ADVANCED HIGH

AVAILABILITY
ARCHITECTURE

www.service-now.com

ADVANCED HIGH AVAILABILITY ARCHITECTURE

WHITE PAPER

ADVANCED HIGH
AVAILABILITY
ARCHITECTURE

OVERVIEW
This document describes the ServiceNow Advanced High Availability architecture and explains
how the ServiceNow service meets the most stringent customer requirements.
ServiceNow provides a robust application platform service to support client service automation,
ITSM, workflow, and application integration requirements. This application platform service is
provided through a Software as a Service (SaaS) model, which helps clients take advantage of
this comprehensive software platform, 24x7 operations, and security monitoring. ServiceNow
has developed its SaaS platform to address performance, availability, continuity of service, as
well as confidentiality and integrity of the data and environment.

SERVICENOW SECURITY ARCHITECTURE

ServiceNow is a cloud-based service platform designed to automate enterprise IT operations.
The service is delivered through a SaaS model using a unique multi-instance architecture that
provides all customer with dedicated applications and database. The services are hosted within
ServiceNow data centers, and are accessible by customers through a web browser. The
application is protected by firewalls, load balancers, intrusion prevention systems, and a
segmented network architecture providing a protected production environment for each client.
As part of the design, browser requests are sent to the DMZ within the primary geographic data
center assigned to each customer. Once received, these requests pass through a pair of load
balancers used to identify the application server responsible for processing the request. The
request is assigned to a specific application instance operating inside a Java Virtual Machine
and a session is established with the end user. This session is maintained by the application
server until the users request has been handled and data has been stored or transmitted by
the request. Data is sent to and stored on a dedicated relational database (MySQL) catalog
preventing co-mingling of customer data.

SERVICENOW | 3

WHITE PAPER

ADVANCED HIGH AVAILABILITY ARCHITECTURE

HIGHLY AVAILABLE ARCHITECTURE

The data center and the cloud-based environment have been designed with high availability
as a core requirement. This design includes full redundancy and fault tolerance of electrical,
cooling, network, security, and server infrastructure. At the heart of this architecture, each
client instance is supported by an environment with multiple connections to the Internet.
Redundant network, security, and server infrastructure components are managed and
maintained by ServiceNow, isolating the ServiceNow SaaS environment from the rest
of the data center colocation environment.
The deployed servers are enterprise scale servers with redundant power and storage
configurations to ensure the maximum uptime and availability of the ServiceNow services.
Production application servers are load balanced for both availability and scalability reasons.
Production database servers are replicated in near real-time to a mirrored data center within
the same geographic region of Europe and North America.
We leverage our high availability architecture in three ways:
1. During a disaster of up to, and including, the complete loss of a data center, we will
failover the entire data center to its mirrored geographic data center
2. In the event of the failure of a customers infrastructure component, we will failover the
customer instances associated with the failed components over to the mirrored location
3. During our normal course of performing maintenance of infrastructure components,
we will failover the customer instances associated with the infrastructure maintenance
to their mirrored location and perform the maintenance on the vacated environment in
order to maintain the highest level of security, availability, and scalability

GLOBAL MIRRORED DATA CENTERS

North America: Culpeper, VA and San Jose, CA
Europe: London, U.K. and Amsterdam, Netherlands
*Canada: Montreal, QC and Toronto, ON
*Switzerland: Zurich and Geneva
*Australia: Brisbane, QLD and Sydney, NSW

Montreal
Toronto
London
Zurich
San Jose

Amsterdam
Geneva

Culpepper, VA

Brisbane
Sydney

* Advanced high availability capabilities available from these datacenters later in 2012

4 | SERVICENOW

ADVANCED HIGH AVAILABILITY ARCHITECTURE

WHITE PAPER

HIGH LEVEL OVERVIEW OF HA FAILOVER PROCESS

The HA failover process is comprised of six main steps which will be invoked through our cloud
automation platform, once our crisis management team determines the failover is required,
or scheduled maintenance activity is ready to be performed.
High Level Automated Failover steps:
1. Verify replication is synchronized between both data centers
2. Stop all application nodes associated with the customer instance
3. Reverse roles for each database from read-only to read-write, and vice versa
4. Change the database pointer to the read-write database within the application nodes
5. Change the DNS associated with the customer instance TTL
6. Start all application nodes associated with the instance

BACKUP AND RECOVERY

ServiceNow also maintains seven daily and three weekly backups on disk. The backup data never
leaves the ServiceNow data data centers. Backups are taken in both data centers on all customer
instances including sub-production and production instances. It is important to note the primary
recovery method of a customer production instance is to use the High Availability replica. The
backups are used as a secondary recovery mechanism.

SERVICENOW | 5

WHITE PAPER

ADVANCED HIGH AVAILABILITY ARCHITECTURE

CRITICAL RESOURCES
Critical system resources including DNS, ServiceNows instance management (HI), email and
ServiceNows cloud automation instance are operated in high availability configurations in a
minimum of two data centers, not relying on any of ServiceNows corporate infrastructure.
Moreover, development systems used for source code control and the software build
process are also hosted at the production data centers to ensure the highest continuity for
our developers. This enables developers to support and continue developing the application
without requiring physical access to ServiceNow offices.
Technical personnel required to monitor and maintain the ServiceNow platform operate on
a 7x24 basis and are located in two disparate geographic locations, the U.K. and the U.S.
We rotate our operations, infrastructure, and technical support personnel daily, so in the
event of a region wide disaster, the personnel in the opposite geographic region will
assume 7x24 responsibilities.

SUMMARY
Our Advanced High Availability architecture is designed to set new world-class availability
standards, ensuring that our customers achieve maximum security and data isolation though
our unique multi-instance architecture.
This high availability architecture not only accommodates for a disaster, but the same high
availability failover process is used for preventative maintenance, eliminating the need for a
yearly disaster recovery test, and creating a practiced failover event during performance of
normal maintenance.

6 | SERVICENOW

WWW.SERVICE-NOW.COM

12225 El Camino Real, San Diego, CA 92130 T | 858 720 0477 E | info@service-now.com

V110829

www.service-now.com