AWS Partner Network (APN) Blog
Achieving business-aware AWS infrastructure Visibility with ServiceNow
By Sunil Bemarkar, Sr. Partner Solutions Architect – AWS
By Gian Mario Deluigi, Senior Outbound Product Manager – ServiceNow
ServiceNow |
Modern IT infrastructures are diverse, spanning physical, virtual, and cloud resources from multiple vendors and providers, and dynamic, with frequent asset changes over time. To effectively manage such heterogeneous environments, it is crucial to keep track of the configuration data of each underlying resource at any given point in time.
Organizations frequently rely on multiple management tools and siloed data sources, which are difficult to integrate and lead to incomplete or inconsistent resource inventories. Cloud based IT infrastructure have these issues as well. AWS, as a leading cloud service provider, hosts a vast array of services for organizations, including compute instances, storage, databases, and networking. The dynamic and scalable nature of AWS services means that the cloud environment is constantly evolving. Manual discovery processes are time-consuming, error-prone, and often fail to keep up with the pace of change in modern IT environments. Undiscovered or unmanaged resources can introduce security vulnerabilities, compliance violations, and potential data breaches, putting the organization at risk.
Despite these challenges, discovering infrastructure resources is essential to enable organization-wide outcomes, such as operational efficiency, compliance, automation, effective governance and risk management. Having a comprehensive view of all resources allows IT teams to ensure compliance with corporate policies, industry regulations, and security standards, for proactive risk mitigation and audit readiness. Automated discovery reduces manual effort and improves overall IT service delivery. Automating the discovery process provides IT teams with accurate, real-time visibility insights into their AWS resources, which is crucial for achieving operational excellence.
As per a McKinsey report titled “Ending the confusion in cloud transformations: The dashboards and metrics everyone needs”, a global automotive supplier worked with their IT finance to determine which server decommissioning would generate the most savings and tracked this closely over time, avoiding more than $500,000 of capital expenditures within six months. The use of automated infrastructure visibility tool can unlock many such benefits. We will describe the automated visibility approach in this blog post.
ServiceNow is an AWS Partner Network (APN) Advanced Technology Partner and a member of the AWS Public Sector Partner Program. ServiceNow platform gives enterprises complete visibility of their entire IT environment, including virtualized and cloud infrastructure, while correlating every infrastructure piece with its business impact. ServiceNow also simplifies service delivery and assurance, consolidating IT service and infrastructure data into a single system of record.
In this post, you will learn how the ServiceNow platform allows organizations to maintain an accurate and up-to-date inventory of the AWS Cloud infrastructure in its unique source of truth, the ServiceNow Configuration Management Database (CMDB), to succeed in your cloud transformation journey.
The Importance of AWS Resource Discovery
ServiceNow’s IT Operations Management (ITOM) enables organizations to discover AWS Cloud Infrastructure resources, unlocking the following use cases:
- Regulatory and Compliance: Having an accurate centralized system of record allows organizations to adhere to regulatory and compliance frameworks such as PCI DSS, HIPAA, GDPR and others, regardless of the industry in which they operate.
- Software License and Cloud Cost Optimization: Detailed discovery of AWS resources enable organizations to optimize software licensing posture (by identifying unused or non-compliant licenses) and cloud infrastructure (by identifying unused and unmanaged resources). This results in better cost management and overall efficiency.
- Security Posture & Vulnerability response: ServiceNow Platform leverages detailed AWS infrastructure discovery to align the organization’s security posture with the security standards such as ISO/IEC 27001, SOC2, PCI DSS, NIST SP 800-53 and others, while identifying, prioritizing and remediating vulnerabilities.
- Business alignment: Understanding how each AWS infrastructure component impacts business services is key for organizations to identify service issues as they arise, and prioritize issues based on business impact. Effective service mapping allows organizations to quickly create an accurate picture of how their IT applications, equipment, and dependencies work together to deliver end-user services. This results in a faster time to value across the board.
- Cloud Configuration Governance: Adhering to corporate cloud policies is a top priority for organizations operating in the cloud. Discovery of AWS resources enable governance initiatives by providing a foundation for auditing and enforcing cloud configurations, ensuring policy compliance across the entire infrastructure landscape.
In a ServiceNow case study titled Transurban elevates service experience with automation, Transurban, an Australian company that specializes in the construction and operation of toll roads, mentioned that by integrating ServiceNow IT Operations Management (ITOM) Discovery with AWS Cloud and the on-premises environment, they now have a trusted single system record in ServiceNow CMDB to ensure data accuracy and consistency.
ServiceNow ITOM’s Approaches to AWS Resource Discovery
ServiceNow ITOM Visibility offers a comprehensive set of options for discovering AWS resources, covering both traditional cloud resources and Kubernetes. Here are different approaches you can effectively use for AWS resource discovery:
Figure 1 – ServiceNow ITOM’s Approaches to AWS Resource Discovery
Cloud Topology Discovery
Cloud Topology Discovery is aimed at collecting AWS Cloud metadata information, relationships, and tags (keys and values). ServiceNow offers two main approaches:
- Cloud Discovery: ServiceNow will discover AWS resources such as Amazon Elastic Cloud Compute (Amazon EC2) instances, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Relational Database Service (Amazon RDS) databases, and much more through scheduled Cloud Discovery runs, updating the CMDB with the latest cloud resources metadata, relationships, and tags at every run. A complementary approach to Cloud Discovery is Event-driven Discovery, which detects any relevant configuration changes in the AWS Cloud environments that happen between each discovery schedule. This proactive approach ensures that the discovered inventory remains up-to-date and reflects the dynamic nature of cloud environments. Other great allies of Cloud Discovery are Tag Governance and Tag-Based Service Mapping, which provide the ability to govern resources via Tags (keys and values) and gather business alignment of cloud resources.
- AWS Service Graph Connector: The AWS Service graph connector integrates directly with AWS APIs to collect metadata, relationships, and tags for AWS cloud resources such as EC2 instances, RDS databases, S3 buckets, Amazon DynamoDB, AWS Lambda functions, and much more. This can be considered a scheduled import of data.
OS-Level Discovery
OS-Level Discovery is aimed at collecting more detailed information about the Operating System of AWS VM’s, such as OS-type, version, installed-software, running processes, and configuration details. ServiceNow offers three approaches to it, based on the organization’s use cases and security considerations:
- Cloud Discovery (Agentless Horizontal): The Agentless Cloud Horizontal Discovery is the most complete OS Discovery approach. The data it collects enables many other ServiceNow platform use cases, such as: Enterprise-level Software Asset Management, Certificate Management, ML-Based and Top-Down Service Mapping, File-based Discovery, Oracle Global License Advisory Service (GLAS) discovery.
- Agent-based Discovery (ACC): Agent-based Discovery leverages the Agent Client Collector for Visibility that gets deployed on the endpoint, enabling push-based discovery of OS-level details. This approach enables almost all the use cases mentioned for Horizontal Discovery, except Certificate Management and file-based discovery. This is more suitable in case of resource hibernation and resource auto-scaling.
- Service Graph Connector for AWS: ServiceNow Service Graph Connector for AWS collects OS-level details that enable basic Software Asset Management use cases and ML-based Service Mapping.
Kubernetes Discovery
Containerized resources can also be discovered by ServiceNow ITOM, with a variety of approaches that cover different use cases and architectural decisions:
- Cloud Discovery (Automated K8s Discovery Scheduling): This Automated K8s discovery option relies on the automated K8s cluster discovery schedule creation through Cloud Discovery. This is ideal for managed K8s offerings, such as Amazon Elastic Kubernetes Service (Amazon EKS).
- Agentless Discovery (with Kubernetes Patterns): This manual approach to K8s discovery relies on the manual creation of Discovery schedules for each K8s cluster. It is more suitable for selected AWS Cloud K8s deployments.
- Cloud Native Operations for Visibility (CNO-V): for organizations that want a continuous discovery of their Kubernetes deployments at scale, with a lightweight approach, CNO for Visibility is the perfect approach. It leverages Informers that are installed inside the discovered K8s clusters and allows to capture relevant configuration changes in each K8s deployment.
- Service Graph Connector (SGC) for OpenTelemetry (OTel): For organizations that leverage OpenTelemetry, the SGC provides visibility to K8s environments while leveraging the broader set of OTel-related benefits.
As a complementary approach to Kubernetes discovery, ServiceNow ITOM can discover software and software components inside containers, thanks to the integration with the Aqua Trivy scanning tool. This allows organizations to assess software and vulnerability compliance inside ephemeral environments.
To begin using these features, ensure that ServiceNow ITOM instance is properly integrated with your AWS accounts. You may need administrative privileges to setup integrations and configure the various modules. ServiceNow offers detailed documentation and support to guide you through the process, making it easier to leverage these powerful ITOM capabilities for AWS resource management.
Outcomes of ServiceNow ITOM’s AWS Resource Discovery
Based on the various approaches offered by ITOM for AWS resource discovery, the following diagram provides a comprehensive summary of specific outcomes achieved through each method. This includes the automation of resource identification, enhanced visibility into cloud environments, improved compliance management, and optimized operational efficiency. Each approach within ITOM’s suite of tools contributes to a distinct aspect of resource management, ensuring that organizations can effectively govern and optimize their AWS infrastructure.
Figure 2 – ServiceNow ITOM AWS Resource Discovery Outcomes
Conclusion
In the dynamic world of cloud computing, effective discovery of AWS resources is essential for maintaining control, optimizing costs, ensuring compliance, and driving operational efficiency. ServiceNow ITOM’s comprehensive approach to AWS resource discovery provides organizations with the visibility, automation, and insights needed to thrive in the cloud era. By leveraging ServiceNow ITOM’s discovery capabilities, businesses can unlock the full potential of their AWS investments and position themselves for success in the rapidly evolving cloud landscape.
The partnership between AWS and ServiceNow is transforming how businesses manage their cloud environments.
As cloud strategies continue to evolve, the combination of AWS and ServiceNow’s IT operations management capabilities will remain a critical component of successful digital transformation initiatives.
ServiceNow Cloud Transformation on AWS is available as a SaaS offering in AWS Marketplace. Check out the ServiceNow website to learn more and set up a demo.
ServiceNow – AWS Partner Spotlight
ServiceNow is an AWS Partner that gives enterprises complete visibility of their entire IT environment, including virtualized and cloud infrastructure. ServiceNow also simplifies service mapping, delivery, and assurance, consolidating IT service and infrastructure data into a single system of record…