Harnessing the Power of ServiceNow's Predictive AIOps: A Journey through CMDB Maturity

The Configuration Management Database (CMDB) serves as the heart of an IT organization. It provides a structured view of all the configuration items (CIs), their attributes, and their interconnected relationships. However, the value that CMDB offers grows exponentially when integrated with advanced AIOps platforms, such as ServiceNow's Predictive AIOps.

In this blog, we take an in-depth look at how organizations can elevate their IT service management capabilities by aligning ServiceNow's Predictive AIOps with the maturity stages of their CMDB. We will illustrate each stage with practical examples and discuss how to transition from one phase to another.

Stage 1: Absence of CMDB - No CIs

In an environment without a CMDB, ServiceNow's Predictive AIOps still packs a punch by focusing on raw event data. Here's how:

• 99.9% noise reduction from events to alerts: Imagine you're operating an IT network with 10,000 events being generated every minute. With a 99.9% noise reduction capability, your team would only need to focus on the ten most crucial events. This dramatically decreases the workload and allows for more attention to be given to each alert.
• NLP-based alerts correlation: Natural Language Processing (NLP) clusters similar alerts together by assessing the semantic similarity in their descriptions. This capability enables a more efficient use of resources by addressing multiple alerts simultaneously, akin to handling a family of problems in one go.
• Rule-Based Alert Correlation: Rule-Based Alert Correlation uses pre-defined rules to link alerts. It's particularly useful in environments with known operational patterns, helping to focus on root issues rather than noise.
• Manual-Based Alert Correlation: Manual-Based Alert Correlation allows your IT team to use their expertise to guide alert grouping. By incorporating their understanding of your environment, this process becomes more attuned to your unique operational requirements.
• Tag-Based Clustering Alert Correlation: Tag-Based Clustering Alert Correlation uses metadata tags for alert correlation. This helps to identify and group alerts related to specific aspects such as geographic location or service type, aiding faster issue identification and resolution.
• Node Level Temporal Correlation ML Grouping: This Machine Learning technique is similar to a detective spotting patterns in seemingly unrelated events. Alerts that occur simultaneously or in a specific pattern can be grouped, helping to unveil underlying systemic issues.

In my previous blog I shared some examples and step by step scenario how to accomplish this stage. 

Stage 2: Basic CMDB - Standalone CIs

Progressing from an environment with no CMDB to possessing a basic CMDB is a significant leap in advancing your organization's IT service management capabilities. This transition can be achieved through several effective methods:

• Loading Data from External Tools: One of the quickest ways to populate your CMDB with Configuration Items (CIs) is by importing data from other databases or tools already in use within your organization. This could include anything from spreadsheet data to exported files from IT asset management tools. This method not only saves time but also ensures that your CMDB reflects the current state of your IT environment. ServiceNow ServiceGraph connector is one of the methods that can help in accelerating this phase.
• Integration with Application Performance Management (APM) Tools: Integration with APM tools can provide rich, real-time data about your applications and their performance. This data can be fed into your CMDB to keep it updated with the latest application-related CIs. This integration also fosters a more holistic view of your IT environment by incorporating performance metrics.
• Executing a Basic Discovery Swipe (Servers Only): A discovery swipe involves scanning your IT environment to identify servers and other significant hardware components. A basic swipe focuses on identifying servers, their attributes, and their states. The discovered data is then populated into your CMDB. This process ensures that your CMDB is filled with accurate, up-to-date information about your server landscape.
• Service Only Registration: In this process, services are manually entered into the CMDB. While this might require more effort, it ensures that all important services, particularly those that might not be discoverable automatically, are included in the CMDB.

Upon transitioning to a basic CMDB, ServiceNow's Predictive AIOps begins to add value by providing context to alerts using CI information. For instance, when an alert is raised, Predictive AIOps can provide additional information about the CI associated with the alert, including its nature, state, and relations with other CIs. This enhanced information allows IT teams to better understand and respond to the alert.:

• CI level alert aggregation: Alerts associated with a specific CI are grouped together. For instance, if a server is experiencing a memory overload, all alerts related to that server would be aggregated, providing a consolidated view of the issue.
• Temporal Correlation: Alerts from different CIs are grouped if they occur at similar times. For example, if two servers in a data center raise alerts around the same time, the system would group these alerts together, helping to identify potential network-wide issues.
• Alerts Insights: At this stage, the system can provide insights into related changes, incidents, and recurring alerts, offering a broader picture of the situation. These insights can be valuable in identifying problematic trends or repeated issues.
• Alert Smart Priority (Based on CI Class): Prioritization becomes smarter as alerts associated with critical CI classes are prioritized. For instance, alerts related to a primary database server would have higher priority over a non-critical application server.
• Metrics Collection and Anomaly detection with Metric Intelligence: This feature enables predictive capabilities by identifying unusual patterns in metrics data. For example, an unusual spike in server CPU usage could be an early warning sign of an imminent failure.
• Log based predictive anomaly with Health Log Analytics: The system can parse logs from the CIs and detect anomalies, predicting possible issues before they affect service.

Stage 3: Mature CMDB - CIs and relationships between CIs

Taking your CMDB to a mature level involves a deeper dive into understanding your IT environment. This can be accomplished through several effective strategies:

• Comprehensive Discovery of Applications and Servers: Extending the initial discovery process to encompass not just servers, but also all applications running within your IT environment is vital. This deeper discovery helps in populating the CMDB with a more complete representation of your IT infrastructure, painting a comprehensive picture of all the components in your ecosystem and how they interact with each other.
• Defining Technical Services Manually: While automated discovery tools are effective, they may not capture everything, especially when it comes to complex or bespoke services. Manually defining these technical services and adding them to the CMDB ensures a full representation of all services in your IT environment. This can be particularly useful for documenting services that are critical to business operations or that have specific operational requirements.
• Utilizing Tag-Based Discovery: Tag-Based Discovery is a powerful way to enhance your CMDB maturity. It involves attaching metadata tags to CIs during the discovery process. These tags can represent various attributes, such as the type of CI, its location, the service it's a part of, etc. Tags make it easier to categorize, search, and manage CIs, leading to a more organized and efficient CMDB.

At this stage of CMDB maturity, ServiceNow's Predictive AIOps truly stands out by comprehending the relationships between CIs. This understanding helps in creating a more accurate service map, improving alert correlation, and enabling effective root cause analysis. The result is a more robust and proactive IT service management function that anticipates and addresses issues before they escalate into major incidents.:

• Cross CIs Root Cause Analysis: The platform can trace the root cause of incidents by considering the relationships between different CIs. For example, a malfunctioning storage system could be causing overheating and subsequent failure of multiple servers. Predictive AIOps can trace back the server failures to the root cause - the faulty storage system.
• Cross CIs alert correlation (topology based): Alerts are not only correlated based on time but also on the topology of the CIs. If a network switch and the servers connected to it all raise alerts, the system can intelligently link these alerts.
• Cross CIs alerts insights (Related CI’s changes and incidents): Similar to the previous phase, but with the added depth of considering the relationships between CIs, this feature provides a multi-dimensional view of the alerts, changes, and incidents.

Stage 4: Advanced CMDB - Services and underlying CIs with cross relationships between CIs

To progress to the advanced CMDB stage, a more sophisticated approach that incorporates cutting-edge technologies is needed. This includes:

• Machine Learning-Based Service Mapping: This approach utilizes Machine Learning (ML) algorithms to automatically map services in your IT environment. By learning from historical data and patterns, ML algorithms can predict and recognize complex relationships and dependencies among CIs, thereby creating a more accurate and dynamic service map.
• Top-Down Service Mapping Discovery: This is a holistic approach to discovery that starts from the highest level of services and works its way down through the underlying CIs. It ensures that all elements contributing to a service, including infrastructure, applications, and configurations, are captured accurately in the CMDB.

At this advanced CMDB stage, ServiceNow's Predictive AIOps truly comes into its own. By taking advantage of the service-oriented architecture of the CMDB, Predictive AIOps can deliver deeper insights, proactive alerting, and enhanced root cause analysis. It moves IT service management from a reactive approach to a proactive, predictive one, improving operational efficiency and service quality.:

• Alert Smart Priority (based on services): Alerts are prioritized based on the criticality of the service they impact. For example, an alert from a CI that underpins a revenue-generating service would be given higher priority.
• Service level alert aggregation: Alerts are aggregated at the service level, providing a consolidated view of the health of each service. For example, multiple alerts from different CIs under the same service would be grouped together.
• Impact Analysis based on service map: This feature enables proactive management by analyzing the potential impact of changes or incidents on services. This can be a game-changer during planned maintenance or upgrades, where it can provide insights into how the change will affect the service landscape.
• Map Triage level: A visual representation of the triage level helps teams quickly assess the situation and respond accordingly.

Stage 5: CSDM Adoption

As your CMDB matures, you may consider adopting ServiceNow’s Common Service Data Model (CSDM). The CSDM provides a standardized set of terms, definitions, and relationships to describe services in a consistent and scalable way. Adopting the CSDM framework brings more consistency, enabling you to better manage services and their related configurations throughout their lifecycle.

By adopting the CSDM within your CMDB, you are not only aligning with ServiceNow's best practices, but also paving the way for an even more sophisticated utilization of Predictive AIOps.

Broadening Business Context in AIOps Solution

With CSDM in place, your AIOps solution can broaden its business context beyond just the application service context. This can include relationships with business capabilities, business applications, business units, products, and more. Some of the enhanced capabilities include:

• Service Context:  Predictive AIOps can leverage the CSDM to better understand the business context of your services. This allows for more effective alert correlation, root cause analysis, and impact analysis, all within the context of your business services and goals.
• Service Impact Analysis: By understanding the relationships between various configuration items (CIs) within your services, Predictive AIOps can better predict and understand the potential impact of changes or incidents on your business services. This results in more effective incident management and change planning.

• Business Outcome Driven Prioritization: With a clear understanding of the business context, Predictive AIOps can prioritize alerts based on their potential impact on business outcomes. For example, an issue with a CI that supports a critical business process can be given higher priority.

• Enhanced Operational Efficiency: Having a broader business context can help you improve operational efficiency by enabling better resource allocation. Your teams can focus on the issues that are most critical to the business, reducing noise and increasing productivity.

Conclusion

In conclusion, ServiceNow's Predictive AIOps adds tremendous value at every stage of CMDB maturity. As organizations progress through each phase, they can unlock increasing benefits and outcomes, leading to more efficient alert management, improved incident prioritization, and superior service delivery. Predictive AIOps effectively bridges the gap between IT operations and services, propelling organizations towards achieving operational excellence.