CMDB Remediation/Health Metric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2023 08:07 AM
Hi all,
Currently working on the following:
As a owner of servers, I would like to be automatically notified when certain data is missing from the CIs.
So obviously, the place we can see this is at Configuration > CMDB Dashboard > CMDB View
Following from there, I would like to e.g. select the servers and see what required fields are missing.
Then, I would like to remediate those CI's by clicking remediate and sending out a task OR the task is created already once it is detected the field is missing.
So I have been exploring the platform and what I have found
- Health Metrics -> Under Configuration > Health Preference.
Only thing here is that I am not sure when I select the 'Required' metric and enable the 'Create Task' if it is enabled for ALL the CIs - CMDB Remediation -> need to create a workflow with certain conditions. Knowledge of workflow is limited so did not fully explore it. To be continued maybe.
If you guys can help out, it is highly appreciated!
Regards,
Jaap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2023 08:38 AM
Check out Data Certification. Your use case is exactly what this is used for. You can even setup schedules so that tasks are auto-generated, assigned to certain teams/users, etc.
Hope that helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 02:53 AM
Hi Favian,
Thanks for your response. I doubt whether your proposed solution is the way to go. To me, data certification is about periodic validation of the data that is present (or in case it is not present then not).
Instead, I found out we have something like CMDB Remediation. Thing is that it I need to find out now:
1) How it can be applied for a specific class AND assignment group -> since it seems these rules can be set for total health only e.g. for the required field, probably need to apply a filter somewhere?
2) How to create a suited workflow -> it seems like there is a table to store the type of remediation. I have only little experience with this, so a new challenge ahead 🙂
Any tips on that more than welcome 😉
Regards,
Jaap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 06:38 AM
First, the leading practice is to use Recommended fields instead of Required/Mandatory fields in the CMDB. Making a field mandatory can cause either junk data to be entered or records not to be updated. Recommended fields allows the right updates to happen at the right time based on the information that is known by the user or the data source that is performing the update.
Yes, if you enable Task creation based on a Health Metric it applies to all CIs for that Health Metric; furthermore you can only specify a single group to assign those tasks to. Also, each task created represents a single CI with ALL of the fields that are missing. for that CI. This can be a challenge for the CI owners, first because each attribute may involve very different activities to resolve the missing data (e.g. hunting down a missing serial number vs. determining who is the appropriate support group vs. understanding whether it is a Production server) which may slow down resolution of the issue, and second because it would typically be more efficient to group similar tasks and handle them in a similar fashion (e.g. find these 20 missing serial numbers, find these 10 missing support groups, etc.) So for all of these reasons I typically advise against enabling task creation, at least not without a well thought out plan for how to manage those tasks.
Another option that may be helpful to you, depending on the attribute you are looking to review, is Desired State Audits. These allow you to filter the specific conditions (e.g. all Production Windows Servers) to include in the audit, and allow you to specify the criteria that you are looking to assert (e.g. field value is not missing and the value in that field is a valid active record). When those audits are run and the audited conditions fail, a task can be created. You can choose who to assign the tasks to based on who the CI is assigned to or select a specific group or individual. Those tasks are grouped together based on the audit that was performed and the individual or group it got assigned to. Workflows can also be assigned to those follow-on tasks if necessary. Health metrics for these audits will show up in the Compliance metric rather than the Completeness metric. So if there aren't configuration management policies or other policies that you are measuring against, and documented processes that are in place for people to follow those policies, it might not be the right fit. Also note that the frequency of the audit matters, because you will get new tasks created each time the audit runs, so if you are running this audit you may want to run it every month, quarter, or year to reduce the governance overhead. Also note that there are quirks to how these audits are created, captured in update sets, and promoted to different instances, due to the peculiar way they are versioned when you make changes to them. There are three components: the certification filter, the certification template, and the audit itself. Each time you make a change to these components a new record is created, and all three must be in sync with one another for those changes to take effect. Finally, note that if needed you can also run a Scripted Audit in the same way that you run a Desired State Audit if the condition you are looking to audit is more complex than checking conditions of specific fields on the record.
The opinions expressed here are the opinions of the author, and are not endorsed by ServiceNow or any other employer, company, or entity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2023 09:01 AM
This post is one of the best concise descriptions I've found on this subject. What do you recommend about creating Remediation workflows that can be used as part of the Follow-On Tasks that are created by Desired State Audits? I've attempted to create these, but have not been successful in getting them to modify the CI values as they should. And I can find very little documentation on how to set these up correctly. Any guidance would be very useful. Thanks.