- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
03-22-2022 12:47 PM - edited 06-02-2023 12:11 PM
Functional Requirements
Functional requirements are broadly classified into two categories: Hardware and Software. To pull CI information from AWS, follow the three data pull strategies below:
Baseline
- This is fresh import of data from AWS into the CMDB CI Database.
- After importing, we will record the time of import, this will be the input for the incremental pull.
Incremental Update/Delta:
- Delta or Incremental update will pull the resource data which was updated or created after the last pull.
Deletion
- We will identify the resource as deleted and perform the operation based on the hardware or software type.
Discovered Hardware CIs
# | Class Name | CI Name | API Source |
1 | Cloud Organizations | cmdb_ci_cloud_org | Organizations |
2 | Cloud Service Account | cmdb_ci_cloud_service_account | Organizations |
3 | Logical Datacenter | cmdb_ci_logical_datacenter | EC2 |
4 | Availability Zone | cmdb_ci_availability_zone | AWS Config |
5 | Cloud Network | cmdb_ci_network | AWS Config |
6 | Cloud Subnet | cmdb_ci_cloud_subnet | AWS Config |
7 | Cloud Mgmt Network Interface | cmdb_ci_nic | AWS Config |
8 | Hardware Type | cmdb_ci_compute_template | AWS Config |
9 | Compute Security Group | cmdb_ci_compute_security_group | AWS Config |
10 | Image | cmdb_ci_os_template | AWS Config |
11 | Storage Volume | cmdb_ci_storage_volume | AWS Config |
12 | Cloud Load Balancer | cmdb_ci_cloud_load_balancer | AWS Config |
13 | Cloud Gateway | cmdb_ci_cloud_gateway | AWS Config |
14 | Virtual Machine Instance | cmdb_ci_vm_instance | AWS Config |
15 | Server |
cmdb_ci_server cmdb_ci_linux_server cmdb_ci_win_server |
AWS Config |
16 | Cloud DataBase | cmdb_ci_cloud_database | AWS Config |
17 | Cloud Function | cmdb_ci_cloud_function | AWS Config |
18 | Cloud Object Storage | cmdb_ci_cloud_object_storage | AWS Config |
19 | DynamoDB Table | cmdb_ci_dynamodb_table | AWS Config |
20 | IP Address | cmdb_ci_ip_address | AWS Config |
21 | Network Adapter | cmdb_ci_network_adapter | AWS Config |
22 | TCP | cmdb_tcp | SSM Send Command & ADM process |
23 | Running Process | cmdb_running_process | SSM Send Command & ADM process |
24 | VNIC Endpoint | cmdb_ci_endpoint_vnic | AWS Config |
25 | Storage Mapping | cmdb_ci_storage_mapping | AWS Config |
26 | Block Endpoint | cmdb_ci_endpoint_block | AWS Config |
27 | Key Value | cmdb_key_value | AWS Config |
28 | Application | cmdb_ci_appl | SSM Send Command & ADM process |
Discovered Software CIs
SAM Plugin | Class Name | CI Name | API Source |
Installed | Software Install | cmdb_sam_sw_install | SSM & AWS Config |
Not Installed | Software Package | cmdb_ci_spkg | |
Not Installed | Software Instance | cmdb_software_instance |
Consolidated view of CIs
Detailed CI Information
Cloud Organizations [cmdb_ci_cloud_org]
Name | |
Data Source | SG-AWS |
Cloud Service Account [cmdb_ci_cloud_service_account]
Account Id | |
Name | |
Datacenter Type | |
Parent Account | |
Is master Account | |
Data Source | SG-AWS |
Logical Datacenter [cmdb_ci_logical_datacenter]
Name | |
Data Source | SG-AWS |
Availability Zone [cmdb_ci_availability_zone]
Name | |
Data Source | SG-AWS |
Cloud Network [cmdb_ci_network]
Name | ||
Object ID | ||
Status | Installed | |
Data Source | SG-AWS | |
Related Items |
Availability Zones Cloud Service Accounts Logical Datacenters |
|
Cloud Subnet [cmdb_ci_cloud_subnet]
Name | |
State | Available |
Object ID | |
CIDR | |
Status | Installed |
Data Source | SG-AWS |
Related Items |
Availability Zones Cloud Service Accounts Logical Datacenters Key-Value |
Cloud Mgmt Network Interface [cmdb_ci_nic]
Name | |
Netmask | |
Status | Installed |
Related Items |
Availability Zones Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
Hardware Type [cmdb_ci_compute_template]
Name | |
vCPUs | |
Memory MB | |
Logical Storage GB | |
Data Source | SG-AWS |
Compute Security Group [cmdb_ci_compute_security_group]
Name | |
ObjectID | |
State | Available |
Related Items | Cloud Networks
Availability Zones Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
Image [cmdb_ci_os_template]
Name | |
ObjectID | |
Guest OS | |
Root Device Type | |
Image Type | |
Image Source | |
Data Source | SG-AWS |
Storage Volume [cmdb_ci_storage_volume]
Name | |
ObjectID | |
State | Available/In Use/Terminated/Leased |
Size | |
Storage Type | |
Related Items |
Availability Zones Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
Name | |
ObjectID | |
Related Items |
Cloud Load Balancers Availability Zones Cloud Service Accounts Logical Datacenters Compute Security groups Virtual Machine Instances Cloud Object Storages Images Hardware Types Cloud Gateways Storage Volume Snapshots Storage Volumes Cloud Networks Cloud Databases DynamoDB Tables Cloud Mgmt Network Interfaces Key-Value |
Data Source | SG-AWS |
Cloud Gateway [cmdb_ci_cloud_gateway]
Name | |
Related Items |
Availability Zones Cloud Service Accounts Logical Datacenters |
Data Source | SG-AWS |
Virtual Machine Instance [cmdb_ci_vm_instance]
Name | |
ObjectID | |
Disks | |
Network adapters | |
IP Address | |
VM Instance ID | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Images Hardware Types Servers Key-Value Webservers SQL Instances |
Data Source | SG-AWS |
Server
[cmdb_ci_linux_server, cmdb_ci_win_server or cmdb_ci_server]*
Name | |
Operating System | |
Serial Number | |
DNS Domain | |
Disk Space (GB) | |
RAM (MB) | |
CPU Speed(MHz) | |
CPU count | |
CPU core count | |
Manufacturer | |
Model ID | |
CPU Manufacturer | |
CPU Type | |
CPU Speed (MHz) | |
CPU Core count | |
Operating System | |
OS Version | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Images Hardware Types Webservers SQL Instances Block Endpoints Virtual Machines Key-Value |
Data Source | SG-AWS |
If SSM is enabled, SGC-AWS can populate the server records in cmdb_ci_linux_server, cmdb_ci_win_server. Else it will be populated in cmdb_ci_server.
Cloud DataBase [cmdb_ci_cloud_database]
Name | |
TCP port | |
Fully qualified domain name | |
Version | |
Type | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
Cloud Function [cmdb_ci_cloud_function]
Name | |
Language | |
Version | |
State | |
Function Last Modified | |
Status
|
|
Code Size | |
CodeSha256 | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
Cloud Object Storage [cmdb_ci_cloud_object_storage]
Name | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
DynamoDB Table [cmdb_ci_dynamodb_table]
Name | |
Related Items | Availability Zones
Cloud Service Accounts Logical Datacenters Key-Value |
Data Source | SG-AWS |
IP Address [cmdb_ci_ip_address]
Name | |
IP version | |
Nic | |
Configuration Item | |
Data Source | SG-AWS |
Network Adapter [cmdb_ci_network_adapter]
Name | |
MAC Address | |
IP Address | |
Configuration Item | |
Data Source | SG-AWS |
TCP [cmdb_tcp]
Source of API: Comes from SSM-SendCommand API script. Click here to view the OS commands executed to get this detail.
Type | |
IP | |
Port | |
PID | |
Absent | false/true |
Data Source | SG-AWS |
Running Process [cmdb_running_process]
Source of API: Comes from SSM-SendCommand API script. Click here to view the OS commands executed to get this detail.
PID | |
Name | |
Command | |
Parameters | |
Key parameters | |
PPID | |
Parent | |
Connecting to | |
Listening on | |
Computer | |
Absent | false/true |
Data Source | SG-AWS |
VNIC Endpoint [cmdb_ci_endpoint_vnic]
Name | |
Host | |
Object ID | |
Data Source | SG-AWS |
Storage Mapping [cmdb_ci_storage_mapping]
Name | |
ObjectID | |
Mount Point | |
Data Source | SG-AWS |
Block Endpoint [cmdb_ci_endpoint_block]
Name | |
Host | |
Object ID | |
Data Source | SG-AWS |
Key Value [cmdb_key_value]
Configuration Item | |
Key | |
Value |
Related Articles:
- 16,411 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Murali,
First of all, this is all very awesome! However, I'm confused now between the AWS Cloud Discovery capability and this Service Graph Connector.
I understand that there is a difference when it comes to licensing (one is ITOM Visibility, the other Service Graph), but now we basically have two overlapping products doing the same thing, or to some extend not?
What I am now looking for is: What is the difference between these two products and which one should I chose first if the license discussion is not really of concern?
Thanks,
Best regards,
Michel
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Michel,
Cloud Discovery -
- API-based Discovery
- Cloud resource Inventory and Tags (metadata)
And to do Deep dive Discovery – Server, OS, software, TCP connections, processes & relationships, IP discovery needs to be set up. And MID is recovered for this.
However, for SG-AWS no MID is required and it does –
- API-based Discovery
- Cloud Resource Inventory, Tags and Relationships
- Deep dive discovery – Server, OS, Software, Processes
SG-AWS is an option where we need deep dive Discovery but credentials and/or MID Servers are an issue.
Thanks
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi,
Thanks you so much, very helpful!
I also see that you went out of your way to create a new article on this subject, much appreciated!
Best regards,
Michel
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Conmic,
If License is not an issue then Discovery is better choice over the graph connector. As per my understanding Graph connector will be used if there is no discovery (License) available.
Both of the applications have their own advantages
Regards,
Pranav Patil
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
From the latest I've heard, the AWS Service Graph connector is only available bundled with other SKUs, like Discovery or HAM Pro. Per ServiceNow's guidance, it seems the AWS SG Connector is the recommended approach even if the client has Discovery, because of the architectural and performance advantages.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Can this connector replace Cloud Discovery if we are using ServiceNow Service Mapping?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
SGC-AWS is not a replacement to Cloud Discovery. Its an alternative mechanism for customers who doesn't want to use MID layer. SGC architecture has IntegrationHub ETL for you to customize the mapping if required https://www.servicenow.com/products/service-graph-connectors.html, https://docs.servicenow.com/bundle/rome-servicenow-platform/page/product/configuration-management/co... Let me know if this answers your question
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Murali Reddy1 Hi Murli,
Thanks for the detailed article.
I was referring the steps to install SGC for AWS, in the first step of Guided setup it is asked to run few scripts at AWS side. "Download the scripts" and run in Cloud Formation module in AWS.
Can you please give us more idea on what are these scripts exactly?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @Aarti6, the download scripts are part of the SGC-AWS plugin's guided setup. These scripts basically setup the environment like setting up AWS Config, IAM roles for Servicenow user, setting up SSM Inventory, etc. These setup is required for us to securely integrate with AWS environment.
The setup instructions for each script is described in the guided setup "AWS Setup Instructions"
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks Murali
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
This connector is creating some issues for us.
SG-AWS is creating a VM instance which is related to a Server CI (i.e. cmdb_ci_server and not Windows/Linux). And it is using the field privatednsname for setting the name of the Server CI (which as per AWS standard is ip-x-x-x-x). We have also discovered the same server CI via IP based discovery and have a separate Windows/Linux CI in the system.
So now we have a VM instance, a Server CI and a WIndows/Linux server.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
As part of upcoming 2.0 release in May 2023, we will be populating in Windows/Linux server. Please see
https://www.servicenow.com/community/cmdb-articles/sgc-aws-release-2-0-features/ta-p/2511663.
However, in case of name, we have to be in sync with discovery product (which populates name as ip-x-x-x-x) to avoid duplicate entries.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks for the update Murali.
But why is the connector using privatednsname for populating Name of the Server CI. This will just now create a new Windows/Linux CI with name as ip-x-x-x-x. (I confirmed with our cloud team and this is how AWS populates privatednsname and there is nothing the cloud team can do)
This can be easily avoided by updating the mapping to use ec2name field which is already happening for VM instances.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Rawel PrivateDNS name is being used in Discovery product and some clients are using both SGC & Discovery. Having a different name will create duplicated and we have to be in sync with discovery product. If you want, you can customize in ETL to have ec2Name or resource id or any other custom name you want to define. . Hope this helps.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Cloud Load Balancer and Cloud Gateway in picture is under Datacenter but NO relation to VPC.
Is this correct since I think those are under VPC so there should be dependency to VPC instead datacenter or then both ?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Murali Reddy1
We are finding the SG is causing a few duplicates due to naming as well.
IP Based discovery is setting correlation_id and object_id to the VM's Instance Id. To me this appears to be a more reliable way to match the host. Do you see any issues in that?
With a reconciliation rule we can then prevent the SG from setting ip-x-x-x-x naming for hosts that were discovered by IP.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
We are actively using the AWS SG connector. Could you add support for more of the resource types that AWS config can provide please to start to fill some of the gaps in the current discovery ? ( e.g. Cloudfront distributions, EFS file systems, Redshift clusters, ECR repos, ACM certificates, Autoscaling groups and launch configs, Route 53 zones, SNS topics, SQS queues.... ). Thankyou.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Murali Reddy1 regarding using the ETL to re-map the 'Name' field to use the ec2name, we've tried this on our instance, but it's only updating a small number of servers.
Is there a setting which is only detecting delta changes in the environment for recognizing the updates made in ETL? As this was the case with classifying servers into the Windows and Linux classes as found on CS6979561.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@James99 The AWS SG does run as delta, it will only get data back from AWS for EC2s that were changed since the last run.
The delta time is stored in the Last run Datetime field on the datasource
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you for your beneficial information.
From your information, SGC-AWS can deep dive discovery - for example, Server, OS, Software, and Processes.
If I need to discover WEB and WAS CIs on EC2, does SGC-AWS support this?
Regards,
Anna
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
As a part of AWS ECS, what all services are being pulled by SG-AWS, can you share some information around it?
Regards
Bhim