Cloud Discovery Landing Page Table of Contents Overview Introduction to Cloud Discovery (Video)Supported Cloud Providers for Cloud Discovery Cloud Discovery Flow Types of Cloud DiscoveryCloud API Based DiscoveryCloud Pattern Based Discovery MID server for Cloud Discovery Firewall and Security AWS Discovery AWS Organization Discovery (Master & Member)Quick Reference Azure Discovery Quick Reference VCenter Discovery Quick Reference Google Cloud Discovery Quick Reference Kubernetes / Openshift Discovery Quick Reference Terraform Discovery Ansible Discovery Quick Reference Additional Information CMPv1 & CMPv2 Overview Introduction to Cloud Discovery Supported Cloud Providers for Cloud Discovery Amazon AWS DiscoveryMicrosoft Azure DiscoveryGoogle Cloud Platform DiscoveryIBM Cloud Platform DiscoveryTerraform DiscoveryAnsible DiscoveryKubernetes & Openshift Discovery Cloud Discovery Flow Types of Cloud Discovery The Cloud Discovery execution happens in two ways. Cloud API Based Discovery Cloud Patterns Discovery (Cloud Resource discovery) Note: The Cloud API based Discovery is only applicable for AWS, Azure, Terraform and Ansible Discovery, rest all use the Pattern-based Discovery Cloud API Based Discovery Once the Credentials and Service Account has been created, executing the "Discover Datacenters" link will execute API Discovery and none of the Patterns will be involved.The API based Discovery uses the "Resource Block" and "Cloud API (CAPI)" methods for Discovery. Cloud API Discovery deals with discovery through the Resource Blocks and Operations.For each datacenter need to discover, it has to have a Discovery Interface (Guest&Host Interfaces).Every Discovery interface should have its own operation.Every Operation have its own Steps Every Step have its own Input Parameters which need to be passed to CAPI The Received Payload will be updated to IRE via "Response Processor" Below is the Typical flow of the API Based Discovery (Azure)When the API based Discovery executes, we can find the logs under the below tables. Cloud API TrailsCloud Orchestration Trailssn_cmp_order (Table) Cloud Pattern Based Discovery The Cloud Patterns are available in the below Types. ApplicationInfrastructure Cloud ResourceShared Library Once a user directly go from "Cloud Discovery" home page and try to Test Account, the Infrastructure Type Patterns will execute to perform the initial testing, as the below Credential Verification Service Account VerificationIf AWS Organization Discovery, test the STS roles and get the Member Account details When a Cloud Discovery executes from a Discovery Schedule, along with Cloud API the Application Type Patterns will also be executed.The Cloud Resource Patterns are involved with "Resource Inventory Pattern"The Shared Library Patterns are associated with the above types of patterns.Below the Pattern FlowAt any point of time, the Cloud Discovery Executed from Service Account >> Discover Datacenters -- is -- API Based Discovery OnlyDiscovery Schedule >> Exute a Cloud Discovery --is -- API and Patterns included Discovery Cloud Discovery Home >> Test Account -- is -- Pattern Based Discovery only (Infrastructure Patterns)Cloud Admin Portal >> Cloud Account >> Discover Now -- is API Based Discovery Only Executing Pattern Based Cloud Discovery, we can find the logs under the Pattern Logs Navigator >>> Discovery Pattern Logs >> View Log IMPORTANT: The Cloud Patterns are associated with the below Store Apps Discovery & Service Mapping PatternsCMDB CI Models The Store contains monthly releases and there is no automatic process available that if the instance upgraded the Store apps also upgradesHence it is always recommended to review the above Store App versions and upgrade manually Refer: Upgrade the Store Release Application Plugins (Patterns and CMDB) MID server for Cloud Discovery While configuring the IP Based Discovery schedules, the user has an opportunity to associate a specific MID server to the Discovery Schedule, but the Cloud Discovery is always picked the MID server randomly based on the MID Capabilities and Supported Applications, the user has no opportunity for selecting a MID server directly. Refer: Set up MID Servers to connect Cloud Management Considering the fact Cloud Discovery also needs to be executed using a specific MID server, the user can choose to customize the MIDSelector methods, please find the below. Knowledge Articles How To: Customize Cloud Discovery MID server selectionCMP - MID Server selection customization for Cloud OperationsCloud Management: How to Execute a PowerShell script locally on the MID server instead of on the provisioned VM when launching a stack (during cloud provisioning)If default Mid Server Override is customized, after instance is upgraded to Madrid release, MID Server Selection is broken for Cloud Discovery / Cloud Account Discovery Firewall and Security The IP based Discovery is based on Ports scanning if a specific port is blocked by the Firewall on the MID server, it is intended to have the Discovery fail because the MID has no access to the target port.The Cloud Discovery is API based While using the MID server for Cloud Discovery, the Cloud provider respective API Endpoints must need to be allowable on the MID server without any Firewall rulesBelow is the Example for the AWS API Endpoints need have access on the MID server for a successful AWS Cloud DiscoveryEndpoint1: https://$service.$location.amazonaws.com service could be any one of these AWS services: ec2s3iamelasticloadbalancingcloudformation $location could be from any of these below : eu-north-1ap-south-1eu-west-3 Reference: AWS Cloud Discovery Service EndpointHow to configure a web proxy to allow MID server to connect to Azure / AWS in Cloud Management (CMPv2) AWS Discovery Product Documentation Create the credentials that enable Cloud Provisioning and Governance to access your AWS dataAmazon AWS Cloud components discovery using patternsCreate an IAM user policy for Cloud Provisioning and GovernanceAssuming member roles with an AWS APIAssume an AWS role for temporary Cloud Discovery credentials AWS Organization Discovery (Master & Member) Creating AssumeRole on AWS Console for AWS Master/Member DiscoveryAWS Organizations and Temporary CredentialsAWS Master & Member account Roles/Permissions with Servicenow DiscoveryDiscovery - Assume Role enhancements for AWS OrganizationsFAQ: AWS Master Account and IAM Roles Quick Reference AWS Credential verification from the command line (CLI)How to test AWS REST API using POSTMANAWS Cloud Discovery Service EndpointThe command/actions performed against different AWS services that are used for gathering cloud resources in AWS DiscoveryDo we get Private IP address of the servers when CMP discovers a cloud server in AWS/Azure?AWS resources Discovery-OOBHow to configure a web proxy to allow MID server to connect to Azure / AWS in Cloud Management (CMPv2) Knowledge Articles Identification sections in pattern failed: section: AWS service account identification, error: Match step predicate is not matchedPre-requisites to trigger a discovery on VM with Private IP address of AWS cloud resourceIn payload missing minimum set of input values for criterion (matching) attributes from identify rule for table [cmdb_ci_dns_alias] from Amazon AWS Route53 patternWhen using AWS Organisation Custom Role, experience credential authentication errors for member accountsAWS Master Discovery error NullPointerException at step : "Get Master account id"Amazon AWS DynamoDB Pattern fails with "ECS Service not being used" Azure Discovery Product Documentation Store the Azure service principal credentials in the instanceMicrosoft Azure Inventory discoveryService categories discovered in AzureMicrosoft Azure Functions discovery Quick Reference Credential exchange between ServiceNow API and Azure CloudAzure Service Principal Credential verification from the command line (CLI)How to execute AWS & Azure REST APIs using Postman Knowledge Articles Azure Discovery not creating "Virtualized by:: Virtualizes" relationshipIdentification error due to missing identification attribute object_id for table cmdb_ci_cloud_load_balancer while running Azure Application Gateway HD patternAzure Service Principal Discovery with Cyberark External Credential StoreAzure Cloud Discovery ListNodes fails with 404 ResourceNotFound error message if a virtual machine in an Azure regionAzure Resource Inventory pattern error "reference table cmdb_key_value is not a known CI Type" due to missing related entryAzure Resource Inventory pattern does not discover Azure Front Door Cloud ResourcesAzure WebSite Pattern is failing during Azure DiscoveryMultiple Azure Resource Groups records created with the same object ID but has different LDC name.Identification error due to missing identification attribute object_id for table cmdb_ci_cloud_load_balancer while running Azure Application Gateway HD patternAzure Discovery not creating "Virtualized by:: Virtualizes" relationshipAPIProxyProbe reports sensor error during cloud resource discovery for Azure VCenter Discovery The Vcenter Discovery can be a regular IP based Discovery or a Cloud Discovery Users want to perform Cloud Provisioning with Vmware choose to have the Vcenter with Cloud DiscoveryEither IP Based or Cloud-Based, Vcenter discovery does not use the Identification and Reconciliation engine (IRE) to uniquely identify a CI but a function within script include VCenterESXHostsSensor is used instead.Configuring a Vcenter Discovery as IP based will have the ability to choose the MID server but not for Cloud-Based Discovery Product Documentation Discovery for VMware vCenterData collected for VMware vCenter ServerSet up cloud accounts for VMware Quick Reference vCenter DiscoveryConfigure MID capability with Datacenter Value (VMWare Only) Knowledge Articles vCenter Discovery does not populate the received vCenter Tags in cmdb_key_value table.vCenter discovery does not cycle through vmWare credentials and the discovery fails.vCenter VM Tags probe added in New York causes Discovery errors with vCenter 5.5Vcenter discovery is failing with an error "Timeout trying to read from https://IP_address/sdk"Errors during the vCenter discoveryvCenter Discovery VMWarevCenterESXHostsStorageProbe processing error: payload attachment greater than 5MBThe State filed for the vm instances for the vmware discovery is not updatedUnable to discover VCentervCenter discovery not populating fields "VM Instance ID" "Location" "IP Address"vCenter Discovery shows warning in discovery log: "vCenter Message: This method requires authentication." Google Cloud Discovery The Google Cloud Discovery can be configured in 2 ways. Create Google Credentials and configure Serverless Pattern Discovery and provide variables to in Pattern ExecutionUsing this method, the user needs to manually select individual Google patterns and provide variables Serverless DiscoveryGoogle Cloud Platform discovery Create Google Credentials and configure a Service Account and then create Discovery scheduleUsing this method, all the Google related Patterns will be associated and executed. Set up a cloud account and service account for Google Cloud Platform Product Documentation Google Cloud Platform (GCP) DiscoveryData collected for GCP Cloud DiscoveryGoogle Cloud Platform (GCP) asset inventory discovery Quick Reference Please upgrade the "Discovery and Service Mapping" and "CMDB CI Model" Store App to the latest if any Discovery errors Refer: Upgrade the Store Release Application Plugins (Patterns and CMDB) Knowledge Articles The "Test Account" which validates Google API credential failed with error code 403 ForbiddenHow to populate guest operating system details for google image templates Kubernetes / Openshift Discovery Product Documentation Kubernetes discovery Quick Reference Please upgrade the "Discovery and Service Mapping" and "CMDB CI Model" Store App to the latest if any Discovery errors Refer: Upgrade the Store Release Application Plugins (Patterns and CMDB) Knowledge Articles Kubernetes Discovery fails with error 401 - Invalid username/password comboKubernetes pattern does not return all name spaces and pods associated to a Kubenetes cluster due to a pagination issue in "Kubernetes Get Call" sa_custom_operation record.Openshift Kuberenetes failing with java script ExeceptionKubernetes pattern is not able to extract/handle the UID/service names dynamicallyKubernetes Pattern Discovery Fails with "Discovery status is FAILURE, Discovery using patterns could not be executed due to missing pattern Kubernetes"Kubernetes discovery not able to parse nodeIsuses with Kubernetes Discovery - In payload invalid data source [Manual Entry] exist Terraform Discovery Product Documentation Map credentials between Cloud Management and TerraformCreate a Terraform Open Source config provider and run Discovery Ansible Discovery Product Documentation Ansible Discovery Quick Reference Ansible Discovery OOB Knowledge Articles Ansible Tower 3.6.0 and 3.7.0 discovery fail to execute API - Failed with status code and message: 500 Additional Information CMPv1 & CMPv2 The Cloud Management Version 2 (CMPv2) is not a specific plugin, it is just a method available in "Discovery", below are the plugins related to CMPv2. "Cloud Management Core""Cloud API" Both the above Plugins are part of the parent plugin "Discovery", Please refer the below for information on Plugins: https://hi.service-now.com/kb_view.do?sysparm_article=KB0749555#Plugins Please refer the below for information related to CMPv1 and CMPv2 Differences and other FAQs https://hi.service-now.com/kb_view.do?sysparm_article=KB0749555#CMP%20Versions