Azure Cloud Discovery :Relationship between Cloud Service account and VM and Key Values
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Please help me in understanding :
- Is there a way to directly establish a relationship between the VM and related Cloud Service Account?
- I could only see that the account id of the Cloud Service Account is a part of the Object Id of the VM and there is no relationship record in the cmdb_rel_ci table.
- Reason for Mismatch in Key Values in ServiceNow as I have below 2 findings :
- Azure tags stored in cmdb_key_value are linked to Cloud Service Accounts in ServiceNow and also to the related Virtual Machine Instances, however count does not match .
- For example , if a VM A is related to a Cloud Service Account B, (which i could only find by querying the account id of the service account in the object id of the VM (*query is object id contains account id*) , I could see that Service Account B has 16 key values , however the related VM has only 12 .
- Some key values are linked to only Cloud Service Accounts and not the VM's, why is this ?
- Azure tags stored in cmdb_key_value are linked to Cloud Service Accounts in ServiceNow and also to the related Virtual Machine Instances, however count does not match .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @NiviPrust ,
1. Establishing the VM to Service Account Relationship
You are correct that ServiceNow often stores the account_id within the object_id, but relying on a string query isn't ideal for reporting.
In a standard ServiceNow Discovery setup, there is usually no direct relationship record in cmdb_rel_ci between a cmdb_ci_vm_instance and a cmdb_ci_cloud_service_account. Instead, they are linked via a Logical Datacenter (LDC).
The Relationship Chain:
VM Instance (Child) Instantiated Off VM Image
VM Instance (Child) Hosted on Logical Datacenter (e.g., Azure East US)
Logical Datacenter (Child) Hosted on Cloud Service Account
How to find it directly: If you need a direct view, you typically have to "walk the tree" via the LDC. However, if your organization requires a direct relationship for simplified reporting, you may implement a Discovery Post-Processor script or a Business Rule to create a "Used by" or "Defines" relationship directly between the VM and the Service Account in the cmdb_rel_ci table.
2. Why the Tag (Key Value) Count Mismatches
Inheritance Gap: Azure tags do not automatically "flow down" from a Subscription to a VM. The extra tags on your Service Account are likely Governance tags (like ContractType or BillingID) that exist only at the subscription level for high-level management.
Targeted Metadata: In the cmdb_key_value table, ServiceNow treats the Service Account and the VM as separate entities. If a tag (like SubscriptionOwner) is applied to the account but not explicitly copied to the VM in Azure, it will only appear on the account record in ServiceNow.
If you find this as helpful, Please Mark it as helpful and Please Accept My solution...
