To set up the ServiceNow® IBM Cloud Connector application for the very first time, you perform the procedures in this "Day 1" setup guide. Be sure to perform the procedures in order. After you have performed Day 1 setup, you can perform optional Day 2 setup and configuration procedures as needed and in any order. Detailed instructions for each procedure follow this overview.

Note: Starting with the San Diego release, "Cloud Provisioning and Governance - Terraform Connector for IBM Cloud" is being prepared for future deprecation. It will be hidden and no longer activated on new instances but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support knowledge base.

Roles required to set up IBM Cloud Connector

  • Operations in the IBM Cloud Console require the IBM administrator role.
  • Operations in Cloud Provisioning and Governance require the sn_cmp.cloud_admin role.

Domain Separation

The IBM Cloud Connector app does not support domain separation.

Known issue

In some cases, Discovery for IBM Cloud is not able to change the state of some CIs that have been decommissioned in the cloud. In such a case, when an end user launches a cloud catalog item, the CI may still appear as a user-selectable value on the form (because the state hasn't been updated) and may result in a failed request. Workaround: The cloud administrator can change the state of the affected CI to an appropriate value to remove the CI from the cloud catalog form.

About terms that Cloud Provisioning and Governance uses

Cloud providers often use different names for accounts, regions, and credential settings. Because the ServiceNow application supports several cloud providers, the app uses general-purpose names for the settings. In IBM Cloud, the region-specific containers for virtual resources are called locations. In Cloud Provisioning, locations are called datacenters or logical datacenters (LDCs). The term logical is used to reinforce the idea that Cloud Provisioning is provider-agnostic. All infrastructure or applications that are deployed using Cloud Provisioning are associated with a datacenter.

What you will do to integrate your IBM Cloud Connector accounts

Detailed instructions for each procedure follow this overview.
1. Get the IBM Cloud Connector app on the ServiceNow Store
IBM Cloud Connector works with Cloud Provisioning and Governance. After you have set up Cloud Provisioning and Governance, visit the ServiceNow Store website to get IBM Cloud Connector and supporting plugins and apps. For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.
2. Assign roles to IBM Cloud Connector users
You assign Cloud Provisioning and Governance roles to user groups and to individual users based on user activities and responsibilities.
3. Install and configure MID Servers to access cloud environments
To ensure secure and reliable communications, the Discovery process communicates with your cloud provider accounts and cloud resources through one or more MID Servers. You can set up the MID Servers on your network or in one of your cloud networks.
Note: Data is encrypted to the MID Server and between the MID Server and the API endpoint. To ensure high performance and security, you should configure one or more MID Server for each datacenter under management. Configure the MID Server even if you have already configured other MID Servers while setting up Cloud Provisioning and Governance for another cloud provider.
3. Create a Terraform Open Source config provider and run Discovery
A config provider is a secure record on your instance that stores the credential and access information for a particular configuration management server (for example, a host running Ansible, or Terraform). Discovery uses the information in the config provider record to access the configuration management server.
4. Create an IBM Cloud service account
A service account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter.
5. Discover all datacenters in a service account on-demand
Discovery uses the information in the service account to identify all logical datacenters associated with the provider account.
6. Set capacity limits on user requests for resources
Capacity limits place restrictions on the attributes of cloud resources such as the number of virtual machines, virtual CPUs, or aggregate storage. You can set limits on resources separately for each logical datacenter in a cloud account.

Next steps

When you have finished all Day-1 and Day-2 procedures in this setup guide, see the Cloud Provisioning and Governance administration guide for information on using the Cloud Provisioning and Governance application in your organization.