Out Of Box Actions

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Out Of Box Actions

    The Out of the Box (OOB) Actions in the Zurich release provide pre-built deployment, tagging, retrieval, and post-provisioning operations designed to streamline and automate common tasks in ServiceNow’s Cloud Services Catalog (CSC). These actions are implemented as Integration Hub sub-flows within Flow Designer, enabling customers to efficiently manage their cloud resource lifecycles.

    Show full answer Show less

    Key Features

    • Deploy ACC Agent Client Collector: Automatically deploys the ACC agent during the post-provision step for Linux VMs. Requires configuration of an ACC Listener on a MID Server with the appropriate web server endpoint and API key parameters set in the catalog item. Ensures SSH connectivity between MID Server and provisioned VM. Failure triggers a follow-up task and stack status update.
    • CCG Scan Enforcement: Runs default Cloud Compliance Governance (CCG) scans on stack items post-provisioning for Windows and Linux. Violations set the stack to a follow-up state until remediated and related tasks are closed, maintaining compliance governance automation.
    • Tagging Action: Updates key-value tags such as StackName, Application, CostCenter, and BusinessService in the CMDB as part of post-provisioning. Only non-empty fields are recorded, ensuring accurate metadata management for catalog items.
    • Retrieve Windows Password: For Windows catalog items, retrieves the VM administrator password from AWS using a PEM key file and emails it to the requester. Requires a pre-configured SSH private key credential alias ('TFO Server Credential Alias') and correct key path setup in Terraform-based Linux environments.
    • Email URL for Azure Scalable Web Server: Sends the deployed application endpoint URL from Microsoft Azure to the requester after deployment completion, enhancing user notification and access.
    • Retrieve Azure Function App Host Name: Retrieves and provides the hostname of a deployed Azure Function App to the requester post-provisioning, facilitating easy access to deployed functions.

    Practical Considerations for ServiceNow Customers

    • Ensure MID Server connectivity and correct endpoint configuration for ACC deployment.
    • Maintain compliance by monitoring and resolving CCG scan violations promptly.
    • Validate CMDB tagging parameters are populated to keep asset metadata accurate.
    • Set up SSH credentials and key paths properly for Windows password retrieval to function seamlessly.
    • Confirm requester email addresses are configured to receive automated notifications like passwords and URLs.

    By leveraging these OOB actions, customers can automate critical post-provisioning steps, maintain compliance, improve operational efficiency, and enhance user experience with timely notifications and accurate resource tagging.

    The Out of the Box Actions comprise OOB deployment, tagging, retrieving and post-provisioning operations. All these actions are based on Flow Designer and implemented as Integration Hub Sub-flows.

    Actions Flow Designer Sub-flow Name Description
    Deploy ACC-* in post provisioning CSC Content- Post Provisioning- Deploy ACC in Stack VMs

    ACC (agent client collector) is deployed through a Flow Designer action. This is called as post-provision step for the Linux basic VM deployment catalog item. Pre-requisites:

    1. ACC Listener must be configured in any MID Server. This will generate a mid web server endpoint and a MID Server API Key.
    2. In the post provisioning operation parameters of the Basic Linux VM catalog, these two parameters – web server end point (typically in format wss://<IP_Address>:3389/ws/events) and MID Server API Keys, need to be set. Out of the box, these parameters have empty values.
      Note:
      If the generated WS endpoint URL returns the private IP of the MID Server, then that private IP needs to be replaced with public IP of the MID Server VM for the internet-based connectivity.
    3. There should be connectivity over SSH port from the MID Server to the provisioned VM.

    In case of any failure in installing agent on the provisioned VM, a task is created, and stack is set to a 'follow-up required' state and automatically turns active, once all the follow-on tasks are closed.
    CCG Scan in post provisioning CSC Content- Create CCG Policy Scan on Stack Items

    CCG Scan with the default OOB Policy Set in CCG is called with the simple windows and Linux deployment. When a CCG scan fails owing to violation, the stack is set to a follow-up needed state. The operator must ensure that the violation is remediated and close the violation task. Once all the follow-on tasks are closed, the stack automatically turns to active state and can be used by requester.
    Tagging Action CSC Content- Post Provisioning- Update Key Values in CMDB

    All catalog items have a tagging action run as post-provision step. This action only updates the key-value entries in CMDB, not in cloud. The standard tags updated are StackName, Application, CostCenter and BusinessService. Fields with empty values will not be saved as key-value records.
    Retrieve Windows Password CSC Content- Post Provisioning- Retrieve Windows Password

    All windows catalogs have a retrieve password action, which emails the Administrator, the password of the provisioned windows VM to the requester. The password is obtained from AWS after the deployment is complete using a ssh key ('pem') file to decrypt the password. Follow these pre-requisite steps to set up this pem file on the Terraform Linux server:

    1. Ensure that the SSH Private Key credential to the VM with Terraform CLI installed, is associated with the credential alias named 'TFO Server Credential Alias'. This alias is already created with installation of CSC Content pack. This alias is used to SSH into the terraform server to get the windows password from output variable.
    2. Ensure that in the Catalog’s Provision variable set, the variable called 'keypath' has the default value set to the path of the management key (the key which can decrypt the password) on the terraform VM.
    3. Ensure that the requester has set up the email
    Note:
    For custom catalogs, this operation is available for use only, with Terraform Opensource- Linux based catalog items.
    Email URL For Microsoft Azure Scalable Web Server Application CSC Content- Email URL For Microsoft Azure Scalable Web Server Application

    This action is added as a post provision operation in 'CSC Microsoft Azure Linux with Scalable Web Server' catalog item, which emails the deployed application's end point URL to the requester.

    The URL is obtained from Microsoft Azure after the deployment is complete. Ensure the requester has set up the email.
    Retrieve Microsoft Azure Function App Host name CSC Content- Post Provisioning- Retrieve Microsoft Azure Function App Host name

    This action is added as a post provision operation in 'CSC Microsoft Azure Function App catalog item which retrieves the deployed function app's host name to the requester.