ServiceNow Integration
Fundamentals of the SAP LeanIX integration with ServiceNow (CMDB).
Overview
The integration between SAP LeanIX and ServiceNow is a powerful way to enable the transparent flow of data between the two systems. This documentation covers key information to help you understand the Integration more deeply:
- Communication with ServiceNow.
- The core concepts used to integrate.
- The default supported configuration and best practices.
Prerequisites
The ServiceNow integration is only available for the SAP LeanIX Technology Risk and Compliance product. Before you start the configuration process, please make sure you or a colleague/consultant working with you has the fundamental knowledge about ServiceNow CMDB, CSDM, and the ability to do the following within your instance:
- Manage installation and configuration plugins from the ServiceNow store
- Manage users, tables and ACLs in the CMDB
Communication with ServiceNow
The communication between the SAP LeanIX integration running on SAP LeanIX servers and the ServiceNow system depends on the configuration specified in ServiceNow URL.
In case the ServiceNow URL is configured with an https schema, the communication is done through TLS encryption. Furthermore, all client credentials are stored as part of the configuration encrypted using theAES-256.
Additionally, the Integration User created can utilize both Basic Auth or oAuth 2.0 for authentication between the two systems.
Communication method when using HTTPS Instance URL
The TLS version and cipher suites used for communication between SAP LeanIX and ServiceNow depends on the negotiation to the ServiceNow HTTPS server. In general,
TLS v1.2andTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256is used for any HTTPS connection to ServiceNow.
The ServiceNow URL mentioned above and the other integration user details are configured in the Integration credentials tab. For more information, see Credential Configuration.
Credentials tab for connecting to the ServiceNow Instance
Important!
When the sync between SAP LeanIX and ServiceNow is in the running phase, it is not possible to stop or interrupt this process.
Core Concepts
For synchronization purposes, every mapping between tables in both systems defines the following:
Mapping Between Fact Sheet Types and ServiceNow Tables
| Parameter | Description |
|---|---|
| Fact Sheet Type | SAP LeanIX Fact Sheet Type - e.g. Application, IT Component (Software), etc. |
| Direction/ Source | Defined Direction and Source of Truth - e.g. SAP LeanIX or ServiceNow |
| ServiceNow Table | Name of the table in ServiceNow with its logical table name. For example Business Application - cmdb_ci_business_app |
| Sync Mode | Defines how to deal with objects on the target that have no corresponding one the source system. See Sync Mode |
| Filter/ Constraints | Whether there are any synchronization constraints, e.g. only synchronizing applications with a specific lifecycle status or only synchronizing software product models which are installed on a server belonging to a managed business application |
Within each mapping type described above, it is possible to configure the field-level mapping between the two systems.
Field-level mapping keys between SAP LeanIX and ServiceNow
The following parameters are available for field mappings:
- The type of field mapping (Further explained, in the setup in SAP LeanIX documentation).
- The name of the field in SAP LeanIX (if applicable).
- The direction of synchronization.
- The name of the field in ServiceNow (if applicable).
- Whether the attribute is to be synced from the defined source of truth or the opposite of the defined source.
- How values are being mapped.
Both standard and custom attributes are supported by the integration. The integration synchronizes in-scope data from one system to another as specified in the configuration.
Sync Mode
A sync mode for integration configuration can be defined in three ways, depending on the specific requirements of preserving/ deleting the items from the target system.
- Additive Sync: This Sync Mode only creates and updates items and never deletes anything. This is the safest Sync Mode, but it can lead to duplicate data if not used carefully.
- Conservative Sync: This sync mode only deletes items created in the target system and are no longer linked to any source object. This Sync Mode preserves manually created items and items that are linked to sources controlled by other integrations. Items that were created by a different integration (e.g. Collibra) will be preserved as well as part of this sync.
- Overwrite Sync: This Sync Mode deletes any items that are not linked to a source object, or that are linked to a source object that no longer exists. This Sync Mode is the most likely to lead to data loss, but it is also the most likely to ensure that your data is consistent with the source system.
Selecting a Sync Mode for a Mapping
Sync Mode behavior:
| Direction | Additive Sync | Conservative Sync | Overwrite Sync |
|---|---|---|---|
| Foreign → LeanIX (SAP LeanIX is the target) | No deletion will happen | Every Fact Sheet will be deleted that has an externalId of the running configuration but the corresponding item on the source is missing AND no further externalId is specified on the Fact Sheet. | Every Fact Sheet will be deleted, that has NO externalId of the running configuration or this externalId links an object that does not exist. |
| LeanIX → Foreign (Foreign is the target) | No deletion will happen | Every Foreign item from the target will be deleted if no Fact Sheet is found that is linked to this item, considering the configuration externalId. This will happen if a previous linked FactSheet is archived or the item in the foreign system is manually created. | Every foreign item from the target will be deleted that has no valid link to a FactSheet when considering the configuration externalId. |
Supported Configurations
The integration between SAP LeanIX and ServiceNow is compatible with CSDM 4.0 guidelines
As of the last update of this documentation, our suggested default configuration below is in alignment with CSDM 4.0. Please feel free to reach out to your CSM for any specific questions.
Before implementing the integration, it is recommended to review the current maturity level of the ServiceNow Instance to be connected. The maturity and availability of modules within the ServiceNow instance will implicate what configurations can be used and not used while connecting with SAP LeanIX.
The following decision table provides suggested configuration workflows.
| Maturity State | Modules Required | Flow |
|---|---|---|
| Ready to sync Applications, Business Capabilities, and their relationships to ServiceNow. | n/a | Default Mapping Note - The IT Component section of the flowchart does not apply. |
| Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow. | Software Asset Management (SAM) Discovery Service. The link between the Software Discovery Model and the Software Product Model record required through the model_id reference field. | Default Mapping |
| (Same as above) Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow. | Software Asset Management Professional (SAM Pro) Discovery Service. | Default Mapping Default Mapping (SAM Pro) - Recommended for large ServiceNow Instances. |
Applications in SAP LeanIX are connected to Business Applications in ServiceNow. IT components in SAP LeanIX are imported from the ServiceNow table Product Models, which is the inventory of Hardware and Software Models in ServiceNow.
As a best practice for CSDM 4.0 modeling, we recommend including business application and deployment as subtypes for application fact sheets and map them to Business Application and Application Service in ServiceNow respectively. In addition to this, other components related to CSDM can be managed in ServiceNow. For more information, see Optional Application Fact Sheet subtypes.
Default Mapping
The flow chart helps illustrate the relations between ServiceNow tables and data flow conditions when constraints are used within the configuration.
Default-supported configuration workflow
Default Mapping (SAM Pro)
Connecting IT Component Software in SAP LeanIX with the Software Discovery Model table in ServiceNow is recommended in cases where the Software Product Model table does not contain enough information or the ServiceNow Instance connected is too large to perform dynamic link matching as described in Figure 1.
Review record size
One way to ascertain if this case applies is to check if the total number records collectively within the
cmdb_rel_ci,cmdb_sam_sw_installandcmdb_sam_sw_discovery_modeltable are larger than 1 million records.
In such a case, for customers with ServiceNow SAM Pro, the table of cmdb_sam_sw_discovery_model (Software Discovery Model) should be linked instead to IT Components Software.
However, to ensure only records relevant within SAP LeanIX come through, it is mandatory to have a filter applied to only pull relevant Discovery Models. An example of such a filter to be applied on the Discovery Model table is as follows -
statusINmanually normalized,normalized,partially normalized^norm_versionISNOTEMPTY^norm_publisherISNOTEMPTY^norm_typeINlicensable,not licensable,unknown
The fields of Product Classification,Main Category, and Product Type within the Software Discovery Model table help in further rationalizing the list of records while setting the filter.
Review the number of records left with the filter applied
As the table can easily store hundreds and thousands of records, it is important to review the filter applied and the records that remain with it. A good estimate is to ensure that the records remaining in the table are less than <20k records.
Flow that can be used with the filters outlined above for ServiceNow SAM Pro users.
Legacy Configuration
Legacy Software Management Connection
If in case legacy software management module is in use instead of SAM/SAM Pro and Discovery Service, the Integration can be adapted instead to follow the following flow chart instead -
Legacy workflow
Custom Configurations
It is possible to sync records between custom tables, fields, and also CMDB tables not part of the figures shown above. However, it is not possible to fully support all use cases in all conditions and has to be reviewed on a case-by-case basis.
Synchronization Through a Mirror Table
Tables in ServiceNow may contain large volumes of data, which may potentially lead to long synchronization durations or interruptions during synchronization runs. To mitigate these challenges, we’ve implemented synchronization through a mirror table, which significantly enhances the efficiency of processing large volumes of data.
With a mirror table, the synchronization process works as follows:
- The target ServiceNow table is replicated into the SAP LeanIX database. This replicated table within SAP LeanIX serves as a mirror table.
- Data is synchronized from the mirror table in SAP LeanIX and not directly from the target table in ServiceNow. The integration system transfers and stores only the necessary data into the mirror table. This includes only the fields configured for fact sheet mapping or IDs relevant to mapping tables.
Synchronization through a mirror table is always activated for the aggregation and linkage feature and is applicable to ServiceNow tables that provide software records data (cmdb_sam_sw_install or cmdb_software_instance). To learn more about this feature, see Aggregation and Linkage of Software Records.
When processing large tables, the system autonomously determines which table will be mapped. Frequently, a mirror table is created for cmdb_rel_ci, which provides data on relations. This approach streamlines the creation of relations between IT components and applications in SAP LeanIX, thereby preventing errors and minimizing processing time.
Note
For active ServiceNow configurations, we delete mirror tables that haven’t been used for the last 30 days. For configurations that are deactivated for more than 7 days, we delete all associated data from mirror tables. Deleting a mirror table removes all metadata for maintaining the mirror table, as well as all mirrored ServiceNow items.
The mirroring process is detailed in the synchronization log, in the Sync Logging section of the administration area. Here, you can view the mirroring status and progress, shown in percentage, for specific tables. Here’s an example message for a mirror table in synchronization logs:
Table 'cmdb_sam_sw_install' mirror is in sync with ServiceNow 'cmdb_sam_sw_install' table
Frequently Asked Questions
To find answers to frequently asked questions about the ServiceNow integration, see FAQs: ServiceNow Integration.
Updated 6 days ago