Configure domain separation

You can configure Event Management for domain separation to create logically defined domains that limit unauthorized access to data. With domain separation, Event Management users can only see and manage alerts and events from their own domain.

Before you begin

Role required: em_mng_integration

About this task

Activate the Domain Support – Domain Extension Installer plugin and configure the MID Server for Event Management.
The following Event Management features support domain separation.
Table 1. Features that support domain separation
Feature Support
Alerts console Supported.
Alert and event rules Supported.
Alerts groups Supported.
Alerts panel and dashboard Supported.
Business service groups Supported.

Limitation: The user can define a business service that is visible in other domains with services that are not visible in other domains. In this case, other domains can see impact results but cannot see how this result was calculated.

Event – alert flow Supported.

Separation is based on the domain user that sent events. User access is required for the credentials of the sending API events or in the configuration of the MID Server reporting events.

In a multi-domain environment, each MID Server can serve only one domain according to the integration user that it uses. In the configuration of the connector instance, make sure that the MID Server uses the same domain as Event Management.

Impact calculation Supported.

Segregation is based on the manner in which CIs are segregated.

Impact rules Supported.
Manual services Partially supported.

Segregation is based on the manner in which CIs are segregated.

Technical services Partially supported.

Segregation is based on the manner in which CIs are segregated. Note: The discovery process does not segregate CIs by domain.

Remediation Supported.

While editing alert rules, users can only apply relevant workflows.

Service administration Supported.

Procedure

  1. Activate the Domain Support – Domain Extension Installer plugin if it is not already active.
  2. Configure a connector instance to use a MID Server from same domain as Event Management.