Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Cloud Discovery

Log in to subscribe to topics and get notified when content changes.

Cloud Discovery

Cloud Discovery provides a wizard that allows you to create and run cloud schedules in a single interface. When you create a schedule with the Discovery Manager, you select the accounts to discover, the credentials for accessing these accounts, and the MID Servers to scan the resources. You can then view the results in the Discovery Home page and track any errors that might have occurred.

How Cloud Discovery works

You can select an existing service account to discover or create one with the wizard. Select the appropriate credentials for the account and test the connection. If the connection is successful, Discovery returns the logical datacenters associated with the account, as well as any sub-accounts for selection. The cloud schedule creation process launches the necessary patterns to discover the sub-accounts and datacenters you select.

The Discovery Manager offers you the option to discover your cloud resources (virtual machines). Cloud Discovery by IP ranges finds all the VMs in a cloud service account. Just select a MID Server configured for Cloud Discovery and create the schedule. Discovery determines the IP addresses to scan, based on the IP ranges in your cloud service account. Make sure you have one or more MID Servers up and running that can access those addresses.
Note: You do not need the Cloud Management plugin to use Cloud Discovery. The Discovery plugin includes the necessary components from Cloud Management to perform Cloud Discovery.

Managing your cloud resources

The instance displays all results from a Cloud Discovery in the Discovery Home page. You can drill down into specific schedules, discovered devices, cloud resources, and errors. Sort these results for a closer look and view Discovery trends for the devices you find. Error results give you specific suggestions for fixing any problems you encounter.

Your instance can detect notifications and alerts from AWS and Azure clouds. You can configure these events to make the necessary updates to your CMDB without additional scanning. AWS or Azure event processing requires the Cloud Management plugin and is configured in the application. For more information, see Set up AWS event processing for Discovery and Service Mapping and Configure the Azure Alert service to auto-update the CMDB.

AWS master accounts for AWS Organizations

An AWS organization is a collection of AWS accounts under a single account. Cloud discovery refers to AWS Organizations in the wizard as master accounts. The member accounts that belong to a master account are called sub-accounts.

Note: Cloud discovery on AWS Organizations is not fully supported in a GovCloud isolated region.
The advantages of using master accounts are:
Easy population of sub-accounts
After you configure the master account and supply the necessary credentials, you can the test connection to it. Discovery then detects the member accounts in that master account and displays them for selection. You can choose one or more sub-accounts to include in the Discovery of the master account.
Discovery of sub-account resources using dynamically acquired credentials

When you run Discovery on your cloud resources, you do not need separate credentials for each sub-account. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each sub-account via an AWS API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security.

Cloud Discovery process

  1. Install and validate a MID Server using the procedure in MID Server installation. If you do not have a MID Server running in your environment, you can use Guided Setup to quickly install and validate a MID Server. Make sure you configure Cloud Discovery MID Servers with the Cloud Management capability.
  2. Open the Discovery Manager and configure the following:
    Service account
    You can provide the information for an existing account or add an account. If you have an AWS organization with several member accounts that belong to it, you can designate a service account as a master account, and then select any sub-accounts to discover.
    Cloud credentials
    Select and test your cloud credentials or add new credentials. If you are using AWS, you can configure IAM roles in an AWS instance profile that will grant temporary credentials to your master account without requiring credentials in the instance. To receive temporary AWS credentials for one or more member accounts, you can assume an AWS member role.
    Datacenters
    Select specific datacenters in your account to discover or configure Discovery to automatically include all current and future datacenters.
    Virtual machine (VM) resources
    Optionally, configure the schedule to discover VM resources by IP address. Discovery returns additional information about the VMs, including installed software and running applications.
    Note: For the Cloud Insights application, Cloud Discovery does not display the Discover Virtual Machines (optional) phase in the Discovery Manager tab bar.
    Schedule
    Create a Cloud Discovery schedule. You can run your schedule immediately from the Discovery Manager or exit the configuration and let Discovery run as scheduled.
  3. View Discovery results on the Discovery Home page. You can view details for:
    • Schedules
    • Discovered Devices (VMs)
    • Cloud Resources
    • Errors

Using a MID Server through a proxy

If your MID Server must go through an unauthenticated proxy server to access cloud resources, you must modify the agent\conf\wrapper-override.conf file, as follows:

wrapper.java.additional.1=-Dhttp.proxySet=true 
wrapper.java.additional.2=-Dhttp.proxyHost=<proxyHost> 
wrapper.java.additional.3=-Dhttp.proxyPort=<proxyPort> 
wrapper.java.additional.4=-DuseProxy=true 

As with any changes to the MID Server files, restart the MID Server and then test Discovery.

Feedback