Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • IT Operations Management
Table of Contents
Choose your release version
    Home Orlando IT Operations Management IT Operations Management ITOM Visibility Discovery Cloud Discovery Azure Cloud Discovery

    Azure Cloud Discovery

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Azure Cloud Discovery

    If your cloud resources are in an Azure cloud, you must create a user identity called a service principal that grants permissions to the MID Server to access selected resources.

    A service principal for Azure cloud services is similar to a Microsoft Windows service account that enables Windows processes to communicate with each other within an Active Directory domain.

    To create the Azure service principal in your ServiceNow instance, copy the service principal credential values from the Azure portal into a text editor, and then transfer those values into the instance. The text file that you generate during this procedure might look something like this:
    Text file that temporarily holds Azure service principal credential values
    This table shows you the location in Azure where you can find the values you need for the credentials.
    Cloud Management setting Location of the Azure value
    Tenant ID Azure Active Directory > Properties > Directory ID
    Client ID Azure Active Directory > App registrations > Registered App.Application ID
    Secret Key Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
    Account ID Azure Active Directory > Subscriptions > Subscription ID

    Create Azure cloud credentials

    If your cloud resources are in an Azure cloud, create credentials that can access the Azure account. This procedure requires configuration in your Azure account.

    Before you begin

    Roles required:
    • Operations on the Microsoft Azure portal require one of the following roles:
      • Azure or Azure AD (Active Directory) Administrator
      • Application Administrator
      • Application Developer
      • Cloud Application Administrator
      and the Resource Policy Contributor role to create or modify resource policies.
    • Enable internal network connection between the MID Servers and the Azure Cloud API endpoints: management.azure.com

    Procedure

    1. Log in to the Azure portal and navigate to Azure Active Directory.
    2. Navigate to the App registrations section and click New application registration. Enter the following information for your application:
      Register an application
      Field Description
      Name Unique name for the application and its integration credentials. For example, ServiceNow Integration.
      Supported account types Specify who can use the application.
      Redirect URI (Optional) URL that accesses Azure. Typically the URL of the ServiceNow instance.
    3. Select Register to complete the app registration.
    4. When registration completes, hover over the Application ID and click Copy to clipboard.
    5. Paste the Application ID into the text editor and label it Application ID.
    6. In the Azure portal, navigate to the Certificates & secrets section and New client secret then specify the following values:
      Field Description
      Key description Description for the key.
      Duration The default is Never Expires.
      Note: Your organization may apply policies to restrict key durability. Select the appropriate duration.
    7. Click Add.
    8. Copy and paste the key value into the text editor and label the value Application key.
    9. To enable the service principal to work with various Azure subscriptions, navigate to Subscriptions. To manage multiple subscriptions, you must perform the following procedure for each subscription:
      1. Paste the subscription ID into the text editor and label it Subscription ID.
      2. Navigate to the subscription and select Access Control (IAM) from the menu.
      3. Click + Add at the top of the screen then Add role assignment.
      4. Select the value reader from the Role field. Let the default value User, group, or service principal remain as is in the Assign access to field.
        Note: The contributor role is only required for provisioning.
      5. Select the name you created in step 2 in the Select field and click Save.
        Add role assignment
    10. In the Discovery Manager, click the plus icon (+) and then select Azure Service Principal from the list.
    11. Specify the following values on the Azure Service Principal form:
      Field Value
      Name Name of the service principal to register with the instance. For example, Azure service principal credentials.
      Authentication Method Select Client secret.

      The Secret key field appears when you select Client secret.

      Note: Client assertion is not supported.
    12. Copy and paste values from the temporary text file into the remaining fields.
      Azure credentials
      Credentials form field Azure Service Principal value
      Tenant ID Azure Directory ID value from the text file.
      Client ID Azure Application ID value from the text file.
      Secret key Azure Application key value from the text file.
    13. Click Save to create the Azure service principal.
    14. Click the Discover Subscriptions related link to find all subscriptions for the Azure service principal.
      The instance creates a service account for each discovered subscription. The Azure Subscriptions related list displays all subscriptions for the Azure service principal.
    15. Click a subscription to view the service account created for the subscription.
    16. Click a Discovery status entry in the Credential Discovery Status list to view the Discovery log.
      Each time you click Discover Subscription, the instance generates a new Discovery status and displays it in the Credential Discovery Status list.

    Data collected for Azure Cloud Discovery

    Discovery collects information about cloud resources in Azure datacenters.

    How Discovery finds Azure resources

    Discovery uses the Cloud Management API and patterns to find cloud resources.

    Table 1. Default patterns
    Pattern Description
    Azure Database Retrieves Azure databases, including MSSQL, MySQL, Redis, and Documentum, and populates the [cmdb_ci_cloud_database] table.
    Azure LoadBalancer TD Retrieves Azure load balancers and populates the cmdb_ci_lb_service table. This pattern is only used by Service Mapping for top-down discovery, not by the Discovery application for horizontal discovery.
    Azure WebSite Retrieves Azure web servers and populates the Cloud WebServers [cmdb_ci_cloud_webserver] and IP address [cmdb_ci_ip_address] tables.

    Data collected

    Table 2. Azure Datacenter [cmdb_ci_azure_datacenter]
    Label Field Name
    Name name
    Region region
    Object ID object_id

    Table 3. Availability Zone [cmdb_ci_availability_zone]
    Label Field Name
    Name name

    Table 4. Virtual Machine Instance [cmdb_ci_vm_instance]
    Label Field Name
    Name name
    State state
    Object ID object_id
    CPUs cpus
    Disks disks
    Disks size (GB) disks_size
    Memory memory
    Network adapters nics
    VM Instance ID vm_inst_id

    Table 5. Compute Security Groups [cmdb_ci_compute_security_group]
    Label Field Name
    Name name
    Object ID object_id
    State state

    Table 6. Images [cmdb_ci_os_template]
    Label Field Name
    Name name
    Object ID object_id
    Guest OS guest_os
    Root device type root_device_type
    Image source image_source
    Image type image_type

    Table 7. Hardware Type [cmdb_ci_compute_template]
    Label Field Name
    Name name
    vCPUs vcpus
    Memory MB memory_mb
    Local Storage GB local_storage_gb

    Table 8. Storage Volume [cmdb_ci_storage_volume]
    Label Field Name
    Name name
    State state
    Object ID object_id
    Storage type storage_type
    Size size

    Table 9. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
    Label Field Name
    Name name
    State* state
    CIDR* cidr
    *Not found on VMware vCenter networks.

    Table 10. Cloud Subnets [cmdb_ci_cloud_subnet]
    Label Field Name
    Name name
    Status status
    CIDR cidr

    Table 11. Cloud Management Network Interfaces [cmdb_ci_nic]
    Label Field Name
    Name name
    Netmask netmask
    MAC Address mac_address
    MAC Manufacturer mac_manufacturer
    Status install_status

    Table 12. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
    Label Field Name
    Name name
    Object ID object_id
    State state

    Table 13. Azure Deployments [cmdb_ci_azure_deployment]
    Label Field Name
    Name name
    Provisioning state provisioning_state
    Note: This table is only available for Discovery when the Cloud Management plugin is activated.

    Table 14. Resource Groups [cmdb_ci_resource_group]
    Label Field Name
    Name name
    Object ID object_id
    State state
    Operational Status operational_status
    Install Status install_status
    Note:
    • When a resource group is discovered for the first time, the State field is set to Available. The following fields are also set to default values operational_status= Operational, and Status= Installed; based on the response mapping.
    • When a resource group is terminated on Azure, the CMPReconciler scripts sets the State field to Terminated, and operational_status= Non-Operational andStatus= Absent.

    Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
    Label Field Name
    Name name
    Object ID object_id
    Public IP address public_ip_address
    Public DNS public_dns

    Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
    Label Field Name
    Name name
    Object ID object_id
    Sku Name sku_name
    State state

    Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
    Label Field name
    DNS Alias [cmdb_ci_dns_alias]
    Name name
    Category category
    Status status
    DNS name [cmdb_ci_dns_name]
    Name name
    IP address ip_address
    Table 18. Cloud Databases [cmdb_ci_cloud_database]
    Label Field Name Description
    Name name The name of the database that you created in Azure.
    Object ID object_id This is also the name of the database.
    Type Type The type of database you created.
    Fully qualified domain name fqdn The FQDN that Azure assigned to your database.
    State state The state of the database: whether it is Available or Terminated.
    TCP port(s) tcp_port The TCP port that the database communicates through.
    Category category The instance class of the database, for example: db.t2.micro.
    Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
    Label Field Name
    Name name
    Install status install_status
    Vendor vendor
    Fully qualified domain name fqdn
    Operational status operational_status
    State state
    Related concepts
    • Cloud Discovery Landing Page
    • Discovery Manager

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Azure Cloud Discovery

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Azure Cloud Discovery

      If your cloud resources are in an Azure cloud, you must create a user identity called a service principal that grants permissions to the MID Server to access selected resources.

      A service principal for Azure cloud services is similar to a Microsoft Windows service account that enables Windows processes to communicate with each other within an Active Directory domain.

      To create the Azure service principal in your ServiceNow instance, copy the service principal credential values from the Azure portal into a text editor, and then transfer those values into the instance. The text file that you generate during this procedure might look something like this:
      Text file that temporarily holds Azure service principal credential values
      This table shows you the location in Azure where you can find the values you need for the credentials.
      Cloud Management setting Location of the Azure value
      Tenant ID Azure Active Directory > Properties > Directory ID
      Client ID Azure Active Directory > App registrations > Registered App.Application ID
      Secret Key Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
      Account ID Azure Active Directory > Subscriptions > Subscription ID

      Create Azure cloud credentials

      If your cloud resources are in an Azure cloud, create credentials that can access the Azure account. This procedure requires configuration in your Azure account.

      Before you begin

      Roles required:
      • Operations on the Microsoft Azure portal require one of the following roles:
        • Azure or Azure AD (Active Directory) Administrator
        • Application Administrator
        • Application Developer
        • Cloud Application Administrator
        and the Resource Policy Contributor role to create or modify resource policies.
      • Enable internal network connection between the MID Servers and the Azure Cloud API endpoints: management.azure.com

      Procedure

      1. Log in to the Azure portal and navigate to Azure Active Directory.
      2. Navigate to the App registrations section and click New application registration. Enter the following information for your application:
        Register an application
        Field Description
        Name Unique name for the application and its integration credentials. For example, ServiceNow Integration.
        Supported account types Specify who can use the application.
        Redirect URI (Optional) URL that accesses Azure. Typically the URL of the ServiceNow instance.
      3. Select Register to complete the app registration.
      4. When registration completes, hover over the Application ID and click Copy to clipboard.
      5. Paste the Application ID into the text editor and label it Application ID.
      6. In the Azure portal, navigate to the Certificates & secrets section and New client secret then specify the following values:
        Field Description
        Key description Description for the key.
        Duration The default is Never Expires.
        Note: Your organization may apply policies to restrict key durability. Select the appropriate duration.
      7. Click Add.
      8. Copy and paste the key value into the text editor and label the value Application key.
      9. To enable the service principal to work with various Azure subscriptions, navigate to Subscriptions. To manage multiple subscriptions, you must perform the following procedure for each subscription:
        1. Paste the subscription ID into the text editor and label it Subscription ID.
        2. Navigate to the subscription and select Access Control (IAM) from the menu.
        3. Click + Add at the top of the screen then Add role assignment.
        4. Select the value reader from the Role field. Let the default value User, group, or service principal remain as is in the Assign access to field.
          Note: The contributor role is only required for provisioning.
        5. Select the name you created in step 2 in the Select field and click Save.
          Add role assignment
      10. In the Discovery Manager, click the plus icon (+) and then select Azure Service Principal from the list.
      11. Specify the following values on the Azure Service Principal form:
        Field Value
        Name Name of the service principal to register with the instance. For example, Azure service principal credentials.
        Authentication Method Select Client secret.

        The Secret key field appears when you select Client secret.

        Note: Client assertion is not supported.
      12. Copy and paste values from the temporary text file into the remaining fields.
        Azure credentials
        Credentials form field Azure Service Principal value
        Tenant ID Azure Directory ID value from the text file.
        Client ID Azure Application ID value from the text file.
        Secret key Azure Application key value from the text file.
      13. Click Save to create the Azure service principal.
      14. Click the Discover Subscriptions related link to find all subscriptions for the Azure service principal.
        The instance creates a service account for each discovered subscription. The Azure Subscriptions related list displays all subscriptions for the Azure service principal.
      15. Click a subscription to view the service account created for the subscription.
      16. Click a Discovery status entry in the Credential Discovery Status list to view the Discovery log.
        Each time you click Discover Subscription, the instance generates a new Discovery status and displays it in the Credential Discovery Status list.

      Data collected for Azure Cloud Discovery

      Discovery collects information about cloud resources in Azure datacenters.

      How Discovery finds Azure resources

      Discovery uses the Cloud Management API and patterns to find cloud resources.

      Table 1. Default patterns
      Pattern Description
      Azure Database Retrieves Azure databases, including MSSQL, MySQL, Redis, and Documentum, and populates the [cmdb_ci_cloud_database] table.
      Azure LoadBalancer TD Retrieves Azure load balancers and populates the cmdb_ci_lb_service table. This pattern is only used by Service Mapping for top-down discovery, not by the Discovery application for horizontal discovery.
      Azure WebSite Retrieves Azure web servers and populates the Cloud WebServers [cmdb_ci_cloud_webserver] and IP address [cmdb_ci_ip_address] tables.

      Data collected

      Table 2. Azure Datacenter [cmdb_ci_azure_datacenter]
      Label Field Name
      Name name
      Region region
      Object ID object_id

      Table 3. Availability Zone [cmdb_ci_availability_zone]
      Label Field Name
      Name name

      Table 4. Virtual Machine Instance [cmdb_ci_vm_instance]
      Label Field Name
      Name name
      State state
      Object ID object_id
      CPUs cpus
      Disks disks
      Disks size (GB) disks_size
      Memory memory
      Network adapters nics
      VM Instance ID vm_inst_id

      Table 5. Compute Security Groups [cmdb_ci_compute_security_group]
      Label Field Name
      Name name
      Object ID object_id
      State state

      Table 6. Images [cmdb_ci_os_template]
      Label Field Name
      Name name
      Object ID object_id
      Guest OS guest_os
      Root device type root_device_type
      Image source image_source
      Image type image_type

      Table 7. Hardware Type [cmdb_ci_compute_template]
      Label Field Name
      Name name
      vCPUs vcpus
      Memory MB memory_mb
      Local Storage GB local_storage_gb

      Table 8. Storage Volume [cmdb_ci_storage_volume]
      Label Field Name
      Name name
      State state
      Object ID object_id
      Storage type storage_type
      Size size

      Table 9. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
      Label Field Name
      Name name
      State* state
      CIDR* cidr
      *Not found on VMware vCenter networks.

      Table 10. Cloud Subnets [cmdb_ci_cloud_subnet]
      Label Field Name
      Name name
      Status status
      CIDR cidr

      Table 11. Cloud Management Network Interfaces [cmdb_ci_nic]
      Label Field Name
      Name name
      Netmask netmask
      MAC Address mac_address
      MAC Manufacturer mac_manufacturer
      Status install_status

      Table 12. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
      Label Field Name
      Name name
      Object ID object_id
      State state

      Table 13. Azure Deployments [cmdb_ci_azure_deployment]
      Label Field Name
      Name name
      Provisioning state provisioning_state
      Note: This table is only available for Discovery when the Cloud Management plugin is activated.

      Table 14. Resource Groups [cmdb_ci_resource_group]
      Label Field Name
      Name name
      Object ID object_id
      State state
      Operational Status operational_status
      Install Status install_status
      Note:
      • When a resource group is discovered for the first time, the State field is set to Available. The following fields are also set to default values operational_status= Operational, and Status= Installed; based on the response mapping.
      • When a resource group is terminated on Azure, the CMPReconciler scripts sets the State field to Terminated, and operational_status= Non-Operational andStatus= Absent.

      Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
      Label Field Name
      Name name
      Object ID object_id
      Public IP address public_ip_address
      Public DNS public_dns

      Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
      Label Field Name
      Name name
      Object ID object_id
      Sku Name sku_name
      State state

      Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
      Label Field name
      DNS Alias [cmdb_ci_dns_alias]
      Name name
      Category category
      Status status
      DNS name [cmdb_ci_dns_name]
      Name name
      IP address ip_address
      Table 18. Cloud Databases [cmdb_ci_cloud_database]
      Label Field Name Description
      Name name The name of the database that you created in Azure.
      Object ID object_id This is also the name of the database.
      Type Type The type of database you created.
      Fully qualified domain name fqdn The FQDN that Azure assigned to your database.
      State state The state of the database: whether it is Available or Terminated.
      TCP port(s) tcp_port The TCP port that the database communicates through.
      Category category The instance class of the database, for example: db.t2.micro.
      Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
      Label Field Name
      Name name
      Install status install_status
      Vendor vendor
      Fully qualified domain name fqdn
      Operational status operational_status
      State state
      Related concepts
      • Cloud Discovery Landing Page
      • Discovery Manager

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login