as it infrastructure gets more complex spreading across cloud serverless containers kubernetes and microservices id operations teams need complete visibility into their estate and today that's especially true about cloud-first resources starting with the entry points of your organization's applications also seeing service changes in a cloud-native and dynamic environment is a big issue tracking and tracing configuration changes who made those changes and what changed all can point to major issues to microservices and customer facing apps manually mapping hundreds of services just isn't realistic or sustainable they need to know that their discovery processes also populate and maintain their cmdbs completely and correctly in this demo we'll show you how servicenow helps your it operations teams inventory and manage their modern resources create service maps quickly using common cloud practices and keep your cmdb up to date and accurate visibility starts with taking an inventory then managing that inventory lack of visibility to your deployed and expiring tls certificates results in service outages and data breaches servicenow itom visibility now supports tls certificate and inventory management preventing service outages due to expired certificates providing insights around the relationship between certificates and the business and application services they support and offering blind spot detection on expiry of tls certs our customers have asked us to speed up service mapping especially for distributed environments such as containers and cloud native applications tag based service mapping seamlessly maps applications in distributed environments making it easier to manage search and filter resources tag-based service mapping provides a quick application context in full stack environments combined with the common service data model customers see the connection to the business together they provide a much faster way to gain visibility for ai ops driven outcomes it operations teams also need a centralized place to manage their servicenow discovery processes the discovery home page is that place to create or edit schedules for ip based in cloud discovery you can also view the cis and cloud resources that your schedules discover and then track any errors that occurred given the limited life span and widespread usage of the ssl certificates within the infrastructure it's important to track the life cycle of the certificates to achieve better insights and reduce security risks the certificate management application not only proactively tracks the complete life cycle of certificates but also provides visibility around how different business applications within an organization may be impacted by certificate expiration let's take a look our pkit member naomi opens up their certificate management dashboard and sees the different widgets giving them an overview of the certificate inventories and tasks under the open certificates tab the certificate management dashboard gives her an overview of tasks for certificates which are going to expire soon certificates with priority one tasks already opened and new request tasks for certificates priority one tasks are of utmost importance as they have been mapped against their certificates which are important from the organization's security point of view our administrator will drill down on the widget priority one tasks in one snapshot she can view tasks which need immediate attention and these tasks were automatically created based on rules that you can specify this empowers your pki team to work on renewals collaboratively as you drill from the task to the actual certificate being renewed you can see where to select the priority of the task that's automatically created in addition to viewing the details of the certificate our pki team can also see how the certificate relates to any service through the dependency view this critical view empowers admins to visualize how the certificate could impact the organization's services illustrating the potential impact due if the certificate were to expire heading back to the dashboard the certificate inventory tab gives your administrators the option to quickly review the categorized repository of certificates such as the total number of certificates upcoming expirations as well as a breakdown by root issuer but servicenow hasn't forgotten about application owners who need to request new certificates the servicenow certificate management application empowers the certificate administrator and application owners to request a new certificate or renew an existing certificate from this platform it leverages now platform workflows and catalog features to automate this process and approvals two catalog items specific to certificate management are included as part of the application once the request is submitted the pki team can view it under the open certificate tasks tab under open new request tasks widget on the certificate management dashboard it's a very common scenario for customers to have applications hosted over internet or online portals that are important for their day-to-day business operations servicenow certificate management discovers both url and remote port-based certificates for url based certificates our administrator selects certificate discovery source urls and adds a new rl to be discovered once you add the url all you have to do is map that new url to a discovery schedule we have one here called url certificate discovery and click on the certificate urls tab your admin then clicks edit and then moves the url we created into the certificate urls list on the right and click save now they've added the url to be inventoried and it'll be discovered the next time the schedule runs for remote port-based certificates you're first going to activate the port probe tls ssl certs which is installed when you install certificate management then you'll incorporate that into a discovery schedule and any certificates on the machine specified in the schedule will be captured as unique certificates so now we've discovered how your pki administrators can use certificate inventory and management to proactively reduce outages with actionable insights gain visibility around the dependency between tls certs and your organization services and manage certificate requests and renewals your pki team can manage all of these processes right from service now another challenge our customers face is discovery and service mapping for distributed environments such as containers and cloud native applications tag-based service mapping helps customers by seamlessly mapping applications in distributed environments using tags the de facto standard for establishing governance models for cloud and container workloads such as kubernetes openshift pivotal cloud foundry and others this is equally useful for centralized it teams devops and sre teams looking to troubleshoot service issues tags are key value or name pairs that are defined in cloud services and container environments customers can define these tags in their applications container environments and so on service mapping will discover these key value pairs and automatically create relationship maps and dependencies this is particularly helpful for distributed environments without waiting for a longer top-down mapping process let's start by searching for the app service key organization can push these key value pairs to their infrastructure and apps to track them holistically let's pick a linux apache server to see more details here you can see all the downstream and upstream relationships you can also see the specifications of this server such as cpu cores disks memory and other information let's see the full dependency view when you click on the dependency view you can understand the application context very quickly and dynamically you can see the full topology and that this apache instance is sitting in the linux server and is used for delivery tracking customers can build logical buckets of keys such as app services id or anything called service families once you create a service family you can relate the logical family to applications you only need to create these categories and families once tag-based service mapping takes care of the process of mapping based on these families let's look at the review portal application map created with service family and the right tags you can see that review portal application was automatically mapped you can see that it's running on a kubernetes cluster containing pods and docker containers you see when changes were made on the cis that's the power of the now platform it tracks incidents and changes to ensure services run smoothly your it operations team can layer insights gained from tag-based mapping for aiops intelligence using operator workspace you can correlate services created to events and alerts this gives you one place to see service performance issues if you run a centralized i t organization you typically don't have visibility to what devops is managing combining the it health application with tag-based service mapping you gain a much better context of the applications running in a distributed environment to track changes and resolve issues faster let's see the book info service details book info is a popular containerized application made up of microservices the service details page shows you critical information about ci health relationships related cis and so on see the affected ci which is a kubernetes service that we're looking at using machine learning and alert correlation we're able to combine a critical alert that tls certs have expired with all this information in one place your site reliability engineers don't have to go from one code repository to the next to hunt for app dependencies looking at the service map shows you that the ratings page is down your sres and ops teams can use this information to further investigate for instance you can drill in further with a full service map clicking on the ratings ci you see that there were some changes made let's open the full dependency view of the rating ci to view details to troubleshoot the issue this information is useful for both sre and centralized i.t managers who are going to fix and make changes so we've seen how tag-based service mapping helps you gain visibility of distributed environments get ahead of outages by providing key changes and reduce mean time to resolve by working better together with aiops how can you see using tag-based service maps to jumpstart understanding your distributed services as part of the overall visibility picture itops teams have to monitor the progress of their discoveries and manage their discovery schedules one tool to help is the discovery home page updated in the new york release here you can create or edit schedules for ip-based and cloud discovery click view schedules to open the ci schedule view where you can see specific details about each ci schedule separately you can view the results of your cloud or ip address schedules and create new ones you can also review discovery trends by hovering over each circle each representing a single discovery run back on the home page your teams can review the discovered devices showing the devices that extend the hardware class in the cmdb broken down by class cloud resources are organized by type with the ability to drill down to a list of resources for those classes finally your itops teams can address discovery errors by focusing on similar types of errors this enables them to fix a single error then manage them in bulk by assigning the errors to the correct group it's just one more way that servicenow uses the power of the now platform to collaborate and automate issue resolution over the past few minutes we've shown how servicenow's it operations management visibility solutions help you discover and manage tls certificate requests and renewals use tags to map distributed services such as container and cloud-based services and monitor your discovery operations using the discovery home page for more information check out our product pages on servicenow.com as well as the servicenow product documentation site for itom visibility