ServiceNow Integration

Fundamentals of the LeanIX integration with ServiceNow (CMDB)

Overview

The LeanIX-ServiceNow Integration is a powerful way to enable the transparent flow of data between the two systems. This documentation covers key information to help you understand the Integration more deeply:

  • Communication with ServiceNow.
  • The core concepts used to integrate.
  • The default supported configuration and best practices.

Prerequisites

Before enabling the LeanIX-ServiceNow integration, you must have the LeanIX Technology Risk and Compliance. In addition, please make sure you or a colleague/consultant working with you has the fundamental knowledge about ServiceNow CMDB, CSDM, and the ability to do the following within your instance:

  • Manage installation and configuration plugins from the ServiceNow store
  • Manage users, tables and ACLs in the CMDB

Communication with ServiceNow

The communication between the LeanIX integration running on LeanIX servers and the ServiceNow system depends on the configuration specified in ServiceNow URL.

In case the ServiceNow URL is configured with an https schema, the communication is done through TLS encryption. Furthermore, all client credentials are stored as part of the configuration encrypted using theAES-256.

Additionally, the Integration User created can utilize both Basic Auth or oAuth 2.0 for authentication between the two systems.

📘

Communication method when using HTTPS Instance URL

The TLS version and cipher suites used for communication between LeanIX integration and ServiceNow depends on the negotiation to the ServiceNow HTTPS server. In general, TLS v1.2 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is used for any HTTPS connection to ServiceNow.

The ServiceNow URL mentioned above and the other integration user details are configured in the Integration credentials tab. For more information, see Credential Configuration.

Credentials tab for connecting to the ServiceNow Instance

Credentials tab for connecting to the ServiceNow Instance

❗️

Important!

When the sync between the LeanIX and the ServiceNow is in the running phase, it is not possible to stop or interrupt this process.

Core Concepts

For synchronization purposes, every mapping between tables in both systems defines the following:

FS Type / ServiceNow Table Mapping

FS Type / ServiceNow Table Mapping

Column NameDescription
Fact Sheet TypeLeanIX Fact Sheet Type - e.g. Application, IT Component (Software), etc.
Direction/ SourceDefined Direction and Source of Truth - e.g. LeanIX or ServiceNow
ServiceNow TableName of the table in ServiceNow with its logical table name.
For example Business Application - cmdb_ci_business_app
Sync ModeDefines how to deal with objects on the target that have no corresponding
one the source system. See Sync Mode
Filter/ ConstraintsWhether there are any synchronization constraints, e.g. only synchronizing
applications with a specific lifecycle status or only synchronizing software
product models which are installed on a server belonging to a managed
business application

Within each mapping type described above, it is possible to configure the field-level mapping between the two systems.

Field-level mapping keys between LeanIX and ServiceNow

Field-level mapping keys between LeanIX and ServiceNow

Type
Type of field mapping (Further explained, in the setup in LeanIX documentation)
Name of the field in LeanIX (if applicable)
Name of the field in ServiceNow (if applicable)
Whether the attribute is to be synced from the defined source of truth or the opposite of the defined source.
How values are being mapped (as is or explicit mapping of one value to another)

Both standard and custom attributes are supported by the integration. The integration synchronizes in-scope data from one system to another as specified in the configuration.

Sync Mode

A sync mode for integration configuration can be defined in three ways, depending on the specific requirements of preserving/ deleting the items from the target system.

  • Additive Sync: This Sync Mode only creates and updates items and never deletes anything. This is the safest Sync Mode, but it can lead to duplicate data if not used carefully.
  • Conservative Sync: This sync mode only deletes items created in the target system and are no longer linked to any source object. This Sync Mode preserves manually created items and items that are linked to sources controlled by other integrations. Items that were created by a different integration (e.g. Collibra) will be preserved as well as part of this sync.
  • Overwrite Sync: This Sync Mode deletes any items that are not linked to a source object, or that are linked to a source object that no longer exists. This Sync Mode is the most likely to lead to data loss, but it is also the most likely to ensure that your data is consistent with the source system.

Sync Mode behavior:

DirectionAdditive SyncConservative SyncOverwrite Sync
Foreign → LeanIX
(LeanIX is the target)
No deletion will happenEvery Fact Sheet will be deleted that has an externalId of the running configuration but the corresponding item on the source is missing AND no further externalId is specified on the Fact Sheet.Every Fact Sheet will be deleted, that has NO externalId of the running configuration or this externalId links an object that does not exist.
LeanIX → Foreign
(Foreign is the target)
No deletion will happenEvery Foreign item from the target will be deleted if no Fact Sheet is found that is linked to this item, considering the configuration externalId. This will happen if a previous linked FactSheet is archived or the item in the foreign system is manually created.Every foreign item from the target will be deleted that has no valid link to a FactSheet when considering the configuration externalId.

Supported Configurations

👍

LeanIX-ServiceNow Integration is compatible with CSDM 4.0 guidelines

As of the last update of this documentation, our suggested default configuration below is in alignment with CSDM 4.0. Please feel free to reach out to your CSM for any specific questions.

Before implementing the integration, it is recommended to review the current maturity level of the ServiceNow Instance to be connected. The maturity and availability of modules within the ServiceNow instance will implicate what configurations can be used and not used while connecting with LeanIX.

The following decision table provides suggested configuration workflows.

Maturity StateModules RequiredFlow
Ready to sync Applications, Business Capabilities, and their relationships to ServiceNow.n/aDefault Mapping

Note - The IT Component section of the flowchart does not apply.
Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow.Software Asset Management (SAM)

Discovery Service.

The link between the Software Discovery Model and the Software Product Model record required through the model_id reference field.
Default Mapping
(Same as above)
Ready to sync IT Components of category Hardware, Software, and their relationships with Applications from ServiceNow.
Software Asset Management Professional (SAM Pro)

Discovery Service.
Default Mapping

Default Mapping (SAM Pro) - Recommended for large ServiceNow Instances.

Applications in LeanIX are connected to Business Applications in ServiceNow. IT components in LeanIX are imported from the ServiceNow table Product Models, which is the inventory of Hardware and Software Models in ServiceNow.

As a best practice for CSDM 4.0 modeling, we recommend including business application and deployment as subtypes for application fact sheets and map them to Business Application and Application Service in ServiceNow respectively. In addition to this, other components related to CSDM can be managed in ServiceNow. For more information, see Optional Application Fact Sheet subtypes.

Default Mapping

The flow chart helps illustrate the relations between ServiceNow tables and data flow conditions when constraints are used within the configuration.

3397

Default-supported configuration workflow

Default Mapping (SAM Pro)

Connecting IT Component Software in LeanIX with the Software Discovery Model table in ServiceNow is recommended in cases where the Software Product Model table does not contain enough information or the ServiceNow Instance connected is too large to perform dynamic link matching as described in Figure 1.

👍

Review record size

One way to ascertain if this case applies is to check if the total number records collectively within the cmdb_rel_ci , cmdb_sam_sw_install and cmdb_sam_sw_discovery_model table are larger than 1 million records.

In such a case, for customers with ServiceNow SAM Pro, the table of cmdb_sam_sw_discovery_model (Software Discovery Model) should be linked instead to IT Components Software.

However, to ensure only records relevant within LeanIX come through, it is mandatory to have a filter applied to only pull relevant Discovery Models. An example of such a filter to be applied on the Discovery Model table is as follows -

statusINmanually normalized,normalized,partially normalized^norm_versionISNOTEMPTY^norm_publisherISNOTEMPTY^norm_typeINlicensable,not licensable,unknown

The fields of Product Classification,Main Category, and Product Type within the Software Discovery Model table help in further rationalizing the list of records while setting the filter.

❗️

Review the number of records left with the filter applied

As the table can easily store hundreds and thousands of records, it is important to review the filter applied and the records that remain with it. A good estimate is to ensure that the records remaining in the table are less than <20k records.

1887

Flow that can be used with the filters outlined above for ServiceNow SAM Pro users.

Legacy Configuration

📘

Legacy Software Management Connection

If in case legacy software management module is in use instead of SAM/SAM Pro and Discovery Service, the Integration can be adapted instead to follow the following flow chart instead -

1788

Legacy workflow

Custom Configurations

It is possible to sync records between custom tables, fields, and also CMDB tables not part of the figures shown above. However, it is not possible to fully support all use cases in all conditions and has to be reviewed on a case-by-case basis.

Frequently Asked Questions

See answers to some frequently asked questions about the ServiceNow integration in the following table.

QuestionAnswer
Is it possible to use the integration for a decoupled method involving an integration layer with a middleware used as a source for communicating updates to downstream platforms such as ServiceNow, instead of a point-to-point approach?No, the out-of-the-box ServiceNow integration is designed to communicate directly with ServiceNow.
If service management processes generate data that is required in LeanIX, does the integration support receiving updates from ServiceNow or another integration platform linked to a downstream platform?The integration can fetch data from a ServiceNow CMDB table like cmdb_ci_business_app, including data available directly on the attributes or related attributes using a reference field. For more information, see Dot Walking. Attributes and relationships can be synchronized from ServiceNow to LeanIX. You can synchronize the fields available in a table on the Mappings tab of the integration configuration.
Should mapping be also done on the ServiceNow side?You should configure mapping in LeanIX. For more information, see Field Mapping.
Are there any reporting tools to surface mismatches between attributes in the two systems before you enable the integration?No, but you can use a cloned sandbox workspace and a non-production ServiceNow instance to test the integration. Additionally, you can set up an integration with Microsoft PowerBI to further extract data and perform analysis. To learn more, see OData Integration.
At first synchronization, LeanIX  captures the ServiceNow sys_id field of existing business applications that match on the name field. What are best practices for cases when both systems are already established with data that may conflict?It's recommended to maintain consistent naming across both systems to ensure uniformity in enterprise language. If discrepancies exist, adjust the item names. If you’re experiencing problems when changing names, please contact LeanIX Support.
Is the ServiceNow ID field editable in the UI?The ServiceNow ID field is marked as read-only because it's only used for mapping between LeanIX and ServiceNow. If you want to modify this field, please contact LeanIX Support.
How can I link a business process to an application to get an overview of data mastered in LeanIX and ServiceNow? For example, can I view business processes that rely on end-of-life IT components?The integration can read and model existing relations for an application in LeanIX, so the link is created automatically. You can view this data in the following reports:

- Application Landscape Report clustered by processes, using the Obsolescence Aggregated Risk view
- Application Matrix Report with Processes on the Y axis, IT components in the drill-down, and the Obsolescence Aggregated Risk view selected
Do you recommend any best practices for managing specific attributes in ServiceNow and LeanIX? Where can I view the data model and data mapping?The default mapping available in the configuration is based on best practices. To view the data model and data mapping, see Default Mapping. You can also download the mapping matrix as an Excel file, which includes best practices for mapping additional fields.
Does the integration also include the relationships ServiceNow may have in Service Mapping?The relationships available in the cmdb_rel_ci table are used for automatic mapping of applications to IT components. Custom relationship mapping is supported from reference fields and custom tables, including the cmdb_rel_ci table.
Are there any key ServiceNow components, such as ServiceNow HAM Pro or SAM Pro, that are required to enable proper data transfer to LeanIX?The integration relies on the data available in the Hardware and Software Model table in ServiceNow. Hence, it doesn’t matter how the data is captured as long as it’s accurate.
How is lifecycle data sourced for IT components? How often is it refreshed?Lifecycle data for IT components is sourced using the Lifecycle Catalog. Data in Lifecycle Catalogs is refreshed periodically, with scheduled updates set up for each vendor. For more information, see Lifecycle Catalog.
How to perform synchronization between LeanIX and ServiceNow and vice versa? What should be the master (source) system?According to best practices, applications and business capabilities should be mastered in LeanIX. The infrastructure landscape (IT components and tech categories) should be mastered in ServiceNow. ServiceNow has discovery and asset management capabilities. Synchronization between the systems occurs daily. You can also synchronize data manually. Data is updated in case of any modifications.
How does ServiceNow link IT components to applications? Do I need to map them manually?To link data in ServiceNow, you can rely on discovery solutions and, if needed, use manual mapping.
According to the best practice mapping, IT components (Product model) are not directly linked to Business Applications (cmdb_ci_business_app), LeanIX cannot send this relation. You should use a graph rule constraint to fetch relations between applications and IT components from ServiceNow. For more information, see Graph Rule Constraints.
When I remove a link from a server of an application during synchronization, it doesn't delete the link between the application and IT component. Do you plan to implement link deletion during synchronization?Deletion is part of the synchronization. A hardware model might be used in multiple ServiceNow instances and hence it should be removed from all instances before it gets unlinked in LeanIX. If the issue persists, please contact LeanIX Support.
The ServiceNow Relationship view shows direct relationships between Business Applications and Servers. How does this comply with the ServiceNow CSDM model? According to CSDM, Business Applications are connected with Servers indirectly, through Application Services.This is correct. The demo data also contains the instances where CSDM is not followed, considering CSDM and non-CSDM instances.
How can I identify which servers are using end-of-life software within LeanIX?You can use the link available on a specific IT component and navigate to ServiceNow to view servers related to this IT component. This is recommended to have a lean model in LeanIX.
For IT components lifecycle, what is the most commonly used source of information: Lifecycle Catalog or ServiceNow Software Asset Management (SAM)? If we’re not using SAM Pro, is it recommended to use the Lifecycle Catalog?Customers who use the LeanIX-ServiceNow Integration leverage the Lifecycle Catalog information available on the LeanIX side. For more information, see Lifecycle Catalog.
When using the ServiceNow integration, should we create any additional fact sheet types or subtypes for better integration of data?It depends on your use case and the version of the meta model that you’re using. For more information, see Meta Model.
Can we add fact sheets, such as IT components, using both methods: by discovering them through the ServiceNow integration and manually creating them in LeanIX?Yes, you can use both methods to add fact sheets to your inventory. To implement this, choose the appropriate sync mode. To learn more, see Sync Mode.
When synchronizing data between ServiceNow and LeanIX, where is the tech category fact sheet data typically mastered in line with best practices? We're transitioning to a service-centric IT delivery model and wonder if our ITSM should provide service groupings to populate tech categories.If you're leveraging the TBM taxonomy, we recommend using the Tech Category Catalog. For more information, see Tech Category Catalog.
Our organization doesn’t use ServiceNow. How can we set up a ServiceNow native integration?You can use LeanIX APIs to build a similar integration. For more information, see LeanIX APIs.