Automic SaaS Service Description
Automic SaaS offers the powerful enterprise automation capabilities of Automic Automation as a SaaS deployment. Automic SaaS provides a single point of control that unifies and simplifies automation across mainframe, distributed, and hybrid cloud environments. With the SaaS delivery model, you offload the management of the underlying automation engine and database to Broadcom and optimize costs with predictable, subscription-based pricing. You also get the latest features faster as well as a solution that dynamically expands to meet peak performance needs.
This page provides a high-level overview of what an Automic SaaS subscription comprises. The service description applies to all active releases of Automic SaaS.
Important! Automic SaaS and Automic Automation versions have slightly different release cadences. This is why you may read about features in the product documentation that are not available on your environment yet. This deviation in content happens only during a short period of time.
This topic includes the following:
Automic SaaS Subscription
With Automic SaaS, Broadcom ensures that all Automic Automation's powerful scheduling, orchestrating and integrating capabilities are available to customers without their having to download the software, install, configure and maintain it. You will be ready to reap the benefits of Automic SaaS with a minimum investment in customizing Automic SaaS to adapt it to your organization's needs.
The Automic SaaS Listing describes in detail the complete scope of an Automic SaaS subscription: environments, use rights and limitations, SLA, what data is collected and where it is stored, how long it is stored, how metrics are calculated, and so on. You can find the listing under the SaaS Offerings section at SaaS Offerings and Resource Center.
Once subscribed, Broadcom sends you a Welcome to Automic SaaS email providing you with information on how reach out to the various Broadcom portals and services that you will need as well as the links and data that you need to access your Automic SaaS environments - including the system name.
Important! There is no reason to change the system name unless you are moving to Automic SaaS from an on-premises environment. In this case, you probably want to keep your system configuration and the configuration of your Agents as it was in your on-premises system. To change the system name, you must place a Service Request through the Broadcom Support Portal. If you decide to change the default system name, do it immediately after receiving the Welcome to Automic SaaS email and registering to the Broadcom Support Portal and BEFORE configuring anything on any of the environments. Upon your service request, Broadcom will provision brand new environments with the new system name. The original ones will be decommissioned and any configuration will be lost.
If you are an Automic Automation customer and you want to move your on-premises system to SaaS, you do not need to migrate or convert your system. Moving is as easy as exporting the data in your database and importing them into the Automic SaaS database.
The Automic SaaS database is PostgreSQL and it supports Unicode/UTF-8. If the data in your Automic Automation database is not compliant with UTF-8 and if you are using objects such as Code Tables, you must ensure that your data are compliant with Unicode/UTF-8 before they can be imported into the Automic SaaS database.
For more information about moving an existing Automic Automation system to Automic SaaS, please read Setting Up Automic SaaS for Existing Customers.
About the Welcome Email
The Welcome to Automic SaaS email contains the following information:
-
Your account details
-
Credentials to log in to Client 0 and Client 100 in both environments
-
Information about your production and non-production environments, including the assigned system names and the AWI, JCP, and REST endpoints.
Important! If you decide to change the default system name, do it immediately after receiving the Welcome to Automic SaaS email and registering to the Broadcom Support Portal and BEFORE configuring anything on any of the environments. Upon your change request, Broadcom will provision brand new environments with the new system name. The original ones will be decommissioned and any configuration will be lost.
-
Endpoint to reach the FTP server
As soon as everything is set up and Automic SaaS starts executing processes, the resulting execution data and reports are recorded on a daily basis and stored in an archive file. You can access this file through this FTP endpoint.
For more information about data retention, see Data Maintenance and Records.
-
Reference to access information about the status of your environments on the Service Status Portal.
-
Links to channels where you can find useful information (the Broadcom Software Academy and Broadcom's Monthly Newsletter).
Service Provisioning
Broadcom provisions two fully functional environments (production and non-production) and hosts an Automation Engine for each of them.
For more information about the environments delivered and their default users, see:
Agents are not provisioned. However, an Automic SaaS subscriptions entitles you to use almost all of the Agents available. For more information, see Agents below.
Automic SaaS customers get the latest version of the Automic SaaS offering available. The upgrade schedule will be published three to six months in advance depending on the type of upgrade (minor, service pack or major).
For more information about environments, upgrades, emergency maintenance and such, please refer to the Automic SaaS Listing.
Important!Automic SaaS and Automic Automation versions have slightly different release cadences. This is why you may read about features in the product documentation that are not available on your environment yet. This deviation in content happens only during a short period of time.
Two Environments: Non-Production and Production
With your Automic SaaS subscription you get access to two fully functional environments: a production and a non-production environment:
-
Non-production environments
A non-production environment is your development and testing system.
Here is where you can plan and create the objects and Workflows that you want to implement and then test them under productive conditions without putting your business processes at risk.
-
Production environments
A production environment is your live system where you execute your daily business processes.
Important! Never introduce changes that you have not tested thoroughly in a non-production environment to your production environment.
Default Clients and Users in Automic SaaS
Each environment has two default Clients, Client 0 and Client 100.
Client 0 is a pre-configured administration Client and its access should be restricted to the Automic SaaS administrator(s) only. You cannot change its configuration. If you need any change, you have to place a Service Request through the Broadcom Support Portal.
Note: Since many of the usual administration tasks performed in Client 0 are performed by the Automic SaaS provider, they are restricted for Automic SaaS administrators and do differ from those available to non-SaaS Automic Automation administrators.
Developers and object designers create and configure objects, execute and monitor them in production Clients. Client 100 is a production Client delivered by default and you can choose if you want to use it or not. To add more production Clients to your environment, you have to place a Service Request through the Support Portal. You can also configure them to best fit your company's needs.
Each of the two Clients has one default User and the respective login data is provided in the Welcome to Automic SaaS email; it contains the credentials that you need to log in to each Client for the first time. As soon as you log in, you will be prompted to change the password.
To add more Users to Client 0 you must place a Service Request through the Support Portal. There are no restrictions to add additional users to Client 100.
For more information about Clients and Users, see:
-
Basic definitions for new Automic SaaS users.
-
Clients and Users in Automic SaaS
Overview of the Clients and Users delivered with Automic SaaS environments.
-
Clients and Users (USER)
Automic Automation documentation on Clients
-
What you can do in the Clients list. Some of the options are not available in SaaS environments.
Important! Make sure that the configuration of Client 0 is identical in your non-production and production environments; otherwise, you cannot test your changes under productive conditions and you risk corrupting your business data.
Agents
An Automic SaaS subscription entitles you to use almost all of the Agents available. For more information, please refer to the Use Rights and Limitations section of the Automic SaaS Listing.
The default Automic SaaS environments provisioned do not include any Agent. Installing Agents, authenticating, configuring and maintaining them falls under the responsibility of the Automic SaaS administrator. They can be installed either on-premises or in the cloud.
The Agent authentication available for Agents in Automic SaaS environments is LOCAL.
For more information, see:
-
Basic definition of Agent for new Automic SaaS users.
-
This topic and its subtopics describe how to add an Agent object and explain how to work with them.
-
Installing and Configuring Agents for Container-Based Systems
This topic guides you through installing Agents.
-
This topic and its subtopics describe how authenticating Agents works in Automic Automation.
Security
Broadcom SaaS implements a defense-in-depth approach to the security of our environments which mitigates the impact of any one vulnerability. We leverage strong authentication, privileged access management, vulnerability and patch management, segmentation, and security monitoring to prevent or detect any malicious activity.
Security Framework
Broadcom SaaS continuously improves the security framework by doing the following:
-
Risk management drives policy creation
-
Policy shapes architecture
-
Architecture drives engineering solutions
-
Solutions are sustained by operations and administration.
-
Operations and administration efforts are monitored for performance and compliance (depending on risk)
-
Performance/compliance test results drive policy improvements
-
Architectural Security
Architectural Security
Automic SaaS security architecture is comprised of controls and security measures across the facility, network, and server infrastructure which are audited annually under SSAE18 SOC2 standards.
These measures comprise:
-
All web traffic is protected by SHA256 bit TLS 1.2 or higher encryption and 2048 bit RSA public keys. Automic SaaS email services support TLS encryption.
-
Security software components to handle threat management, SIEM, IDS, and anti-virus to provide server security
-
“Stateful” inspection firewalls, which deny by default all incoming traffic, analyze it, and prevent standard internet attacks. Application servers are located in a different zone separated from the service database servers by a firewall. Only the necessary ports are opened between that zone and the internal trusted network.
Important! For security reasons, we need you to provide us with your IP address range information so that we can allow User and Agent access to the exposed Automic SaaS endpoints. Without this information, you will not be able to connect and start the onboarding steps. Please open a support ticket and indicate “Automic SaaS” to provide your IP address range information - individual IP address, subnet(s), or ASN - at your earliest convenience.
Security Scans
Broadcom contracts with an independent, third-party vendor to evaluate and validate the security of our service on an ongoing basis. Critical and high risks are identified, validated, and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. Ongoing scans are performed to ensure that no new risks have been introduced. Two types of scans are performed:
-
Vulnerability Scans: Vulnerability tests are performed weekly in the production system. Patches and updates are scanned prior to deployment to production
-
Penetration Scans: Penetration tests are performed upon significant service updates but no less than annually.
Data Center Security
Broadcom contracts with world-class data centers that provide multiple levels of security to protect customer information. This protection includes physical and logical security measures.
Data Location
Broadcom maintains data centers in the United States and in the European Union. Customers are assigned to one of these regions, as stipulated in the Automic SaaS Listing.
Data Maintenance and Records
As soon as everything is set up and Automic SaaS starts executing processes, the resulting execution data and reports are recorded on a daily basis and stored in an archive file. The data is stored for the period of time stipulated in the Data Retention, Archiving and Backup section of the Automic SaaS Listing. Once this period of time has elapsed, the data is deleted.
You can access this file through the FTP endpoint. It is recommended automating a process to retrieve this data daily.
Broadcom takes care of the data maintenance using the AE Utilities. However, Automic SaaS administrators do not have access to the database nor to the Utilities. At object level, Automic SaaS users only have Read access to the Utility objects relevant for the data maintenance.
For more information, see:
-
Clients and Users in Automic SaaS
Overview of the Clients and Users delivered with Automic SaaS environments.
-
Overview of the AE Utilities and how they are used to maintain data records.
The Automic SaaS Listing also provides information on disaster recovery and data retention upon service termination.
See also: