Discovery for Alibaba Cloud
Summarize
Summary of Discovery for Alibaba Cloud
Alibaba Cloud discovery is an automated process within the IT Operations Management (ITOM) Visibility framework that scans and identifies resources in your organization's cloud infrastructure. This process ensures the integrity of your Configuration Management Database (CMDB) by providing accurate data about your Alibaba Cloud resources.
Show less
Key Features
- Pattern-Based Discovery: Utilizes Discovery and Service Mapping Patterns to identify and map Alibaba Cloud resources, including metadata like service accounts, datacenters, availability zones, and OS images.
- Configuration Items (CIs): Creates CIs for discovered resources and identifies their relationships, enhancing visibility into your cloud environment.
- Permissions Management: Requires proper permissions for Alibaba Cloud users, ensuring they have at least read-only access to necessary services for effective discovery.
Key Outcomes
To successfully configure Alibaba Cloud discovery, follow these steps:
- Prepare the ServiceNow AI Platform by installing necessary plugins and setting up credentials.
- Ensure users have the discoveryadmin role for creating API credentials and service accounts.
- Establish Identity and Access Management roles within Alibaba Cloud for proper access.
- Create a Discovery schedule to automate the discovery process.
Regularly check for updates on discovery patterns to maintain the latest capabilities for resource identification.
Alibaba Cloud discovery is one of the overall Cloud discovery offerings within the IT Operations Management (ITOM) Visibility framework. It’s an automated process used to scan and identify Alibaba Cloud resources within your organization's cloud infrastructure. This discovery process is critical for maintaining an accurate and trustworthy data foundation—the Configuration Management Database (CMDB).
Pattern-based cloud discovery
- Cloud service accounts.
- Datacenters.
- Availability zones.
- Hardware types.
Discovery and Service Mapping Patterns create configuration items (CIs) for your Alibaba Cloud resources. Additionally, patterns discover the relationships between your organization's Alibaba Cloud resources, such as Hosted On :: Hosts.
See Alibaba Cloud discovery using patterns to learn about all Alibaba Cloud resources you can discover using Patterns.
Verify the REST API Permissions
Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.
Alibaba Cloud discovery configuration
The basic steps to configure pattern-based discovery for Alibaba Cloud involve preparation on the ServiceNow AI Platform side like installing necessary plugins and setting up credentials. The discovery_admin role in ServiceNow AI Platform is required for creating Alibaba Cloud API credentials and service accounts.
The discovery process requires configuration within Alibaba Cloud, like setting up Identity and Access Management roles. The discovery permissions of Alibaba Cloud users are determined by their access levels within Alibaba Cloud.
To promote proper discovery, the Alibaba Cloud user must have at least read-only access to the necessary Alibaba Cloud services.
| Alibaba Cloud user | Discovery permissions |
|---|---|
| Root Account (Master Account) | Full access to all Alibaba Cloud resources and services, including Elastic Compute Service (ECS), Object Storage Service (OSS), Relational Database Service (RDS), and Resource Access Management (RAM). Can create and manage RAM users, assign permissions, and perform billing operations. |
| RAM user | Access to specific Alibaba Cloud resources and services based on assigned policies. Can be granted read-only access for discovery purposes. |
| RAM Role (AssumedRoleUser) | Temporary access to Alibaba Cloud resources and services based on assumed role policies. Useful for cross-account access, temporary access, or access by ECS instances. |
| Typical persona | Roles and permissions | Responsibility | Link to detailed documentation |
|---|---|---|---|
| ServiceNow administrator or IT Implementation Specialist | admin | Install the store applications and update them on every store release:
|
ITOM Store upgrades |
| ServiceNow administrator | admin |
|
Create the MID Server user and grant the role |
| ServiceNow administrator | admin, mid_server | Install a MID Server. | |
| ServiceNow administrator | admin | Validate that the MID Server is installed correctly. | Validate the MID Server |
| ServiceNow administrator | admin | Assigning users with discovery_admin roles and giving them permission for discovery. | Managing roles |
| Cloud administrator or Discovery administrator | discovery_admin | Creating Alibaba Cloud service accounts | Set up Alibaba Cloud service accounts |
| Cloud administrator or Discovery administrator | The person configuring the API credentials must have the discovery_admin role in ServiceNow and must have access to the Alibaba Cloud Access Key ID and Access Key Secret. | Configuring Alibaba Cloud API credentials | Create Alibaba Cloud API Credentials |
| Discovery administrator | discovery_admin | Use Discovery and Service Mapping Patterns | Alibaba Cloud discovery using patterns |
| Discovery administrator | discovery_admin | Set up a discovery schedule for Alibaba Cloud |