[Music] let's get started let's get started okay so uh like I just mentioned thank you everyone for joining us I hope you you're well today and that you you'll be able to stay for the the entire session uh my name is Nicola Hoffman uh I'm part of N2 uh I've been working as a service now consultant for the past 12 years uh and I specialized myself uh in itm of course 12 years ago was only about itsm and more recently I'm into CSM also uh I've been doing a lot of different projects in a lot of different business contexts and uh for the past three years uh with my associate I've been we've been building and to helping solution which is uh which is basically uh a company uh who gathered together uh experts not only in service now but also uh in esm uh in esm esm practice so Enterprise service management uh we try to to gather together the best uh and to give the opportunity to our customers to to reach to reach out to the best Freelancers uh worldwide so we have customers all around the world and Freelancers all around all around the world also soon and today we are hosting Michelle from and partner yes Michelle hi nio yes thanks everyone for having me yeah so my name is Michelle I'm also here from luxenbourg um been on the service now platform since 2012 the funny thing is that Nicola you were actually my first teacher teaching me the ropes of the platform was a few years ago yeah yeah uh a lot has happened since then we have we have learned a lot on the platform uh I mean I've done itm it BM I think it's called now SPM name change yes but now I'm specialized also on it operations management uh a topic that is uh well pretty much uh today's context um because yeah over the time so I'm working for in9 partners I'm lead advisor as well as managing partner uh there and we focus really solely on the topic of it operations Management on the service now platform so it's not just me in9 Partners is a company established in Amsterdam and Luxenberg and we have multiple experts working on uh uh big projects for big uh companies across uh Europe and across the globe um doing yeah mostly cmdb itom and a lot of advisory on how we can actually manage our services with this data and uh I guess that is also why we come today together because all of that experience everything that we have learned kind of now comes together when we talk about TOA exactly so before we Deep dive uh into all our subject uh let me just explain how this webinar is going to happen um so first I want to thank Jesse uh who's actually managing the the Bro broadcasting control uh you might you you can interact in the chat with uh with him uh he might he might answer the questions and he will probably also uh try to help help us getting uh your questions to our attention uh from time to time you'll see you'll get uh some poll coming up uh so we want just to address a few questions while we are covering all our topics uh so so we can try to understand you guys better and uh focus on what you definitely need uh whether it's to talk about it now or maybe later we'll see um so today we'll cover some key aspects uh about a successful cmdb and we'll introduce uh Dora of course um and then we'll um just uh check how to address uh dur in the in the first stage and F finally we'll illustrate that with a some concrete project examples uh this is not going to be a a complete slide presentation we have a few slides but I think the the the whole now it would be more an expert discussion right exactly I hope so so keep it keeping it casual let's hope so yes so um let's start so maybe you can summarize in just a few few words to the audience what is Dora yes uh well Dora is a very broad topic um it it is actually a measure of the European Union to pretty much streamline uh when it comes to ICT so information and communication te technology risk management to streamline that across financial institutions uh in in Europe and that does pretty much mean uh well and and a finance uh financial institution needs to be able to do risk management and internally as well as externally so we have a lot of infrastructure that is running we have a lot of of context to manage a lot of people to manage people that work for the institution but also stuff that is outsourced that is these are all sources of risks that need to be managed and the idea is that we have these streamlined approaches that that so that we can also facilitate uh information and intelligence sharing in relation to cyber threats I mean it's the digital operational resilience act so it's a lot about how to manage also these uh modern cyber threats in a in a coherent manner but also then be able to report major incidents and also act on major incidents um but of course there is much more more to it uh in general it's about risk uh management and also um being able to to to to change to adapt uh to new needs uh the industry is constantly uh changing and we also need to be able to to to uh to adopt accordingly and that is where pretty much Dora comes in right okay thank you for the input um and you Michelle as a specialist and as IA of course uh how do you as a specialist answer is now item how do you help your customers with Dora specifically yeah that's a good question so let me go to the first slide we have prepared um so we're going right a bit to the to the uh the topic at hand there we go so now you should see our uh our screen our slide and um we typically reply as I said we are an expert in service now and service now is is a platform uh designed for Enterprise service management that means nothing else than uh we can uh digitalize our business processes on top of this platform and um the key here is what we call the cmdb the so-called configuration management database and as the title here says it's more than just a list of devices that we have uh in the end we need to bring together in this database uh the entire organization so not just the the estate of of of uh the infrastructure that we have but also the people that work with this because we need to be able to to organize and arrange everything and these people they need to have the the right uh information at hand that's why this data base needs to be populated uh often it was done manually but more and more and that's what we want to do we want to automate this the data collection as much as possible to then uh provide this information to our organization so that uh they can uh do their work pretty much and it's not again just to provide a list of devices but also the context of these devices what applications do these uh devices serve and how do we uh do we support our business and and services with with these applications so it's really to to to bring this um this uh top down View and that bottom up view but the operations and the business side together so that we really know how we we we are operating in the end because in the end that that allows us to do the uh to do the risk management in all all its senses right right you just mentioned something very interesting uh bringing operations with business together yes um well it's it's uh it's in the end what what we are doing or how I'm seeing it is uh organizations they they they have business processes and we buy applications to drive these business processes that's the age of digitalization right right um so you and and that works pretty well but typically what we Define on the abstract side on the business side and what is then deployed and and how operations run they are typically disconnected and that is the gap that that actually that we're trying to fill here okay yeah um so next question for you Michelle uh what are the values and philosophy of a sound CMB very good question um so well let me switch over to the next slide there we go um well the values of a cmdb especially on the service now platform is to to create this uh single source of Truth really consolidate everything that I mentioned into this one place um we don't want uh silos pretty much uh that's that's the exercise that we're trying to do breaking syum uh and that is then as I mentioned to boost our our surrounding processes on the platform laying this ground for work for uh good governance risk and compliance uh by enabling better change and impact assessment uh and much more of course um at the same time uh the values of the cmdb is also to have a a a sound governance model some a a a not just a tool but really uh standards to which we can work the anti organ ganization can work to govern this tool properly across roles responsibilities processes uh Etc yeah that's pretty much it and then the philosophies oh yeah we have another slide actually on the philosophies um because it's always it's all all nice and dandy what I explained but uh there are also we call it pitfalls like a cmdb um is is uh is a really uh big project it's it's uh it's and and I could as I say here on the slide it's it's not necessarily project it's a process uh we need to to to to understand or as I always put it what might be true today might be false tomorrow so the data and everything is changing uh and and that needs to be reflected on a daily basis in in this this database uh hence why we we establish a proper process that works properly for everyone um that said I said we want to break silos the cmdb uh what we want to do is uh a team effort so it's more about the exercise of understanding the organization and how they work together uh tooling is often is often the easy part right right yeah and about understanding the organization um what what is typically the first question you you get to to ask them yeah um the okay let me let me stop this screen sharing there we can see us again so that is also uh a very interesting thing because again tooling is one thing uh driving people is another and uh the first thing that I always ask is or or try to assess is the maturity of the governance of the processes that we have at hand some some institutions some organizations they have already a cmdb uh some don't some have Asset Management everyone works a bit in their way some follow uh the best practices of the market like iil and and so on uh some don't so my first question is always who is responsible who is that one person that we work with and who is responsible for driving this typically uh in in terms of of uh the the the uh industry terminology we we are talking about a configuration manager or cmdb manager right because you need that one person who is able to to uh to intervene between the different actors and we as as as outstands as consultants who come in we cannot really dictate the internal stakeholders what they have to do they need to create that function typically internally that has this responsibility and that is then also our stakeholder we work with a lot okay so after that question I suppose you you get to to to understand and to uh to scale some uh maturity level uh and once you you've done that how would you how do you grow the maturity of the cmdb yeah um of course it always starts with understanding what is the current state of the of the uh organization right uh typically uh when we look in the financial uh sector they they are already heavily regulated um so so a lot of standards are already in place given by ISO certifications and so on Andora pretty much looks at standardizing these these certific really aligning them across the market um so typically Banks they uh should financial institutions uh not not just Banks uh they should already have a good understanding of their business processes and also the business applications they they have and that I speak mostly from a uh from a business perspective uh often times you find a function in an organization such as Enterprise Architects Enterprise architect right and we we typically start there first of all to see what has the business uh bought so far how does the business operate and how do is then the the the the organization put uh making their their their capabilities of these applications available to to the services and the operations everything that is running below right so it's really about giving that um that uh first of all getting getting a real good understanding of that that um business estate from from an IT perspective then as well um and that that means then at the second time we also want um to identify the uh the it estate so how well that's the second question then you look at the operational side how well is your it estate captured um do you have are you are you manually capturing the it estate that means you you you rely on people so for example asset managers to type in the information are are you already uh applying something uh such as as as Discovery Solutions and I'm not necessarily talking about service now Discovery but in general I mean organizations have uh tools such as seccm uh already in Tunes or or any other manuring system yeah yeah so and and then the question there that that arises also for me in terms of maturity to to assess that a bit is how well do we capture that data do we already bring it to together into a a a into the centralized cmdb or is that also still something we need uh to work with Okay so so that means we have now two things uh in terms of maturity uh to repeat on one side we have the the business uh side of things really what what uh what drives the business what need what capabilities does the business need to to to to function uh to make their business processes to execute on them and then on the other side of course the operations that deliver these capabilities so so that means then the next maturity step that we need to have is what I mentioned to close this Gap is adding this application service or this service context around it um typically we start by saying okay we have here now our infrastructure we have this and this software that runs on top of it but for example this set of hardware and infrastructure also Cloud uh I mean it's not just Hardware it's everything pretty much um but in which application context does it run right so um I always take the example we buying we are buying business applications um but it could be that that we have three different locations and we have three different instantiations of that business application and that is exactly the application context that I'm talking about so really understanding how uh applications are deployed and and what are they running on and then also uh you would want to add ownership to this right who owns this this application context as a whole who owns the individual uh components or configuration it responsible again it's it's yeah it's really about this exercise it's not that is that is that is that is really well put it's not about just creating this database but understanding who is responsible to act in case of right and that is the difficult part that is really the difficult part uh yeah I think them that is a pretty pretty extensive question I could take it much further maybe later maybe later because uh you you mentioned you you just mentioned uh the the level of it estate uh and you mentioned that a lot of customers are still doing it manually how would you automate um that's a good question I see however that we have a lot of participation in the meeting and I also see that we are still good in we actually still have 10 minutes for question so let's maybe go a bit through to what people are asking so Joseph is asking is it Poss proposed to include third party data in the cmdb and if so to what degree that is actually a very good question uh the answer is yes um now um we see today in the market even though we have Discovery Solutions uh organizations already have the data somewhere yes it's just it's just not centralized so it comes natural that a lot of organizations are also looking into Integrations and uh we actually have outof thee boox connectors but also the possibility on the platform to develop new Integrations it all depends on how important the data is uh and and how critical and how much you need it um it's always also a question of value is it really valuable to integrate this data just you're not going to to to put up the efforts at integrate data if you don't work with it if you don't need it there is another thing to this how another aspect which I like to address uh on that question is the the how how trustworthy is the data because you can also integrate third parties into your cmdb but if that third party if that data is not trustworthy if it's if if the quality is low then probably you shouldn't where you should evaluate right right because having to to deal with wrong data is probably well it the nightmare of any c exactly I I mean you want we spoke previously about the configuration manager or whoever is responsible for it is also responsible for uh ensuring the data quality the we do not want to lose trust in the cmdb if that happens then then we have a bigger problem at hand it's an easy fix but once people don't trust the tool anymore then yeah the problem is Big okay I'll just go somewhere else the information yes and you'll lose a lot of operational possibilities yes um and then I see Define third party data of course we need data from various sources and uh D times down times sometimes it's necessary also to bring in data from cmdb of a partner but remember the data is only as reliable as mechanisms that keep it accurate yeah actually Peter you you replied to ex exactly that it's exactly that all right um okay yeah no further questions on this point um all right so where were we then so I was just asking about automation because it's actually the question actually pretty well um everyone is talking about we need to automate we need to automate and I have a very very easy approach to that often times uh uh I'm already first asking uh what are you doing manually like what are your processes your procedures because automating is often times about workflow right something that is established and if you don't already have a workflow then you cannot automate I guess on a basic process like incident of problem management it's easy to understand but about Gathering data yes so so but but what I also uh mean about here is uh in the bigger sense uh with starting manually is uh and and we will see it also in the example that uh that we did earlier uh starting manually helps also first first of all to understand how you operate as an organization right if you have silos uh and and uh people are pointing left and right it's not my responsibility it's his uh and that kind of thing you first need to get work through that uh but I'm I'm not saying is like do everything uh manual manual your your goal aim is to start manual so that you can automate as fast as possible that you can identify how you can even automate right okay so what your telling me is that you cannot automate something that you cannot do yourself before it's not just about targeting a database somewhere in your infrastructure in the cloud and just Gathering data and everything is fine yeah exactly you can do it but then again how trustworthy will the data afterwards be right right uh and how up to date Etc but then once you have I I identified these these critical areas and you have understood them you can go ahead and automate them and that either through uh things such as third party Integrations uh which I said is is coming very very a lot and service now that has these these outof the boox connectors called service graph connectors so uh they have a store and you can look that also up online it's called service graph lot of uh commercial ofth shelf products you can do custom Integrations with something that's called integration HL um to collect data or you can of course also go ahead and use the service now item suit which is actually recommended uh also playing back to the maturity discussion because what we we try to do with the item suit is on one side well to discover you have Solutions such as Discovery either uh agentless or agent based uh so either you you have a server that pings everything and collects the data through common uh protocols s such as SSH winrm SNMP Etc or you install agents with that you can already automate a lot of data collection but because you're using these these uh these tools from service now you can add this next layer called uh service mapping or it would be better called application service mapping which is really designed to create uh to to to create this application context that I was earlier talking about yeah and keep that up to date uh automatically by reading configuration files and grabbing stuff left and right that we need um of course again it's automation you can you can have little automation you can have a lot of Automation and often times also more automation you have the more you have to maintain and there also a lot value a value question on what you automate what is the discoverable data that you want to have and which data you can still maintain manually I guess it's something that a lot of a lot of people forget is that uh a lot of people say they want to automate so that they will have less work afterwards is it true well um first you need to put in a lot of effort and in invest before you have a return like it's it's as simple as as that uh I mean it's it's I I there was always like a graphic that I saw you do it manually at the I think the lowest was the time and and when you work the graph like got go steadily uh uh yeah it grows steadily like when when you stay manual automation is the the the line stays flat uh and and you see it seems like the manual efforts they they are more effective but then at some point when automation really works and hits then you get like a a a kind of hocky stick effect because then automation really helps you okay yeah that's kind of how I see it um I think we still have a few questions do we hi Nico so you in the chat okay when an organization is interacting with a third party wender either for data or processes should this vendor also be Dora compliant that is a very uh freaky one that's a tricky one um yes I mean the regulation applies to the entire Financial uh sector um but in the end again it's it's about risk management you as the financial institution are responsible to manage your own risks and if you have an Outsourcing strategy then you also are responsible for managing these Outsourcing risks yes so I guess Dora does not specify exactly how uh which level of compliancy Partners should reach before working with with the the financial institutions uh to my knowledge that is correct that is correct you have other regulations of course that require you to like here in Luxenberg we have this uh Infamous psf regulation so uh if if if a bank uh uh wants to work with you as a as a contractor and and really core Financial system and and and confidential information uh is being uh looked at then you are supposed to be psf compliant and I I think it applies a bit also to Dora again it's it's really about risk management and staying resilient it's it's for you as the institution to to decide when you need certain certifications uh of of contractors and when you can just uh work with the risk right okay yeah more of an observation would be interested to see if service now are preparing to be greeted as the critical third party uh under registration okay I I I I get the question though uh Joseph of course service now is uh is on top of this uh when Dora was introduced or or publicized uh especially also for us we I said we we we have been working with iil and these kinds of Concepts now for for for a decade or more and then when Dora came along we were like this is exactly uh what we've been training for kind of uh so so and then of course for me it's logic that when logical that when service now when a regulation comes service now looks as this of course also like this is something we need to stay on top of and something we need to drive and actively also uh contribute and help the community to adopt this properly because like this the sub platform will also grow and be successful right exactly yeah I hope that kind of answers that question two very interesting questions yes and then Jose if third party deemed critical on the relevant regime they will have requirements yes definitely well well summarized mentioned yeah with the psf example yeah but any every state has its own regulations and even though we are in the your in the new still well um I think this wraps up the the first part um yeah and uh now we want to talk a bit more about addressing Dora in the first stage if that's okay with you Michelle um now how can you use uh the wealth that uh that uh we grew uh Gathering all this uh information properly to reply to Dora actually yeah so so putting a in place a cmdb or any database for that matter is it's all nice but in the end you need to use it properly so you can have the best configuration management process in the world if your other processes are lacking and by that I mean if your other processes are not well integrated you use this information then you again lose the entire value so in the end it's uh about also about looking at incident change problem security operations processes everything that can make use of uh the cmdb uh to to to grow their maturity as well right you want you want to make sure that now I have a cmdb with this information how am I using my Incident Management process with that information to drive this visibility so that the people solving the incidents and the problems and the people that drive change across the organization really know what is affected right I'm changing a server or a server has a problem I want to know what application is Ed that tells me what business process or what business service is is affected thereof and that is exactly what dora wants us to do um that Gap I was talking about earlier it's not problem to to close that gap between business and operations it typically takes time if there is something that goes wrong you have people uh uh uh running around sending emails chat messages and it takes a week two weeks until you have figured out what the hell was going on yeah yeah so and and and Dora aims at this and and and that's what we're trying to do uh growing the the antire it it process maturity uh to to to a higher level so that uh it's not a matter of weeks anymore just a matter of hours or even minutes when our processes are well uh well well defined to use it um then uh of course in the first stage uh next to that or or in combination with that is uh guiding organization to properly Drive adoption if the organization is not using the Tool Set uh you can again have the best the BN processes in the world if if adoption is not is not uh is not well driven um again you lose the entire value and uh so for me it's really and I'm I I I can't repeat this enough it's it's an exercise of continuous Improvement which is funnily enough also an an idal concept which you can definitely look into but I'm a huge fan of continuous Improvement because nothing is perfect right from the start but continuous Improvement those Concepts kind of help you to grow step by step with to put in kind of habits and routine identify uh where it falls short and then introduce uh introduce uh uh improvements so that you can grow and mature properly yeah that's pretty much it okay and for all these organization who are now adopting what is expected from them uh until the deadline of end of January 25 yes so it's a very tight deadline so uh from announcement tomorrow yeah it's pretty much tomorrow um because what was it now one and a half two years deadline or for uh to put something this big in place and such big institutions yeah yeah it's it's it's it's uh it's challenging it's challenging but I personally think the the that was it was uh it was a bit down also to to shock the industry right uh uh which which was good it had this intended effect because everyone is talking about Dora in every financial institution um and in a good way because it's about breaking those silos it's about uh uh enabling communication transparency information flow so people are embracing yes yes now I see more and more people embracing it but the question is and and we we we will see that uh in the next example well talking about the next example um the this financial institution uh in the example has over 500 applications and a lot of Shadow it like like how do you automate all of this how do you put it into context in just a matter of under two years so they yeah they they they've been uh haunted by the past in fact it's it's not that that that that everything uh was was uh was bad about it I I will I would explain more because they had processes in place it's just that processes were were not mature enough or were not at the the state that they needed to be to reply to Dora and I believe it's probably the history of most of these institutions I think it's the case in a lot of financial institutions again you have some that that are very very very mature in their processes but you also have some uh that that are just not because the requirement was never there they could operate and that's fine yeah and that's fine um it's also often like some banks they are old like 50 hundred years old and I what I've seen is also a lot of lot of financial institution might have employees that are there since 20 30 years they have their own terminology they have the back in the days you have a established it not based on industry standards but on uh on uh yeah on how you defined it right and all of this now you need to overcome kind of uh it's it's a huge challenge so again technology is not the the issue here it's it's more about driving the adoption across the organization people and the regulator of course the auditor knows this um so the the key takeaway at least from from the engagements that we have until now is that well first of all satisfy uh the the Auditors by showing that you're actively working on it that they have a sound strategy that you know what needs to be done in order to protect your organization from uh external threats and also from also internal threats not just external I mean uh it doesn't always have to be a Cyber attack if if if a major server goes down and and your entire cor banking system is not available anymore it's also you lose money you will lose money and it's a you might damage your reputation also that we understand under under being resilient right um so first of all figure out what's most critical for for for for your your uh for your bank for your for your financial institution um and then uh try to capture this uh in in in a in a proper context uh so um address critical areas first and then have a strategy on how to grow uh as as given in the next example uh they we had identified over 500 applications we picked now the 60 most critical ones okay and and that already get and that includes a lot of it Parts like really the major platforms such as VMware Azure uh uh application platform so these are really already captured really these Technical Services which kind of are the foundation of everything because I guess they they host application ible to to the public used by the business and and so on yeah and then show the the the the the Auditors that you are that you you really have this strategy and you know a way forward and that you can put forward also deadlines when you envisage the next okay stage of maturity to be ready at least you have to prove that you engage the work towards complete resilien yeah exactly that is that is the most important thing for now right and again always look at what's most critical to you to protect your your organization yes that's uh would there be any questions in this in the chat maybe let's let's check so um more and more CI data for virtual assets will no longer be visible in the cmdb their status and even their CIS themselves will change and move permanently that makes itm more and more unusable by example when a virtual goes down AWS will start a new instance immediately no incident and no change ticket will be in involved yeah that is very technical that's um and very true uh but the question then is if you have this in place if if you really use that mechanism of AWS uh it's it sounds like it's kind of self-healing um you would want then maybe to capture that there is a redundant server that that was created and that is also in your database and you actually have automation also with AWS to integrate to get this data maybe you can prevent it by doing some problem management yeah I I kind of feel like this question is also more related like to to technology such as container based with AI probably get some more advanced tools than than even this one but yeah it's it's the cloud in general I agree the cloud in general uh poses uh another set of of of hechs to to to it leaders uh specifically because of this these Concepts such as serverless and and and and so on I mean that's why we also engage uh uh the cloud it's it's easier for us to manage but on the other side we also kind of lose some insights and we need to be able to manage this as well um but on the other hand you can uh uh also integrate like locks uh lock analytics and and stuff like that to manage your your the monitoring of your your uh Cloud environments it's not always about bringing in CIS for the sake of having CIS right at least that's how I understand the question um all right so should we just switch to talking about some project yeah I think I think that's a good idea uh unless there is another question I don't think so I think we're good Michelle I'm just making sure that okay that's good and then like you should see my screen now again yes uh that was the last screen and there we go so we we have 20 minutes left kind of um gives us more than enough time to to to dissect this this example a bit I guess exactly um so this is a a a a financial institution uh and what you see in front of uh here is the high level road map that was defined all at the beginning uh to to to get started so uh to put this a bit into context it's a it's a financial institution that had a already kind of a cmdb in place but mostly U manual there was an integration within with the with one uh third party system um but uh most of the the the the data was driven by infrastructure teams um when you say teams were they working in silos or were they already working together uh they they were working too because it's infrastructure here they made just a difference between Windows Linux and and these Department uh but yeah there they they are heavily siloed it's one of of of the key things that Dora addresses and what the the management over there now also tries to achieve is breaking these Silo um which actually works pretty well also with the concepts that we have in the cmdb because you know people always tend to say well I'm just responsible for this this is in responsibility of someone else and I'm getting in and saying that's fine just tell me what you're responsible for so I can document it in database and then I go to the next person that you tell me and I will do the same exercise you can work with the silos but in the end um you also then need to maybe not break the silos entirely but also create the right interfaces between the teams right and that was kind of the exercise here to get back to it the governance here at this this institution was mainly limited to Asset Management pure and simple Asset Management so a list of devices um and then of course they had also already a list uh of business processes and business applications on on the the architecture side of things but the Gap was really in between as I as I mentioned all at the beginning it was this this typical uh pain point that they they were facing um and the idea was now of course to to change this to to to to to to enable our processes better like they did incident change and problem management they still do it uh and and it works kind of fine but not with too many uh headaches for for especially change and incident managers where they need to to go and and and and even if they have a CI they then still need to change Chase information uh behind uh because they don't have that application context easy as that so what we did here is first of all we we did a dive deep dive into the asses really to understand how can we now build the cmdb uh in a first version that replies well enough to Dora uh to stay compliant but then also puts the organization onto the right track for for future growth um you're already building the process of onboarding the future applications in in the cmdb in fact exactly exactly so we what we said is we the asset management process that they had is fine but it stays that exactly just that very flat your that's just Asset Management m we use that also asset management is for me at least in service now is a source just like an integration of a third party system or a discovery it's a it's a source it's just a process as a source pretty much uh so we can use that we can work there therefore and it brings in also already a lot of value but uh at the same time we then really needed to establish a full uh blown service asset and configuration management process uh so that we can handle uh all the roles responsibilities around the configuration management uh database so it was really about identifying um yeah how how how does operations work how does the business work who are all the stakeholders in between and then how is the business using these applications really and then coming up with a role framework that works because you do not under no circumstances would you want to change uh the mindset of the organization that will not work if you and by that I mean is um uh this this this organization Works since since since since decades in the same way they have very established structures hierarchical structures and and and and what you should not do is reinvent the wheel like work with work with what you what you have and adopt the governance model to their structure and and it's actually actually uh once you understand an organization how they organized themselves adopting a a a this this this governance model this this configuration management process is actually pretty easy right okay so that's a key fact you don't C with you don't come with a book of recipes and just I I come I come with a set of leading and best practices as well as with a lot of experience uh just to digress a bit this this and a lot of financial institutions are probably very uh Centric organized with a fixed hierarchical structure we have also C customer who is not in the the financial industry who is organized decentrally that that their responsibilities are spread really across many service owners across the organization and it was just it's just to give here a contrast like not organizations every organization is different you cannot come in with the same recipe for all you can just work with leading practices certain values and then the experience that you have and then adopt these Frameworks like for example service now comes in order to put in place the cmdb comes with a framework called csdm common service data modeling and also that is is not a recipe it's a framework that you need to to to to mold and shape so that it fits to the organization and not the other way around okay yeah all right um yeah and that was done it so yeah okay but then uh once you you you defined all this uh govern governance with the the customer and all the the the process about keeping keeping up toate the cmdb and so on what's the next phase for for for for this customer yeah so for this customer then uh we as I already mentioned we had identified now business processes and the most critical business applications and the first access was uh putting them manually into the cmdb okay because we we we we we we want to do automation it's just in order to understand the organization and how they work and everything we and and just to get started we needed to do something and and as I mentioned just heading in with automation would not have solved anything so we first we mentioned at the very beginning of our chat here exactly so we first went in with this list of critical applications and we organized I don't know 50 60 a lot a lot of workshops with the individual teams not just in the infrastructure side but also with the application teams as well as the business teams and then uh we were able to manually put these Maps now together into a it's it's not full-blown service mapping um and and it's it's really just putting in manually the dependencies between the different components that you need so really a a minimum viable product so to mean a minimum viable map but at least now you can feed processes like Incident Management and or change management exactly even last time we were like oh how does this thing on Mainframe work we went in looked at the service map oh that is how it took us just a few clicks something that would typically take them hours just to call up people and then find somebody is responsible so the value already shows now only after six months even though everything is manual right right um and that is then what brings us to The Next Step because now that we have done this manual exercise and which will continue we are now actually in the second stage in the second phase entering uh Discovery automation so we have identified during our first exercise because we understand the organization now we identified well a lot is virtualized not even in the cloud but VMware they have a lot virtualized so for us from a technological point of view it was like okay that's like like that's that's kind of a holy grail for us because if a lot is virtualized uh we can just use the VMware apis it's it's an easy click connect gather the estate of of of of uh of it of BM of bware and then we already know all the virtual machine instances just the running instances it doesn't mean we have yet the data of what it of the hosts itself right exactly but that is where the Second Step would then come in where we say uh first we look at the virtualized environment and then we also have the same time in parallel uh and on top of it we add post Discovery so with Integrations to to secm using agentless Discovery we are currently working on um really automating that that data population with the outof thee box Solutions of service now to consolidate most of that manual information and um that is the key Focus still for this year so until end of June after which we should then basically have the necessary Baseline to also start this automated application service mapping so uh really use use this this this yeah because service now comes with a lot of uh at least for the commercial of the Shelf product um it it comes with a lot of uh patterns to to do service mapping the challenge here with this financial institution is that they also have a lot a lot of Home grow so that's why we say here uh we I first do a pilot on the most critical uh application uh so we're currently in the security and assessment phase to make sure uh well in Discovery we are implementing it but we are working a lot together with security to make sure that ours technology our automation solution set is not compromising their security because that is that is the thing something like Discovery something that extensive can also again be a risk that we now however can manage also given given the tool set mhm all right uh and then we need to investigate uh basically on an per application basis which one do we now want to fully automate and which Maps do we keep purely manual right and for that exercise we are actually now also employing in in terms of governance something that is called Data stewards or cmdp stewards so people that that work for the configuration manager for the configuration management team but that are actually with the with the users with those that have to use the tool and and who who take and guide them through the exercise who teach them the the the the the tool but at the same time also listen to their feedback and incorporate it into the into the database and then go back to the configuration manager to to to to let them know here is good here is bad and and then come up with with further strategies okay so that's also part of the process of maintaining the cmdb yeah having the the the good people at the right place to ensure you get all the information to maintain yes exactly and then uh what is not yet what is on the road map but not yet defined but uh probably for next year uh it's after January 25 yes but because it's important but like I I would we we put it at as a second priority we can we will see if we can still start it this year of course the sooner the better uh but it's basically just capturing all the network here because um Network even though SNMP is rather simple protocol a network is all throughout and and very sensible and and uh they have like a very very very extensive network and why we decided uh at the first stage we don't want to include networking now because it would give us too much overhead to deal with so we want to deal with it in a in a in a separate uh in a separate phase um so uh yeah uh nonetheless that risk is identified we also checked that with with with Auditors uh they said it's fine even though it would be best to have the network also automated and captured uh we understand that it would currently put the overall timeline uh in in in in paril if we would do that that's why we decided only so risk is mitigated yes pretty much all right that is pretty much the the the example so more and more C data yeah we have no additional questions yeah I think that is pretty much a wrap up for us or do you have anything more you would like to discuss no for myself I don't uh maybe you can also ask Jesse if he has something he'd like to to point out to or point out sorry to us uh before we wrap up definitely for today one other question from Alex okay thank you Alex for for how about the storage Discovery is it stand alone or included into hosts um both kind of uh the storage disc Discovery is is is is uh is a bit more a not complicated topic but it's not as as straightforward as just discovering windows and Linux devices of course we already get storage information when we discover for example Windows clusters um but service now also provides extended uh tool sets specifically for the discovery of storage so you probably if that's if that's critical to you and it probably is then you would also want to address this uh individually individually so go go on the service now store check with the the manufacturer of the the the storage if there is something yeah yeah so typically with so it's now Discovery at least with agentless we are able to uh to to discover the most common Storage Solutions uh IBM HP uh just like that like that yeah but it still requires okay some effort and then you can build your own patterns I guess and yeah true true true that for yeah how about so we have another question how about service now capabilities of capturing and storing three levels of subcontractors or of three party vendors which is one of the quite challenging requirements for Dora both administrative and operational perspective on actually getting the right data yeah okay that's that's a that's a very very extensive question uh so let me dissect this um actually the the I need to to answer it also broader the the the overall dat database model of service now so csdm that applies Comm service data modeling allows you to store or capture these various levels however there's little caveat to this as every organization has different needs there is no recipe for it you need there are there are leading practices there are tools and mechanisms we can use but still we need to figure out on a b Case by case basis how we can best capture third parties and the levels thereof so it should be looked uh for this very specific use case because service Now does not come with this three layers configuration not as such but what you would use is uh you would so talking goes back bit to the maturity discussion because we only talked now about capturing uh uh the the Enterprise architecture so the business uh side of things and the the the the the operational side of things putting it into an application context the next stage or what you also would want to do especially to capture this is then the the so-call service layer this the service so how how do you actually uh offer these applications and how do you support these offerings third party eventually exactly so so that means we're talking here about Technical Services business services and their offerings also the connections towards the portfolio the overall uh service portfolio as well as application portfolio um and uh yeah pretty much pretty much also service catalog discussions um because because in the end that's that's what we are talking here it's it's it's the service how do I support and maintain my service yes model is there we can model it but yeah it's it's another effort that we need to put in yeah short answer is uh this would have to be looked uh deeply into it and uh and then buil accordingly to to what exist but there's no specific answer yeah correct and and we are actually now in discussions with the the example shown to to add the service layer specifically to address uh concerns like like like this okay but we also noted that while Dora requires it it's also it's it's not what is the most important thing right now at least for this customer because here we are still really about that operational understanding the operations and connecting that every institution is different you as you mentioned so the will be applied differently to to to en I well to yeah yeah pretty much I hope that replies to your question rul got to go okay we are on the same page perfect okay thank you thank you this okay well so this if this was the final question let us thank you very much for attending uh I hope this was interesting in that we covered every question you might have um thank you Michelle for yeah thank for for having me of course when anytime anytime and uh let's see you next time yeah see you next time thank you so much for joining bye