Configuring ServiceNow Extensions
Integration between CloudCenter Suite and the ServiceNow platform is provided by a Cisco developed and certified ServiceNow application called Integration – Cisco CloudCenter Suite. This application is available at no cost and can be requested from the ServiceNow App Store. The integration application provides a mechanism to easily setup communication between CloudCenter Suite (Workload Manager) and ServiceNow in order to deploy and manage Application Profiles from the Service Portal.
Based on new versions or platform changes, Cisco validates and certifies the integration application as needed. The contents of this section applies to the platform, product, or component versions identified in the following table.
Integration – Cisco CloudCenter Suite (Application)
Your can upgrade to Integration - CloudCenter Suite (Application) v4.0.0 from the previous version (v3.0.0).
To upgrade, navigate to System Applications > All Available Applications > All. Search for the application. Select the version to upgrade and click Update.
The following table lists the versions of the platform, product, or component that were used to develop the information in this section.
|Integration – Cisco CloudCenter Suite (Application)||4.0.0||4.1.0|
What's New in Integration – Cisco CloudCenter Suite 4.1.0?
Updates to Request a new deployment catalog item:
Added the ability to configure and submit a request for multi-tier app profile.
Added the ability to direct different tiers to different clouds, for a multi-tier app profile.
Added the ability to submit a microservices app profile to Container Clouds supported by CloudCenter Suite Workload Manager.
Added Environment Parameters.
Added the ability to interact with Aging and Suspension policy.
Added additional NIC options for AWS and OpenStack.
Added the ability to filter instances sizes.
Changed the application version sorting to show the latest version by default.
Updates to Manage Deployments catalog item:
Added the ability to change instance size of a deployed virtual machine.
Added a System Property to show or hide SSH, RDP, and PWD options.
Updates to the core app:
Added an option to hide cost, show as USD or local currency.
Added a System Property to add application profile Global Parameters to ServiceNow approval request.
Added the ability to configure “quick deployment” of a pre-configured app profile.
Added the ability for Admins and Users to easily clear cache
Request Integration Application from ServiceNow App Store
To setup the integration between CloudCenter Suite and the ServiceNow platform, you must request the Integration – CloudCenter Suite application from the ServiceNow App Store.
This task requires ServiceNow HI credentials.
To request the integration app from the ServiceNow App Store, follow this procedure.
Go to https://store.servicenow.com and log in using your ServiceNow HI credentials.
Search and select the Integration – Cisco CloudCenter Suite application.
Confirm that you have the correct version selected.
Click Contact Seller to request the application.
Once approved by Cisco, you will have the ability to download the app to your ServiceNow instance. In the unlikely event that you do not receive approval, contact your Cisco account team for assistance.
Install the Integration App
You can only install the integration app after your request has been approved by Cisco.
Before you begin, you will need ServiceNow admin credentials and CloudCenter Suite root or tenant admin credentials for the installation.
To install the integration application, follow this procedure.
Within your ServiceNow instance, use the Filter Navigator and browse to System Applications > Applications > Downloads > Integration- Cisco CloudCenter Suite.
Click All versions.
If presented with multiple application versions, select the appropriate version for your installation.
Preview and then Commit the application installation. You may see some error messages during the preview state – this is normal.
It is normal to see some error or warning messages during the Preview stage. Review the errors/warnings and take a screenshot if necessary for future reference.
Select all the errors/warnings and choose the option to Skip remote update. If required, click Commit Update Set to proceed with the installation.
Integration Configuration in ServiceNow
The overall configuration steps require that you have administrative access to both the Cisco CloudCenter Suite and ServiceNow instances.
Setup Base Configuration
To setup the base configuration, follow this procedure.
Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Base Configuration.
Configure the parameters as described in the following table and displayed in the screenshot.
As an alternative, you can update the following parameters by navigating to System Properties and executing a search for the following patter:
URL of the CloudCenter Suite instance used for API calls.
Tenant name field on the User record
Field reference in the User record to identify which CloudCenter Suite tenant the user belongs to. The default value is company.name, which means that the company field within the User record will be used by the integration app to look up and match the CloudCenter Suite tenant name.
MID Server name
Name of the pre-configured MID server.
Use a single user mode
When selected, all communication with CloudCenter Suite will take place using the account configured in the Owner API Keys section. Individual user accounts will not be created in CloudCenter Suite.
Retry attempts on communication error
Number of retries to attempt upon any communication error with CloudCenter Suite.
Change the logging level between (debug, warn, info).
Number of approval reminders after which request will be automatically cancelled
Works only if Approval Workflow with Reminders is used. Only applies if Cisco CloudCenter Suite is accessed through iframe and approval requests are sent from CloudCenter Suite to ServiceNow.
Number of days after which reminder email will be sent if approval is not given
Disable the Checking of Untrusted SSL Certificates
This step is required if the CloudCenter Suite certificate is self-signed or if there are problems authenticating the Owner API credentials.
To disable the untrusted SSL certificate check, follow this procedure.
Using the ServiceNow Filter Navigator, type sys_properties.list and press Enter.
Update the following properties.
Search for the com.glide.communications.trustmanager_trust_all property and set the value to true.
Search for the com.glide.communications.httpclient.verify_hostname property and set the value to false.
Setup API Credentials
This step is required to establish communication from ServiceNow to Cisco CloudCenter Suite. You can use one of two methods to perform this task: an automated method or a manual method.
The automated method requires you to provide CloudCenter Suite admin credentials or a tenant admin credentials in order to retrieve and use that user’s API key. The retrieved API key is then populated in the Owner API Keys module in ServiceNow.
This method generates a new API key and replaces the old API key in the CloudCenter Suite for that specific user. If there is a risk that this API key is used by other external system, use the manual method (described below) instead.
To establish communication using the automated method, follow this procedure.
If necessary, create a new user in Cisco CloudCenter Suite with administrative credentials.
Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Retrieve Owner API Keys.
Provide the Username, Password, and Tenant ID of the CloudCenter Suite user (displayed in the following screenshot).
Prior to completing this step, you may need to create a new user in CloudCenter Suite with administrative credentials. Make a note of this user’s Username and API Key.
To establish communication using the manual method, follow this procedure.
Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Configuration > Owner API Keys (displayed in the following screenshot)
Add a new record and fill the form with the information of the CloudCenter Suite user.
Username, API key, and the short Tenant name are required fields.
Click Validate Credentials.
If the Validation Credentials step fails, confirm that there are no firewall rules blocking traffic between ServiceNow and CloudCenter Suite. In addition, you may need to install a ServiceNow MID server on the network where CloudCenter Suite is installed. If a MID server is added at this stage, go back to Base Configuration setup described above and add the MID server name in the appropriate field. Then re-add the Owner API key and validate again.
Once successfully validated, click Submit or Update.
Validate Tenants Mapping Configuration
To validate the tenant mapping configuration, perform this procedure.
Using the ServiceNow Filter Navigator, navigate to Cisco CloudCenter Suite > Tenants Mapping.
Confirm if the Tenants Mapping table records match your requirements. The number of records in this table should match the number of configured Tenant Owner credentials. See the Optional Configuration below section for details.
Create an Integration User
In ServiceNow, create a user called cloudcentersuite.integration (or with any other appropriate User ID) using the details provided in the following table. Make a note of the User ID and password as this information is later used in CloudCenter Suite’s ServiceNow Extension setup.
Make a note of the User ID and password because this information will later be used in Cisco CloudCenter Suite’s ServiceNow Extension setup.
|User ID||Enter cloudcentersuite.integration in this field.|
|First name||Enter CloudCenterSuite in this field.|
|Last name||Enter Integration in this field.|
|Password||Provide a password that is acceptable to your organization.|
|Email address||Not required for this user.|
|Web service access only||Check this box.|
|Internal Integration User||Check this box.|
|Role||Add this user to the x_cqt_c3_frame.admin role.|
This completes the configuration on the ServiceNow side. However, the following steps to create users in ServiceNow are needed to validate the integration. You can delete these users once the validation is complete.
Create a Test User
In ServiceNow, create a user called test.requester (or with any other appropriate User ID) using the details provided in the following table.
|User ID||Enter test.requester in this field.|
|First name||Enter Test in this field.|
|Last name||Enter Requester in this field.|
|Password||Provide a password that is acceptable to your organization.|
|Email address||Enter firstname.lastname@example.org as this field is required for this user.|
|Role||Add this user to the x_cqt_c3_frame.ccs_service_portal|
Integration Configuration in CloudCenter Suite
The overall configuration steps require that you have administrative access to both the Cisco CloudCenter Suite and ServiceNow instances.
Create a ServiceNow Extension
In CloudCenter Suite's Workload Manager, navigate to Admin > Extensions. Add a New Extension and configure the parameters as described in the table below and displayed in the following screenshot.
|CloudCenter Suite Field||Description|
Select ServiceNow from the dropdown menu.
Enter any unique name for the extension.
Enter the URL of the ServiceNow instance being integrated.
Enter the User ID of the integration user (cloudcentersuite.integration) created in ServiceNow.
Enter the password of the cloudcentersuite.integration user created in ServiceNow.
To enable CMDB, follow this procedure.
Once communication is successfully established between Cisco CloudCenter Suite and ServiceNow, scroll down to view the additional options.
Leave the approval toggle switches as disabled. These are used for backwards compatibility and not used with the Integration – Cisco CloudCenter Suite application v4.0.0.
Enable the toggle for Send CMDB update – enabling this toggle populates the ServiceNow CMDB with deployment information. The following CMDB tables in ServiceNow will be updated:
Jobs (custom table part of this application)
Virtual Machines (Out-of-box)
Network Adapters (Out-of-box)
Storage Volumes (Out-of-box)
IP Addresses (Out-of-box)
A CMDB update is triggered when the following events complete:
Sync VM information
Associate ServiceNow Extension to a Deployment Environment
In Workload Manager, navigate to an existing environment or create a new environment as displayed in the following screenshot.
Within the environment’s General Settings section, use the ServiceNow Extension dropdown to select the ServiceNow Extension that you created earlier.
When you associate a ServiceNow extension with a Deployment Environment, Cisco CloudCenter Suite’s deployment approval toggle switch for this environment is automatically disabled.
This completes the integration configuration in Cisco CloudCenter Suite.
Validate the Integration
Before you begin, in CloudCenter Suite Workload Manager, make sure that at least one Application Profile and the Environment associated with ServiceNow Extension is shared with All users in my tenant.
To validate the integration, follow this procedure.
Login to ServiceNow as test.requester. This is the user account that was created during the setup process.
Navigate to the ServiceNow Service Portal by updating the URL to https://<hostname>.service-now.com/sp. The out-of-the-box Service Portal page should be displayed.
Click on the Request Something link. Alternatively, you can also type CloudCenter in the search bar.
Click on the Cisco CloudCenter Suite category.
You should now see 2 catalog items: Deploy Application Profile and Manage Deployments.
Click Deploy Application Profile to load the deployment order form.
Complete the required fields on the form, and then click on Order Now.
- An order confirmation page displays.
Use the breadcrumb link on top of the page to return to Home.
Now navigate back to Manage Deployment to view the deployment status.
The deployment should be listed with the current status.
Once the deployment is completed successfully, the status will change to Deployed.
Once deployed, select the deployment by clicking on it once. Then click Actions available for <deployment name>. You should see the option to Suspend and Terminate.
Click Show VMs and then select the VM by clicking on it once. You should see several VM options, and the ability to either SSH or RDP into the VM based on the Operating System.
Switch out of the Service Portal.
Using the ServiceNow Filter Navigator, navigate to My Requests. Then select your Request and view the details.
While remaining on the same Request, click on the Requested Item link and view the details.
Using the ServiceNow Filter Navigator, navigate to CloudCenter Suite > CMDB – Virtual Machines > Jobs. The deployed parent and child Job records should be listed.
Click on the parent Job Name and view the details.
While remaining on the same Job details page, click the Related records tab. The child Job should be listed.
View details of the child Job.
The following CMDB modules in ServiceNow should be updated with deployment details.
Items b - e listed above at out-of-the-box tables in ServiceNow and require elevated permission in order to view the records. Try adjusting the user permission as necessary based on your need. If the user is given appropriate permission, records in those tables will be visible. The following screenshots provide an example of additional details visible to the administrator user.
Optional Configuration to Setup Tenants
It is possible to configure Owner API Keys for more than one tenant in CloudCenter Suite. The integration application will automatically create accounts in CloudCenter Suite, or retrieve user API keys using tenant configuration defined in the Tenants Mapping table.
To configure multiple tenant, follow this procedure.
Specify the tenant name field in the Base Configuration which will be used to identify the Owner’s credentials. e.g. company.name, department.name, and so forth as displayed in the following screenshot.
This field can only be from any column of sys_user table.
You can also enable Automatically create accounts in CloudCenter to automatically create an account in CloudCenter Suite under the matching tenant for users with x_cqt_c3_frame.consumer role who are accessing CloudCenter Suite for the first time using Service Portal.
The mapping between the value of the tenant name field in ServiceNow and the Tenant Name in CloudCenter Suite can be configured under Cisco CloudCenter Suite > Configuration > Tenants Mapping.
Understanding the Process
When creating a user in CloudCenter Suite, the integration application first looks up the table above to match a user to a tenant in CloudCenter Suite. If a match is found, the system will create a user under the specified tenant ID, otherwise the system will search the tenant hierarchy in CloudCenter Suite to find a tenant with a matching Tenant Name field.
If the integration application cannot find a matching tenant in CloudCenter Suite, it checks if under the Tenants Mapping table, a record with wildcard character * exists. If yes, the user will be created under tenant id (number) of this record (the default is 1 for the root tenant).
This record can be deleted. In this case, the user account will not be created and the relevant message will be displayed for a user.
Records in Tenants Mapping table are populated automatically, but an administrator may need to review and change the configuration. Records are populated when:
Getting API Keys from CloudCenter Suite (with the Retrieve Owner API Keys module)
Validating Owner API Keys (on add / edit API Keys form)
Records are populated accordingly to the algorithm below:
If a record for currently configured tenant exists - update Tenant Name and Tenant ID
Else if Tenant Mapping table is empty or wildcard record * does not exist – create a new record for currently configured tenant that matches all ServiceNow companies.
Else, create a new record for a ServiceNow Company name, that matches CloudCenter Tenant Name.
The following image displays the high-level interaction between Cisco CloudCenter Suite and ServiceNow.
The following image displays the sequence to request a new deployment or Job/VM action.
The following table describes the user roles that are defined in the integration application.
Enables access to CloudCenter Suite application menu and modules: Requests, Approvals, CMDB, Deploy App, App Deployments.
Contains x_cqt_c3_frame.consumer role and enables access to CloudCenter Suite Category and Catalog Items in Service Portal.
Contains x_cqt_c3_frame.consumer role and enables access to Base Configuration menu.
Catalog Item – Deploy Application Profile
This order form is dynamically loaded from CloudCenter Suite with respect to all user security settings in CloudCenter Suite. User can see only the environments, application profiles and clouds that are shared for a tenant or the user in CloudCenter Suite.
The order form contains a number of parameters that lets the user configure their deployment. These parameters include:
Environment and Cloud
Number of nodes
Assigning of Public IP
Form data is cached to improve performance. Changes in CloudCenter Suite may not be reflected immediately.
Similar to other Service Portal catalog items, this item can be added to or edited in a Cart.
After the order is submitted, a Request and Requested Item is created in OOTB ServiceNow tables.
The order form can be customized by an administrator based on their preference or requirements. Visibility and appearance of the form sections can be changed by navigating to CiscoCloudCenter Suite > Configuration > Catalog Item Setup.
By copying the provided Deploy Application Profile catalog item, the administrator can create additional catalog items in Service Portal with different appearance configuration, default values and accessible to users with a different role.
Never modify the original Deploy Application Profile catalog item. Make a copy of the item and deactivate the original one if needed.
After copying the item, an administrator can add/remove required user roles, select a different workflow and configure it separately through the Catalog Item Setup module by selecting it from the drop-down at the top of the page.
The image below shows an extreme example of simplifying the deployment of Windows Server 2012. This can be achieved by copying the original Deploy Application Profile catalog item, configuring it through the Catalog Item Setup module in ServiceNow and appropriately configuring the Application Profile in CloudCenter Suite. It takes administrative effort once, but the end-user experience can be much simplified.
Catalog Item – Manage Deployments
This catalog item allows a user to view and execute actions on existing CloudCenter Suite deployments.
Users can view, execute actions on Job or VMs accordingly to CloudCenter Suite security settings.
The spported actions are:
SSH, RDP and Windows Password (Guacamole server must be running and accessible from user network)
Data is cached in dedicated tables in ServiceNow to improve performance of ServiceNow to CloudCenter Suite communication. Two levels of cache are implemented.
Level 1 - Server-side cache. Default TTL for this cache is 500 minutes and it can be manually deleted by an administrator from table ‘x_cqt_c3_frame_api_cache’ or by going to the URL https://<instance>.service-now.com/nav_to.do?uri=%2Fx_cqt_c3_frame_api_cache_list.do. Default TTL for this cache can be modified by changing a value of system property “x_cqt_c3_frame.api_cache_ttl” (in minutes).
Level 2 – Client-side cache. Data is cached in browser session (per tab) to improve performance of browser to ServiceNow communication. To clear this cache, close current tab and open a new one (refreshing a page does not clear the cache).
The image cache stores images associated with Application Profiles and Services that can be displayed on the catalog item forms. This cache has a very long TTL (as images are rarely changed). However, it can be cleared by an administrator by deleting entries in the table ‘x_cqt_c3_frame_image_cache’ or by going to the URL https://<instance>.service-now.com/nav_to.do?uri=%2Fx_cqt_c3_frame_image_cache_list.do
Never change the provided workflows. Copy the workflow and modify it as needed. Then select the new workflow for CloudCenter Suite catalog items under Service Catalog > Maintain Items module.
An important and required activity of the approval workflows is sub-flows: C3 Deploy Server Subflow and C3 Manage Virtual Server Subflow. These sub-flows return true or false to a parent flow to inform about success or failure, and also updates the requested item Activity log.
Do not customize the C3 Deploy Server Subflow and C3 Manage Virtual Server Subflow sub-flows.
The integration application provides a sample approval workflow for new deployments called ‘C3 Deploy Application Profile Sample Workflow’.
The following image displays the Approval workflow associated with Deploy Application Profile.
The integration application provides a sample approval workflow for managing deployments called C3 Manage Deployment Sample Workflow.
The following image displays the approval workflow associated with Manage Deployments.
The following ServiceNow tables are created or updated by the integration application.
- If a Manager is not assigned to the test.requester user, the deployment Request record in ServiceNow will not be created and the default approval workflow will auto approve the Request.
- If a user logs directly into CloudCenter Suite (Workload Manager) and makes a deployment into an Environment that requires ServiceNow approval, and if this user does not exist in ServiceNow (matching email ID), the deployment will remain in Pending state.
OOB SN table
Owners API Keys
Stores IDs and API keys of CloudCenter Suite admin users.
User API Credentials
Stores IDs and API keys of CloudCenter Suite users (requesters).
Configuration table. Assigns workflows for specific request types.
Contains all Requested Items created with Service Portal catalog items related to CloudCenter Suite.
Contains all approval requests sent directly from CloudCenter Suite.
Contains information about deployments in CloudCenter.
Corresponds directly to particular virtual machines (nodes) deployed in the cloud. If multiple nodes are selected in CloudCenter during deployment, Job may consist more than one Virtual Machines.
Network adapters associated with VMs
IP addresses associated with Network Adapters / VMs
Storage volumes associated to VMs
Contains information about requested deployments if request was generated from “CloudCenter Integration UI” plugin.
Contains information about Kubernetes deployments in CloudCenter Suite.
Pods associated with Kubernetes deployments.
Containers associated with K8s pods.
Tenant Name Mapping
Stores information about tenant mapping between ServiceNow and CloudCenter Suite.
Cache table for images like Application Profiles and Services icons
Cache table for REST API “get” request to CloudCenter Suite
Catalog Item Config
Contains information about configuration of particular Catalog Items related to CloudCenter Suite
Table with constant lookup values required to calculate and store the price of requested items. * DO NOT MODIFY RECORDS IN THIS TABLE.
- No labels