Wednesday, September 16, 2020

ServiceNow Discovery vs Service Mapping and use of Event Management

 Hi Developers,

Today I thought of sharing some knowledge on Service Mapping  vs Discovery and use of Event Management.
Single word Explanation : 
Discovery : - Horizontal Approach to discover Infrastructure.
Service Mapping : - Vertical (Top-Down) Approach   to discover Infrastructure.
Event Management : - Helps you to identify health issues across the Infrastructure on a single management console. 
Discovery uses horizontal approach to discovery IT infrastructure and applications connected to each other using protocol like TCP / IP / SNMP etc.
Discovery uses IP address or range of IP address to discover the target host / node or CI (Configuration Item) , To discovery mentioned hosts, a set of credentials will be required which can be saved in credential table in ServiceNow. Discovery uses four phase to fully discovery any IP or CI which include Port Scan , Classification, Identification and Exploration.
Once a IP is discovered, this process creates a record in CMDB (cmdb_ci) table. If CI already exist in ServiceNow CMDB table then it will update it with new information.
Discovery can also be configured to identify dependencies between applications, creating application dependency maps that can be graphically viewed in Dependency Views.
Service Mapping:
As said earlier Service Mapping works on Top-Down or Vertical approach to map all the CI (Configuration Item) to build a Business Service Map.
The difference between Service Mapping and Discovery is that Service Mapping only discovers the infrastructure and applications directly supporting a business service and maps their relationships.   Discovery on the other hand discovers all the infrastructure and applications it can find but does not relate anything to business services .
Service Mapping checks CMDB table first to find the IP or CI if it does not find then it starts Discovery process to identify or classify the IP/CI.
Service maps created by Service Mapping are often used for impact analysis in incident and change management - for example, you may be planning to upgrade a database server and you want to understand which business services would be impacted by the change.

Event Management : 
The Event Management application consolidates events integrated from different monitoring tools (e.g. SCOM, Nagios, SolarWinds, etc),
It processes the events to produce alerts.   Alerts can be [automatically] related to CI's and if the CI's are related to business services then the severity of the alerts can be used to detect the impact on the business services.  
Event Management helps to show incoming alerts according to their severity E.G. Critical, Major, Minor etc. This again display them with color.
To show any Service Map on the Event Management Dashboard you will have to make Service Map status as Operational.