Service mapping for hybrid solutions

Gavin Jolly2 · ‎08-15-2022

Recently we had to tell a customer we could not map the application as they had deployed it even though it is a very common deployment pattern. We could not find any way to run a Service Map check when the app has the front end in the cloud and the back end on premises

Web application running in Azure
APIGEE Cloud API middleware
Network perimeter security (Firewall, Load balancer)
Web application with APIs
SQL and app servers

Any recommendations?

The issues we struck during this project.

Could not have a Service Mapping process start on one mid server and finish on another (Azure Cloud, and customer network)
APIGEE Cloud has no APIs to support any form of discovery (Had to upgrade to Enterprise to get the APIs and then they did not look at the APIs as deployed.
1. Could not build a Static item for Service Mapping to "hook into to", say with incoming and outgoing routes/connections
After discovering a web application which had a connection to the Apigee cloud API middleware the map was finished
The Azure patterns were so out of date they would not work, could not find the services behind an Azure load balancer - this was another issue but it caused significant issues
Could not find a way to manually "join the maps/Services"

James Hammond · ‎08-16-2022

Hello Gavin,

Can you tell me which Service Mapping method you chose to create this map? Based on what you've said so far, I'm going to guess that you've gone with the traditional Pattern Based with traffic based connections turned on.

I have never dealt with the APIGEE Cloud API myself, but I have worked at clients where they had a combination of onsite virtual resources & cloud based resources (The client was AWS rather than Azure). When it came to building Service Maps, we went with the Tag based mapping feature as the Discoveries we had for each environment were pulling back the Tags for each resource.

The client had to go through a massive exercise to improve their Tag Governance when they noticed the gaps in the map, but we were able to get a couple of maps accurate after they did the exercise.

I'm not sure if this is helpful, but it's the best option I can see for what the client has.

Gavin Jolly2 · ‎08-16-2022

The customer did not want to use Tag based as they already had services deployed in Azure, in Apigee (Google) cloud and on premises. If they had a CD process to maintain the tags that would have worked but they did not have time to do this and that was not our remit for the work.

The position we decided on was that ServiceNow could not map a hybrid environment where services were being discovered. We just had to split up each services into parts based on the hosting platform.

For Apigee as we could not discover anything we wanted to make a static item in the CMDB with its defined incoming and outgoing connections. When we evaluated the solution it could not be used/done without building a complete bespoke pattern to process a static file with the config for Apigee cloud and modifying the upstream pattern to connect to the "static"item.

Gavin Jolly1 · ‎09-05-2022

They want to use Pattern matching and not tag based due to the setup needed. It was interesting that with Pattern matching it all has to happen on the one MID server and cannot switch to another.

b__RajatC · ‎08-12-2024

Did you assign tags to onprem server as well?