Month: April 2024

ServiceNow Connector for SCOM

ServiceNow SNow Connector for SCOM
ServiceNow SNow Connector for SCOM

Tim Fields (see Tim’s LinkedIn) and I were recently working on ServiceNow (SNow) REST commands with a customer.  Little did we know the SNow API/connector was released in February.  We’ve been waiting for months for the release.  It was also nice to find that many other tools were mapped.  Tools like SolarWinds, vCenter, vRealize,  Zabbix, SAP manager, Kafka, Nagios, HP OpenView, and even email, SNMP traps were already done.  Not that I didn’t figure this existed, just wasn’t part of multiple customer’s request.  The SNow connectors are typically installed on SNow MID server(s).  In SCOM’s case, the connector uses SCOM DLL’s, a configuration file including name, IP, ID with access.

 

Depending on use cases, you have some options to what best fits your needs.

  1. SNow connector only works for a subset of SCOM alerts
    • Out of the Box (OotB) built connector. SCOM SNow connector assumes you have SNow MID server(s) installed and configured.
    • This is better than NetCool connector, as everything was sent to ITSM tool.
    • Connector allows SCOM group to customize objects for alert/incident creation
    • Note:

The default binding rules that contain SCOM as the external source, that applies to IT alerts and Metric Intelligence raw data, are the following SCOM Management Packs:

All OS Management Packs

MS SQL Server

IIS

 

Example

If bi-directional is configured, the bi-directional exchange of values to-and-from the external event source is enabled.

These scenarios describe the default bi-directional functionality for SCOM connectors:

  • When an alert is resolved in SCOM, it is auto-closed in ServiceNow. However, it is updated irrespective of the bi-directional feature because during each collection cycle, all alert changes are updated.
  • When an alert is manually closed in ServiceNow, it is auto-closed in SCOM. If the alert state is changed to Reopen, SCOM is also updated.
  • When an incident is created and associated to an alert in ServiceNow, SCOM receives the incident number as a ticket ID. However, the state of the incident is not available on SCOM. Therefore when the incident is resolved in ServiceNow, SCOM is not updated as the incident number remains the same. When the alert is associated with a new incident, the new incident number is updated in SCOM.

Vendor Documentation

Connector https://docs.servicenow.com/bundle/utah-it-operations-management/page/product/event-management/task/t_EMConfigureSCOMConnector.html

Limit to SCOM group https://docs.servicenow.com/bundle/washingtondc-it-operations-management/page/product/event-management/task/t_EMAssignRoleSCOMGroup.html

Holman Configure SCOM connector https://kevinholman.com/2021/08/25/what-account-will-command-channel-notifications-run-as-in-scom/