and any other related details. We will provision the additional instance/s upon receipt of Your Purchase Order.

13. Other Information

Open Source Software Licence Attribution

The Service includes certain free and open source software components (Open Source Software). The known list of unique Open Source Software licences included in the Service is shown in the table below.  This list will be updated from time-to-time but may not be 100% accurate at any given moment.

Licence Type

Licence Link

Licence Variants Used

Apache

https://www.apache.org/licenses/LICENSE-2.0

Apache-2.0, Apache2

AFL

https://opensource.org/licenses/AFL-3.0

AFL-2.1, AFL-3.0

BSD

https://opensource.org/licenses/BSD-3-Clause

0BSD, BSD-2-Clause, BSD-3-Clause

CC-BY

https://creativecommons.org/licenses/by/4.0/legalcode

CC-BY-3.0, CC-BY-4.0 

CC0

https://creativecommons.org/share-your-work/public-domain/cc0/

CC0-1.0

ISC

https://opensource.org/licenses/ISC

 

LGPL

https://www.gnu.org/licenses/lgpl-3.0-standalone.html

LGPL-3.0

MIT

https://opensource.org/licenses/MIT

MIT*

MPL

https://www.mozilla.org/en-US/MPL/2.0/

MPL-1.1, MPL-2.0

Python

https://docs.python.org/3/license.html#psf-license

Python-2.0

Map-Stream

https://github.com/dominictarr/map-stream/raw/master/LICENCE

 

WTFPL

http://www.wtfpl.net/about/

 

Zlib

https://opensource.org/licenses/Zlib

 

Blue-Oak

https://blueoakcouncil.org/license/1.0.0

BlueOak-1.0.0

    Find out more

    Talk with us to find discover CI Synchronizer, the available connectors and the services we offer to help you achieve CMDB excellence.

    Book a Demo

    Schedule a demo. See up close how CI Synchronizer works and how quickly you can start syncronising your IT Asset data into your CMDB.

    Request a Trial

    Syncfish offers customers the chance to trial CI Synchronizer. Contact Sales or book a demo to find out how to get setup with a trial.