Automated Azure discovery to ServiceNow CMDB
Automated ServiceNow Azure discovery via Turbot Guardrails provides comprehensive coverage of your Azure resources with real-time accuracy.
Turbot Guardrails just made it a lot easier to discover Azure resources in ServiceNow's CMDB. The integration requires no additional ServiceNow modules or Azure services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time Azure cloud discovery into ServiceNow.
This automated discovery integration has two key benefits. First, it enhances the accuracy of your ServiceNow CMDB data by surfacing comprehensive and timely Azure resource insights. Second, it significantly reduces the cost and overhead compared to native ServiceNow cloud discovery. It's an ideal solution if you're new to cloud discovery, or if you're looking to augment existing ServiceNow Azure integrations. Users can tap into broader coverage and more precise Azure CMDB data without added complexity.
Why an automated Azure discovery for ServiceNow?
Manual and scheduled discovery of Azure resources leads to inaccurate ServiceNow data. Azure resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations.
When you automate continuous Azure discovery, and integrate resources into ServiceNow, you:
- Eliminate blindspots by covering more Azure services beyond the native integrations
- Prevent missing and stale data with instant updates when resources change
- Enable flexible control over which resource data syncs to which CMDB CI tables
- Surface Azure tags and metadata to enrich CMDB context
- Archive historical records of provisioned resources that get deleted
Augmenting native Azure discovery in ServiceNow
Native ServiceNow connectors and Azure integrations are available to enable discovery of core Azure services such as Compute, Storage, and Networking. But these have limitations including:
- Extra licensing and services
- Limited resource coverage
- Reliance on scheduled batch jobs rather than real-time scans
- Need for professional services and customization
The Turbot Guardrails Azure ServiceNow integration augments native capabilities by:
- Point-and-click integration setup
- Discovering IaaS & PaaS Azure resource types out of the box
- Reducing licensing dependency and service overhead
- Automatically updating CMDBs instantly when resources change
- Providing flexible control to configure synced data as needed
- Centralized management for other discovery scopes; AWS, GCP, & Kubernetes
By combining automated discovery from Turbot Guardrails with ServiceNow and Azure, you can accurately sync Azure configs into ServiceNow's CMDB in real-time without added cost and complexity.
Configuring automated Azure cloud discovery for ServiceNow CMDB
Each Azure resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many Azure resources from all your Azure subscriptions. In this example we will show how to enable syncing Azure Storage Accounts.
Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific Azure subscriptions:
For the integration-enabled Azure subscription, the following Azure resources will be in scope for the Azure discovery:
Instantly the Azure resources will be added to the associated ServiceNow CMDB table:
As Azure resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps the ServiceNow CMDB updated.
For example, when an Azure resource changes, Guardrails captures the configuration drift and updates the ServiceNow CMDB:
Azure resource deletion can be managed as a complete synchronization — where the record in ServiceNow is deleted as well — or archived to retain its record with an archive status.
Map Azure resource details to ServiceNow CMDB CI tables
Each cloud resource type can be mapped to new or existing ServiceNow CMDB CI tables. You can also extend existing tables. In this example, the Azure Storage Account resource type maps to a new cmdb_ci_azure_storage_account.
table: name: cmdb_ci_azure_storage_account label: Azure > Storage > Storage Account extendsTable: cmdb_ci_cloud_storage_accountMappings of which columns to create are simple to define in the Table Definition policy:
columns:- name: storage_account_name label: Storage Account Name- name: subscription_id label: Subscription ID- name: resource_group size: 200 type: string label: Resource Group- name: region label: Region- name: tags size: 1000 type: string label: Cloud TagsAny data from Azure can be added. To associate more fields, add more ServiceNow CMDB table columns:
- name: minimum_tls_version label: Minimum TLS VersionAdding custom ServiceNow CMDB CI fields is common. In this case we want to add a CMDB CI column to capture the Application ID associated from ServiceNow to the Azure resource:
- name: app_id size: 1000 type: string label: Application IDTo populate the added ServiceNow CMDB CI columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the Azure resource details such as the minimumTlsVersion and the app_id tag:
storage_account_name: {{ $.resource.data.name }}subscription_id: {{ $.resource.metadata.azure.subscriptionId }}resource_group: {{ $.resource.metadata.azure.resourceGroupName }}region: {{ $.resource.data.location }}tags: {{ $.resource.turbot.tags }}
minimum_tls_version: {{ $.resource.data.minimumTlsVersion }}app_id: {{$.resource.turbot.tags.app_id }}See Turbot Guardrails Azure discovery for ServiceNow in action
Modernize your ServiceNow CMDB with automated Azure discovery
Get started with a 14-day free trial of Turbot Guardrails to experience automated discovery and sync for Azure resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes at just $0.05 per resource per month.