Service Manager for MSPs

Travis WrightSenior Program Manager LeadMicrosoft Corporation

Overview

Service Manager is not specifically designed for Managed Service Providers (MSPs)

However….

You can make it work depending on • your requirements• how much effort you want to put into

it

What is an MSP?

• An MSP is an organization who provides a service to many different customers

• MSPs are typically one company providing the service to other customer companies

• The same principles often apply to one organization inside a company providing a service to other ‘customer’ organizations inside the same company

Common Requirements

• Separate access to view/edit data by customer

• Allow customers to access their data over an untrusted network connection (i.e. Internet)

• Allow non-AD users access• Keep track of assets and work items by

customer• MSPs want to be able to manage data

across customers

Terminology & Concepts

CI Groups

• Groups can be heterogeneous or homogenous collections of CIs

• Groups are used for:− Security boundaries, report parameters,

notification subscription criteria and view criteria• Groups can be dynamic, static, or both

− Dynamic example: All computers where domain property contains 'Redmond'

− Static example: twrightlaptop.redmond.microsoft.com

• Groups can contain groups• Any CI can be a member of multiple groups

Queues

• Conceptually queues are work item groups• A given queue contains work items of only

one class – Incident, Change Request, or Problem

• Queues are used for:− Security boundaries, view criteria, notification

subscription criteria and report parameters• A queue has dynamic membership criteria

only− Example: All incidents where Classification =

Office Applications and Priority < 3

Lists• A List is a set of defined values from which the user must

select• You can create new Lists or edit Lists provided out of the box• Lists can be hierarchical or flat

Class: Computer, Property: LocationList Values:

• United States• Washington State

• Seattle• Europe

• Dublin

• Groups/Queues can be created using these property values as dynamic criteria− 'All Seattle Computers' group is defined as all computers where Location

= Seattle

• Any given property of a class can have a data type of ‘enum’• When a property is of ‘enum’ data type it must be bound to a

List

User Roles• Operations are the actions that can be taken• Scopes define boundaries within which users have permission

to perform operations. Scope types are:− Group [Security], Queue [Security] and Class/Property [Security]− Task [Presentation] and View [Presentation]

• User Role Profile – define available set of operations− End User, Read Only Operator, Operator, Advanced Operator, Author,

Administrator

• User Role = User Role Profile + Scope− Example: ‘Tier 1 Operators’ user role is defined as Operator user

role profile + global CI group scope, Tier 1 incidents queue scope

• AD Users or User Groups are assigned to User Roles, a user can be a member of more than one user role

Reports

• Base Reports are reports with lots of parameters− Example: Incident Report has parameters like:

− Created Date− Last Modified Date− Priority− Etc.

• Linked Reports are Base Reports with some parameter values pre-defined− Example: 'Incidents Created This Week' is a

linked report which uses the Incident Report base report and sets the parameter Created Date to ThisWeek()

Management Group

• A management group is the term we use to describe a single installation of Service Manager

• A management group consists of:− Configuration Management Database (CMDB)− 1 or more 'Management Servers'

− API Layer (called 'SDK Service')− Workflow Host− Web sites− Linking/Connector Framework

− Data Warehouse− SQL Reporting Services Server

• These components can be installed on the same server or separate servers

Deployed Architecture

MSP Scenario #1

• We have multiple customers but they don’t need to interact with Service Manager at all.

• Customers initiate new incidents over the phone or email.

• We simply need a way to tag an incident, change request, CI, etc. to a particular customer

• Views and reports should be filterable, sortable by customer

MSP Scenario #1 Solution

• Create a new List for ‘Customers’• Add a new enum data type ‘Customer’

property to classes like Computer, CI, Incident, Change Request, etc. and bind it to the ‘Customers’ list

• Add the ‘Customer’ property to the appropriate forms using the Form Designer tool (to be provided in future)

• Use this new ‘Customer’ property to filter and sort in views and reports

• Optionally create queues and groups based on the ‘Customer’ property

MSP Scenario #2

• Same as Scenario #1 but we need to send reports to our customer

MSP Scenario #2 Solution

• Do everything in Scenario #1 Solution• Create a Linked Report for each customer

where you set the Customer parameter to a particular customer

• Set up a schedule to automatically generate the report and put it on a SharePoint site, file share, or email it to your customer in .pdf, .xlsx, or .html format

MSP Scenario #3

• We want end users at our customers’ sites to be able to use the self-service portal

MSP Scenario #3 Solution

• Set up permissions− Give each customer an AD user account to log in with− Put each customer user account in an AD user group− Put that AD user group in at least one user role (not the

End User user role)• Trusted Connection (VPN)

− Users must VPN into your network

MSP Scenario #4

• We want people at our customer’s site to be able to view (not create or edit) their own work items, CIs, etc.

• We want keep the data separated by customer so that customers only see their own data

• We want to be able to see combined views of all customers’ data

MSP Scenario #4 Solution

• Do the same as Scenario #1 solution• Create CI groups which logically represent

each customers CIs• Create queues which logically represent

each customers WIs• Create views for each customer using the

groups and queues as criteria• Create user roles based on Operator user

role profile for each customer and scope them to the groups and queues and grant them only the views corresponding to them

MSP Scenario #4 Challenges

• List Items cannot be scoped− Don’t put sensitive information in list item

values that customers can see• Report data is not scoped at all

− Don’t put customer users in a user role based on the Report User profile

• No web console in plans right now− This solution requires a trusted

connection (VPN) + AD user account since the main console is required for this

MSP Scenario #5

• Not only do we want users to be able to view CIs and WIs we want them to be able to edit, and create new ones

• We want our customers to have more control and allow them to manage their own List Items, Queues, Groups, User Roles, Templates, etc.

• We still want to have a cross-customer view

MSP Scenario #5 Solution

• Create one management group per customer

• Use VMs to reduce hardware costs• Use a central DW for all management

groups to consolidate data into one place

Scenario #5 Challenges

• No web console in plans right now− This solution requires a trusted connection (VPN)

+ AD user account since the main console is required

• No real time views across management groups− Only near-real time reports from the DW can

show you cross-management group data• No ability to see/edit/create CIs/WIs in

multiple management groups from a single place

• Only up to 5 source management groups are supported for each data warehouse

Scenario #6

• We use SCE to manage our customers’ sites. We want to bring the alerts and inventory data from SCE into Service Manager.

• We have a “top-tier” SCCM site in the same network as Service Manager that manages computers at customer sites over the Internet

Scenario #6 Solution

• Use Remote Operation Manager to consolidate data from multiple SCE installations into a single, central Ops Mgr

• Connect Svc Mgr to the Ops Mgr installation• Connect Svc Mgr to the “top tier” SCCM site

Conclusion

• There are many different variations on the six scenarios

• There is a lot of flexibility in the Service Manager product, but there are some impassable problems which may limit what you can do without extra effort/cost

• Service Manager v1 is not specifically designed for MSPs, but… we want to work with you to see what we can do to help you meet your requirements in the future

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.