Breadcrumbs

Setup Overview (LSOP)

Contents of this Page

  1. Overview Diagram

  2. Overview of the High Level Setup Steps

  3. Links to Detailed Setup documentation and SME involvement

Overview Diagram

CI Sync for LS to SN - High Level Topology (inc Step Bubbles).png

Overview of the High Level Setup Steps

Each of the high level steps reference the CI Sync Detailed Setup Instructions. After reading the High Level Steps below we recommend visiting the Detailed Steps Oveview Page here Overview.

#

Component

High Level Supporting Notes

1

Enterprise Application object in Azure AD

  1. The CI Sync SaaS setup process requires you to create an Enterprise Application object in your Azure AD. This object controls authentication to the CI Sync UI of your CI Sync SaaS instance (i.e. your customer specific CI Sync instance).

  2. You will need to grant one/two users (those people who need to schedule sync jobs) to the Enterprise Application.

  3. Full details of the above are described in S2 - Enrol CI Sync SaaS to your Entra ID of the Detailed Setup Instructions.

2

App Registration object in Azure AD

  1. You will need to create an App Registration object in your Azure AD.  This object controls authentication between the CI Sync Agent (Windows Service) and your CI Sync SaaS instance (i.e. your customer specific CI Sync instance).

  2. You can use either Client Secret or Certificate based Authentication when configuring this object.

  3. Full details of the above are described in S3 - Create an Entra ID App Registration for CI Sync Agent Authenticationof the Detailed Setup Instructions.

3a

CI Sync Agent SQL Topics

  1. The CI Sync Agent (Windows Service) cannot read from the OEM version of SQL (which ships with Lansweeper) .. this is often called “LocalDB”.  If your Lansweeper setup was created with LocalDB you will need to upgrade to SQL Express Edition or SQL Standard Edition. 

  2. The CI Sync Agent requires a small additional SQL database which needs to be hosted on the same SQL Server as your Lansweeper SQL server (this DB is used for delta sync management and is referred to as the “RecVer Database”. The CI Sync Agent installation will automatically create this database, or a DBA can create in advance.  The setup instructions describe this.

  3. The CI Sync Agent needs ReadOnly access to the Lansweeper SQL Database (Lansweeperdb) and ReadWrite access to the CI Sync RecVer SQL Database (cisee_recver_lansweeperdb).  You can use either SQL Native Login or Windows Integrated Security for the CI Sync Agent (i.e. the Windows Service) to authenticate to the SQL server hosting these databases.  See diagrams on the sub-pages of SQL Authentication Diagrams (LSOP) (showing how agent authentication works and how it interacts with SQL).

  4. Finally, Syncfish recommend SQL Standard Edition so you can schedule two important SQL Maintenance Plans against the Lansweeper SQL DB and the CI Sync RecVer DB.  See the Syncfish Knowledge Base Article titled: How-to - Configure SQL Maintenance Plans on SQL database(s) for SQL based Source Systems Plan.

3b

CI Sync Agent (Windows Service)

Background Information

  1. Syncfish recommend reading the following article which describes the minimum specifications for the VM and SQL server used for the CI Sync Agent: FAQ - What are the Minimum Specs for the CI Sync Multi-Source On-Prem Agent. Key points from the minimum specs FAQ include:

    1. You should to install the CI Sync Agent on a Windows VM that is “near” your Lansweeper SQL Server (ideally “near” in terms of a high speed connection with low latency).

    2. The CI Sync Agent (Windows Service) can run on the same VM as a Lansweeper scanning server.

    3. The following specs are what Syncfish internally to test synchronizations of very large datasets on a regular basis. We use an Azure VM of “Standard D2 v3” with 2 x vCPUs, 8 GiB RAM, 127 GiB SSD (max throughput of 60 MBps & Max IOPS of 500) Standard SSD LRS, Windows Server 2019 (or 2022). Adding 16GB of RAM will boost performance.

    4. The CI Sync Agent requires outbound HTTPS to the Internet (to the integration API of your CI Sync SaaS instance and to reach login.microsoft.com).

  2. See also the diagrams on the subsequent pages (that show how agent authentication works and how it interacts with SQL).

    1. CI Sync Agent and SQL are on the same server (LSOP HL Setup)

    2. CI Sync Agent and SQL are on separate servers (LSOP HL Setup)

Installation Information

  1. Full details of the above are described in S4 - Install the On-Prem Multi-Source Agent of the Detailed Setup Instructions.

  2. After installing the CI Sync Agent you perform two additional steps:

    1. Register the CI Sync Agent with your customer specific CI Sync SaaS Instance. See S5 - Register the Multi-Source Agent & Setup Source Connections

      of the Detailed Setup Instructions.

    2. Add the Lansweeper On-Prem SQL as a source system that CI Sync can read from. See Add Lansweeper On-Prem of the Detailed Setup Instructions.

4

DEV/TEST ServiceNow

  1. You will need to create a user account (web service account only) for your customer specific CI Sync instance to use for authentication.  The user/web service account can use Basic Auth or OAuth.

  2. Syncfish provide a list of OOTB roles to be assigned to the account.  These are least privileged roles that allow read/write to CMDB tables and several other reference tables.

  3. For performance reasons Syncfish recommend two settings are made in ServiceNow (an API timeout value is increased, and a dictionary value is set on the CMDB). 

  4. Full details of the above are described in S6 - Configure your ServiceNow for CI Sync of the Detailed Setup Instructions.

5

CI Sync SaaS

You then do the following using your Non-Production ServiceNow Instance (e.g. ServiceNow DEV or TEST)

  1. You will add a Destination Connection (i.e. to your ServiceNow) in your CI Sync SaaS instance using the CI Sync Web UI. 

    1. See S7 - Add your ServiceNow Instance as a Destination for CI Sync of the Detailed Setup Instructions.

  2. You will run your first Sync job (a small one to start with) and then run additional sync jobs.

    1. See S8 - Run a small first Sync (then run more)of the Detailed Setup Instructions.

  3. You will assess the resulting data in your non-Production ServiceNow instance.

  4. Once you are satisfied your non-production results/data is satisfactory you will progress to Production (see #6 below).

6

PROD ServiceNow

The transition to synchronization into your Production ServiceNow instance is very simple:

  1. You repeat the activities mentioned in #4 above.

    1. Add a User Account (with the relevant roles).

    2. Check the REST API timeout setting and check the CMDB dictionary setting.

  2. You repeat the activities mentioned in #5 above.

    1. Add a Destination Connection (i.e. to your Production ServiceNow) in your CI Sync SaaS instance using the CI Sync Web UI. 

    2. Run your first Sync job (a small one to start with), review the results/data and then run additional sync jobs.

Important Information about Non-Production vs Production Synchronization

Before sync’ing to production we recommend you inform the Syncfish Team. This ensures Syncfish are aware in case you need extra assistance and also means Syncfish can advise how to check whether any specific CI Sync configuration settings need to be promoted from your CI Sync Test Config to your CI Sync Prod Config.

Step-by-Setup Setup Process and SMEs Required

Step #

Additional Details

Link

SME Audience

Estimated Time to Complete the Step

Step 1

Review the Pre-Installation Checklist

Here

All SMEs

10 minutes

Step 2

Enrol the CI Sync SaaS application into Entra ID

Here

AAD Admin

5 minutes

Step 3

Create an Entra ID App Registration for the CI Sync Agent

Here

AAD Admin

5 minutes

Step 4

Install the Multi-Source CI Sync Agent (on a VM)

Here

Infrastructure SME
On-Prem AD Admin#1

5 minutes

Step 5

Register the CI Sync Agent, then Setup one/more Source System Connections

Here

Source System Admins
AAD Admin#2
SQL DBA#3

20 minutes

Step 6

Configure ServiceNow to be ready for CI Sync

Here

ServiceNow Admin

5 minutes

Step 7

Add your ServiceNow destination connection

Here

CI Sync Admin

5 minutes

Step 8

Run a small first synchronization and then progressively run more larger syncs

Note: In addition to the instructions via the “here” link, Syncfish highly recommend reading the following page before your first sync

FAQ - What are the Top Tips when first synchronizing data to my non-PROD CMDB?

Here

CI Sync Admin

Source System admin/s

One or more of the following:

  • ServiceNow Admin

  • ServiceNow platform owner

  • CMDB Manager

  • IT Asset manager


Other recommended sections to read


Appendix A

Understand how the CI Sync Agent Authenticates to SQL Server

Here

Infrastructure SME
SQL DBA#3


Appendix B

Review SQL DB Health and Configure SQL Maintenance Plans

Here

SQL DBA#3


 Footnotes

#1

On-Prem Active Directory SME only required if your SQL server is hosted separately (remotely) from the server that will run the CI Sync Agent.

#2

Entra ID SME is required if you intend to use synchronization source connections for cloud hosted products which require an Entra ID App Registration (service principal) for authentication.

#3

A SQL DBA is required if the person performing the CI Sync Agent installation does not have SQL sysadmin rights on the relevant SQL server.