Expert
AdvisorWe're a service provider so we have our structure split out first by the customer support type (UK only support, or globally supported). We assign access at the "Global Customers" and "UK Only Customers" group - so support staff in the correct region see only the customer devices they should. We also sent a property for Service Now assignment group here.
There are customer sub-folders under each of these region folders. On each customer folder, we apply a property that is sent to our Service Now integration which aligns with the name of the customer as configured in Service Now. Very occasionally, we might give a customer read access to their respective folders.
We often also break down into device type under each customer, really just for setting device properties that wouldn't make sense being inherited by everything. So we would set wmi.user/wmi.pass on the "Windows Server" folder, snmp details on the "Network Devices" folder, etc.
For example:
- Global Customers
- Customer A
- Collectors
- Windows Servers
- Linux Servers
- Network Devices
- Virtualisation
- Customer B
- UK Only Customers
- Customer C
- Customer D
Alert routing wise, it's all going into Service Now, usually through a single integration, with the assignment group taken from the inherited property set at Global Customers and "UK Only Customers". We've fairly heavily modified the payloads being sent to Service Now and made changes to the scripts that run on the Service Now side so the behaviour better aligns with our processes.
There are a couple of exceptions where we route to Service Now but via a separate copy of the integration:
We do also have an "Internal" folder structure, further broken down by the Internal teams for whom we monitor devices/services for. Those send to Service Now as well, inheriting the assignmentgroup from the sub-folders.
