Configuring ServiceNow Extensions

Overview

Integration between CloudCenter Suite and ServiceNow is provided by a Cisco developed certified ServiceNow application called Integration – Cisco CloudCenter Suite. The application is available at no cost and can be requested from ServiceNow App Store. The integration application (app) provides a mechanism to easily setup communication between CloudCenter Suite's Workload Manager (a module within the CloudCenter Suite) and ServiceNow. Once configured, Workload Manager users can create Requests in ServiceNow for their deployments, obtain deployment approvals, and update ServiceNow’s CMDB with deployment details.

An optional ServiceNow Update Set, downloadable from software.cisco.com, can embed Workload Manager into ServiceNow Service Portal for a single pane of glass user experience, by adding certain user management capabilities that reduce the administrative effort.

Legacy CloudCenter Support

The ServiceNow Integration – Cisco CloudCenter, Version 2.3 supports CloudCenter 4.9.1, see ServiceNow Extensions 4.9.

The ServiceNow Integration – Cisco CloudCenter, Version 2.4 supports CloudCenter 4.10, see ServiceNow Extensions 4.10.

Integration Version Support

This document was developed using the following product versions. If more than one product version is listed for a specific product, it can be assumed that the expected behavior would be the same on either version.

Product/ComponentVersion(s)
CloudCenter Suite5.0.0
ServiceNow
  • Madrid
  • London
  • Kingston
Integration - CloudCenter Suite (Application)3.0.0
Integration - CloudCenter Suite (UI Update Set)3.0.0

Request Integration App from ServiceNow App Store

To setup the integration between CloudCenter Suite and ServiceNow, you must request the Integration – CloudCenter Suite application from the ServiceNow App Store. This task requires ServiceNow HI credentials. To request the integration app from the ServiceNow App Store, follow this procedure.

  1. Go to https://store.servicenow.com and log in using your ServiceNow HI credentials.
  2. Search and select the Integration – Cisco CloudCenter Suite application.
  3. Confirm that you have the correct app version selected.
  4. Click Contact Seller to request the app.
  5. Once approved by Cisco, you will have the ability to download the app to your ServiceNow instance. In the unlikely event that you do not receive approval, contact your Cisco account team, or the CloudCenter Suite Support team for assistance.

Download UI Update Set from Cisco Software Central

If you want the enable iframe integration of Workload Manager into the ServiceNow Service Portal, you will need to download a file (ServiceNow Update Set) from Cisco Software Central. This Update Set will create a new category within ServiceNow Service Portal called Cisco CloudCenter Suite. This category contains 4 catalog items (Deploy Applications, Application Deployments, Virtual Machines and Reports) that allow select ServiceNow users to access these Workload Manager features through ServiceNow without logging into the CloudCenter Suite separately. To download the UI Update Set from Cisco Software Central, follow this procedure.

  1. Go to Cisco Software Centraland login using your Cisco credentials.
  2. Search for CloudCenter Suite.
  3. Within the CloudCenter Suite download section, locate and download the file cloudcenter-5.0.0-ServiceNow_UI_UpdateSet_v3.0.zip file.
  4. Unzip the file, but do not install it yet. The installation is done at a later stage – you must first install the Integration app and then the Update Set as sequential activities.

Install the Integration App

You can only install the integration app after your request has been approved by Cisco.

To install the integration app, follow this procedure.

  1. Within your ServiceNow instance, use the Filter Navigator and browse to System Applications Applications > Downloads > Integration- Cisco CloudCenter Suite.
  2. Click All versions.
  3. If presented with multiple application versions, select the appropriate version for your installation.
  4. Preview and then Commit the application installation. You may see some error messages during the preview state – this is normal.
  5. Review the errors, take a screenshot if necessary for future reference, and then select Skip remote update to proceed with the installation.

Install the Update Set

To install the Update Set, follow this procedure.

  1. Unzip the downloaded cloudcenter-5.0.0-ServiceNow_UI_UpdateSet_v3.0.zip file. It contains one .xml file, which is the ServiceNow Update Set.
  2. Within your ServiceNow instance, use the Filter Navigator and browse to Retrieved Update Sets. Then import the .xml file into your ServiceNow instance.
  3. Preview and then Commit the Update Set installation. You may see some error messages during the preview state – this is normal.
  4. Review the errors, take a screenshot if necessary for future reference, and then select Skip remote update to proceed with the installation.

Integration Configuration in ServiceNow

The overall configuration steps require that you have administrative access to both the Cisco CloudCenter Suite and ServiceNow instances.

Setup Base Configuration

To setup the base configuration, follow this procedure.

  1. Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Base Configuration

  2. Configure the parameters as described in the following table and displayed in the screenshot.

    Parameter

    Default

    Description

    Server URL

    None

    URL of the CloudCenter Suite instance used for API calls.

    Server URL (External)

    None

    URL of the CloudCenter Suite instance (this field is used for iframe integration and normally has the same server URL).

    Tenant Name Field On The User Record

    company.name (the company field within the User record used by the integration app to look up and match the CloudCenter Suite tenant )

    Field reference in the User record to identify the CloudCenter Suite tenant to which the user belongs.

    MID Server Name

    None

    Optional. Name of a preconfigured MID server.

    Retry attempts on communication error

    2

    Number of retries to attempt upon any communication error with the CloudCenter Suite. 

    Logging Level

    info

    Determines the logging level (debug, warn, info). 

    Number of approval reminders after which request will be automatically cancelled

    2

    Refers to email reminders generated from ServiceNow. Only applies if the C3: Approval Workflow with Reminders workflow is enabled.

    Number of days after which reminder email will be sent if approval is not given

    2 days

    Only applies if the C3: Approval Workflow with Reminders workflow is enabled. 

Disable the Checking of Untrusted SSL Certificates

This step is required if the CloudCenter Suite certificate is self-signed or if there are problems authenticating the Owner API credentials. To disable the untrusted SSL certificate check, follow this procedure.

  1. Using the ServiceNow Filter Navigator, type sys_properties.list and press Enter
  2. Update the following properties.
    1. Search for the com.glide.communications.trustmanager_trust_all property and set the value to true.
    2. Search for the com.glide.communications.httpclient.verify_hostname property and set the value to false.

Setup API Credentials

This step is required to establish communication from ServiceNow to Cisco CloudCenter Suite. You can use one of two methods to perform this task: an automated method or a manual method.

Automated Method

The automated method requires you to provide CloudCenter Suite admin credentials or a tenant admin credentials in order to retrieve and use that user’s API key. The retrieved API key is then populated in the Owner API Keys module in ServiceNow.

This method generates a new API key and replaces the old API key in the CloudCenter Suite for that specific user. If there is a risk that this API key is used by other external system, use the manual method (described below) instead.

To establish communication using the automated method, follow this procedure.

  1. If necessary, create a new user in Cisco CloudCenter Suite with administrative credentials.
  2. Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Retrieve Owner API Keys.
  3. Provide the Username, Password, and Tenant ID of the CloudCenter Suite user (displayed in the following screenshot)

Manual Method

Prior to completing this step, you may need to create a new user in CloudCenter Suite with administrative credentials. Make a note of this user’s Username and API Key.

  1. Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Owner API Keys (displayed in the following screenshot)

  2. Add a new record and fill the form with the information of the CloudCenter Suite user.

    1. Username, API key, and the short Tenant name are required fields.

    2. Click Validate Credentials

      If the Validation Credentials step fails, confirm that there are no firewall rules blocking traffic between ServiceNow and CloudCenter Suite. In addition, you may need to install a ServiceNow MID server on the network where CloudCenter Suite is installed. If a MID server is added at this stage, go back to Base Configuration setup described above and add the MID server name in the appropriate field. Then re-add the Owner API key and validate again.

    3. Once successfully validated, click Submit.

Create an Integration User

In ServiceNow, create a user called cloudcentersuite.integration (or with any other appropriate User ID) using the details provided in the following table. Make a note of the User ID and password as this information is later used in CloudCenter Suite’s ServiceNow Extension setup.

ServiceNow FieldDescription
User IDEnter cloudcentersuite.integration in this field.
First nameEnter CloudCenter in this field.
Last nameEnter Integration in this field.
PasswordProvide a password that is acceptable to your organization.
Email addressNot required for this user.
Web service access onlyCheck this box.
Internal Integration UserCheck this box.
RoleAdd this user to the x_cqt_c3_frame.admin role.

This completes the configuration on the ServiceNow side. However, the following steps to create users in ServiceNow are needed to validate the integration. You can delete these users once the validation is complete.

Create an Approver User

In ServiceNow, create a user called test.approver (or with any other appropriate User ID) using the details provided in the following table. Make a note of the User ID and password as this information is later used in CloudCenter Suite’s ServiceNow Extension setup.

ServiceNow FieldDescription
User IDEnter test.approver in this field.
First nameEnter Test in this field.
Last nameEnter Approver in this field.
PasswordProvide a password that is acceptable to your organization.
Email addressEnter test.approver@yourdomain.com as this field is required for this user.
RoleAdd this user to the approver_user role.

Create a Requester User

In ServiceNow, create a user called test.requester (or with any other appropriate User ID) using the details provided in the following table. Make a note of the User ID and password as this information is later used in CloudCenter Suite’s ServiceNow Extension setup.

Notes

  1. The x_cqt_c3_frame.consumer role provides ServiceNow users access to the ServiceNow CMDB modules related to CloudCenter Suite.
  2. If a user logs directly into CloudCenter Suite (Workload Manager) and deploys to an Environment that requires ServiceNow approval, if this user does not exist in ServiceNow (matching email ID), the deployment will remain in Pending state.
ServiceNow FieldDescription
User IDEnter test.requester in this field.
First nameEnter Test in this field.
Last nameEnter Requester in this field.
PasswordProvide a password that is acceptable to your organization.
Email addressEnter test.requester@yourdomain.com as this field is required for this user.
RoleAdd this user to the x_cqt_c3_frame.consumer role.
Manager

Enter the test.approver user that you created earlier as the Manager for this user.

If you do not assign a Manager to the test.requester user, the deployment Request record in ServiceNow will not be created and the default approval workflow will auto approve the request.

Integration Configuration in CloudCenter Suite

The overall configuration steps require that you have administrative access to both the Cisco CloudCenter Suite and ServiceNow instances.

Create a ServiceNow Extension

In CloudCenter Suite's Workload Manager, navigate to Admin > Extensions. Add a New Extension and configure the parameters as described in the table below and displayed in the following screenshot.

CloudCenter Suite FieldDescription

Extension Type

Select ServiceNow from the dropdown menu.

Extension Name

Enter any unique name for the extension.

ServiceNow URL

Enter the URL of the ServiceNow instance being integrated.

Username

Enter the User ID of the integration user (cloudcentersuite.integration) created in ServiceNow.

Password

Enter the password of the integration user created in ServiceNow.

Enable approvals

Once communication is successfully established between CloudCenter Suite and ServiceNow, you will see additional configuration options as displayed in the following screenshot.

If the Initial Deployment toggle is not enabled, CloudCenter Suite deployments will be auto approved and no Request record will be created in ServiceNow.

Enable the approval toggle switch for Initial Deployment – enabling the Initial Deployment switch will send deployment approval requests from CloudCenter Suite's Workload Manager to ServiceNow. However, other actions such as Stop or Terminate that are taken by a user in Workload Manager will not require approval – unless they are individually enabled.

Enable CMDB update

Enable the toggle for Send CMDB update as displayed in the following screenshot – enabling this toggle populates the ServiceNow CMDB with deployment information.

The following CMDB tables in ServiceNow will be updated:

  • Jobs (custom table part of this application)
  • Virtual Machines (Out of box)
  • Network Adapters (Out of box)
  • Storage Volumes (Out of box)
  • IP Addresses (Out of box)

Associate ServiceNow Extension to a Deployment Environment

In Workload Manager, navigate to an existing environment or create a new environment as displayed in the following screenshot.

Within the environment’s General Settings section, use the ServiceNow Extension dropdown to select the ServiceNow Extension that you created earlier.

When you associate a ServiceNow extension with a Deployment Environment, Cisco CloudCenter Suite’s deployment approval toggle switch for this environment is automatically disabled.

Update Ingress Settings

To update ingress settings, perform this procedure.

  1. Ensure that there is only one ingress pod (common-framework-suite-gateway) in the your CloudCenter Suite setup. If there is one or more additional pods, delete them by using the following command.

    kubectl delete ingress <ingress name> -n cisco
  2. Check the output of the following command:

    kubectl get ingress common-framework-suite-gateway -n cisco -o yaml
    1. Verify if the following line exits.

      add_header X-Frame-Options "SAMEORIGIN";
    2. If the line exists remove the line using the following commands.

      kubectl get ingress common-framework-suite-gateway -n cisco -o yaml > ingress.yaml
      vi ingress.yaml (delete the line add_header X-Frame-Options "SAMEORIGIN"; )
      
  3. Apply the modified YAML using the following command.

    kubectl apply -f ingress.yaml -n cisco

Validate the integration

Depending on how you intend to use the integration, there are two ways you could validate the integration.

Use Case 1

The users login directly to Workload Manager and use ServiceNow to obtain deployment approvals and update CMDB.

  1. Login to CloudCenter Suite's Workload Manager as an admin.

  2. Create a new user account (test.requester@yourdomain.com) – Be sure the user is activated and has appropriate permissions to deploy Application Profiles.

  3. Select an Application Profile and initiate a deployment – Be sure to select the deployment Environment that is configured for ServiceNow approvals.

  4. The deployment status should state Pending Approval or a similar message.

  5. Login to ServiceNow (as test.approver@yourdomain.com).

  6. In ServiceNow, navigate to My Approvals. You should see a new record with the Requested state.

  7. Click on this approval record, leave a comment (optional), and approve the request.

  8. Switch back to CloudCenter Suite and check the deployment state. The deployment state should have changed from Pending Approval to In Progress. Based on your environment, you may have to wait approximate 30 seconds before the deployment state changes.

  9. In the Deployment Details page, click the View Action History link and review the details. Verify that the ServiceNow user approved the request and any comments that were added during the approval.

  10. Once the Application Profile is successfully deployed, the following CMDB modules in ServiceNow will be updated.

    • Jobs

    • Virtual Machines

    • Network Adapters

    • Storage Volumes

    • IP Addresses

Use Case 2

The users do not login directly to CloudCenter Suite, but they access Workload Manager through ServiceNow’s Service Portal using iframe, and use ServiceNow to obtain deployment approvals and to update CMDB.

  1. Login to ServiceNow as test.requester.

  2. Navigate to the ServiceNow Service Portal.

  3. Search for CloudCenter as a category and select it.

  4. Click Deploy Applications.

  5. If test.requester@yourdomain.com does not exist in the CloudCenter Suite, you may see a message indicating that your user account is being created in CloudCenter Suite and then the Workload Manager UI page should load within the iframe.

  6. Select an Application Profile and initiate a deployment – Be sure to select the deployment environment that is configured for ServiceNow approvals.

  7. The deployment status should state Pending Approval or a similar message.

  8. Switch out of Service Portal and validate if a Request was created in ServiceNow for this deployment.

  9. Impersonate or login to ServiceNow as the test.approver user.

  10. Navigate to My Approvals. You should see a new record with the Requested state.

  11. Click on this approval record, leave a comment (optional), and approve the request.

  12. Impersonate or login as the test.requester user.

  13. Navigate to the ServiceNow Service Portal.

  14. Search for CloudCenter as a category and select it.

  15. Click on Application Deployments, which should load within the iframe.

  16. Check the deployment state. The deployment state should have changed from Pending Approval to In Progress.

  17. Once the Application Profile is successfully deployed, the following CMDB modules in ServiceNow will be updated.

    • Jobs

    • Virtual Machines

    • Network Adapters

    • Storage Volumes

    • IP Addresses

Optional Configuration to Setup Tenants

The CloudCenter Suite has a concept of setting up tenants. The integration app v3.0.0 does not fully support this feature. The integration app only works at the root level if the API key of the root admin is provided in the Owner API key module in ServiceNow. Even if the API key for a tenant admin is provided in the Owner API key module, the integration will only work for that specific tenant.

Additional tenancy support will be added in a future release of the integration application.

Additional References

This section lists helpful information and design details for the CloudCenter Suite – ServiceNow integration.

High-Level Workflow

The following image depicts the integration between the CloudCenter Suite and ServiceNow.

All requests from Workload Manager are stored in x_cqt_c3_frame_request table, which extends the sc_request table.

Integration-Specific Roles

The following table lists the roles that are added by the integration app.

Integration RolesDescription

x_cqt_c3_frame.consumer


Enables access to CloudCenter Suite menu and modules: Requests, Approvals, CMDB, Deploy App, App Deployments, and so forth.

x_cqt_c3_frame.admin


Contains x_cqt_c3_frame.consumer role and enables access to the Base Configuration menu.

Default Approval Workflow

The following image depicts the default approval workflow that is provided as part of the integration app.

This default approval workflow is configured to create approval requests for every deployment request that comes from Workload Manager. The approval request will be created for requester’s manager configured in the ServiceNow’s user profile (see the Create a Requester User section above). If no manager was configured for this user, the request is automatically approved.

ServiceNow’s System Administrators can customize Workflows in ServiceNow for each supported Workload Manager deployment lifecycle action. Based on the default workflow, the System Administrator can create different workflows for each lifecycle action type and configure the integration app to use the required workflow.

To configure which workflow should be used for each deployment lifecycle action, navigate to CloudCenter Suite > Configuration > Approval Workflows. If a specific workflow is not configured, the integration uses the default workflow.

Out-of-Box Service Now Tables

The following table lists the ServiceNow tables that are created by the integration app.

Title

OOB Table?

Description

Owners API Keys
(x_cqt_c3_frame_owner_api_keys)

No

Stores IDs and API keys of the admin user in the CloudCenter Suite (supports multi-tenancy in the CloudCenter Suite).

User API Credentials
(x_cqt_c3_frame_user_creds)

No

Stores IDs and API keys of the CloudCenter Suite consumers (requesters)

Approval workflows
(x_cqt_c3_frame_approval_workflows)

No

Configuration table. Assigns workflows for specific request types.

Requests
(x_cqt_c3_frame_request)

No

Contains all approval requests send from the CloudCenter Suite.

Jobs
(x_cqt_c3_frame_job)

No

Contains information about deployments in the CloudCenter Suite.

- Parent jobs (with empty “Parent” filed) stands for deployments in the CloudCenter Suite.

- Child jobs (with “Parent” filed set) corresponds to the particular tier of deployments (Services)

Virtual Machines
(cmdb_ci_vm_instance)

Yes

Corresponds directly to particular virtual machines (nodes) deployed in the cloud.
If multiple nodes are selected in the CloudCenter Suite during deployment, Job may consist more than one Virtual Machines.

Network adapters
(cmdb_ci_network_adapter)

Yes

Network adapters associated with VMs

IP addresses
(cmdb_ci_ip_address)

Yes

IP addresses associated with Network Adapters / VMs

Storage Volumes
(cmdb_ci_ip_address)

Yes

Storage volumes associated to VMs

Requested Item
(x_cqt_c3_frame_requested_item)

No

Contains information about requested deployments if request was generated from the CloudCenter Integration UI plugin

K8s Deployment
(x_cqt_c3_frame_k8s_deployment)

No

Contains information about Kubernetes deployments in the CloudCenter Suite.

K8s Pod
(x_cqt_c3_frame_k8s_pod)

No

Pods associated with Kubernetes deployments

K8s Container
(x_cqt_c3_frame_k8s_container)

No

Containers associated with K8s pods

K8s Image
(x_cqt_c3_frame_k8s_image)

No

Kubernetes Images

Tenant Name Mapping
(x_cqt_c3_frame_tenant_name_mapping)

No

Stores information about tenant mapping between SNOW and the CloudCenter Suite.

CloudCenter Order
(x_cqt_c3_frame_order)

No

Not used

Ordered Deployments
(x_cqt_c3_frame_ordered_deployment)

No

Not used

Email Notifications

By default, the integration app provides the following notifications:

  • Approval Request – sends a notification to requester’s manager.

  • Approval Rejected – sends a notification to requester.

  • Deployment status change - sends a notification to requester when deployment action is successful (for example, Deployed, Terminated, Paused, Resumed)

The following screenshot displays a sample approval request.

Notifications are triggered by a record insertion or update in specific tables. The Approval Request/Rejected notification uses the OOB ServiceNow sysapproval_approver table. If notifications were previously configured on this table, be sure to add the following filters to those notifications to avoid duplicate messages.


  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved