How To

Automated Azure discovery to ServiceNow CMDB

Automated ServiceNow Azure discovery via Turbot Guardrails provides comprehensive coverage of your Azure resources with real-time accuracy.

Turbot Team
5 min. read - Mar 04, 2024
Automated ServiceNow Azure discovery via Turbot Guardrails provides comprehensive coverage of your Azure resources with real-time accuracy.

Turbot Guardrails just made it a lot easier to discover Azure resources in ServiceNow's CMDB. The integration requires no additional ServiceNow modules or Azure services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time Azure cloud discovery into ServiceNow.

This automated discovery integration has two key benefits. First, it enhances the accuracy of your ServiceNow CMDB data by surfacing comprehensive and timely Azure resource insights. Second, it significantly reduces the cost and overhead compared to native ServiceNow cloud discovery. It's an ideal solution if you're new to cloud discovery, or if you're looking to augment existing ServiceNow Azure integrations. Users can tap into broader coverage and more precise Azure CMDB data without added complexity.

Why an automated Azure discovery for ServiceNow?

Manual and scheduled discovery of Azure resources leads to inaccurate ServiceNow data. Azure resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations.

When you automate continuous Azure discovery, and integrate resources into ServiceNow, you:

  • Eliminate blindspots by covering more Azure services beyond the native integrations
  • Prevent missing and stale data with instant updates when resources change
  • Enable flexible control over which resource data syncs to which CMDB CI tables
  • Surface Azure tags and metadata to enrich CMDB context
  • Archive historical records of provisioned resources that get deleted

Augmenting native Azure discovery in ServiceNow

Native ServiceNow connectors and Azure integrations are available to enable discovery of core Azure services such as Compute, Storage, and Networking. But these have limitations including:

  • Extra licensing and services
  • Limited resource coverage
  • Reliance on scheduled batch jobs rather than real-time scans
  • Need for professional services and customization

The Turbot Guardrails Azure ServiceNow integration augments native capabilities by:

  • Point-and-click integration setup
  • Discovering IaaS & PaaS Azure resource types out of the box
  • Reducing licensing dependency and service overhead
  • Automatically updating CMDBs instantly when resources change
  • Providing flexible control to configure synced data as needed

By combining automated discovery from Turbot Guardrails with ServiceNow and Azure, you can accurately sync Azure configs into ServiceNow's CMDB in real-time without added cost and complexity.

Configuring automated Azure cloud discovery for ServiceNow CMDB

Each Azure resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many Azure resources from all your Azure subscriptions. In this example we will show how to enable syncing Azure Storage Accounts.

Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific Azure subscriptions:

For the integration-enabled Azure subscription, the following Azure resources will be in scope for the Azure discovery:

Instantly the Azure resources will be added to the associated ServiceNow CMDB table:

As Azure resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps the ServiceNow CMDB updated.

For example, when an Azure resource changes, Guardrails captures the configuration drift and updates the ServiceNow CMDB:

Azure resource deletion can be managed as a complete synchronization — where the record in ServiceNow is deleted as well — or archived to retain its record with an archive status.

Map Azure resource details to ServiceNow CMDB CI tables

Each cloud resource type can be mapped to new or existing ServiceNow CMDB CI tables. You can also extend existing tables. In this example, the Azure Storage Account resource type maps to a new cmdb_ci_azure_storage_account.

name: cmdb_ci_azure_storage_account
label: Azure > Storage > Storage Account
extendsTable: cmdb_ci_cloud_storage_account

Mappings of which columns to create are simple to define in the Table Definition policy:

- name: storage_account_name
label: Storage Account Name
- name: subscription_id
label: Subscription ID
- name: resource_group
size: 200
type: string
label: Resource Group
- name: region
label: Region
- name: tags
size: 1000
type: string
label: Cloud Tags

Any data from Azure can be added. To associate more fields, add more ServiceNow CMDB table columns:

- name: minimum_tls_version
label: Minimum TLS Version

Adding custom ServiceNow CMDB CI fields is common. In this case we want to add a CMDB CI column to capture the Application ID associated from ServiceNow to the Azure resource:

- name: app_id
size: 1000
type: string
label: Application ID

To populate the added ServiceNow CMDB CI columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the Azure resource details such as the minimumTlsVersion and the app_id tag:

storage_account_name: {{ $ }}
subscription_id: {{ $ }}
resource_group: {{ $ }}
region: {{ $ }}
tags: {{ $.resource.turbot.tags }}
minimum_tls_version: {{ $ }}
app_id: {{$.resource.turbot.tags.app_id }}

See Turbot Guardrails Azure discovery for ServiceNow in action

Modernize your ServiceNow CMDB with automated Azure discovery

Get started with a 14-day free trial of Turbot Guardrails to experience automated discovery and sync for Azure resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes at just $0.05 per resource per month.