This is great!! I am very green when it comes to the CSDM/CMDB ServiceNow space. Thank you so much. 

This is an interesting article that sparks a few questions:

1. Where is the Application Service? This is what is referenced more than anything when talking about focus for Incident, Problem and Change. If we enter a Service Offering that populates the Service field with a Business Service. Application Service is inside a child table of the top-line Service [cmdb_ci_service] table so in theory could be referenced from the Service field. After all, Business, Technical and Application are all types of Service.
2. How about APM? How will APM Indicators be populated as they currently rely on the Business Application (field) breakdown on these IPC tables? The quickest and most reliable way to determine the Business Application on a record is from the Application Service as it is a single CI relationship away (unless you are using SDLC Components, which I suspect the majority of customers will not for the foreseeable future), and also because the link between Design and Sell/Consume domains is not made until the final Fly stage
3. CSDM implementation recommendation does not establish Business Services and Business Service Offerings until the Run phase. The recommended approach above would therefore not be possible for a customer's operational processes until a long way into a customer's CSDM journey, which doesn't seem practical or workable.

Whilst I largely agree with this article's content, I feel there is a gap where Application Services have no consistent way to be represented within IPC. The text above and the CSDM 4 draft whitepaper suggests it is normally entered into the Configuration Item field but this then loses the ability to associate the record directly with an infrastructure CI (remember, even the most advanced customers may have a CI that rolls up to multiple records in CSDM) - sure, an agent may not know which infra CI the incident comes from but other sources like event management it most definitely is possible. 

Some clarification on this would be very helpful.

Hi Chris,

This Guide was very very interesting and useful, could you help us with the extension of this same and the service catalog ???? It would be interesting to know your opinion and tips, best practices about it.

To respond to @Mathew Hillyard 

Question:

Where is the Application Service? This is what is referenced more than anything when talking about focus for Incident, Problem and Change. If we enter a Service Offering that populates the Service field with a Business Service. Application Service is inside a child table of the top-line Service [cmdb_ci_service] table so in theory could be referenced from the Service field. After all, Business, Technical and Application are all types of Service.

Response:

While the Application Service is name “Service” it is admittedly not a great naming standard.  It is more of a system or stack.  The Application Service is considered a CI as it represents the whole of all the pieces and parts of an deployed stack

From: Incident Management Product View CSDM V3

The Incident is for an Application issue – In this scenario the Application Service may be populated in the configuration_item attribute on the Incident form representing the unique deployment of an application stack.

Example, the Application Service of MyApp 3.0 Prod has been reported has being unavailable.

The Incident on an infrastructure CI is impacting Services – in this scenario the Application Service may be populated on the Incident’s Impacted Services related list,  _task_cmdb_ci_service, to identify the Application Service as one of the Services impacted. Example, the Server OMG124 may be impacting my Application Service of MyApp 3.0 Prod and other related Services.

Question:

How about APM? How will APM Indicators be populated as they currently rely on the Business Application (field) breakdown on these IPC tables? The quickest and most reliable way to determine the Business Application on a record is from the Application Service as it is a single CI relationship away (unless you are using SDLC Components, which I suspect the majority of customers will not for the foreseeable future), and also because the link between Design and Sell/Consume domains is not made until the final Fly stage

Response:

Set the Incident Properties. Business Applications are not to be used in ITSM processes. See CSDM 3.0 Whitepaper for APM

Examples of the properties for Incident and Business Applications

Copy Incident and Create Child Incident Properties

List of attributes (comma-separated) from Business Applications (task_cmdb_ci_business_app) related list that will be copied from the originating incident

business_application

Incident Related List Properties

Populate the Business Application related list for incidents

(set to Yes)

Question:

CSDM implementation recommendation does not establish Business Services and Business Service Offerings until the Run phase. The recommended approach above would therefore not be possible for a customer's operational processes until a long way into a customer's CSDM journey, which doesn't seem practical or workable.

Response:

I recommend CSDM Workshop – Getting Started (and other CSDM content on Now Create)

https://learning.servicenow.com/nowcreate?id=nc_asset&asset_id=dde64c62875255d0f2f443f7dabb354b

In the workshop deck customers may need to do more than just crawl, there are “business service offerings”  that do not depend on a Application Service (thinking conference rooms, printing, desktop apps) .  Customers if they can define a Application Service, then they would easily be able to define an Service Offering

example:

Application Service:  MYAPP Prod

Business Service Offering: MYAPP (or friendly business name)

There is not really  way to “go live” with just Application Services for ITSM.

Hi Chris,

I appreciate you taking the time to provide a detailed response to my thoughts.

App Services

What you've said makes perfect sense, it may just be a little tricky for customers expecting to see all the relevant detail "on the form". However I could argue that if App Service belongs on the Impacted Services/CIs related list why have the Business/Technical Service on a field on the form? Both are just as relevant to the Incident Management process (the App service potentially more relevant on the form from a troubleshooting point of view). My concern is that if some Incidents have the App Service in the Configuration Item field but others on the Impacted Services/CIs related list, it could complicate reporting.

APM

Your reply mentions the Impacted Business Applications table and Incident Properties that presumably enter values in this related list based on CI relationships against the values for Configuration Item/Service Offering etc. on the Incident. That makes perfect sense, but it doesn't enable APM Indicator data collection. That still relies on a value on Incident/Problem/Change in the (deprecated) Business Application field. I understand this is in line to be resolved at some point  was resolved for Incident and Change in the Washington Release. Please see this thread for more information: APM Indicators for Incident, Problem and Change: Business Application Breakdown.

CSDM implementation

I don't think the existing collateral really addresses how to migrate to CSDM from something existing. The crawl/walk/run/fly approach only makes sense if Business Apps, Capabilities, Processes Services and Offerings are all empty (in effect, they're only using the CMDB for a subset of what's in Manage Technical Services). It's not just that a customer may need to look at other aspects of the framework - my practical experience is that a customer may have to implement most of the key elements of CSDM (assuming foundational data is in place first) in one hit to avoid production impact because of all the dependencies in their current setup. Finally, if the source and destination data belong in different fields it's possible to identify where data needs to migrate to, and migrate it independently (and prior to) of the refactoring of coding dependencies. 

This was an excellent Chris & you too Mike!  Really thought out details and great screenshots with info as well!  As CSDM has become the major factor for uses of CIs, this post really helps in that understanding.

Very much appreciated!  Thanks so much!

~Teri

Oops...meant Matthew too!  Thanks again!  🙂

Thank you for this detailed explanation  Chris Shakespea

what kind of reference qualifier is needed for Configuration item field to filter only the CI's related to users company and selected service offering? also what is the needed relation between dynamic ci group and the service offering?

Hi @Chris Shakespea , 

(nice to read you, as we met several years ago in Zurich)

Thank you very much for the post, very useful, and very much aligned to my understanding of a correct configuration of the incident form. In my opinion it should almost be the default behaviour of the form OOTB!

One case I wanted to check with you: when IT staff want to log an incident on a Technical service, do you confirm it works the same way?

1. Service Offering is Storage Management --> Service is automatically set to Infrastructure Management
2. CI can be for example a storage bay, or an application service.

I would then recommend only L2/L3 support staff should be allowed to log tickets on technical services. Service desk should always refer a Business service offering.

Another question: Technical service Offering "Contains" Application services or Dynamic groups, as they are responsible of managing these CI. But I believe some Technical services can "Depend on" on Application service. An example would be "Server management and deployment" (a TSO) depending on "SCCM" to work. Would that be correct?

Could we then have the Technical Service automatically impacted when SCCM goes down?

Is this working with technical services as described in the "Alert Impact Calculation" documentation?.

And could we then display a subset of Technical services in the Availability dashboard (e.g. Hosting services)?

Thank you to share your views.

Robin

Thanks Chris. This is really useful.

If you could do one for Problem and Change it would be great, however I can infer (somewhat sheepishly) from this article on how we can apply it.

Re: Incident

Question 1: I see you use "Business Service Offerings" in the incident form which makes sense. If we make the "service" field read-only should we limit the "Service Offering" field to show only "business service offerings"?

Question 2: If your response is yes to question 1, where do we use "Technical Service Offerings"? I read in another blog that it's used in Incident or Problem tasks. Is this correct? 

Question 3: If your response to question 2 is yes it creates confusion for the agent, no? How does an agent easily identify the "technical service offerings" for an incident task for an incident that references a "business service offering"? We would have to modify the task form layout to show "service" and "service offering". I can see that the key is the CI; where I put an Application Service in the CI field I can look up the dependency map to identify a Technical Service Offering.  This seems like a lot of clicks and will drive agents mad especially ones who do not have an in-depth understanding of CSDM which most will not. Thoughts?

Thanks kindly,

@Karl Rohde 

Incident Management can be accessed by a range of different use cases - helpdesk walk-ins, self-service, automation and integration and event management, among others. Therefore it makes most sense not to limit what offerings can be chosen to just Business Service Offerings. So long as the customer uses a sensible and communicated naming convention, and appropriate enablement, it should be relatively easy to find the right offering.

For Incident/Problem Tasks, these would usually reference a CI as you mention. This could be a Service, Offering, App Service or CI. Rather than over-complicate (and customise) the form and associated logic, use the parent Incident for the (Business or Technical) Service part and use the CI reference for the object that is most useful to the Task. The agent can always look up the Incident fields via popup.

To ensure the CI field is aligned with the Service Offering, we would need to modify the filter of the CI field, correct? Based on what you're saying above I think it would look something like this:

• Display hardware CI's and Application Services
• If a Service Offering is populated display hardware CI's and Application Services only where a CMDB relationship exists with the Service Offering.

Can someone confirm or advise on this?

Recommend that the CI field is configured such that the Service / Service Offering is not selectable in that field. This can be done through the Principal Class Filter.

Some further details in https://learning.servicenow.com/nowcreate?id=nc_asset&asset_id=606d1ad94772f594c00af235126d4312&nc_s...

Question on scenario one above. Why on the form for an 'end user device' issue would an offering of 'adobe acrobat' being selected as the offering? 

I would think the offering would be something like 'hardware support' or something no?

I did get asked the question - 

How does the SD retain initial ownership if we populate the Incident ticket with the Support group (Tier 2)?

In the article (and ServiceNow default behaviour) is that by selecting the service offering the assignment group gets set to the support group of the service offering.  That group would then work on the incident, ideally to resolution.

The business rule "Populate Assignment Group based on CI/SO" sets the assignment group.

In some cases where you want the service desk to carry on with the work then having the assignment group set this way is not what is required.  The easiest way to do this is that the agent sets the assignment group to the service desk group and then saves the incident.  This prevents the assignment group being populated from the support group.

Chris, this is a great document, thank you. I'm planning to do exactly this on a greenfield implementation. My question is more around Category/Sub Category. Is this a perfect time to retire these completely, or do you think there is still a need for them?

Example, Service = Desktop Software, Offering = Adobe Acrobat, Category = software crashes, licence not available etc

Steve, a lot depends on customer maturity on whether you can get rid of category / sub-category.

It can, in some cases, be double accounting

For some ideas see

https://www.servicenow.com/community/itsm-articles/incident-management-categorization/ta-p/2571525

Chris, this is useful guidance, thank you.  Two questions:

1 - What's the downside to using the Service Offering as the 'Configuration Item'?  I'm thinking that an end-user might want to use the Offering as the CI, as that is all that they see in their world.  That would of course means the Offering support group is assigned the incident.  Then perhaps if the support agent then finds a more specific causal CI then they can change the Configuration Item which can then trigger reassignment of the Incident.  Does this work?

2 - In your Scenario 1, End user device issue, the Service Offering is entered by agent, then the Service is auto-populated from Service Offering and set read-only. Then you say "[make] CI selection from those associated to service offering".  Does this 'association' use the Service-CI Association pointing to the Dynamic CI Groups contained by the Offering? Do you have code examples for this please?  

@PaulKilkelly 

1 - Typically the model is that support information for Technical Service Offerings is cascaded through Dynamic CI Groups to the contained CIs, therefore the support group can be the same; of course not all Service Offerings will fit this model, so there can and will be differences. I wouldn't recommend setting the Service Offering as a CI on any ITSM record because for CMDB purposes the Service Offering leans more towards Service Portfolio, and isn't "really" a CI in this sense. It also prevents the agent from being able to subsequently populate the identified causal CI, and changing the CI data during the Incident lifecycle could return unreliable results and may impact things like accurate SLA reporting. If you make the Service Offering the mandatory entry point to the service part of the record, and name the Service Offerings in language the business understands, this should be relatively easy.

2 - To my knowledge, one of the gaps in the CSDM model is that the underpinning code does not extend to enabling traversal of CSDM relationships in the platform. It appears to be limited to the automation mentioned above between Technical Service Offering and Dynamic CI Group, as well as automated population of the Service Config Item Association table via the various Application Service types (using the  SNC.BusinessServiceManager and other scripts). This is where a "CsdmUtils" library script include would come in very useful, with a single, performant set of functions that could be used across Incident, Problem, Change, and more. I suspect this doesn't exist today because it relies on the CMDB being precisely configured with all the correct CI Relationships (and CI Relationship Types), and the customer would ideally be in the Run phase CSDM implementation (so buildout of the core infra to App Service to Business App/Business Service/Tech Service is complete).

However, you are correct that the heart of such a library should be the Service Config Item Association table as it essentially flattens the CI Relationship hierarchy, so in a big CMDB the difference could be a very small number of queries in a table with only 100K records versus a large number of recursive queries of a table with tens of millions of records potentially. Nowhere is this more useful than in Impacted Services calculation.

From this table it is a single CI Relationship jump to Business or Technical Service Offering (and the Parent Service is on this record) and the Business App (if not using the Build domain), or via SDLC Component if Build is in use.

CSDM5 may bring additional complication but my current understanding is that the Service Mapping part of the model is unlikely to significantly change, therefore I would expect the Service Config Item Association table to remain largely as-is.

Thanks Mathew. It's a tricky one. I feel that a blanket ban on the Offering as a valid CI for incidents is an unnecessary complication. After all, the Offering is an operational CI: people consume its output, unlike a Business App.  ServiceNow already proposed the Offering as a surrogate for the service consumed by end-users when the underlying system or infra doesn't exist in the CMDB - for example, end-user device software like Word or Excel or SaaS.  Changing the causal CI is not unusual, so why treat the Offering differently?   SLAs are usually driven off the impacted services, and the Offering would be added to that list, even if the causal CI was changed.  Am I way off track? 

I've also seen use-cases where the Offering is used to represent the output of teams operating a business process, where the incident might be caused by one of teams failing or degrading their output (an extension of the IT dependency maps into the business operations, for example for BCM or OpRes). Could be that these use cases takes ITSM out of it's designed space, but the need is there. 

The lack of out-of-the box support for CSDM in the ITSM code is very frustrating for clients.  I keep hoping the gaps will be closed as it makes our jobs a lot harder.  

Practically speaking why set the Service offering as the CI when it has a dedicated field on the Task table? To me that would be unnecessary complication. This all comes down to building out the Service Portfolio with a taxonomy that meets business language and business need. The Offering also links back up to Service Portfolio to inform things like Service Availability, and is often typically what would be referenced on an Outage.

The CI changes on an Incident as a natural part of the lifecycle of the Incident and as entry to root cause analysis to inform Problem Management, but if the Service Offering is consistently wrong and needs to be changed then either the data or the process is not working. Consideration must be made not just to the dataset but also the practical application of the model in a real world environment. I see no difficulties with the approach Chris has outlined above, and have implemented this operationally with good results. 

With Operational Resilience this could be a process related to the Service Offering, however this isn't currently available within the product (only Service exists), although I gather it is planned to be added on the roadmap. CSDM is about impact calculation bottom up to make the CMDB service-aware; it can act as the foundation for other processed or products, but this may require extra modelling that sits on top.

I don't think I've ever encountered an environment where impacted services are the basis for SLAs. Not only would a finished CSDM implementation be a pre-requisite (or else the list would only contain the Service on the Incident form, or possibly nothing at all), but depending on the list of Affected CIs, the Impacted Services could grow considerably. This would be something of a minefield of SLAs against a single Incident. It seems much simpler and easier to understand and measure SLM against data within the Incident record. Impacted Services also can contain both Business/Technical Services as well as Application Services/DCGs so I don't see this as a good data source for measuring SLM.

Finally, Service Offerings have their own related list [task_service_offering] - however the name is not consistent (it should really be labelled Impacted Service Offering) - and the OOTB calculation is incorrect and does not align with CSDM, so requires customisation unfortunately. Service Offerings should not be added to Impacted Services manually as these "impacted" related lists should all be populated automatically via CSDM relationships when running Refresh Impacted Services.

I think we will have agree to disagree on the use of the Offering instead of the CI.  Incidents without a CI, and needing some logic that decides the precedence for assignment of the Incident (Offering vs CI) are the complication I dislike.   Another advantage of only using the CI field is that the Offering can be derived from the CI's accountability hierarchy (Service>Offering>CI), assuming that CSDM has been implemented correctly, so it 'should' always be correct. 

Agree re your SLA point.  I meant to say 'Service Availability', calculated against the Offerings commitments, rolled up through the Tech/Bus Services and the Portfolio taxonomy, based on recognised outages as a consequence of being impacted by an incident.  

I hope you agree that Impacted Services should never contain Tech/Business Services though, as there should be no CI Relationship to them (unless there's code I've missed that adds them based on the Offering 'parent reference'?). 

Totally agree re the task_service_offering related list!  Why does it exist at all? 

I think the model is broad enough to accommodate a variety of solutions. In the end, so long as the CSDM relationships are in place, including App Service population, the Change and Incident Properties are activated, and Affected CIs [task_ci] is populated, then the "impacted" lists will be populated, so service impact is recorded.

This page has a leading practice guide which I believe is a good example of what to do if you or the customer has no constraints or previous designs.

Impacted Services does contain Business/Technical Service records OOTB - a Task Business Rule copies the Service on the Task to the Impacted Services record. However the point of this (other than identifying a single

Ah, you are right of course. The "Sync BS with Impacted Services" business rule on the Task table, triggered for Incident, Problem and Change, is pre-CSDM (2017) and hasn't been touched since.  It's a good example of legacy code that doesn't add value to CSDM compliant customers, and worse, encourages bad practice. 

I can see an argument for the newer "Sync Service Offering" business rule script on the Task table, as it helps to record that the 'service offered' - through the task CI  - is impacted in some way.  Even here, the business rule is not need if the CSDM relationships are in place, as then the accountable Offering would already be listed as impacted (though the 'contains' CI rel to Dynamic CI groups and their service-CI associations, or direct CI reps). 

Agree, the model is broad enough to accommodate a variety of solutions, but I'd love to see ServiceNow ensure that the default configuration is always the CSDM-compliant solution, and not the mess we face today. 

Yes, exactly. If you implement impacted service offerings properly from CSDM relationships then it's advisable to deactivate the Sync Service Offering business rule because you will see a "duplicate key violation" log message when impacted services refresh attempts to insert the same Service Offering against the same Task that the BR already created. Of course you could modify the way you implement impacted service offerings but it is much easier just to turn the BR off 🙂

Hi @Chris Shakespea ,

This was a great article on this subject, and I really appreciate the details you outlined. I would, however, just like some elaboration on what you mentioned in 'Scenario #3', where you said "Child incident can be raised for the Technical Service Offering"

What did you mean by this and can you provide an example?

Thanks again!

From a record producer / Employee Center perspective,  what are your suggestions to have the right balance between way too many forms to choose from and one form having a drop down that is way too long?

Wouldn't it be nice if you could use the filter editor to add: Class is (dynamic) Principal Class?
Sorry to disappoint.

But if you think it's a good idea, vote for it!

Dynamic Filter Option for CMDB Class is (dynamic) Principal Class