Cloud Discovery Enhancements - GCP Multiple Projects & Azure Management Group Support

srikanthnelapud · ‎09-17-2020

Description

In the Paris release, 2 features are shipped that are the enhancements made on top of Cloud Discovery Unification. These features are to support cloud discovery for multiple accounts via one Discovery Schedule rather than multiple.

Google Multiple Related Project(s)
Azure Management Group and Subscriptions.

Azure Management Group

With the "Cloud Discovery using Azure Management Group" feature, a user can provide the management group as an input and the subsequent subscriptions that are fetched and create the discovery schedule thereby providing the user to select/deselect them for schedule configuration.

Documentation: Azure Cloud Discovery

Google Multiple Related Projects

With the "Cloud Discovery for Google Multiple Related Projects" feature, a user can create just one Cloud Discovery Schedule for all the projects that exist under one organization i.e., If a user has 100 GCP Projects under One Organization then he/she need not create 100 discovery schedules for all instead he/she can just create just one discovery schedule for 100 GCP Projects.

Cloud Discovery Unification UI: Cloud Discovery (Screenshots Attached)

GCP Console Configuration: Doc Attached

Documentation (WIP): Google Cloud Platform (GCP) Discovery

Ram Devanathan1 · ‎09-17-2020

useful blog, good feature Srikanth and team.

Runjay Patel · ‎12-20-2020

Check out this video, it will clear all your doubts and help you to understand Cloud Discovery queries in details.

Link: https://www.youtube.com/watch?v=GWAvGbnCmlQ&ab_channel=ServiceNowHelpdesk

It help you to understand below points.

Cloud Discovery
Cloud Service Mapping vs Discovery
Steps by step setup
Practice with real world scenario
Troubleshooting
CI Class Tables and Attributes
Amazon AWS Cloud Discovery Step by Step Configuration
Azure Cloud Discovery Step by Step Configuration

Please mark reply as Helpful/Correct, if applicable. Thanks!!

Sandeep132 · ‎03-30-2021

Hi Srikanth,

Thank you for posting the screenshots and steps to configure service account on GCP. We followed the steps mentioned and are able to get all the projects under parent organization. But when we run the discovery schedule all the patterns are executed only for the Project ID through which we created the 1st Service Account. All the related Service Accounts are not triggered. Is there any flag or setting to be enabled for other projects to be discovered as well?

Thanks,

sandeep

srikanthnelapud · ‎04-05-2021

No such flag is available to include/exclude any service account(s). The patterns to be triggered on what all service account(s) is monitored purely by the way the Cloud schedule is configured i.e. what are all the service account(s) selected during Cloud schedule creation.

I hope this helps. Thanks.

sch · ‎09-05-2022

Hi Srikanth

Regarding Cloud Discovery for Google Multiple Related Projects

When we try to create GCP schedule from Discovery Schedules>Cloud Discovery and select service account which has viewer role on organization level to view all projects under it and access to all required to APIs, a new section is coming up on screen saying "Related projects under same organization" with all service accounts auto selected already. We have continued having all accounts selected and created a schedule.

1.It had created 900+ service accounts, all shown in the list collector as related projects during schedule creation

2.Ended up creating around 1Cr hardware template records, followed workaround to move to new hardware type model.https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0955939

3.We see 82500+ availability zones, 30300+ cloud disk type, 3400+ google datacenters created. which are really huge in number, seem duplicates and confused if this is by design and have any workaround to reduce this number

Does it reduce these numbers if we unselect all related projects during GCP schedule creation? Because our service account has viewer access to entire organization and why do we need to get into each project?

we are kind of stuck at this stage and unable to move to PROD as client is very much worried about these numbers as we do have azure discovery also and it doesnt have these issues and duplicate records.

Thanks

Sirisha

Ram Devanathan1 · ‎09-05-2022

Yes a set of datacenter records is created for each service account - although for 900 service accounts i think 3400 is too low. can you check?

the other numbers being higher is understandable as these would be per region, for each project (Service account).

to get a perspective of how these look use the Cloud Operations Workspace app - it gives you a breakdown of the resources.

take a look at this video on Cloud Operations Workspace - https://youtu.be/VwR6Ek_DzHo

the app is available in store for download, and available for all Discovery customers.

for hardware templates (and OS images) you should definitely use the new model provided.

You may restrict the schedule to specific projects but auto-refreshing will not pick up new projects in this case and you need to have some rigour in adding new projects to the list regularly.

hope this helps.

Ram

Ram Devanathan1 · ‎09-05-2022

BTW this is a 2 year old blog - best to start a separate thread for your (further) questions.

sch · ‎09-13-2022

Hi Ram

Thank you for your quick response

I have started a new thread and please find the link below.

Could you please help me with these questions/issues posted on new thread?

community.servicenow.com/community?id=community_question&sys_id=57be12afdbf5591cdd886c8e13961950

Thanks

varunn1729 · ‎08-21-2023

Hi @srikanthnelapud ,

Thanks for the document that you have provided ,I've stuck for the permissions, like where to find enabling option-2 permissions?

Thanks!