Creating an IT self-service portal using the example of MS SCCM and ServiceNow integration. Part 1

Automation and self-service imperceptibly, but firmly entered our lives, although we do not even think about it. We buy goods on eBay ourselves instead of communicating with the seller in the store, order movie tickets through a mobile application and perform many other operations that in the “good old pre-digital world” would require the involvement of many people, resources and time.

However, quite often IT services designed to automate various operations and make life easier for users forget about automation capabilities when it comes to themselves. The usual situation in Russian IT, when tasks that are easily and quickly solved with the help of automation, are performed by the “admin with a flash drive”, simply speaking - enikey.

Integration between monitoring and ITSM

The simplest (and yet less commonly used) automation option is the integration between monitoring solutions and ITSM.
')
Digression 1 (terminological)

Integration is the integration of several systems to solve more complex tasks using existing APIs or Middleware.

ITSM-system is a tool for managing all IT and not only IT-processes in a standardized way. Roughly speaking, ITSM helps to describe the process from beginning to end, i.e. having an entry point - we know exactly what result (s) will come.

Process examples:

• Incident Management
• Problem management
• Change management
• Configuration Management
• Project management
• ...
• HR management
• Custom process

It is clear that in order to maintain the customer’s infrastructure in a “combat” state, all events affecting the operation of the infrastructure must be detected in time, the responsible persons are notified, the time and causes of the event must be recorded in the corresponding incident in the ITSM system. Integration can significantly reduce the time of incident creation and its assignment to the responsible engineer, which leads to the start of work on the incident almost immediately after the event triggers in the monitoring system. This approach reduces the response time and significantly increases the incidence of SLAs.

Digression 2 (lyric)

Example:
Your customer in the data center on one of the servers failed to back up the application / database / favorite movie of an important report. An event about this appeared in the monitoring system. If there is no integration with ITSM, then the responsible engineer will see this event only in the console (or maybe in the mail, again if the mail transfer is configured). Then you need to take the time to register this event in ITSM and start solving the incident.

However, the integration of monitoring and ITSM, perhaps, is a topic for a separate article (if interested, write in the comments). Today, we present another example of system integration, namely the creation of a self-service portal using the example of integrating a management and automation system (which will be Microsoft System Center Configuration Manager) and an ITSM system.

Digression 3 (and again terminology)

A configuration management and automation system is a tool that allows you to perform infrastructure management by performing tasks such as:

• hardware and software inventory;
• operating system deployment;
• application deployment;
• update management;
• remote control;
• filling the database with information about configuration units;
• verification of compliance of systems with policies and sets of conditions.

Self-service portal

It's no secret that laziness is the engine of progress. That is why automation tools are always close to the most hardworking engineers. Because even the ancient Greeks knew that there was no need to spend time on performing routine operations day after day, when you can spend time on automation and calmly read Habr to do other interesting tasks.

One of the most frequently encountered tasks in supporting infrastructures at any level, from an office for 10 users to a “bloody enterprise”, is the task of installing various software on users' systems. And if in a small office a “person with a flash drive” successfully does it himself, then as the number of users grows, first there is a need for a configuration management system, and then it turns out that the software installation process takes most of the working time, and at the same time drags on for many days .

What is going on?

Consider the usual software installation scheme in some round office in a vacuum (and in reality it may be even worse), using the installation example of, say, the Digital Photo Gallery image processing program.

1. A user who needs a “Photo shop” requests its installation.
2. To simplify, let us assume that the request is formalized in the ITSM system and the system automatically sends the request to the right group (which is not always the case in practice).
3. After receiving the request, the support engineer requests the installation permission from the responsible persons. But the engineer is busy and only requests the next day.
4. The responsible persons were very busy, and it took 2 days for approval.
5. The request is agreed, and now it is necessary to understand whether the necessary licenses are available. But the engineer has a lot of tasks, and he postponed it for tomorrow. Another minus one day.
6. Finally, the engineer checked the licenses and proceeded to install. To ensure that the installation has passed as it should, our engineer performs the following steps:

• prerequisite check;
• proper installation;
• check the installation result.

And all this takes a few more hours. The total installation task took several working days. Common situation?

If we are talking about the self-service portal, the process looks like this:

1. A user on the portal of the ITSM system presses the “Install” button on the selected application.
2. The ITSM-system automatically raises the request for confirmation of the installation from the responsible person (and in the case of applications that have been approved in advance for installation, immediately goes to step 4).
3. Responsible person on a business trip, but thanks to the mobile client ITSM-system sees the request on time and approves the installation.
4. The system automatically checks for licenses, pre-requisites for installation and starts the installation of software.
5. Admin for a moment distracted from reading (well, you understand) and checks that the installation was successful.

Total, the whole process takes from several minutes to several hours (depending on the settings of the remote installation of the application and the need to restart).

Benefits:

• Automation of routine tasks;
• Monitoring the installation process;
• Automatic incident handling in case of errors;
• Standardize installation of applications;
• The process works even outside office time.

Consider the process of developing a portal on the example of one of our customers.

The customer's infrastructure contains more than 10,000 client machines, 4,000 servers, so the number of software installation requests was huge, and sometimes paralyzed the work of a completely small support group.

The customer used the ServiceNow ITSM system for ITIL processes and MS SCCM for remote installation of applications. It was decided to integrate these two systems to create a self-service portal based on ServieNow.

Stage 1. Data analysis

A workshop meeting was organized, where stakeholders were gathered to discuss this project.

As a result, it was decided to change the existing workflow:

• Without changing the request form.
• Exclude from the application process that requires a license. This is described in more detail below.
• Exclude thin clients from the process due to the fact that access to applications is controlled through Citrix policies.
• Exclude applications from the process that are not packages.
• The list of applications that will be used for automatic installation was reviewed and agreed.
• The approval process remains unchanged.

Digression 4 (What is a package, in terms of the application management system)

A package is the result of preparing an application for deployment, containing one or more applications, as well as all the necessary user, regional, licensing settings, if necessary, customized to resolve known problems, including compatibility. Read more about the packages written in this article.

Stage 2. Development

To ensure full integration, one of the important requirements is the relevance of the data in the CMDB. This is the main task of the Asset management process, but since we are a team aimed at automating everything that moves, we have integrated the CMDB SCCM and Service Now by periodically loading data.

A little more detail:
Microsoft System Center Configuration Manager (SCCM) integrates with the ServiceNow CMDB through one-way data import from SCCM. Scheduled data import unloads the relevant data from the SCCM tables into the CMDB and maps them to the ServiceNow instance. It is possible to transfer all data from selected tables, or only the data in which changes occurred. Connecting to the database and unloading is achieved using a JDBC connector, which is installed on the MID server.

The periodic schedule in the SQL database imports Microsoft SCCM data into the SCCM Computer Identity table [imp_sccm_computer_identity]. This is a custom parameter in the ServiceNow. This table combines data from various SCCM database views.

Here is a list of tables from which data is imported:

• v_GS_COMPUTER_SYSTEM
• v_GS_SYSTEM
• v_GS_OPERATING_SYSTEM
• v_GS_SYSTEM_ENCLOSURE
• v_GS_WORKSTATION_STATUS
• v_GS_PC_BIOS
• v_GS_COMPUTER_SYSTEM_PRODUCT
• v_GS_BASEBOARD

Scheduled ServiceNow imports data from these tables into the Computer Identity table. All data should be loaded into this table first, because it is very important to determine the ownership of the resulting configuration unit (KE). In other words, based on the name, serial number, model, etc., the conversion logic or will create a new KE, if it does not exist, or updates the existing one, if it already exists in the CMDB.

After importing the data into Computer Identity, ServiceNow imports the following scheduled data from the SCCM database:

• Operating system: version, installed service pack.
• Processor: number of processors, cores, threads, frequency, bit depth, manufacturer.
• Disk subsystem: the number and type of disks, description, id, disk size.
• Network: mac-address, name, ip-address, network mask, default gateway.
• Software: installed software.

From MS SCCM, it was necessary to create or use an existing application installation collection. The MS SCCM support team reviewed the list of applications and provided a Collection ID for each application. This information has been uploaded to CMDB Service Now.

The same team wrote 2 PowerShell scripts that:

• added the application to the collection;
• received the installation status of the application in the collection.

The essence of the scripts is quite simple. On the system where the MID service is installed, there are scripts that execute a specific SQL query into the SCCM database. The mid-server, in turn, is launched from a service account that has access.

The request form was not changed and remained in its original form.



User fills in:

1. For whom the application is requested. This field is automatically populated by the current user and can be manually changed.
2. The desired execution time.
3. The computer on which you want to install the application. This field is automatically populated by a computer from the CMDB, the designated user from step 1. In the case of several computers, another one can be selected manually.
4. Application. To request multiple applications, you must create a separate request (1 application = 1 request).
5. And a few additional fields, useful for managers to resolve installation approval.

After the request, the Approval-tasks for managers are created according to the company's approval process.

After the positive result, the description of the automatic software deployment process and the final stages will be in the second part of the article , which we will publish next week.

Authors: vkuptsov , siaint , shamseg