Knowledge 2022
8 sessions
Automate provisioning and entitle users in three minutes with Integration Hub Spokes
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Hello, everyone. Today we'll be talking about automating provisioning and entitling users in three minutes using integration hub spokes. So to start off with the introduction, I am myself, Ishaan Shoor. I'm a senior technical consultant working with a ServiceNow partner, Thirdera And my primary function is ServiceNow development and consultation. I've got around four years of experience in ServiceNow and seven years experience in software development and IT. My favorite part of ServiceNow is working with integrations, orchestrations, custom applications. And that is why we are here. So again, the topic relates to integration of our Flow Designer. So in today's agenda we'll be covering the following topics. We'll be going through the overview, process flow diagram, use cases, benefits, key highlights, and demo. So I'll start off with the overview. So overview-- we, as every organization, uses Active Directory and Azure AD. but the provisioning in the Active Directory and Azure AD is pretty much limited to provisioning of the users or de-provisioning of the users. But there are a lot of other activities that take place around this, which is giving users access to a particular group, a particular application, having some shared mailboxes, some distribution list, and updating some user details-- might be a phone number, might be a second name, first name. It can be anything-- or just starting an email alias to a user. So a lot of other activities are involved, but they are all manual activities that the team do while the-- they get a request, and they get those requests as a manual-- using manual intervention. So using ServiceNow platform, we can automate all these tasks. And we can fully cater these identity management requests. So this automation can be done in two ways again. So the first one is having a third-party software and ServiceNow as a middleware and having connections with AD, Active Directory, and Azure Active Directory and leveraging the integration of spokes and the Flow Designer. The second one can be where we don't have a third-party tool, and we go to the Forms Automation. So, we'll be covering Forms Automation in this demo, as I don't have a third-party tool with myself. So this is a process flow diagram. This pretty much covers all the use cases that we were discussing in the last slide. So as you can see here, there can be some third-party systems involved in this process, where we have got a third-party system, like Workday, SuccessFactors, which generate an event and create a request in the Microsoft product. And again, Microsoft is Active Directory and Azure Active Directory. And from these, the request goes further down to ServiceNow. And then we have got some capabilities to enrich the accounts through ServiceNow, add the users to a particular group, or we can also notify the account details to the manager. So this is one process. And the second one is we don't need the Microsoft works in the middle. So we can also have a direct connection with the third-party tools and ServiceNow. And then we can go around with the enrichment of the user accounts, adding the users to the group, and a number of use cases that we have there. And there's a third step, where we don't have a third-party tool. We don't have any requests coming in through the Microsoft products. We have got ServiceNow just acting by itself, where we can use the service catalog, the ServiceNow forms. We can automate those forms to fulfill these active user account requests or updating some user account, adding users to group, application access, remote network access, employee onboarding/offboarding. So this is where ServiceNow comes into the picture. And we have got all the capabilities to pretty much get a lot of flavors of employee profiles sorted just by using ServiceNow automation. So this pretty much wraps up the process flow diagram. I'll move over to the next slide. Again, I've been [INAUDIBLE] it all over. So for some possible use cases that we have here is updating my cell phone number, updating group membership, user account creation, creating a new shared mailbox, creating a distribution list, rehiring an employee, offboarding an employee. And there can be plenty of use cases that we have here. Now, some of the benefits that we have realized over time-- so I have worked with a lot of similar projects. And plenty of clients are moving towards the ServiceNow or are involving ServiceNow automation in their onboarding/offboarding and user update requests. So basically they are doing this to reduce the manual intervention and fully cater the identity management requests. So what happens when this manual intervention is removed? So in turn they also remove the errors, so reduce errors in processing. Also, dependencies are removed of in-house legacy automation scripts. So these scripts are basically which the AD team or the Exchange team or Active Directory team is having in their systems. So those dependencies are also removed. After all this, the biggest factor is a quick turnaround time. So we'll be coming to that. I'll be circling back to that later in the slides. But the turnaround time is the biggest change that we have here-- reducing the errors, no manual intervention, and also a quick turnaround time. Moving on to some key highlights-- OK. So some of the key highlights here, a number of employee profiles can be digitized. So, as we have got, we can create a user account. We can add users to the group. So many times we just, if we want to give a user access to an application, maybe Workday, we are creating an HR profile. We can simply add that user into the Workday group, and other automation will take place around it. And we have set up a HR profile. And similarly, we can set up a service desk profile, where we are adding user to a service desk group in the Azure AD. So there are a number of levels that we can set up using the ServiceNow platform. And a request form can be configured and automated. And again, this all can be done through the service request form that we have been using all around, all the time. And the design is future proof, configuration friendly, and robust. So why this is the case? Because ServiceNow is highly moving towards Flow Designer. It's promoting Flow Designer and the use of it because it's easy to use, it's user friendly, and in terms of the debugging of the logs and everything are pretty straightforward, if you can just read and see what they show is. And every six months, we are getting an upgrade for ServiceNow, which is again a plus point. We don't have to worry about anything. So there is no technical depth. So if we are having some kind of custom integration, it is on us improving and maintaining the code. But here we don't have to worry about it. So automatically everything is getting upgraded. It's getting better every day. And the biggest point that we have here is the average fulfillment time. As I was just speaking in the last slide, it gets reduced to around three minutes from around 24 hours. And again, these 24 hours can be even more so, if we have got some approvals and they are just sitting there to be approved. And once they are approved, they might take a couple of more days to fulfill those requests. So in those terms, this time can be even more. But when we are using this automation, once the request is approved it just goes in and it's done within a few minutes. So this is a drastic change. And also, the return on investment on this one-- like, if you are having a manual employee sitting there fulfilling these requests, you can get a big turnaround, maybe save a-- so one of our clients had emailed me that they were saving of a full-time employee using this automation. So they were saving a lot on that one. So these are some of the key highlights. And where this can be applied to? So this can be applied to HR systems, as we have already seen in the process flow diagram, some HR systems where we want to automate the identity management requests and also streamline the requests by removing manual intervention errors and unstructured time-consuming processes, also customers who want to transform manual processes into self-service forms automated by ServiceNow workflows. So these are some of the places it can be applied. So before we go off to the demo, we have got some prerequisites that we need for this automation to happen. So first of all, we need a ServiceNow instance with the Integration Hub subscription. The second thing that we need on the instance is we need to install a Microsoft Azure Active Directory Spoke. Again, this can be different for different use cases. But the demo that we are going through today, we'll be using the Azure Active Directory Spoke. And also we need access to the Azure Portal and also the credentials to build a connection between ServiceNow and Azure. So I have got my ServiceNow instance with me. And I have already sorted out the connection between the Azure Portal and ServiceNow. So that's all good. So what I'll be doing the first thing, I will be raising a request for a new user account. And this user account is a fully automated form that we have. And once this form is submitted, it will go ahead and create a user for which we are requesting in the Azure Active Directory. So let's start off. No problem. Now look for-- we'll put 567. And we don't need to worry about the comments. We need to press Submit. So now, once this request is submitted, if I click on it, and as you can see, just within a minute it has actually gone to complete. So if I go to Azure and go to the users, we do have that user created here. So Tom Molly-- and we have got the job title. We also do have the phone number that we have entered. And that's how quick it is. And also, I have got the user provisioning setup from Azure to ServiceNow again. So I think every 30 minutes the users are synced back to ServiceNow. So all the new users that come in are also going back to ServiceNow at the users. So we are also provisioning a ServiceNow application for those users. Now, if I go to the back and backend of this one and check with the executions, so this is the flow that was executed in the catalog item was requested. We updated the record. And Work notes has request-- work in progress. We get catalog variables. So this is a custom action that I've created. I'm building out the account name and password for the user using this. So it's a basic script action that we have, which takes the first name and the last name of the user and generates an account name with first letter and the last name of the user and also gives out a generated password text. Now, once I've got this, I'm again updating the record with the account name-- the requested item record with the account name of the user that we get out of that action. [INAUDIBLE] the next action that I'm executing is create a user. So I am almost setting every attribute that's required for the user. So I'm setting the account enable to True so that the account is enabled for the user, and he is able to log in. So display name is set up through the catalog item, first name, last name, user IDs. We have got it from the previous step [INAUDIBLE].. So this is a servicewow.onmicrosoft.com. So this is my application on the Azure. And we have also got the email alias as Tom Molly. And we've also got the password. So we are also changing force change password for the user. We can set it to False as well. And we also got the other attributes, given name, surname. We've got the phone number, job title. We can set a lot of other attributes, but for this demo I've just used some of them. And once it has success, it gives out a user ID as the output. Now, once this is done, I'm also sending out an email to the manager, so Adam Haro. I'm sending out this email. If I go to the email logs, we should be able to see that there. OK. Let's look. I'll go back to the email in a bit. And, yep. At the end I am marking the request as complete. OK. Yep. So we have got the email there. So, Hi Adam. The account details of the new user request, RITM-- full name this, network account name, and username, and the password. And the manager can, further down, share these credentials with the user to log in. And, yep, post that, we are just marked the request as complete. So once this is completed, it's all good. We're done. We're done within, I think, less than three minutes or so. It was completed. And just in case if something goes wrong, I am also having a error handler, where I'm creating an incident and assigning it to a team, to action, just in case if anything goes wrong, to look at the logs and see what has gone wrong. And they can reticket the flow or the request for that particular user. And, yep, I think that's quite magic. And also just one more thing-- this was just a create user. Again, if I search my Azure, we have got around 39 actions with us. We can look up user stream. We can add users to group, reset user password, disable user, and delete a user, and also update a user, create a user, enable a user. So there are a number of use cases that we can get at. So it's just a small thing that I showed you. But there are a lot of possibilities around this. Thank you, everyone. Thank you for your time. If there are any questions, do reach out to me or my email address, LinkedIn, Twitter, SN Devs, Slack. And Flow Designer is the way to be. So I have been using it since 2018, and I think it's just awesome. And there are a lot of other spokes that we have outside of this use case, Azure AD and Active Directory, that can just do brilliant stuff. And it can be done in hours. So that's also an amazing thing. And thank you. [MUSIC PLAYING]
Deliver extraordinary employee experiences, resiliency, and productivity
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 So who is this video for It's really geared towards it and service operations leader anybody who provides a service and want to provide amazing employee experiences. And so what is the problem we're trying to solve in this video. Well employees do not have always on consistent methods to request all the technology services they need and in this video through the eyes of our requester storm we will see how ServiceNow can easily address this how by offering storm 24/7 AI powered cell service with VA and NLU really simplifying technology requests and beyond with Employee Center service catalogs and you will see that these experiences can be embedded into third party applications. Finally employees like storm get faster resolutions with predictive intelligence as well as dynamic translation solutions. So here it is ServiceNow is Employee Center now IT leaders this is request management made simple with a unified portal across departments so employees can stay engaged, productive, and informed and request the services they need from anywhere as we can see air request it request any requests it needs in one place even out of the box internal and external employee forums really a peer to peer network to help engage and inform our employees and storm can drop into employee communities like this where it empowers employees to participate in internal discussions and discovery forums via their searches they can even look at leaderboards and reach out to those leaders as well as the ability to post to events and ask those questions here storm has action plans request and these can be showcased in the top area as well as we can see this banner slide show information that uses machine learning to drive personalized content and this can be found throughout storms portal information such as the local hybrid workplace knowledge base articles are presented front and center and storm has the ability to rate how useful this KB article and information is this really better helps our back end teams with the content as we can see this information can be added to my favorites tab on the left so the information is at the ready whenever storm needs to access it the my active items widget once again places information in focus so storm can check on what's important to storm ServiceNow Employee assistant around knowledge management as well as out of the box set surveys can help teams keep a better pulse on what's important to these end users like storm further driving overall experience and engagement to find out more about paid time off storm doesn't have to search through various directories look through emails by simply typing paid time off a query of helpful articles are populated for storm ServiceNow offers a full service employee experience even a live walk up kiosk and scheduling needs are front and center for storm to take advantage of storm can jump in the queue from his desk or if there's a last minute meeting that pops up can easily jump out of the queue and enabling the slot for someone else as we jump back into the queue we can see it's simple now storm is third in line we can see also the hours of operation where the tech lounge is located scheduling anything around that and again, we're really just highlighting that this is storm's portal we can see content is targeted towards storm's needs such as product catalogs recommended content quick links upcoming events, videos even local cafe menu information now let's get into the VA with NLU so if the kbs's the targeted content employee communities are not enough meet our Virtual Agent with natural language understanding storms and yours quick answer to questions and needs. Now with natural language understanding there's not a need to look up topics we can simply type in the need and the Virtual Agent takes over from there no live agents needed password reset is still a challenge for many departments today and with consumer grade security verifications on the back end agents can continue to work on more complex challenges also if the VA is ever uncertain of the direction of our end users need like storm. It can clarify what is needed. Thanks to some of the AI and ML that supports this chat bot in this case storm's request status is parsed out in a few options. One of them being an IT typekit submission as we can see storm's request is still in process and he can jump in add some comments directly right into the ticket from the chat last we realize that ServiceNow that there are instances where the chat bot is not enough this process is also expertly handled for storm Thanks to ServiceNow platform something as specific as ordering issues may have not worked itself into a Virtual Agent topic or the recommendations or NLU suggestion aspects nevertheless it is easily addressed requesters like storm can submit a ticket right in the chat so no phone call, email, or walk to your smartest it guy is needed as we can see storm continues to get kb information to further support him in whatever his needs are now with a few clicks. Virtual Agent automatically routes assigns the ticket to the next live agent based on availability and their skill sets please note that storm can also reach out to a live agent directly via the chat with wait times or phone or email everything is built right into the portal now note that storms experience is not limited to this desktop browser ServiceNow is native mobile app seamlessly carries any of this information this full experience into the palm of the hands of storm this eye search targeted content self-help virtual agents all front and center for storm and this experience is not limited to ServiceNow solutions once again third party messaging apps and platforms are part of the Virtual Agent and incident auto resolution process proactively helping storm in the tools of his choice now some of you watching storm's journey may be saying sure but how long does it take to get this up and running is I always on AI powered service. Let's start with knowledge based information that you saw populated in every aspect for storm ServiceNow offers guided setup for knowledge management. Now knowledge management guided set up provides a sequence of tasks to help you configure knowledge management offering ways to define requirements the ML and really align to the company strategies either offering kicks methodology knowledge demand insights and translation management each section is broken down to a specific task that can be assigned to key individuals and/or groups. So let's talk about the service catalogs that we saw items such as hardware software onboarding requests we saw served up to storm in the Employee Center meet ServiceNow catalog Builder a visual and guided experience where service owners like you can create or edit catalog items along with departmental and roll restrictions very simply now the catalog Builder experience enables you to delegate the creation and maintenance of one catalog or many catalogs and finally let's dive into chat bots virtual agents setup and hopefully demystify some of the perceived complexities around the setup and the maintenance of natural language understanding AI or machine learning around these virtual agents ServiceNow is listen to customers like yourself and we've created a conversational interfaces Workbench this includes guided setup around general conversation setups virtual agents set up agent chats and this really puts it all in one place helping teams to get started in days, not weeks or months. So with that this concludes the video with ServiceNow requesters like storm get 24/7 AI powered self service on a single platform that simplifies technology requests and beyond even the ability to use third party messaging tools such as MS Teams. And finally employees like storm get faster solutions with predictive intelligence if you like what you saw or if you have any questions, please see some of the information you here or even better, please reach out to your local representative and see how ServiceNow can deliver this for your company. And with that, I want to thank you for spending your time with me.
Expand technology services while reducing costs
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] So who is this video for? It's geared towards IT service and operations leaders that want to go beyond keeping the lights on and really create amazing agent and IT services, experiences. So what problem are we trying to solve in this video? It's really simple. Technology teams have multiple, non-integrated tools that increase costs and really solidify silos. This also means that service and operations teams struggle with inconsistent visibility. And they lack service context. And through the eyes of our IT agent Grady, as well as our major incident team, we will see how ServiceNow can easily address this. How? Well, it's really by offering Grady and the supporting teams a single cloud platform across IT estate, which, in turn, gains the visibility with ServiceNow context. It breaks down organizational silos as well as offers teams consistent data across any of the teams. So here is Service Operations Workspace. Now this is ServiceNow's configurable next experience workspace. And it's for all agents, ITSM, ITOM agents alike. And IT leaders, this is IT service management made simple, with a unified Workbench across departments so that agents can stay engaged, productive, and informed as well as support the services the enterprise needs from anywhere. This means desktops, mobile devices, even third-party messaging apps. With Service Operations Workspace, our service agents like Grady, this has reinvented the service experience and really enables modern practices to automate and improve the service reliability. How? Well, we can see this is a single destination to manage incidents, problems, changes. And later, we will see this seamless integration with technology operations to really provide issue resolutions. So this is a unified ServiceNow platform that really underlines these solutions to offer all of our agents the right information in the right place at the right time. Even the ability to change the look and feel of this workspace is no issue. Now Grady has complete visibility into all the happenings from At A Glance. We can see at a glance overviews of incidents assigned to her, SLAs, as well as unassigned incidents, even the ability to review all of her team's information. With built in chat, phone, and walk up functionality, our agent can take an omnichannel approach to work that's coming in. Agents can also dynamically select which channel they want to support. The items that you see here have been queued with advanced work assignment. This is where items are automatically assigned to agents based on availability, capacity, as well as their skill sets. Now in this case, Grady quickly gains full details into this case and incident information, details such as impact, priority, affected CIs, impacted services, activity streams. You'll see this throughout this demo, as well as you'll see predictive intelligence. And this really offers agent support in the form of AI and machine learning. And we call this Agent Assist. What is Agent Assist? Well, this automatically displays search results based on short descriptions. Also can display similar resolved issues, outages. So this way our agent can determine if the solution applies in this case. We also see there's a recommendations framework. The days of searching around emails, sticky notes, or tribal knowledge can be a thing of the past. And here, thanks to AI, we can attach useful articles that will help resolve this particular incident. Now before moving on, the other aspects to highlight here is about incident problem change life cycles. We can see that Grady has everything in a click away, which really helps promote better mean time to resolution as well as up levels all these agents' skill sets. So in a previous demo, we saw how to deliver AI powered self-service. And we saw an issue around ordering services. And the complexities resulted in an IT ticket being automatically submitted and routed to our agent. And Grady is our agent. Now here is where service operation workspace really begins to shine. Once again, Grady is given those full insights into the priority, the service impacts, impacted CIs, activities around all these events. What is a bit different in this case is that ServiceNow is bubbling up even more information around the dependencies. And this is in part due to the interconnectivity between all the departments and, in part, to the CI relationships. And it's offering a more prescriptive Service Mapping information. So with Agent Assist prescriptive recommendations, Grady continues to gain AI and ML insights to quickly address what's going on here. After a quick review, this looks like to be a good candidate for a major incident. Let's bring up a major incident war room. Now ServiceNow is able to get all hands on deck, no matter the preferred communication channel. In this case, it is MS Teams. And it's integrated directly into the ServiceNow platform. What this means is that all the information that Grady sees is easily shared in triage with teams like we see here in this major incident war room team. All the information we saw on Grady's Workbench-- services, service maps, configuration items, priorities-- all are brought seamlessly into this Teams experience. These notifications and information also work on mobile devices. Here we can quickly see MS Teams mobile view. Moreover, we can see all that information in MS Teams carried over into ServiceNow's Major Incident Workbench, really just highlighting and showing that ServiceNow's platform delivers the right information to the right areas of need. We can even see the prescriptive technology and calm tasks kick off in the solution of choice. And in this case, it continues to be MS Teams. And it looks like this is the preferred communication channel. We can see that one of the team members is connected with the events and operations team members. Information is being shared and what's important to each team as well as those team goals. The events team is now working on a bigger fix. However, this major incident war room team sends out a quick workaround to the incidents that have come in on this issue. With a bigger fix in motion, other similar incidents and events coming in can be prevented thanks to ServiceNow's ITOM Pro solution. We also can see that storm. The employee that originally submitted this issue via Virtual Agent has also received a notification about his service working. And this is via ServiceNow's native mobile app. Finally, let's close this story with value. The value of the ServiceNow platform and the suite of purpose-driven solutions as well as ongoing cost savings with ServiceNow. Meet ITSM Success Dashboard. Here is a purpose built dashboard to better distill performance and service quality. This dashboard offers a prescriptive framework for increased transparency around all of the ServiceNow activities and beyond. And we're really providing CIOs, IT leaders, and process owners a 360 view into their IT performance. And we can measure the improvement with these interactive dashboards using prescribed KPIs to maximize that value. Now this concludes my demo. If you like what you saw, please see these useful links that you see here. And with that, I want to thank you for spending your time with me. [MUSIC PLAYING]
Ignite IT service productivity with Client Software Distribution 2.0
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Hi, everyone. Good evening, good morning, and welcome to the Knowledge 22 session. Here, we are to demonstrate CSD 2.0 as an application and JAMF as an integration with CSD 2.0. So today, we had three speakers along with-- two more speakers along with me. So we have Inderjeet, who is a software engineer from my team and Sugandh, who is the product manager for the CSD 2.0. Inderjeet, can you quickly introduce yourself? I'm Inderjeet Singh. I work as a software engineer at ServiceNow. And I'm part of Platform Integrations Team. I work majorly on spoke and app development. Thank you. And myself, I'm Murali. I work as a software development manager in ServiceNow since a couple of years. And Sugandh had been a product manager since a couple of more years than me. And if we move on, we have a packed agenda for today for this demonstration. So we divided this demonstration into three or four different sections. Where in section one, we talk very briefly about what's CSD, I don't know. The next section talks about how CSD should be utilized by any given customer in their instances. And section three talks about real use case of using JAMF as integration and deploying a sample software to an iPhone. And we have a bonus section. If we have some more time remaining, we are open for Q&A. So if we slightly deep dive into what CSD 2.0 is, it's an application that is available on ServiceNow Store. And we use this CSD application, there are few prerequisites that I'll be talking about in the next slide. So it needs a prerequisite of IntegrationHub Enterprise License. So this is the basic need which allows for the flows to be created and flows to be modified by customers. And along with this, the CSD 2.0 application and the JAMF Spoke should be installed on a given instance. So we'll be in the next section, we'll be demonstrating on how to use these three components together to see a real time deployment of software. So once these triggers are available, then if we go into what CSD 2.0 is, it allows an administrator of ServiceNow to deploy and manage softwares of customers who are already doing it with their JAMF and similar providers, whether it is SCEM, or whether it's Microsoft Intune, or it would be even Ivanti LanDesk. So CSD 2.0 enables administrators to maintain a list of records of how many licenses they have. And they can create a software model around how to maintain this list of data, how to rework, how to deploy, manage the license, and all these details. So we'll walk you through those details shortly. So Inderjeet, can you please speak about JAMF now? Thank you. So thanks, Murali. So now, we'll be talking about the JAMF Spoke. So JAMF Spoke allows you to manage various entities, such as users, groups, and your devices on the JAMF account from a ServiceNow instance, shown on this slide, a screenshot of a few of the actions which we provide with the JAMF Spoke. What is CSD 2.0 and JAMF integration? This is a built-in support for JAMF software provider which allows you to distribute software for JAMF managed devices from ServiceNow, which it does through discovering the required data from JAMF server. Then it allows you to create catalog items using that data for software. And once you order the catalog item, it will automate the deployment and revocation through the default JAMF flows. But you can always customize the required flows as per your requirement. Coming to the use cases, which CSD 2.0 supports, as already mentioned, it will automate the software deployment and revocation for you once you order catalog item. It does perform a license check if you configure the catalog item to perform same before deploying. So that you make sure you have the required licenses in your account. And it allows you to manage software releases. And it does deliver notifications based on your lease expiry date that is also configurable, like how many days before the expiry you want the notification. And it integrates very well with the existing SAM solutions, in case you want to consume your license and software model data from SAM plug-ins. What is a CSD 2.0 provider? So CSD 2.0 provider means any third party software provider which can be configured to distribute softwares through CSD 2.0. And it must be configured with a set of tools which are used for deployment, revocation, and discovery of data. And it must also be configured with required tables to restore software and its related configuration data. What is an order client software flow? So this is a main entry point for a catalog item. Once you order a catalog item, order client software is the default flow which will be kicked off. And it performs various checks, such as it will create approval request for your manager if your catalog item is configured to do so. Also, it will perform a license check if license is not available. And it will create a catalog task. So that you can procure the license. That also depends upon your catalog item if that is configured to perform a license check. And it will create the required lease records. And it will schedule the deployment flow based on your lease start date. And it will send a mail that your deployment scheduling has started. As we discussed, order client software will schedule deploy clean software. So deploy client software will create an entry in requested software in CSD. So that you can track what are the softwares you've requested so far. Also, it will trigger the provider specific deployment flow. Let's say you-- in this case, we have JAMF so whatever flow you have configured for JAMF, it will trigger that. That flow will actually send the request to third party, which is JAMF in this case, to actually deploy your software. And in case deployment fails for some reason, it will create a catalog task. So that you can resolve the issue and retrigger the request to deploy it. Now, coming to section two before moving on to the next slide, we will move to ServiceNow instance. And we'll do the required configurations to have a JAMF Spoke running. For this, we will have to configure JAMF Spoke with the connection credentials set up. You can move to Connection and Credential Aliases. In there, we will have a JAMF entry with the name JAMF. We have similar default template. So that it's easy for you to do all the required setup. Here, you give a name for your connection. And here, you give the connection URL for your JAMF account. So I will give one for mine. And here, you give the username which you used to log in to your JAMF account. And here, you give the password. And here again, you give the connection URL. I will just paste it from the top. So verify these details are correct. Once you do that, click on Create. So we have-- this way, automatically your records for connection credential will be created. So if we move on, now your connection credentials setup is done. If we move on to CSD module, we have a list of providers currently building support for JAMF and Microsoft Endpoint Configuration Manager. The process to deploy, discover, and revoke is almost the same. So in this session, we will be talking about JAMF. But the process for any given provider is almost same. So if we go to the JAMF provider, if you see, we were talking there are a list of default flows, which are already configured. And they are a list of tables which store the required data. So you can always configure these flows as per your requirement. You can build customized flows and change this. And here are a list of properties which you can configure. So first is the property with which you can configure it to use SAM plug-in if you want. That way, we will consume the SAM software model and license information. And you can configure all of the other properties as per your need. And here, we will be creating requested software entries. Let's talk about data discovery in JAMF. So in the JAMF model, we have applications, groups, and policies. These are the data-- this is the data, which we we'll be discovering from the JAMF account. And if we go to the server instances, we will have to create a new entry. So that we can perform data discovery. I will give it the name JAMF. And here, we have to specify a Connection Credential Alias. For now, we just support only the default Connection Credential Alias, which is shipped with this Spoke. So once you do that, you will have an option to discover the data. It will retrieve the application groups and policies from the JAMF server. I will click this. Then we can go to Flow Designer, if you we will see. It will trigger your discover and store data flow. Once it's completed, it's complete now. So if we go back, in the applications, we have a list of applications we have on the JAMF server, similarly, groups and policies. So this is of-- let's move back to slides. What is a discovery flow? As we just saw, that discovery flow brings all the required data into ServiceNow instance. So that you can create the required catalog items. We have already seen how to run it. What are software model and licenses? Every JAMF application must be linked with a software model before creating catalog item. This way, it allows us to perform a license check. So let's move on to the instance and see about the software models. So if you move to software and the software entitlements, this is a license table. Here, you create the required licenses. Let's say, test license. And here, you create the software model, whichever you have. So I have a few of the models already created. So I will just link it, any model. Here, you can give the number of licenses you have. And this is the allocation type. So this-- whatever group you are-- JAMF group you are using for deployment, it depends upon that. If your group type is computer or mobile, then allocation type will be device. If are group type is user, then it will be user. So create that. And it will automatically create the allocations available for you. Whenever you are allocating it, it will automatically recalculate your available allocations. So let's move on to slides. So this is how software model and licenses work. In the deployment flow, as we saw, we discovered schedule discovery of data from JAMF. Then we create and correlate software models to the third party provider to CSD or SAM environment. And as we will see later on, we will create the required software configurations. And then we will create the catalog item. So if we have to see, this is how it works. We have a software model, which we link with the software. And with that, we create a catalog item which is made available in the service catalog. And after that, once you request that item, entitlement check and approval check is done. And deployment is automatically triggered. And we will also make a check of license availability in case catalog item is configured to perform that. If license is not available, we will create a fallback task to obtain license. Once you resolve everything regarding that, we will send a software deployment request to third party provider. And then it will be deployed. Now, coming to the section three, we will do a demo on how to create a catalog item for software and how to actually deploy the software. So if we go to the JAMF applications, so let's take this first application. So we will be doing demo through our iPhone device. So we'll take only the mobile applications. So let's take our Adobe Acrobat. So in here, we have CSD software model. You can create a software model using Create Software Model. But you can also link an existing software model here. So let's go there. You can also create a new software model from this dialog. But I have already software model created. So I will just use that. So once that is done, as I mentioned, we will be creating software configurations, which you can create from the related link. Or you can create from this link. I will give it a name. So it will be software config. And then you specify your group, which is configured to have Adobe Acrobat deployment. And type of group matters to decide the license. Group type is mobile. So license type, which will be checked, will be of a location type device. So I will submit this. Now, we have the software configuration created. But you still see you have create software configuration available, which means you can create multiple software configurations. And any catalog item, you can decide which one to use. Once this is done, you will have the option to create a catalog item. Let's do that. So this will take you to this view, where you can specify all the required options for your catalog item. Let's give some category, Department Services for now. Access type, access type has two values, dedicated and restricted. If you specify it as restricted, this means user can order it only for themselves. But if you specify it for delegated, then they can order it for anyone. Let's go with delegated for now. We have all the required options as required. So if you see in the flow, we have our client software, which will be triggered. But you can also customize it to use any other flow as well. But make sure to create all-- create the flow, so that it creates all the required records, as we mentioned earlier. So you can give all these options. So let's save it. So for CSD 2.0 catalog item, there are a few other configuration values which we need to set. By default, we create one record with default values. If you see here, you can specify if you want to skip approval or you want to perform a license check. Let's do a license check and let's skip-- let's perform approval check. And here in the software configuration, as I mentioned, you can create multiple software configurations and specify which one to use from here. Let's update. OK, this is done. So this will be available in the service catalog. Or you can also do it in the service portal. Let's do it in the service catalog. I don't have the section either. let me check. We go to service catalog. We have departmental services as the category, which we added. This is the catalog item, which we just created. If we go to this one, we specify the type as delegated. So we see the user field. If we set the access type as restricted, then user field will be hidden. I've created a user, K22 test user. Let's install for that user and select the device. We will be doing it for iPhone. And let's give the lease date as the current time. Let's specify a few seconds of it. And give a lease end date. Once that is done, click on Order Now. Once all that is done, we go to the request. And here, we mark it as approved. It's going to be closed. Now, if we go to the flow executions, order client software will start. But it's configured to ask for approval if you see. So we are waiting for approval from the managers, from manager. So we will impersonate as that manager. So K22 test manager is the manager for the user. So we'll impersonate as that and approve it. Go to Approvals. If you see, approval is done. So we'll approve it. So this is done. I will end it. So the request is approved if we go here. So this is completed. And our license was not available. So we will have to create the license. So I will create the-- we did not create any license. So that's what we have to do now, any software entitlements. We will have to create a license, Adobe Acrobat license. And here, you have to specify the software model which you used for that application, which is Adobe Acrobat. And here, you give the number of rights. Let's give it 10. I will save it. If we go here, we refresh it. So once we have created the required license, we will have to resolve the catalog task. So we will approve it. The state should be Closed Complete once we do this. And now, if we see, license was assigned. Also, if we go here to our license software entitlements, license allocations available is all-- automatically calculated. So this is done. So deploy application is in progress already. So I will share screen from my iPhone device to show that the request is sent to the device for deployment. So I will share. So as we can see, this is about to install and manage the app Adobe Acrobat Reader from the App Store. So I will click Install. This is the app which we sent for deployment. So it will take some time. And so loading, as can be seen on the screen. So while it loads, we can move on to next part. I think it will take a few seconds, maybe we can wait. Yeah, it's installed. As you see, this is the app. Now, I will stop shaking my iPhone screen. And we'll move back to the slides. So this is how we solve how to create catalog items and to deploy it. But if we move back to the instance, in the requester software, you will see the software which you have requested so far. And you will have the requested item linked. So for this status, if you are using SAM, we will be updating it to install or whatever the status will be. But if we are using just CSD, we are keeping it as not synced for now. So this is-- and if you want to see the list of software items which you created with CSD, then you can navigate from Software Items. So this is for creating catalog item and deploying it. If we move back to the PPT, in the bonus section, we will talk about how to manage software release and replication. So if we go to requested software, there, you will have option to extend the lease or to revoke the software. Let's do the extend lease first, because if we look, we cannot extend it. So we will give it some other day. Let's say we are giving it 30. So if we come here, in the extended lease, as the catalog item was configured to have a manager approval. So it will create-- extending a lease will also require a manager approval. So if we go here, we will impersonate and approve. So we will approve it. We will end the impersonation. If we go here, it is complete now. If we go back in the requester software, [INAUDIBLE] the requested item. We will see the lease date is now 13/5, which is the extended date. So also whenever they lease expiry comes, software will automatically revoke. But if you want to manually revoke it before that date, you can click Revoke Software. So this will trigger the revoke flow, revoke client software flow, which will trigger the client provide a specific revoke application flow. And it will clean up all the lease records. So if I go to the my mobile screen, I would share my mobile screen again. So soon, it will be removed from here. Now, as it can be seen, the app is gone as we revoke the software. So it will clean up all the lease records. Also if we go to the outbound mails, outbox, as you can see, different mails were sent. Extension request, approval request, request for has been submitted for extending lease. And this is a lease expiring mail. Then this is software is deployed. Then this is deploy request is scheduled. So all these kind of mails, if you see what's sent for the user, and this was for the manager. So these are all mails we sent. So moving back to the slides. This is end of the bonus section. We covered managing software lease and revocation. So similarly, if you want to integrate any new provider with it, make sure you create all the required flows. And you have all the required tables, which can store your software data. Once you do that, you can just click new here and gave a name to your provider. And then provide the required flows, give a software configuration table, and provide a software table. If so, that much easier to integrate any new software provider. Once you do that, you can just click Submit. And whatever process we have seen for JAMF for discovering, deploy, revoke, or extending lease, same processes applicable for any software provider which you will be integrating with CSD 2.0. Now coming the key takeaways from this session. So with CSD 2.0, we can automate the software deployment and revocation. As we saw, you just submit a catalog item. And every process for the deployment was automated. And then you and we just clicked Revoke Software, and it was automatically revoked. And coming to license check and lease management, as we saw, we didn't make a check for license. And it was not available. So we created the license to solve the catalog task. And then it was resolved. Similarly, we were managing lease. We saw how to extend the lease and how flows are triggered based on lease date. And as a last point, this is a local solution for integrating any third party software providers. As we saw, you can just build the required flows. You can set up what tables you need. And then you can just create a new provider record. And the process is the exact same which we followed. Thank you Inderjeet for the wonderful demo. So we look forward for any questions. We are available virtually. And we'll be deploying more number of spokes that can integrate with other providers, as I mentioned, like Ivanti LanDesk, Microsoft Intune, and others in the coming quarters. Thank you, everyone. [MUSIC PLAYING]
Improve experiences and drive organizational value with field service
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] In this field service demo, we'll follow Lisa Raye, a help desk operations manager for the Solano organization, as they manage point of sale devices. We'll follow how she uses a combination of proactive service along with process automation to provide end-to-end visibility of incidents, work orders, and tasks. Field service has undergone a huge update in a San Diego release, but next experience unifies apps and reduces clicks to access items needed to get working through unified navigation, which sits across the top of every page. Lisa begins her day in a dispatcher dashboard, and it brings new speed and efficiency to field service operations as users get a complete view of critical tasks, field agent status, and agent locations. A service map is integrated within a dispatcher dashboard, and from it, Lisa can get the location of agents out in the field and pull up work orders directly from the map. This allows Lisa to deep dive into work orders within a specific area and minimize navigating through multiple screens through tabbed navigation. As a help desk operations manager, Lisa has reports which highlight issues and tasks which are pertinent to her job. Here, we have a system-generated incident, which Lisa will need to address, as all the point of sale devices at location 558 have become unresponsive. Through proactive communication, service, and process automation, the location manager is kept in a loop through status updates as the site can't process customer orders until the point of sale devices are functional again. Once Lisa opens the incident, she attempts to resolve the issue remotely. Unfortunately, she's unable to do so and notates the incident for attempted resolution steps as well as recommended actions of having a technician head on site to inspect and resolve. She saves her notes in the incident and then proceeds to create a work order to have a technician dispatched to the site. Once in the work order, Lisa utilizes a template to quickly add specific tasks for the technician to follow once they arrive. The template also includes knowledge articles, which the tech can use to help determine a resolution. This amazing feature helps minimize time to resolution, regardless of the experience level of the technician, as pertinent information is always a tap away on their mobile device. Lisa confirms that this work order is ready for scheduling and heads to a dispatcher workspace. Scheduling within a dispatcher workspace allows Lisa to improve efficiency and accuracy of service dispatch, resolution, and streamline project operations. The San Diego update brings multiple views that Lisa has access to, like a day view, week view, bi-weekly, and even four weeks out. Here, she has a view of all the technicians and their schedules. New to the San Diego update is the ability to schedule multi-day tasks and manage crews and contractors from a single view within a dispatcher workspace. This provides Lisa end-to-end visibility around first and third-party teams and enables her to work effectively with multiple groups across longer work spans for streamlined project operations. Clicking a work order task filters out eligible team members by skill set, location, or whether a crew of multiple technicians are needed for the task. Organizations have the choice to automate task assignment through dynamic scheduling, but can also manually scheduled tasks by simply dragging, dropping onto the schedule, as you see here for Teddy Taylor. The purple color of the task indicates that although assigned to Teddy, he has yet to accept it. This is also indicated by the state of the task once Lisa clicks on it. Now, once Teddy has been assigned a task, he can accept it and manage the work order directly from his mobile device. Teddy opens the ServiceNow Agent app and has full access to all the content within the work order that Lisa created, and he can even use a GPS of his choice to get to the site location. When looking at the activity within the work order, he has full visibility to content to help him resolve the issue, including the knowledge articles that we highlighted earlier. Now, pay attention to Teddy's purple unaccepted task from earlier on Lisa's dashboard. Once Teddy accepts the task, Lisa's view instantly gets updated as his task now reflects blue and is an accepted state versus assigned previously. This real-time information provides Lisa with the ability to make smart decisions if and when scenarios occur outside of automation rules and configurations. Once accepted, Teddy can tap Start Travel to begin. This will send the location manager another text status update and provide an Uber-like experience to follow Teddy's location as he starts making his way toward the site. Once he arrives, Teddy taps Start Work and begins working on resolving the issue. After testing and troubleshooting, Teddy is able to get the point of sale devices back up and running for location 558. He notates the work order around the steps he took to resolve the issue directly from his mobile device and closes the work order task. Before Teddy leaves the server room, he notices that one of the rack-mounted cooling fans aren't spinning. Knowing that overheating server room devices can lead to an outage in the future, Teddy decides to take a look to see if anyone has reported this malfunction by scanning the asset tag on the device. Once scanned, details about the rack then are populated, like the device location, any activity on the device, and any other pertinent information like upcoming work orders, scheduled maintenance, or entitlements. Having this information allows Teddy to take the proper steps to get the fan repaired while on site and proactively prevent interruptions to critical operations. Additionally, this helps reduce the organization's carbon footprint, truck rolls, administrative task, and efforts from site leadership as the incident was automatically generated once a service failure was detected. Through this demo, we've seen how the power of the platform enables Teddy to deliver extraordinary experiences to site employees by restoring the point of sale devices.
Integrations for fun and profit
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Welcome to Integrations for Fun and Profit. My name is Eric Riemer. I'm the development team lead for the ServiceNow practice at New Access Innovations. We're a ServiceNow partner working exclusively in the federal government space. I'm also a 2021 and 2022 ServiceNow Developer MVP. I work on a lot of interesting projects, but that's not actually why we're here, to talk about me. In this session, we're going to integrate, have fun, and profit. More seriously, we're going to go through what integration is, build some examples, and give you some tools that you can go and learn more yourself. So first, what is an integration? Well, there are so many terms that people use, as if you should just know what they all are. And this long list is only a few of them. The good news, you don't need to actually know most of them to get started. Eventually, yeah, you're going to have to learn a lot of them. But up front, very few are actually going to be important. So we don't need to boil the ocean. And let's simplify things. So there's only two things that you really need to start off knowing. What is an integration? And that's when computers talk to other computers to exchange information or take actions. And yeah, that's a gross oversimplification. The second is, what is an API? It stands for Application Programming Interface, which you don't actually need to know. What you do need to know is that it is the agreed-upon ways for the computers to talk to each other. So let's look at some examples of how to do this. So there's two major buckets that all integrations fall into. The first one is inbound. That's when somebody else is going to talk to you, rather than you talking to them. So some examples of this is a SRAPI-- a Scripted REST API. It gives you total control. It's my favorite one to use. There's out-of-the-box APIs, like the Table API and the Import Set API. They're out of the box. They're there. You don't have to lift a finger for them to exist. And they're super well-documented. Finally, there's the Flow Designer API trigger. And this one is super low code. You don't have to know any code whatsoever to use it. It does have the caveat that it's asynchronous. So you can't return any data. Makes it not so useful if somebody says, hey, give me the details of this record. But it is potentially really useful for somebody wanting to insert a new record, if you want to do that. Now, no matter which one you choose, you can and should make use of the REST API Explorer for testing. You can find it by filtering the Left Nav or the All menu, if you're using the Next UI. And one of the bonuses, not only can you test it that way by setting all your parameters, but it'll even give you code snippets that you can then pass along to that third party developer of like, here is everything you need to talk to this API correctly, so that they're not stuck only searching through documentation. Especially if you made a scripted REST API or a Flow Designer API trigger, if you didn't write that documentation, it doesn't exist. But at least you can give them, without having to write anything, here's how to call my API. And here's the code in the language that you're using to do it. So now let's get into an example, Scripted REST API. There's going to be a bunch of code, but it's not that scary. So here's the quick tour of what we're going to be looking at here. OK, so the first is a URL to call this API. The part in green is ServiceNow provided. It's your instance URL slash API slash your company code. Every company has a unique code. Even PDIs have a company code. So if you're just playing with this in a personal developer instance, you totally can. The next part in orange are the name you gave the API, a question mark, and the parameter name that you defined. And finally, in white is the actual value that's going to be sent as a parameter. You can have a whole bunch of parameters. I'm keeping it simple and only having one. And I'm expecting to receive an incident number. And I'm going to return some details. So here's the rest of the code. Again, looks like a lot. Not actually as scary as it might look. So lines 3 and 4 are just to grab the parameters from that payload that got sent. And so in this case, it's saying, find the number of parameter. And we're going to just hang on to that for a second. And line 7, we're going to do a GlideRecord.get on that record. And if it exists, build a payload of information to return. Pretty straightforward stuff, even if you don't understand what the heck this payload is supposed to look like. It's a JSON object. Almost doesn't even matter, because you're returning it to somebody else who needs to be able to handle that. Line 20 sets the response body with that payload that you're sending to them. Line 21 is the HTTP status. Those are those weird codes that you see and hear about, like 404, page not found, and 500 error, and whatnot. In this case, it's a 200, which just means you did it. You're good. And that's going to be returned to them. Line 22 deals with the bad incident number. Somebody sends me a number that doesn't exist, I'm going to send them a 404 not found message and an error saying, you gave me a bad number. And just like that, I've built a Scripted REST API endpoint that I can then make, that somebody else can call. And then they can get the information that they need. Now, the second major bucket of integrations is outbound. That's where you're going to send a message out to a different system and either get some information back from it or have it take an action. You should know, there might be ServiceNow licensing implications, depending on your contract. Ask your ServiceNow sales rep, if you have any questions about that. Because every contract is different, and I have no idea what yours says. So the easiest way to do this is to use an existing Integration Hub Spoke. There's a whole lot of them. ServiceNow keeps on coming up with more of them. Low code. It's great to use. If one of those doesn't exist, you can also make your own spoke. It's not actually that hard, and we're going to do an example of that in just a few minutes here. And it's pretty simple. It's sometimes even no code to build an entire outbound message that you can then do stuff with. Next is REST Message. This is the pro code way to do it, where you're going to have to write a bunch of code. You need to understand more what you're doing. But it gives you far more control. It also lets you test it with example parameters and see if you're getting back the results that you expect or not. Finally, there's Recordless REST, which is even more pro code. It doesn't have a REST message record that you'd find in the navigator. It just exists in a business rule or something, and that's the only place it exists. Another downside of it is it limits reusability, because it only exists in that one place. So we already built an example of an inbound API. So let's talk about how to make an outbound one. So how do you get started with that? Well, go find the API documentation, and then you might panic a little bit. This is the ServiceNow documentation to use the table API to get the details of one single record. It's fairly representative of what good API documentation looks like. It looks really long and complicated, doesn't it? And it's only one simple-sounding use case for an API. So let's break this down as we build a custom action and Flow Designer so that we can make use of it. So in the interest of time, we're not going to go through every single painful step. But basically, you go to Flow Designer. You go to New, Action, give it a name. We defined an input and added a REST step. And that's where I'm going to jump to on the next slide. And we're going to go through side-by-side with the documentation and what we're doing within that custom action in order to build on it. So I'm doing this with the ServiceNow API documentation that I just showed you. But any API should have similar documentation. Some APIs have absolutely horrid documentation, and I can't help you with that. I'm sorry. You just have to suffer through it. So we're going to do a GET. That's why we set the HTTP method, because I want to get information back into my system. I also copied the URL format into the resource path. And all of those parts surrounded by curly brackets are variables that we're going to need to replace. So those are the path parameters that we're going to replace them with. To make a simple example, I'm hardcoding in the incident table. So this action will get the details of an incident. And then I use the data pill from my input for the sys ID that I want to retrieve the details for. I'm skipping over the connection details, because depending on what you're integrating with, there are a lot of different authentication methods. Everything from a very basic username and password, or sometimes even no authentication, to far more complicated things that are way outside the scope of what I can talk about here today. But there's a lot of good documentation out there when you're looking for specific information about different authentication methods. Next, we have the query parameters. In this case, I set two of them. If you don't set them, they might have default values. The documentation is going to let you know if they're required or optional, and if they're optional, what the default is going to be. Just like the path on my last slide, I can stick the variable pills here from my input or anywhere else in my action, if I want to automate setting those or let the user, when they run those action, define it. In this case, I'm telling it that I want to get all of the details about the fields that I'm asking for-- not just the display value. Not just the raw value, but I want both for each of them. And that I only want to get back the values of a certain subset of fields. I don't want all of them. I only care about a couple of fields. Next up, we have headers. Same thing applies about optional versus required headers as well as the default values. In this case, ServiceNow is saying, well, would you like the response to be JSON or XML? In this case, we're just leaving it blank. We don't even need to set anything, because we're happy with JSON. Different APIs are going to have sometimes more, sometimes fewer things that you can set as your query parameters, header, body. That's why there's documentation. It'll tell you what you need to be building and setting. So great news, we built the request. And now we have to deal with the response that comes back to us. So the docs tell us we're getting name-value pairs. And we already saw that it's JSON name-value pairs. So I added a JSON parser step. And in that step, I set the source data field to the response body data pill from the request. So we finish the request step. We grab the output of that, put it into basically the input of this JSON parser. And the API docs were nice enough to give us a sample payload. So I just copied and pasted that into the source side and click Generate Target. ServiceNow did a whole bunch of parsing magic, and I have data pills for everything that the response might have. Now, some of you are looking at this and furiously writing me hate mail, because you remember that just a few slides ago, I set parameters to only look at some of the fields and not all of them. Then you look more closely and say, hey, you said you were querying the incident table, and that payload says the location table. And those fields aren't the same at all. And you are absolutely correct. Well done. So example payloads might not match your exact use case. And sometimes, you have to make a real request to get back a payload that you can use as a sample that's going to match what you're actually doing. How do you get that payload? Well, you test your flow. And when you run the test, you can look at the execution details. And you can scroll down a little bit and unfold the steps and then click on the response body. And that's going to give you the raw response of the actual API call that you made. So the system didn't know what to do with it, but it captured that you got a response. So I opened that up, copied and pasted into my parser step, clicked on Generate, and now I have a real payload for my API call with the exact fields that are going to get returned, and all of the types and everything else that I need to use for it. At this point, I just need to set up my action outputs. And then I can use this action in any of my flows. It's going to ask me as an input, please give me a sys ID. I can look that up from an existing record, if I'm saving those somewhere, or however else I'm going to get that input information. And then it's going to output those data pills with those values that I asked for. And that's it. You just made an action that's going to call an API and bring back useful data. And then continue on with your flow, and you can reuse this over and over again. Now, I know I went through a lot of stuff. And where do you go from here? I made a GitHub repo with some links to additional resources, the code that I used in this presentation, and other stuff that's going to help you as supplemental things to all of this. You can also feel free to find me on the #sndevs Slack. It is a wonderful community of developers, admins, and other ServiceNow professionals. It is a great place to go get help with whatever you need, talk to people, make connections. And again, if you have questions about this presentation, feel free to hit me up there. Did you like this session? I'm going to be doing it live in Las Vegas, and I would love to see you there. Thank you for watching. I hope that you found this useful and that you have a great time at Knowledge 22.
Multi-source eBonding– the one ring to rule them all
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Hi. I'm Christopher Carver. And I'm here to talk to you about multi-source eBonding. Before we get into that, let's talk a little bit about me. I'm a technical architect here at Textron helping them realize ServiceNow across the enterprise. Textron has customers in defense, aerospace, specialized vehicles, turf control, and fuel systems. Now, let's go ahead and get into this topic of multi-source eBonding. So Textron actually has engagements with a lot of external IP service suppliers that perform various operations within our enterprise. They can do everything from server support to database support and call center and data recovery. Now, Textron needs to eBond with each one of these individual companies and making sure that our ticket communicates with their ticket in their ticketing system. So initially, when we set out, it was a one-to-one correspondence between our tickets. However, have you ever run into an issue where you need to coordinate the work with multiple external service suppliers where you have an outage that involves multiple parties to communicate? Well, initially, our major incident manager, here at Textron, would end up creating four or five incident tickets and make them children under a big ticket, but then they would have to manually ensure that the coordination of information from one supplier made it into the other supplier's ticketing system. This is a huge burden for them and didn't scale very well. So we needed to create a new solution to allow us to work together. And the idea behind it is that we only wanted one ticket here at Textron, and updating that one ticket at Textron actually updated all of our IT service suppliers across the board. What this meant was is that if a supplier updates their ticket, that information would flow to ours. But then our system on the ServiceNow platform would be intelligent enough to update the other suppliers and their ticketing system. That way the data flowed smoothly between suppliers. And that no supplier actually needed to know who the other company was that they needed to interact with. We took care of all of that in this new framework. So let's talk a little bit about the ServiceNow components that comprise of this multi-source framework that we're putting together. So the first thing is we take advantage of the out-of-the-box experience on the platform for imports [INAUDIBLE].. OK. That is a very powerful ability within ServiceNow. But we went ahead and just leveraged out of the box that other suppliers will actually write into the single import table, and then we take care of that transformation. The other thing that we needed to build, and this is the core, this is the part that really makes this all run, is we did create a custom table called the relationship table. And this is a one to many relationship where we have our one ticket but then we know which tickets on the supplier side to update and keep them updated. And lastly, we did create another custom table. And it's our payload table. That's to ensure that as we're sending outbound messages, that we keep track of those messages and then are able to recover and do some data recovery if necessary. And we'll talk about that in a little bit. All right. So let's now move on to the inbound topology. So everything that you see in blue is within the framework. It's static OK. That way as we on board new suppliers during the initial engagement, we would just work through the data mapping session. How do you talk to us? Because as soon as you send us the right message and we then set them up, everything is set in place. So I don't have to rewrite everything from scratch for every supplier. So what they'll do is they'll actually write into the import set staging table. Then we'll perform the transform. I say we, but we know it's ServiceNow at the back end, the platforms do the transform. So we set up that transform to actually do the logic. We do trust our vendors, but we also want to verify all that data coming in before we write it to our system of record table for that incident or ticket. The target table for our transform though is our relationship table, and that is key. Once we've written to the relationship table, we then know on the final steps of the transform, do we create a new ticket? Or do we update a new ticket? Now, the outbound topology is a little bit free. There's a little bit more involved. However, we try to streamline out all of the static areas, once again, in blue. That once it's set up, you don't have to change it for every supplier. The other items that are colored is what we would have to put into place for every supplier as we on board them. So we did set up a standard business rule that would look at the ticket table of the ticket that we're looking for, and then we created an event that's unique for every supplier. And the reason for that is just as we said in the inbound, where the supplier needs to talk to us how we ask them to talk to them, in return, we talked to the supplier how they want us to talk to them. So we actually had to create an event that would be sent, and then we would take that event and process that and build up the payload of the data that we've captured from the ticket. We then send the payload down to our REST handler that would end up sending that message over to the supplier. And we use asynchronous communication calls, and we'll talk about that in a little bit. And then when the supplier is done, they'll send that message back. And then we actually have another handler that's listening on the ECC queue on processing that message back. Because typically, when a supplier responds back to you, they have their own structure of their response message. So we have it unique for every supplier. As that gets sent back, that also is updating the REST payload table. Now, on the far back inside is the payload monitor. And the payload monitor, what it does, is schedule a task that is set up in ServiceNow and it, monitors the REST payload table. And what it does is it determinants do I try to resend the message? Has the message timed out? Because we have to remember the internet is like the wild, wild west. You don't know what's going to happen. Something can happen in between the external service suppliers ticketing system could be in the process of being upgraded. So we need to be able to true up all of the missing messages that we weren't able to send to that supplier at a later date. So let's talk about some of the lessons learned that came about all of this. So the first thing is the concept of reflect or deflect updates coming in from the external service suppliers. So imagine you have this large party. Everyone is talking together. One of your service providers, they're done with their ticket. So if they close their ticket, do you reflect that closing your ticket. Well, if you do, your other service suppliers might think you're closing it out. It's all solved. So the question then becomes should I reflect that change or deflect it? And in that case, we would have deflected that change, just made a work note and pass that work note on to the other suppliers letting them know another supplier has closed out the ticket, is they're done. That might trigger them to take further action on their part. The next part is asynchronous REST calls. This was a game changer for us. It not only helped us improve our performance, but it also helped improve our scalability and led into the third point. Now, I included a link in this presentation. I don't know about asynchronous REST calls. I totally recommend you read up on that. And the third point of scheduling automatic recovery, that was because of an outcropping from asynchronous operations. We were then able to perform that automatic recovery, and that was a great lesson learned. Because we used to do synchronous calls, and that was a real performance killer and made automatic data recovery very difficult. The next one is truing-up those conversations. Back to that party. You've got a big party, but now you need to eBond with another supplier. You're pulling in this new supplier who needs to do some work, yet they're late to the party. So you need to be able to true up all those prior existing conversations and files that you've been sharing, and let them in on what that conversation is about. So don't forget about turning up those vendors keeping them up to date. And lastly, don't forget about deBond. It's just as important as eBonding. Sometimes you need to decouple your ticket from another vendor. So make sure that you work through that with your vendor, and how you can accomplish that. And finally, if you're interested in pursuing multi-source eBonding or want to see you how we've done it, we do provide a copy of this framework on GitHub. So if you're interested in reviewing, testing, deploying, or even contributing, I'd love to hear from you in the future. Thank you. [MUSIC PLAYING]
Systematically harden the digital attack surface
## Transcript X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0 [MUSIC PLAYING] Today we'll be looking at how ServiceNow helps IT and security teams work together to systematically harden the digital attack surface. Organizations face vulnerabilities in the tens and hundreds of millions in an ever-expanding attack surface. The recent Log4j vulnerabilities showed us that response teams need to be ready for emergency exposures in high volumes across different attack surfaces. ServiceNow Vulnerability Response helps security and IT teams work with this data at scale, making it easy to find what matters and act on vulnerabilities in bulk, maximizing efficiency. The Vulnerability Manager Workspace allows security teams to visualize their data and watch topics. This makes it easy to track millions of vulnerabilities and visualize exposure. Watch topics show the types of vulnerabilities and assets that are most important to your organization. Security teams can set up sophisticated watch topics that capture specific slices of their data and monitor when to take action, such as the Log4j vulnerabilities shown here. When the response team is ready to act on a slice of vulnerabilities, they can initiate remediation in bulk across a whole watch topic by creating a remediation effort. The work will be automatically divided into remediation tasks and assigned to the appropriate stakeholders in IT remediation groups. Remediation efforts and tasks help us organize vulnerability data into easily managed chunks so that IT teams can quickly and efficiently target and remediate the most critical vulnerabilities that slip through the patching process. From the IT Remediation Workspace, the IT remediation owner can work on fixing these vulnerabilities within their remediation target. If they're ready to fix the vulnerabilities in this remediation task, they can create a change request at the click of a button. Change requests can be created easily and accurately from here using your organization's standard change templates and any customized change approval workflows that have been put in place. Note that information about the vulnerable assets and how to fix the vulnerability is pre-populated into the change request, if available. This integration is bidirectional so when the change has been implemented, the remediation task and its vulnerable items will be marked as resolved and await confirmation from the next scan. In this case, we'll simply resolve these, leaving a note the change implementation is in progress. But how do security teams and IT remediation owners know what to work on first? Using threat intelligence and business context available in the Now Platform, vulnerability response provides true risk-based vulnerability management tailored to your enterprise. ServiceNow can act as a calculator of calculators, pulling in information from all sources and providing a 1 to 100 score of cumulative risk. Simple GUI-based calculators can be used or, if desired, more precise and complex logic can be supplied in JavaScript. For instance, we can change the weight of the input criteria to prioritize vulnerabilities with an available exploit on internet-facing CIs' support of business critical service. We can even incorporate third-party sources into risk score calculations, like the Tenable calculators seen here. To get vulnerabilities to the right owners, scan findings are automatically assigned to groups or individuals based on rules. Assignment rules can be tailored to your needs using any data available in ServiceNow to determine the best assignment for a vulnerability. These remediation tasks, created earlier for the Log4j vulnerabilities, have been automatically assigned to the best groups. But sometimes vulnerability ownership is too complex for rules. When a vulnerable item is unassigned or incorrectly assigned, we can use machine learning predictive intelligence to provide assignment recommendations in bulk, saving security analysts time in chasing down assignments and getting vulnerabilities to the right owners faster. But to fix a vulnerability, security and IT teams need more information than CVE ID and a risk score. They need to know what solutions are available, what other softwares could be exposed, and references to common knowledge from multiple sources. ServiceNow stores a library of CVE entries from the MVD alongside third-party vulnerability definitions. We also store reference information and a list of vulnerable softwares to be presented alongside your scan results. This is what the recent Log4j vulnerabilities would have looked like to an investigating analyst. In particular, this Log4shell vulnerability. The threat intel integrations help us understand what is happening with this vulnerability in the wild. Is there an exploit kit for it? Is it being exploited often? Solution integrations with Microsoft and Red Hat show the available patches and fixes and which solution is preferred for each item. This provides remediation instructions to teams without the need to search, whether it is applying a patch or something like changing a setting. With all your vulnerability data in the ServiceNow platform, even the high level reports delivered to executives are built into a single source of truth. This CSO dashboard is available by default and features interactive widgets with real time data. This helps show actionable insights into your security posture like the prevalence of the Log4j vulnerabilities, shown here. Vulnerability response is the control tower of defensive security across the entire attack surface, extending your response automation across application security, and operational technology, and IoT vulnerabilities. Application security testing scanners can be integrated to show security flaws on in-house applications. You can even perform penetration testing assessments on applications and capture the findings right next to vulnerabilities found by automated scans. With operational technology management, OT and IoT vulnerabilities can receive the same risk-based response with all of the nuance of their Purdue model equipment relationships and site management information. In the ServiceNow platform, your vulnerability data can be put into a new context with data from other business functions. And the experience can be tailored to your processes and metrics. Users can create their own reports and dashboards. The CSO dashboard is a great example of what customers can rapidly build using our GUI-based report engine and drag and drop dashboards. One of the advantages that ServiceNow has is the ability to bring together data from many groups to provide holistic insights across the board. Finally, it's easy to integrate your security tooling with ServiceNow. We offer integrations with vulnerability scanners like Tenable Security Center in IO, Qualys, Rapid7, Microsoft Defender, Vericode, Fortify On Demand, and Tripwire as well as vulnerability threat intelligence solutions for enrichment such as Recorded Future, iDefense, and Shodan, and ExploitDB. All these and more are available to install with just a few clicks from the ServiceNow store, alongside many more certified applications offered by third-party partners. Today we've seen how ServiceNow Vulnerability Response can systematically Harden the entire digital attack surface by visualizing exposure, automating response processes, improving prioritization with integrated threat analysis and business impacts triage, enhancing collaboration between security and IT, and providing the big picture analytics necessary to surface actionable insights. Thanks for watching. And stay safe. [MUSIC PLAYING]