Technology Risk Calculations in Application Portfolio Management's TPM

mcastoe · ‎02-08-2023

One of the most popular features of Application Portfolio Management (APM) is Technology Portfolio Management (TPM). The module of APM allows users to first identify a normalized inventory of Software and Hardware technologies that comprise a particular instance (Application Service) of a Business Application and second, if available, show the Publisher and Internal Support lifecycles for said technologies. See this article on Community for a big picture overview of TPM: Technology Portfolio Management made easy.

Another key function of TPM is to calculate risks based upon these lifecycles and roll them up from the technology to the Application Service, Business Application and finally the Business Capability. This article seeks to provide details on how these risk calculations work and how they might be tailored to your organization’s particular needs.

The Risk Evaluation

The Risk evaluation is executed as a Scheduled Job that can easily be configured via APM’s Guided Setup. The process follows this flow:

For each TPM Application Service Software Model record:
- Evaluate the Software Model’s Publisher and Internal lifecycles
  - If Custom Evaluation Scripts have been defined, use it/them. Extensions of the script include, productModelCustomRiskCalculation
  - Out of the box evaluation uses the TPM Risk Parameters definitions (configurable in APM Guided Setup) to evaluate the risk of the Software Model
    - For each Risk Parameter save the model’s Risk score. See description of Risk Parameters below…
  - Set the Software Model Risk Score
    - The highest Risk is used in the order High, Medium, Low from the four parameters.
- For each TPM Application Service Hardware Model record:
  - Evaluate the Hardware Model’s Publisher and Internal lifecycles
    - If Custom Evaluation Scripts have been defined, use it/them. Extensions of the script include, productModelCustomRiskCalculation
    - Out of the box evaluation uses the TPM Risk Parameters definitions (configurable in APM Guided Setup) to evaluate the risk of the Hardware Model
      - For each Risk Parameter save the model’s Risk score. See description of Risk Parameters below…
    - Set the Hardware Model Risk Score
      - The highest Risk is used in the order High, Moderate, Low from the four parameters.
- For each Application Service, evaluate the Software and Hardware Model Risk value and set the Application Service Risk Score accordingly.
  - If a custom script has been defined for Application Service Risk evaluation use it/them. Extensions are from the script include, AppBusinessServicesCustomRiskCalculation
  - Otherwise…
    - If any reports High, then set to high
    - If none are high, then if any are moderate, set to moderate
    - If no high or moderate, set to Low
- For Each Business Application, evaluate the Risk score based upon the scoring of the Application Services
  - The script include, BusinessApplicationCustomRiskCalculation can be extended to provide custom evaluation
  - Out of the box evaluation considers each Application Service Risk value and set the Business Application Risk score accordingly.

Risk Parameters

As described above, there are a set of Risk Parameters defined out of eth box for Software and Hardware. The Asset Management lifecycles define two types of lifecycles: Internal and Publisher. Internal are derived internally to represent your organization internal support lifecycle while the Publisher are those defined by the Software Publisher / Hardware Manufacturer. The Parameters evaluate the lifecycles for the provided product model and return high, moderate, or low based on the particular evaluation.

HW Model Internal Aging Risk – examines the End of Life data on Internal lifecycle(s)
- If date > 180 days, return low
- If date >= 90 days and < 180, return moderate
- If date < 90 days, return high
HW Model Internal Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
HW Model Publisher Aging Risk– examines the End of Life data on Publisher lifecycle(s)
- If date > 180 days, return low
- If date >= 90 days and < 180, return moderate
- If date < 90 days, return high
HW Model Publisher Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
SW Model Internal Aging Risk – examines the End of Life data on Internal lifecycle(s)
- If date > 180 days, return low
- If date >= 90 days and < 180, return moderate
- If date < 90 days, return high
SW Model Internal Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
SW Model Publisher Aging Risk– examines the End of Life data on Publisher lifecycle(s)
- If date > 180 days, return low
- If date >= 90 days and < 180, return moderate
- If date < 90 days, return high
SW Model Publisher Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high

Configuration

TPM Risk evaluation can be conveniently managed from APM Guided Setup. Select the Technology Portfolio section and choose Risk parameters to configure the Risk Parameters. Also, you should configure the Load TPM Risk Parameters and compute Application Service Risks job so it is run daily.

Advanced configuration would include configuration of extensions to the Custom evaluation scripts mentioned above.

thank you and hope this helps. Happy APMing,

mark

OliverJacob12 · ‎03-27-2023

@mcastoe wrote:
One of the most popular features of Application Portfolio Management (APM) is Technology Portfolio Management (TPM). The module of APM allows users to first identify a normalized inventory of Software and Hardware technologies that comprise a particular instance (Application Service) of a Business Application and second, if available, show the Publisher and Internal Support lifecycles for said technologies.   See this article on Community for a big picture overview of TPM: Technology Portfolio Management made easy.

Another key function of TPM is to calculate risks based upon these lifecycles and roll them up from the technology to the Application Service, Business Application and finally the Business Capability. This pokemon infinite fusion calculator unblocked article seeks to provide details on how these risk calculations work and how they might be tailored to your organization’s particular needs.

The Risk Evaluation
The Risk evaluation is executed as a Scheduled Job that can easily be configured via APM’s Guided Setup.   The process follows this flow:

For each TPM Application Service Software Model record:
Evaluate the Software Model’s Publisher and Internal lifecycles
If Custom Evaluation Scripts have been defined, use it/them. Extensions of the script include, productModelCustomRiskCalculation
Out of the box evaluation uses the TPM Risk Parameters definitions (configurable in APM Guided Setup) to evaluate the risk of the Software Model
For each Risk Parameter save the model’s Risk score. See description of Risk Parameters below…
Set the Software Model Risk Score
The highest Risk is used in the order High, Medium, Low from the four parameters.
For each TPM Application Service Hardware Model record:
Evaluate the Hardware Model’s Publisher and Internal lifecycles
If Custom Evaluation Scripts have been defined, use it/them. Extensions of the script include, productModelCustomRiskCalculation
Out of the box evaluation uses the TPM Risk Parameters definitions (configurable in APM Guided Setup) to evaluate the risk of the Hardware Model
For each Risk Parameter save the model’s Risk score. See description of Risk Parameters below…
Set the Hardware Model Risk Score
The highest Risk is used in the order High, Moderate, Low from the four parameters.
For each Application Service, evaluate the Software and Hardware Model Risk value and set the Application Service Risk Score accordingly.
If a custom script has been defined for Application Service Risk evaluation use it/them. Extensions are from the script include, AppBusinessServicesCustomRiskCalculation
Otherwise…
If any reports High, then set to high
If none are high, then if any are moderate, set to moderate
If no high or moderate, set to Low
For Each Business Application, evaluate the Risk score based upon the scoring of the Application Services
The script include, BusinessApplicationCustomRiskCalculation can be extended to provide custom evaluation
Out of the box evaluation considers each Application Service Risk value and set the Business Application Risk score accordingly.

Risk Parameters
As described above, there are a set of Risk Parameters defined out of eth box for Software and Hardware. The Asset Management lifecycles define two types of lifecycles: Internal and Publisher. Internal are derived internally to represent your organization internal support lifecycle while the Publisher are those defined by the Software Publisher / Hardware Manufacturer. The Parameters evaluate the lifecycles for the provided product model and return high, moderate, or low based on the particular evaluation.
HW Model Internal Aging Risk – examines the End of Life data on Internal lifecycle(s)
If date > 180 days, return low
If date >= 90 days and < 180, return moderate
If date < 90 days, return high
HW Model Internal Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
HW Model Publisher Aging Risk– examines the End of Life data on Publisher lifecycle(s)
If date > 180 days, return low
If date >= 90 days and < 180, return moderate
If date < 90 days, return high
HW Model Publisher Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
SW Model Internal Aging Risk – examines the End of Life data on Internal lifecycle(s)
If date > 180 days, return low
If date >= 90 days and < 180, return moderate
If date < 90 days, return high
SW Model Internal Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high
SW Model Publisher Aging Risk– examines the End of Life data on Publisher lifecycle(s)
If date > 180 days, return low
If date >= 90 days and < 180, return moderate
If date < 90 days, return high
SW Model Publisher Stage Risk – examine the current stage/phase based on today’s date and return the Risk value defined on the Lifecycle itself. Very High is translated to high

Configuration
TPM Risk evaluation can be conveniently managed from APM Guided Setup. Select the Technology Portfolio section and choose Risk parameters to configure the Risk Parameters. Also, you should configure the Load TPM Risk Parameters and compute Application Service Risks job so it is run daily.

Advanced configuration would include configuration of extensions to the Custom evaluation scripts mentioned above.

thank you and hope this helps. Happy APMing,

mark

As organizations continue using technology building blocks from different vendors, it becomes quite tedious to manage and keep track of various technologies. If technologies are not updated periodically, and timely with different versions/models, they eventually turn into a liability to key business functions and products.

The underlying technologies of the business applications used in your enterprise have a shelf life that must be actively managed and diligently monitored to track their versions and lifecycle.

In the Technology Portfolio Management timeline, you can see the internal and external life-cycle phases of all technologies or product models used in your organization. The color code indicates the stage at which the technology is in terms of the risk factor.

Users can view the risks associated with business applications in various ways thanks to the TPM timeline panel. Views might be simply a list of Business Apps that are categorized by Product Classification, Software Model, Application Backlog, or the applications’ underlying technology.

You can drill down to the specific underlying application service that each of these views supports, the underlying technology that each of these views operates on, or the specific business application that is being used.

The Enterprise Architect (EA) can use the timeline view to track the versions and life cycles of technologies, and the number of applications running on those technologies. EA can assess risks on a business application due to its end of life, and create demands and projects as needed.

You can click the risk bubble of a software model to view the scores at the risk parameter level.

fibssy · ‎10-16-2023

Hi ServiceNow Family,

I need some assistance and I hope someone can help me. I am in the process of setting up TPM and I noticed some issues with Business Application Risk Calculation. In my research I have found this docs page, but unfortunately its not detailed enough for me to follow through. Here is my issue:

After I run the scheduled job all Business Application Risk Values are showing as not assessed.

I think that the main reason for this is, that all application services in my instance are in the mapped application service (cmdb_ci_service_discovered) table and a quick look in the script include shows that the system is using the business_service table.

I have found this docs page, where it is referring to Scripted Extention Points for custom risk calculation, but the document is not detailed enough for me to get this working.

Can someone help me to get this working.

Details:

Business applications: cmdb_ci_business_app

Application services: cmdb_ci_service_discovered

Relation: cmdb_rel_ci, type consumes : : consumed by