ServiceNow Integration

Fundamentals of the LeanIX integration with ServiceNow (CMDB)

The LeanIX-ServiceNow Integration is a powerful way to enable the transparent flow of data between the two systems. This documentation covers key information to help you understand the Integration more deeply:

  • Communication with ServiceNow.
  • The core concepts used to integrate.
  • The default supported configuration and best practices.

📘

Prerequisites

Before enabling the LeanIX-ServiceNow integration, you must have the Technology Risk Management (TRM) module. In addition, please make sure you or a colleague/consultant working with you has the fundamental knowledge about ServiceNow CMDB, CSDM, and the ability to do the following within your instance -

  • Manage installation and configuration plugins from the ServiceNow store
  • Manage users, tables and ACLs in the CMDB

Communication with ServiceNow

The communication between the LeanIX integration running on LeanIX servers and the ServiceNow system depends on the configuration specified in ServiceNow URL.

In case the ServiceNow URL is configured with an https schema, the communication is done through TLS encryption. Furthermore, all client credentials are stored as part of the configuration encrypted using theAES-256.

Additionally, the Integration User created can utilize both Basic Auth or oAuth 2.0 for authentication between the two systems.

📘

Communication method when using HTTPS Instance URL

The TLS version and cipher suites used for communication between LeanIX integration and ServiceNow depends on the negotiation to the ServiceNow HTTPS server. In general, TLS v1.2 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is used for any HTTPS connection to ServiceNow.

The ServiceNow URL mentioned above and the other integration user details are configured in the Integration credentials tab.

Credentials section for connecting to the ServiceNow Instance

Credentials section for connecting to the ServiceNow Instance

Type
ServiceNow URL section to input the URL of the instance which is to be connected with the workspace. e.g. https://clientdomain.service-now.com
Username section to input the username of the LeanIX Integration user created within the ServiceNow Instance
In case Short event buffering is activated, all changes in LeanIX and SN will be synchronized immediately. This setting is useful for testing or demo purposes, but it will increase the amount of CPU usage and network traffic and should be disabled for production workspaces.
The managing User dropdown allows the utilization of a technical user on the LeanIX workspace to run the Integration. This is useful for auditing purposes.
Use Proxy User check-box is only needed to be activated if the ServiceNow Instance requires a single IP address that can call it as per whitelisting rules. The help text box provides the IP address that is required to be whitelisted as well in such a use case.

❗️

Important!

When the sync between the LeanIX and the ServiceNow is in the running phase, it is not possible to stop or interrupt this process.

Core Concepts

For synchronization purposes, every mapping between tables in both systems defines the following:

FS Type / ServiceNow Table Mapping

FS Type / ServiceNow Table Mapping

Column Name (In order from left to right)
LeanIX Fact Sheet Type - e.g. Application, IT Component (Software), etc.
Defined Direction and Source of Truth - e.g. LeanIX or ServiceNow
Name of the table in ServiceNow with its logical table name. For example Business Application - cmdb_ci_business_app
Whether one should use the strict mode, i.e. whether unsynchronized objects from the non-source table/Fact Sheet type should be deleted right away. This makes sure that both systems always have the same data. This means, that if you delete a Fact Sheet in LeanIX, without having set a strict mode, the Fact Sheet would not be deleted on the ServiceNow side.
Whether there are any synchronization constraints, e.g. only synchronizing applications with a specific lifecycle status or only synchronizing software product models which are installed on a server belonging to a managed business application

Within each mapping type described above, it is possible to configure the field-level mapping between the two systems.

Field-level mapping keys between LeanIX and ServiceNow

Field-level mapping keys between LeanIX and ServiceNow

Type
Type of field mapping (Further explained, in the setup in LeanIX documentation)
Name of the field in LeanIX (if applicable)
Name of the field in ServiceNow (if applicable)
Whether the attribute is to be synced from the defined source of truth or the opposite of the defined source.
How values are being mapped (as is or explicit mapping of one value to another)

Supported Configurations

👍

LeanIX-ServiceNow Integration is compatible with CSDM 4.0 guidelines

As of the last update of this documentation, our suggested default configuration below is in alignment with CSDM 4.0. Please feel free to reach out to your CSM for any specific questions.

Before implementing the integration, it is recommended to review the current maturity level of the ServiceNow Instance to be connected. The maturity and availability of modules within the ServiceNow instance will implicate what configurations can be used and not used while connecting with LeanIX.

A decision table, with suggested configuration workflow, is as follows -

Maturity StateModules RequiredFlow
Ready to sync Applications, Business Capabilities, and their relationships to ServiceNow.n/aDefault Mapping

Note - The IT Component section of the flowchart does not apply.
Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow.Software Asset Management (SAM)

Discovery Service.

The link between the Software Discovery Model and the Software Product Model record required through the model_id reference field.
Default Mapping
(Same as above)
Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow.
Software Asset Management Professional (SAM Pro)

Discovery Service.
Default Mapping

Default Mapping (SAM Pro) - Recommended for large ServiceNow Instances.

Default Mapping

The flow chart helps illustrate the relations between ServiceNow tables and data flow conditions when constraints are used within the configuration.

3397

Default-supported configuration workflow

Default Mapping (SAM Pro)

Connecting IT Component Software in LeanIX with the Software Discovery Model table in ServiceNow is recommended in cases where the Software Product Model table does not contain enough information or the ServiceNow Instance connected is too large to perform dynamic link matching as described in Figure 1.

👍

Review record size

One way to ascertain if this case applies is to check if the total number records collectively within the cmdb_rel_ci , cmdb_sam_sw_install and cmdb_sam_sw_discovery_model table are larger than 1 million records.

In such a case, for customers with ServiceNow SAM Pro, the table of cmdb_sam_sw_discovery_model (Software Discovery Model) should be linked instead to IT Components Software.

However, to ensure only records relevant within LeanIX come through, it is mandatory to have a filter applied to only pull relevant Discovery Models. An example of such a filter to be applied on the Discovery Model table is as follows -

statusINmanually normalized,normalized,partially normalized^norm_versionISNOTEMPTY^norm_publisherISNOTEMPTY^norm_typeINlicensable,not licensable,unknown

The fields of Product Classification,Main Category, and Product Type within the Software Discovery Model table help in further rationalizing the list of records while setting the filter.

❗️

Review the number of records left with the filter applied

As the table can easily store hundreds and thousands of records, it is important to review the filter applied and the records that remain with it. A good estimate is to ensure that the records remaining in the table are less than <20k records.

1887

Flow that can be used with the filters outlined above for ServiceNow SAM Pro users.

Legacy Configuration

📘

Legacy Software Management Connection

If in case legacy software management module is in use instead of SAM/SAM Pro and Discovery Service, the Integration can be adapted instead to follow the following flow chart instead -

1788

Legacy workflow

Custom Configurations

It is possible to sync records between custom tables, fields, and also CMDB tables not part of the figures shown above. However, it is not possible to fully support all use cases in all conditions and has to be reviewed on a case-by-case basis.