Set up data sources and scheduled import jobs to pull in data from Azure into your CMDB.

Before you begin

Important: Unless there are configuration issues, use the SGC Central view in the CMDB Workspace to configure the connection for the connector, as the guided setup method is being deprecated.

To use this Service Graph Connector, you need a subscription to a Subscription Unit that is based in the IT Operations Management (ITOM) Visibility application or in the ITOM Discovery application. As defined in the section titled "Managed IT Resource Types" in ServiceNow Subscription Unit Overview for your subscription, for managed IT resources that are created or modified in the CMDB by this Service Graph Connector, but that aren’t yet managed by ITOM Visibility or ITOM Discovery, these resources will increase Subscription Unit consumption from that application. Review your current Subscription Unit consumption within ITOM Visibility or ITOM Discovery to ensure available capacity.

Dependencies and requirements:
  • The Integration Commons for CMDB store app, which is automatically installed.
  • The CMDB CI class models store app, which is automatically installed. See CMDB CI Class Models.
  • Discovery Core plugin (com.snc.discovery.core), which is automatically installed by Discovery.
  • The Datastream Action plugin (com.glide.hub.action_type.datastream), which is automatically installed.
  • The ITOM Discovery License plugin (com.snc.itom.discovery.license). You must activate this plugin.
  • ITOM Licensing plugin (com.snc.itom.license). For more information, see Request Discovery.
Important: After the initial import of Azure data, the application performs a delta import of data. However, you can perform a full pull of data anytime later by disabling the delta synchronization and setting the sn_sg_azure_integ.is_delta_sync_enabled property to false. For more information, see Configuring data synchronization in Service Graph Connector for Microsoft Azure.

Role required: admin

About this task

The connector uses the Azure Management APIs for the complete pull of data from Azure. However, to pull delta changes from Azure, the Azure Resource Graph APIs are used. The domain name system (DNS) is Microsoft Azure Management, but the path is a resource graph.

For more information on the Azure setup instructions, see the Service Graph Connector for Azure - Overview article on the ServiceNow Community site.

Procedure

  1. Navigate to All > Service Graph Connectors > Azure > Setup.
  2. On the Getting started page, select Get Started.
  3. Create data sources and scheduled imports for the new connection.
    1. On the Service Graph Connector for Microsoft Azure page, in the Update Data Sources and Scheduled Imports Access, select the task Update Scheduled Data Import Access.
    2. In the Update Scheduled Data Import Access section, select Configure and do the following:
      1. For the Update Scheduled Data Import access task, select Configure.
      2. Select the Global application scope by using the application picker.
      3. In the Application Access related list, select the Can create, Can update, and Can delete check boxes, if not already selected.
      4. Select Update to close the tab and return to the guided setup.
      5. Modify the application scope again to Service Graph Connector for Microsoft Azure by using the application picker.
      6. Set the Update Scheduled Data Import access task to complete by selecting Mark as Complete.
      7. Repeat the steps 3.b.ii to 3.b.v for the Update Data Source Access task with the Data Source [sys_data_source] table and set the task to complete by selecting Mark as Complete.
    3. Clear the cache for the new connection.
      1. In the Clear Cache for Datasource and Import set section, select Configure.
      2. In the Run script text box of the background script page, enter the following script:
        GlideTableManager.invalidateTable("sys_data_source");
      GlideCacheManager.flushTable("sys_data_source");

      GlideTableManager.invalidateTable("scheduled_import_set");
      GlideCacheManager.flushTable("scheduled_import_set");

      GlideTableManager.invalidateTable("sys_db_object");
      GlideCacheManager.flushTable("sys_db_object");
      3. Select Run Script to run the background script in the global scope.

        The script may take several minutes to execute.

      4. After the script is executed, select Close.
      5. From the application picker, select the Service Graph Connector for Microsoft Azure application.
      6. Select Mark as Complete.
  4. Create a connection to import hardware configuration items (CIs) from the Azure client application.
    Note: Ensure that you have the User.Read permission on the Microsoft Graph API for the hardware import. Also, ensure that the IAM policy for the Azure subscription has the Reader role. See Assign a user as an administrator of an Azure subscription with conditions on the Microsoft Azure documentation site.
    1. Obtain the OAuth credentials from your Azure administrator.
      Make a note of the following details:
      • Application (client) ID
      • Client Secret
      • Directory (tenant) ID
      • Connection URL
      Note: After getting the OAuth credentials, in the guided setup for Service Graph Connector for Microsoft Azure, go to the Create connection for the hardware import section of the Service Graph Connector for Microsoft Azure page and set the Get the OAuth credentials task to complete by selecting Mark as Complete.
    2. Configure your Azure hardware connection and credentials.
      1. In the Create connection for the hardware import section of the Service Graph Connector for Microsoft Azure page, select Continue.
      2. For the Create or Edit connection task, select Configure.
      3. On the Connections page of the Workflow Studio, select Configure for the SG-Azure Hardware Connection connection that is available by default for the hardware import.

        You can create multiple connections by selecting Add Connection.

      4. On the form, review and modify the fields.
        Table 1. Configure Connection form
        Field Description
        Connection Information
        Connection Name Name to uniquely identify the hardware connection record. For example, SG-Azure Hardware Connection.
        Connection URL Base URL to connect to your Azure client application.
        Note: This field is automatically set to the URL to connect to the application. Leave the field value as is.
        Credential Information
        OAuth Client ID Application (client) ID of your Azure client application as described in step 4.a.
        OAuth Client Secret Client Secret of your Azure client application as described in step 4.a.
        OAuth Token URL Token URL of your Azure client application.
        Based on the region of your Azure client application, enter the token URL in one of the following formats:
        • Global
          https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token
        • US Government
          https://login.microsoftonline.us/<tenantid>/oauth2/v2.0/token
        • China
          https://login.partner.microsoftonline.cn/<tenantid>/oauth2/v2.0/token
        • Germany
          https://login.microsoftonline.de/<tenantid>/oauth2/v2.0/token
        Where <tenantid> is the tenant ID of your Azure client application as described in step 4.a.
      5. Select Configure and Get OAuth Token.
      6. When the OAuth token flow is successfully completed, return to the Create connection for the hardware import task page using the back button for your browser.
      7. Set the Create or Edit connection task to complete by selecting Mark as Complete.
    3. Test the Microsoft Graph API connection to import hardware data from the Azure client application.
      1. For the Test Connection task, select Configure.
      2. Select the data source associated with the newly created connection in the Name column of the Data Sources list.
      3. Select the Test Load 20 Records related link.
      4. When the state changes to Complete, return to the setup by selecting Back to Guided Setup in the Help panel.
      5. Set the Test Connection task to complete by selecting Mark as Complete.
    4. Review the scheduled data imports configuration.
      1. For the Set up scheduled import jobs task, select Configure.
      2. Select the SG-Azure Subscriptions scheduled job.
      3. On the Scheduled Data Import form, verify the field values for the scheduled job and select the Active check box.

        For more information, see Schedule a data import.

      4. Select Update.
      5. Set the Set up scheduled import jobs task to complete by selecting Mark as Complete in the Help panel.
  5. Create a connection to import software information from the Azure client application.
    Note: Ensure that you have the Data.Read permission on the Log Analytics API for the software import.
    1. Obtain the OAuth credentials and set up the Log Analytics workspace in the Azure.
      1. Ensure that you have the OAuth credentials from step 4.a.
      2. Configure the Log Analytics workspace in the Azure client application.
        • Use an existing workspace, if available.
        • Create another workspace.

          For more information, see Create Log Analytics workspace in the Azure documentation.

        Note: Make a note of the Workspace ID.
      3. Deploy Azure Monitoring Agent (AMA), and then enable change tracking and inventory using AMA.

        For more information, see Enable Change Tracking and Inventory using Azure Monitoring Agent in the Azure documentation.

      4. Deploy Dependency Agent as part of VM insights to collect discovered data about VM processes and their connections.

        For more information, see Enable VM Insights overview in the Azure documentation.

      Note: After obtaining the OAuth credentials, in the guided setup for Service Graph Connector for Microsoft Azure, go to the Create connection for the software import section of the Service Graph Connector for Microsoft Azure page and set the Get the OAuth credentials task to complete by selecting Mark as Complete.
    2. Configure your Azure software connection and credentials.
      1. In the Create connection for the software import section of the Service Graph Connector for Microsoft Azure page, select Continue.
      2. For the Create or Edit connection task, select Configure.
      3. On the Connections page of the Workflow Studio, select Configure for the SG-Azure log analytics connection connection that is available by default for the software import.

        You can create multiple connections by selecting Add Connection.

      4. On the form, review and modify the fields.
        Table 2. Configure Connection form
        Field Description
        Connection Information
        Software Connection Name Name to uniquely identify the software connection record. For example, SG-Azure log analytics connection.
        Hardware Connection Name Name of the hardware connection associated with the software as described in step 4.b.iv.

        You add a hardware connection name to associate the software connection with the respective hardware.
        Connection URL Base URL to connect to the Log Analytics workspace in the following format: 
        https://api.loganalytics.io/v1/workspaces/<workspace_id>
        Where <workspace_id> is the ID of the Log Analytics workspace as described in step 5.a.ii.
        Note: This field is automatically set to the URL to connect to the Log Analytics workspace. Replace the <workspace_id> variable in the auto-generated URL with the workspace ID of your Log Analytics workspace.
        Credential Information
        OAuth Client ID Application (client) ID of your Azure client application as described in step 4.a.
        OAuth Client Secret Client Secret of your Azure client application as described in step 4.a.
        OAuth Token URL Token URL of your Azure client application.
        Based on the region of your Azure client application, enter the token URL in one of the following formats:
        • Global 
          https://login.microsoftonline.com/<tenantid>/oauth2/v2.0/token
        • US Government
          https://login.microsoftonline.us/<tenantid>/oauth2/v2.0/token
        • China
          https://login.partner.microsoftonline.cn/<tenantid>/oauth2/v2.0/token
        • Germany
          https://login.microsoftonline.de/<tenantid>/oauth2/v2.0/token
        Where <tenantid> is the tenant ID of your Azure client application as described in step 4.a.
      5. Select Configure and Get OAuth Token.
      6. When the OAuth token flow is successfully completed, return to the Create connection for the software import task page using the back button for your browser.
      7. Set the Create or Edit connection task to complete by selecting Mark as Complete.
    3. Test the Log Analytics API connection to import software data from the Azure client application.
      1. For the Test Connection task, select Configure.
      2. Select the data source associated with the newly created connection in the Name column of the Data Sources list.
      3. Select the Test Load 20 Records related link.
      4. When the state changes to Complete, return to the setup by selecting Back to Guided Setup in the Help panel.
      5. Set the Test Connection task to complete by selecting Mark as Complete.
    4. Review the scheduled data imports configuration.
      1. For the Set up scheduled import jobs task, select Configure.
      2. Select the SG-Azure Software scheduled data import.
      3. On the Scheduled Data Import form, verify the field values for the scheduled job and select the Active check box.

        For more information, see Schedule a data import.

      4. Select Update.
      5. Set the Set up scheduled import jobs task to complete by selecting Mark as Complete in the Help panel.
  6. (Optional) Enable extended discovery using the run command.

    The run command is used to run a set of commands on the VMs to fetch server information such as CPU count, cores, model, and manufacturer.

    1. Download the scripts that are required to enable extended discovery.
      1. For the Download the scripts task, select Configure.
      2. After the scripts are downloaded, select Mark as Complete to set the Download the scripts task to complete.
    2. Configure an Azure storage account for extended discovery.
      1. For the Configure Azure Storage account for Run Command task, select Configure.

        For information about configuring an Azure storage account for extended discovery, see the Instructions for setting up Run Command in Service Graph Connector for Azure [KB2001668] article in the Now Support Knowledge Base.

      2. Set up a new Azure storage account.
      3. Set up a container to upload the script files.
      4. Set up another container to store the results.
      5. Provide run command access to the service principal.
      6. Select Mark as Complete to set the Configure Azure Storage account for Run Command task to complete.
    3. Configure the connection properties for the new instance that you created for Service Graph Connector for Microsoft Azure.
      1. For the Configure connection properties task, select Configure.
      2. In the Connection* field of the SG-Azure Configuration Properties section, select the new instance that you created.

        The fields in the Properties section are populated with the details of the instance.

      3. In the Properties section, provide the following details for the instance that you created:
        • Name of the storage account where the containers are created
        • Subscription ID where the storage account is created
        • Resource group of the storage account
        • Name of the container where the sh and ps1 files are uploaded in Azure
        • Name of the container where the results of the commands are to be stored
        • URI of the sh file that has to be run on Linux machines
        • URI of the ps1 file that has to be run on Windows machines
      4. Select Save.
      5. Select Mark as Complete to set the Configure connection properties task to complete.

Result

The data from Azure is pulled into your CMDB.