MSP Deployment and Configuration Options
A Managed Service Provider can configure Cherwell® Service Management for simple access deployment or by using segregated tenants. The choices depend on the level of access and customization required by the tenants weighed against the cost of configuring and maintaining the system.
Simple Access Deployment
Tenants who do not require technician access can be hosted in a single instance of Cherwell Service Management. A simple access deployment is the simplest to configure and allows the MSP to rapidly add more tenants with very little overhead. If desired, individual CSM Portal sites can be configured to give tenants a branded view to make their experience feel customized.
Configuring this deployment requires adding a common field to all Business Objects (example: CompanyID) and auto-populating that field from the tenant entering a ticket. MSP technicians can set up dashboards and queries to filter on specific tenants or view tickets across all tenants.
Simple access deployment has the following advantages:
- Simple security configuration. The simpler the security configuration, the less likely mistakes will occur. In this model, all tenants to use the same Security Group although this is not required.
- Single CSM database. This requires less overhead for maintenance and backups.
- Management of a single content set. In this model, Business Objects are shared across all tenants, meaning there is less work to maintain, enhance, and test the content.
This deployment option has the following disadvantages:
- Portal-only access for tenants. Access to the Technician clients isn’t possible, because that would expose the data from all tenants in this model.
- Similar tenant experience. Since this is a single content set, the experience across tenants will be almost identical. Some customization can be achieved through individual Portals and Themes.
- Single configured SSO provider. The use of multiple SSO providers can be achieved through a Federated provider.
Tenants requiring the highest level of security and data segregation need the MSP to deploy a separate CSM instance for each tenant. Implementation of this deployment requires an integration from each tenant instance into the primary MSP instance for management of tickets between the systems. This can be achieved using one of the following options:
- Linked Objects, if the content between instances is similar
- Cherwell® REST API calls
- Jitterbit, if advanced integration logic is necessary
Configuring segregated tenants has the following advantages:
- Tenant experience can be completely customized. Since each tenant will reside in their own database, the content can be customized as much or as little as needed.
- Technician and Portal access. Tenants can access the Desktop Client and Browser Client in addition to the CSM Portal.
- Administrator access. In this model, customers can be provided access to CSM Administrator to manage their own users, security, and potentially even their own content.
- No potential for data exposure. Nothing from one tenant can be exposed to another.
- Per-tenant SSO provider.
This configuration has the following disadvantages:
- Multiple content sets. Must manage multiple content sets that could diverge over time, making changes and testing more difficult. This also might require setting up integrations to a common MSP system to manage tickets flowing between a tenant and the MSP.
- Multiple CSM databases. Each tenant is required to have its own database for segregation, requiring more overhead and maintenance.
- Increased hardware costs. Each tenant would require its own instance of the CSM Web Applications and services.