Professional Documents
Culture Documents
ServiceNow
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information.
PDF generated at: Tue, 19 Apr 2016 10:43:45 PST
Introduction
Cloud Provisioning
Overview
The ServiceNow Cloud Provisioning application facilitates the provisioning and management of virtual machines
(VM) within a company's infrastructure. Cloud provisioning delivers the key benefits of private (VMware) and
public (Amazon EC2) virtual machine management in a single application that is fully integrated with ServiceNow.
ServiceNow provides process and service automation with orchestration, approvals, and service catalog capabilities.
ServiceNow can package and deliver infrastructure elements, such as servers, networks, and storage, to end-users
through the service catalog. These virtual resources can then be requested through a self-service portal, provisioned
automatically, and managed directly by the requester.
The ServiceNow Cloud Provisioning application offers the following capabilities:
Abstraction of virtualization systems: Virtual machine users are not required to know the details of the specific
virtualization system. This allows use of a single interface to manage virtual resources in public and private
clouds: VMware and Amazon EC2.
Reuse of virtual machine configurations: ServiceNow uses VMware templates and Amazon EC2 images to
create reusable catalog items in a wide range of sizes that users can select from the service catalog.
Improved service catalog interface: Requesting the right virtual machine for the job is quick and easy in the
improved services interface.
Role-based access: Role-based security ensures that users have the proper privileges for viewing, creating, and
managing virtual resources.
Dedicated service portals: ServiceNow users view their virtual resources and request changes in a dedicated
portal. Administrative and operational users manage virtual machines, provisioning tasks, and SLAs from portals
that grant role-based access to virtual resources.
Controlled lease duration: Default end dates for virtual machine leases are applied automatically to all requests.
Lease duration controls prevent unused virtual machines from persisting past their intended use date.
Automatic cost adjustment: Modifications to virtual resources that are subject to cost adjustments are
recalculated automatically when the change is requested.
Fully integrated with the ServiceNow platform: Approvals, notifications, security, asset management, and
compliance capabilities are all integrated into virtual resource management processes.
The Cloud Provisioning application is available with the ServiceNow Calgary release.
Cloud Provisioning
All required tasks within cloud provisioning are performed by members of these groups:
Virtual Provisioning Cloud Administrator: Members of this group own the cloud provisioning environment
and are responsible for configuring the different virtualization providers used by cloud provisioning. Cloud
administrators can create service catalog items from VMware templates and Amazon EC2 images, approve
requests for virtual machines, and monitor the cloud provisioning environment using the Service Monitoring
Portal.
Virtual Provisioning Cloud Operator: Members of this group fulfill provisioning requests from users. Cloud
operators perform the day-to-day work of cloud provisioning by completing tasks that appear in the Cloud
Operations Portal. Cloud operators are assigned to specific virtualization providers and must be technically adept
with the providers they support.
Virtual Provisioning Cloud User: Members of this group can request virtual machines from the service and use
the My Virtual Assets portal to manage any virtual machines that are assigned to them.
Note: See Creating Users and Associating to a Group for instructions.
Cloud Provisioning
Features
In addition to provisioning virtual machines, the Cloud Provisioning application fully integrates the life cycle
management of virtual machines into other ServiceNow functionality. This integration offers these features:
Approvals: Each request made in cloud provisioning can be subject to approvals, allowing for the development
of more complex and business-critical processes.
Capacity: Basic capacity information is available from the discovery of virtual machines. This allows a cloud
operator to determine the best fit for a virtual machine if there are multiple virtualization servers available.
Discovery of virtual machines: Discover VMware components and their relationships in the vCenter instance.
Use the ServiceNow Discovery application or the standalone capability within the Cloud Provisioning
application. See Gathering vCenter Data Without Discovery for information.
Labs: You can schedule a lab framework to manage multiple groups of virtual machines for a common purpose,
such as training. Schedule lab termination date and time to shut down virtual machines as soon as they complete
their function.
Modification of virtual machines: You can request modifications to existing VMware images, such as increased
memory. Workflows can require approvals for each modification or create a change request automatically. See
Managing Virtual Assets for details.
Notifications: Notifications are delivered at key points along the life cycle of a virtual machine. These
notifications provide information and set expectations for system users.
Prices: Price calculations and an integration of managed virtual machines with asset management provide a
cost-based component to cloud provisioning. For details, see pricing configuration for VMware and Amazon
EC2.
Information about requests: ServiceNow collects notes and guest customization information and attaches these
to the provisioning request.
Automated provisioning: A cloud administrator configures ServiceNow to apply automatic and zero-click
provisioning to virtual machine requests. These modes of operation employ rules differently:
Fully automatic: Rules make all configuration decisions, and processing goes directly from the request to
provisioning.
Semi automatic: Rules make all configuration decisions, but a cloud operator can modify and approve the
request before continuing.
Manual: Requests go to an operator who must make all decisions about where a virtual machine is
provisioned and how it is configured.
Schedules: Virtual machines are created with a lease duration. The schedule includes start and end times, a grace
period, and automatic stop/terminate actions. ServiceNow notifies the user of the virtual machine's state. For
details, see lease duration configuration instructions for VMware and Amazon EC2.
SLAs: ServiceNow tracks SLAs and OLAs for cloud provisioning requests.
Workflows: Each action employs customizable workflows that allow business processes to include cloud
provisioning as a step.
Zero-click provisioning: Fully automatic provisioning of requested virtual machines enables IT departments to
respond quickly to customer requests.
Cloud Provisioning
Cloud Provisioning
Enhancements
Fuji
Allows administrators to tag Amazon resources to enable usage analysis. Supports Amazon billing to let
administrators analyze cost metrics across Amazon resources through dashboards and reports.
Provides support for the provisioning and management of Amazon CloudFormation stacks to create virtual
datacenters using Amazon Web Services resources.
Provides support for Amazon S3 storage solution activities.
Allows administrators to discover cloud resources on demand or as part of a cloud provisioning workflow.
Adds support for VMware VMotion technology such as cloning.
Adds support for Amazon Virtual Private Clouds (VPCs) to isolate and secure virtual datacenters.
Eureka
An incident is created when a provisioning request is broken so that the request can be resubmitted.
Virtualization provider extension points allow you to customize virtualization providers.
Users can take snapshots of a VM and later revert the VM to a specific snapshot.
Dublin
ServiceNow does not automatically end the lease for virtual machines with Production selected in the Use for
choice list. Instead, ServiceNow renews the lease on Production virtual machines automatically for the default
lease duration and sends a notification to the requestor each time the lease is renewed.
The Configure Windows activity now accepts the Run once, License mode, and Concurrent connections input
variables.
Additional fields allow you to specify a license type and commands to run on Windows VMware virtual
machines.
An Instance name field allows provisioners to specify a friendly name for Amazon EC2 virtual machines.
A new Stage field on the Cloud Operations Portal now displays additional detail about the provisioning workflow
status of each virtual machine.
Cloud Operations
Cloud Operations
Overview
Cloud operators can fulfill provisioning requests from users for Amazon EC2 or VMware virtual machines. Cloud
operators perform the day-to-day work of cloud provisioning by completing tasks that appear in their view of the
Cloud Operations Portal. Cloud operators are assigned to specific virtualization providers and must be technically
adept with the products they support.
Required Roles
Assign cloud operators to one or both of the following groups, which have the necessary roles:
VMware Operators: Contains the vmware_operator role.
EC2 Operators: Contains the ec2_operator role.
For more information about cloud provisioning roles and capabilities, see Cloud Provisioning Security.
Prerequisites
Before a cloud operator can provision a virtual machine, a cloud administrator must set up the Amazon EC2 or
VMware virtualization product and configure that product in ServiceNow.
Cloud Users
Cloud Users
Overview
Members of the Virtual Provisioning Cloud Users group can request virtual machines from the service catalog and
use the My Virtual Assets portal to manage any virtual machines that are assigned to them. Users in the Virtual
Provisioning Cloud Administrators and Virtual Provisioning Cloud Operators groups inherit the cloud_user role.
User Groups
Cloud provisioning user groups have the following roles and privileges:
Group
User Roles
Privileges
Virtual Provisioning
Cloud Users
cloud_user
Request virtual machines from the service catalog and use the My Virtual Assets portal to manage any
virtual machines that are assigned to them.
Virtual Provisioning
Cloud Operators
cloud_operator
Fulfill provisioning requests from users by completing tasks that appear on the Cloud Operations Portal.
Cloud operators are assigned to specific virtualization providers and must be technically adept with the
products they support. This group also includes all members of the child groups EC2 Operators and
VMWare Operators.
Virtual Provisioning
Cloud Administrators
cloud_admin
Own the cloud provisioning environment and are responsible for configuring the different virtualization
products used by cloud provisioning. Cloud administrators can monitor the cloud provisioning
environment using the Cloud Admin Portal (starting with the Fuji release) or the Service Monitoring
Portal (for Eureka and previous releases).
EC2 Approvers
itil
Approve or reject requests for Amazon EC2 virtual machine resources. This includes requests for new
virtual machines, state changes to existing virtual machines, and lease extensions. Approvers have no
technical responsibilities.
EC2 Operators
ec2_operator
Fulfill Amazon EC2 provisioning requests from users by completing tasks that appear on the Cloud
Operations Portal. Users in the EC2 Operators group are members of Virtual Provisioning Cloud
Operators parent group.
VMware Approvers
itil
Approve or reject requests for VMware virtual machine resources. This includes requests for new
virtual machines, modifications to existing virtual machines, and lease extensions. Approvers have no
technical responsibilities.
VMware Operators
vmware_operator Fulfill VMware provisioning requests from users by completing tasks that appear on the Cloud
Operations Portal. Users in the VMware Operators are members of the Virtual Provisioning Cloud
Operators parent group.
My Assets Portal
My Assets Portal
Overview
The My Assets portal, accessed from the Self-Service application, provides a view of the assets issued to a user by
the company, such as a computer, monitor, and telephone. The base ServiceNow system provides views of the
logged-in user's software entitlements, subscription contracts, and all requests the user has made for company assets.
The My Assets portal is constructed like a ServiceNow homepage and contains familiar controls for moving, adding,
or deleting available gauges.
Required Roles
All users can access the My Assets portal, regardless of their role assignments.
My Assets Portal
10
My Virtual Assets
Members of the Virtual Provisioning Cloud Users group can access the My Virtual Assets portal by navigating to
Self-Service > My Virtual Assets.
The portal shows these gauges in the base ServiceNow system:
My Virtual Assets: All virtual machines assigned to the logged-in user.
My Virtual Assets - Key Metrics: Useful metrics about the user's virtual machines: total number of active VMs,
scheduled VMs, and VMs that will expire soon.
VMs By State: A chart of the user's VMs, grouped by state, such as on, off, or paused.
VMs By Type: A chart of the user's VMs, grouped by type, such as VMware or EC2.
My Virtual Asset Requests: All requests for virtual resources made by the user. The list shows the details of the
request and the stage, which allows the user to track the approval and provisioning process.
11
12
13
Modify specifications
Update the lease
Start
Stop
Pause
Cancel
Terminate
Take a snapshot
Restore from a snapshot
Delete a snapshot
For all actions that are subject to change control, if change control is enabled, the action is added to change request
page. After the change request is approved, the user must return to the virtual asset page to click link Proceed with
Change under Related Lists.
14
Related Links: Open the virtual machine instance record and select an action from the Related Links. The
controls that appear are dependent on the State of the virtual machine.
15
16
1. Navigate to Self-Service > My Virtual Assets to see the virtual machines you ordered.
2. Select a VMware virtual machine in one of these states:
On
Off
Paused
Scheduled
3. Under Related Links, click Modify VM.
A dialog box appears, allowing you to upgrade the specifications of this virtual machine. If this action is
subject to change control, the dialog box advises you that this is required and asks if you want to proceed.
If you select additional disk space, the platform adjusts the number of disks as follows:
If the virtual machine is Off, ServiceNow adds an additional disk of the size requested.
If the virtual machine is Scheduled, ServiceNow replaces a data disk that was added in the original request.
If no additional disk was requested during provisioning, ServiceNow adds a new disk.
4. Select new values for the CPU count, memory, or disk space, and then click OK.
4. Enter a new lease end date, and then click OK to create a change request for this modification.
State Changes
The services portal for virtual servers enables an administrator to change machine states, if the changes are permitted
by the virtual machine providers. This table lists possible states for virtual machines and the change controls that are
available for each state:
17
18
State
Controls
On
Modify VM
Update Lease End
Stop VM
Pause VM (VMware)
Terminate VM
Off
Modify VM
Start VM
Update Lease End
Terminate VM
Paused
Modify VM
Start VM
Update Lease End
Terminate VM
Scheduled
Modify VM
Cancel VM
Update Lease End
Starting
Stopping
Terminated
Error
Cancelled
Pausing
Terminate
Update Lease End
Terminating No changes are permitted when a virtual machine is in transition between states
Note: Details for a VMware virtual machine are different from those displayed for an EC2 instance. Hardware details for a VMware
virtual machine, such as memory and CPU count, are only displayed in records if Discovery ran successfully against the
configuration item (CI).
The list of your virtual machines appears. The machine you paused shows the transitional state of Pausing.
19
To terminate an EC2 or VMware virtual machine from the virtual services portal:
1. Navigate to Self-Service > My Virtual Assets to see the virtual machines you ordered.
2. Select a virtual machine to terminate.
You can terminate virtual machines in these states:
On
Off
Error
Paused
Note: You cannot terminate a virtual machine in a transitional state (stopping, pausing, and so on).
3. Under Related Links, click Terminate VM.
If this action is subject to change control, a pop-up window advises you that change control is required and
asks if you want to proceed.
This is an example of an Amazon EC2 virtual machine to terminate.
20
The State changes to Stopping if the virtual machine is running. In the list view of virtual machines, the status
shows Terminated when the VM is stopped. The asset is marked Retired in Asset Management.
21
Managing Snapshots
Users with the cloud_operator role (the Virtual Provisioning Cloud Operators group) can take snapshots of a VM and
later restore the VM from a specific snapshot. Snapshots are available starting with the Eureka release.
Taking a Snapshot
To take a snapshot of a virtual machine:
1. Navigate to Cloud Provisioning > Management > Cloud Operations Portal.
2. In the Virtual Assets that I manage gauge, select a virtual resource.
3. Under Related Links, click Take Snapshot.
A dialog box appears, allowing you to define a snapshot. If change control is enabled for snapshot, an
indication is included in the dialog box.
4. Edit the name and description fields and click OK.
If change control is enabled, and the action is approved, you must return to this page and click Proceed with
Change.
A new Take Snapshot link is added on the VMware instance form under Related Links. If the snapshot limit
is reached, the link is unavailable. If a cloud user deletes the stored snapshots so that the total is below the
limit, or an administrator increases the snapshot limit, the link reappears in the form.
22
23
Deleting a Snapshot
To delete a snapshot:
1. Navigate to Cloud Provisioning > Management > Cloud Operations Portal.
2. In the Virtual Assets that I manage gauge, select a virtual resource.
3. Under Related Links, click Delete a Snapshot.
A dialog box appears, listing the current snapshots. If change control is enabled for snapshot, an indication is
included in the dialog box.
4. Select the snapshot to delete and click OK.
If change control is not enabled, the snapshot is immediately deleted. If change control is enabled, the
snapshot is deleted after it is approved.
Configuring Snapshots
Users with the cloud_admin role can configure snapshots by applying conditions to specific VM tables.
1. Navigate to Cloud Provisioning > Management > Snapshot Configurations.
2. Click New.
3. Fill in the fields as shown in the table and then click Submit.
Field
Description
Active
Table
Limit
Maximum number of snapshots that are saved for VMs that meet the specified conditions.
When the Limit value is reached, the scheduled job attempts to delete the oldest snapshot before it creates a new snapshot.
The scheduled snapshot job will not delete a snapshot that was created by an on-demand request.
On the first run of the scheduled job, if the total number of snapshots for the VM is equal to the global limit, then the job deletes the
oldest snapshot before it creates a new snapshot.
Condition Defines the VMs that are subject to this configuration in addition to the those in the specified table. Use the condition builder to further
limit the VMs.
Notifications
The ServiceNow platform notifies
users of status changes to their virtual
resources and acknowledges requests
Snapshot configuration
for additional resources. Notifications
can contain specifics of the action
taken, the date, and any modifications made. Included is a link to the request or to the CI record for the virtual
machine. For each success message, there is a corresponding failure message.
The system sends emails to requestors and asset owners automatically when a virtual resource is:
Requested: The user requests a virtual server. This notification states: Request <number> has been opened on
your behalf.
Approved: The user's request for a virtual server is approved. This notification states: Your request <number>
has been approved.
Rejected: The user's request for a virtual server was not approved. This notification states: Your requested item
<number> for VMware Instance has been rejected.
Scheduled: The requested instance is scheduled for creation. This notification states: VMware instance <name>
has been successfully scheduled.
References
[1] http:/ / aws. amazon. com/ ebs/
Change Control
Overview
A cloud administrator can configure ServiceNow to create change requests for specific modifications to VMware
and Amazon EC2 virtual machines. The administrator can specify which virtual machine categories and types of
modifications require approval through a change request. For example, an organization might require a project
manager's approval before a user can extend the lease end date or change the state of a development server. Change
request approvals created in this manner are independent of the approvals required by the provisioner who manages
the virtual resources being requested. This functionality is available with the Calgary release.
The cloud administrator can configure change control for these actions performed on a virtual machine:
24
Change Control
25
Roles Required
Members of these groups can configure change control for virtual machine modifications:
Virtual Provisioning Cloud Administrators
Virtual Provisioning Cloud Operators
For more information about cloud provisioning roles and capabilities, see Cloud Provisioning Security.
Tables
These tables are used in change control processing.
Table Name
Contains
Change Condition
[vm_instance_change_condition]
Records that define the type of change (action) that requires an approval, such as additional CPUs
or an increase in the data disk size.
Change Conditions
The following change conditions in the base system require change approvals for actions performed on production
environments:
Name
Description
Action
Create production VM
snapshot
create_snapshot
Extend production VM
lease
A user requests an extension to the lease duration for a virtual machine running a production
instance.
update_lease_end
Modify production VM
A user requests changes to the specifications of a VMware production server, such as an increase
in the number of CPUs.
modify
Pause production VM
pause
Restore snapshot
restore_snapshot
Start production VM
start
Stop production VM
stop
Terminate production VM
terminate
Change Control
5. Click Update.
2. Click OK.
ServiceNow creates the change record with data from the original request and displays the record. If the
change request specifies an item that is a service catalog offering, such as a lease extension, then a message
appears at the top of the form containing a link to the request number. The requested modification is noted in
the Description field. The provisioning workflow begins but waits for change request approval.
26
Change Control
If the requester clicks Proceed with Change, the provisioning workflow completes and makes the requested
modification. If the requester clicks Cancel Change, the workflow exits without making any modifications to
the virtual machine. After either selection, the system returns the requester to the source portal from which the
27
Change Control
request was made. The asset view shows the state of the virtual machine.
28
29
Amazon EC2
Cloud Administration for Amazon EC2
Overview
A ServiceNow cloud administrator must have expert knowledge of VMware and also be a proficient ServiceNow
administrator. Cloud administrators can see pending approvals for virtual machines and summary data regarding the
state of virtual machine deployments in the Service Monitoring Portal.
A cloud administrator can perform the following functions:
Define vCenters
Define catalog offerings
Set pricing for the offerings
Required Roles
The Virtual Provisioning Cloud Administrators group has or inherits these roles:
cloud_admin
itil
cloud_user
For more information about cloud provisioning roles and capabilities, see Cloud Provisioning Security.
Prerequisites
Before configuring your instance for cloud provisioning, complete these prerequisites.
Install vCenter
Install the vCenter management application from VMware. Create the Windows and Linux templates on your ESX
Server that ServiceNow can use to create virtual machines from service catalog requests. Refer to VMware product
documentation for vCenter and the ESX Server for details about these procedures.
Example Configurations
Cloud administration tasks can be divided into these configurations:
Basic service catalog offerings: Use ServiceNow presets to test cloud provisioning in your environment and to
determine how you want to customize service catalog offerings. This is the easiest and quickest procedure for
configuring cloud provisioning.
Custom service catalog offerings: Build on the basic configuration by adding features to the provisioning
workflow. Give users more choices and apply prices to your catalog items.
Advanced service catalog offerings: Customize your catalog offerings, allowing users to request special
configurations or allowing provisioners to skip approvals and automate provisioning tasks.
30
31
32
Required Roles
Users who are members of the Virtual Provisioning Cloud Administrators group (cloud_admin role) can configure
Amazon EC2 accounts in ServiceNow.
Configuration Tasks
Perform these tasks in order to configure Amazon EC2 provisioning in ServiceNow, starting with the Eureka release.
If you are using an earlier release, see previous version information.
33
b. Enter a unique and descriptive name for the new shared account and provide Amazon EC2 account number
of the shared account.
c. Click Submit.
d. Repeat this procedure for additional shared accounts.
2. Click the Update Images related link to populate the EC2 Images related list with images provided by Amazon.
34
6. Click Submit.
Generate the PKCS12 Key Store File
Generate a PKCS12 [2] key store file using the certificate and the private key downloaded when you created the
Amazon EC2 account. Record the key store alias and the password you create in this procedure for use in the next
task.
Generate the PKCS12 File
Generate the PKCS12 key store file using a tool such as OpenSSL. The following command creates the PKCS12 key
store file using OpenSSL on Linux. The key store alias can be any string. Enter this command on one line.
openssl pkcs12 -export -name <KEY STORE ALIAS> -out <KEY STORE FILE NAME> -in <AMAZON CERTIFICATE NAME> -inkey <AMAZON PRIVATE KEY>
Note: The PKCS12 key store file format is binary and the pem files are text files. Also remember that the private key should be
protected. The certificate is encrypted with the password in ServiceNow but does contain the private key.
35
4. Click Submit.
5. Open the account you just created.
6. Under Related Links, click Update Key Pairs.
After a brief pause, ServiceNow populates the EC2 Key Pairs related list. Key pairs consist of a private key
and a fingerprint. To launch an EC2 instance in a region and access it via SSH, you use the private key from
the key pair for that region.
36
10. If the owner of a different EC2 account has granted you permission to access images (AMIs) in their account,
configure your account to receive these images. Make sure you have the Amazon EC2 account number that has
the shared images.
a. In the Shared Image Accounts related list, click New.
b. Enter a unique and descriptive name for the new shared account and provide Amazon EC2 account number
of the shared account.
c. Click Submit.
d. Repeat this procedure for additional shared accounts.
11. Click the Update Images related link to populate the EC2 Images related list with images provided by
Amazon.
Protecting the Private Key
To avoid distributing your private key to users who request an instance:
1. Create an EC2 instance using the private key.
2. Configure this instance with a different user name and password.
3. Create an image from this instance.
Amazon provides tools for doing this.
4. Provision requests for instances from this image and distribute the user name and password to the users.
37
Regions
AWS regions are the geographic locations of AWS datacenters, accessed though SOAP endpoints. After you
configure an AWS account in ServiceNow, you can create EC2 instances in any of these regions. The AWS regions
are:
Managing Regions
The list of AWS regions is populated by default when you activate Amazon Web Services. To see the list of
available regions, navigate to Amazon Web Services > Configuration > Regions.
You can update the list with any new regions that Amazon might add or restore the list, as needed. You do not need
to update regions if the region in which you want to create EC2 instances already appears in the EC2 Regions list.
To update the AWS Regions list, run Discovery for the AWS account. For more information on running Discovery
for AWS accounts, see Discovering an AWS Cloud.
References
[1] http:/ / aws. amazon. com/ ec2/
[2] http:/ / www. flatmtn. com/ article/ creating-pkcs12-certificates
38
39
Tables
The following tables are used for this feature.
Table
Description
Contains only the EC2 images approved for provisioning through the service catalog. This table extends
the Virtual Machine Template [cmdb_ci_vm_template] table.
Contains all the EC2 images in the system, including approved images. This table extends the Virtual
Machine Template [cmdb_ci_vm_template] table.
Contains all the EC2 size (type) definitions. This table extends VM Size Definition [vm_size] table.
Configuration
Before you create a catalog item from an EC2 image, configure the categories in the service catalog, determine the
appropriate setting for the check-out redirect property, and define the virtual machine sizes.
Categories
See Service Catalog Categories for instructions on creating categories and sub-categories for catalog items. The
category hierarchy determines the category path for locating EC2 virtual machines in the service catalog.
Size Definitions
ServiceNow includes a full range of current Amazon EC2 sizes [1]. The prices shown for these sizes are arbitrary and
do not reflect any realistic price structure. These prices are calculated from the price per unit defined in the EC2
Element Price record.
Some examples of the EC2 sizes are:
40
Pricing
The base system contains one price record called Price factor. This record defines the unit price that is applied to all
EC2 virtual machines provisioned from this instance. The price in this record is an arbitrary value and might not
reflect the price structure in your organization. Do not delete the Price factor record, which would set all EC2 image
prices to zero. To change the price structure for the service catalog offerings, edit the existing record.
To change the unit price for a virtual machine:
1. Navigate to Amazon Web Services > Service Catalog > Prices
2. Open the Price factor record.
41
9. Click Update.
42
Name
Short description
Price
Description
If you change the image size, but no other values, the pre-populated data adjusts according to the parameters of the
new size. However, if you change a value in a pre-populated field before changing the size, the field value you
changed is not updated when the size changes. This behavior allows you to change the price, name, or description of
specific sized images.
Example
The default name of a service catalog item is EC2 Instance - T1 Micro - ami-vpc-nat-1.0.0-beta.i386-ebs. You
change the size to M1 Medium without modifying the Name field. The system changes the name to EC2 Instance M1 Medium - ami-vpc-nat-1.0.0-beta.i386-ebs. If you edit the Name field before changing the size, the item name
is not changed.
Each of the four pre-populated fields behaves the same and is independent of the others. For example, if you change
the name of the item but not the short description before selecting a new size, the name value is unaffected, but the
short description adjusts to match the requirements of the new size.
2. Click on the virtual machine you want and provide the requested information.
See Configure the Lease Duration for information about how to configure the properties that control the lease
start and end date defaults. Enter the name of a business service or application that depends on this virtual
machine.
43
References
[1] http:/ / aws. amazon. com/ ec2/ instance-types/
[2] http:/ / aws. amazon. com/ ec2/ pricing/
44
45
Approval
Requests for virtual machines in the base system can be approved or rejected by members in either of the following
approval groups:
EC2 Approvers
Virtual Provisioning Cloud Administrators
Approvers pick up their tasks in Service Desk > My Approvals. Only one member of either approval group is
required to approve a request. The approver opens the request and clicks Approved or Rejected.
Note: If the approver rejects the request, the process is finished, and no instance is provisioned. The system notifies the user that the
request was rejected.
46
Provisioning
Approved requests appear in the Service Desk > My Groups Work queue for the members of the EC2 Operators
group.
1. Open the task and select the Amazon Web Services account from which to provision the requested instance.
2. In Region settings, select a region for the instance (an Amazon EC2 datacenter).
Available regions are those selected during the Amazon EC2 configuration. A choice list of available images
is added to the form for this task. This list is filtered to show:
Images in the region selected for the account
Images that match the OS requested
Images in the size requested
3. Enter a user-friendly name for this instance in the Instance name field. (Dublin)
ServiceNow uses this name to identify the instance in the My Virtual Assets portal and in the CMDB. Amazon
uses this name as the Name Tag in the EC2 instance list. If you request more than one instance, ServiceNow
adds a unique number to the specified name for each instance. For example, three instances requested with the
name TestLab become TestLab1, TestLab2, and TestLab3. If the Instance name field is blank, the instance
is identified by a machine generated string created by Amazon. This field is available with the Dublin release.
4. Select an Image to provision and click Close Task to launch the provisioning workflow that creates the EC2
instance.
When the workflow has finished provisioning the instance, the requester receives an email containing the
instance ID, IP address, and the public DNS for the instances created. If provisioning fails, the workflow
notifies the provisioning group by email.
47
Grace Period
A configurable grace period enables an administrator to delay the termination of a virtual machine when the lease
end date expires. When the lease ends, the virtual machine is powered off, but is available for use until the end of the
grace period. To change the default grace period of 7 days, navigate to Cloud Provisioning > Management >
Properties and edit the value in the Grace period after lease end until VM termination property
(glide.vm.grace_period).
When the lease ends, the platform runs the Amazon EC2 End of Lease workflow, which powers off the virtual
machine and notifies the requester that the lease has expired. The Amazon EC2 End of Lease workflow evaluates the
glide.vm.grace_period property to determine when the Terminate Amazon EC2 Instance workflow should
run. The requester is notified when the virtual machine is terminated (or when termination has failed).
To configure a different workflow to run when a lease is terminated.
1. In the application navigation filter, enter task_action_workflow.list.
2. Select the end_of_lease action for the EC2 Virtual Machine Instance [cmdb_ci_ec2_instance] table.
48
49
50
Requesting an Instance
Users requesting an Amazon EC2 instance from the service catalog must have the cloud_user role.
1. Navigate to Self-Service > Service Catalog.
2. Select Amazon EC2 Instance from
the Virtual Resources category.
The Amazon EC2 instance
request form appears.
3. In the request form, complete the
following fields:
Business purpose: Enter a brief
description of how this virtual
server will be used.
Start and End: Select the start
and end times for this virtual
Service Catalog
machine lease. The lease start
time is set automatically for the
current date and time. In the base ServiceNow system, the lease end time is set to 60 days after the start time,
and the maximum lease duration is limited to 90 days. The system does not allow requesters to set a lease end
time beyond the configured limit. The lease duration is calculated from the time the virtual machine is actually
provisioned, which occurs after the request is approved. If you request a virtual machine for now (the current
date), and there is a delay in approval, the end date is reset according to the configured lease duration time.
Business Service: [Optional] Name a business service that depends on this virtual machine. When
Orchestration creates the virtual server, it also creates the relationships to this business service in the CMDB.
Application: [Optional] Name the principal application that depends on this virtual machine, such as an
exchange server or an SQL Server database. When Orchestration creates the virtual machine, it also creates the
relationships to this application in the CMDB.
Used for: Select the purpose of this virtual machine (such as Development or Training) from the choice list.
With the Dublin Release, ServiceNow does not automatically end the lease for virtual machines marked as
Production. Instead, ServiceNow renews the lease on Production virtual machines automatically for the
default lease duration and sends a notification to the requestor each time the lease is updated.
Offering: Select the offering (such as the operating system, database server, or web server) for the virtual
machine you are requesting.
Size: Select a class of server for this operating system that has the desired features (memory, storage, CPU
speed).
Number of instances: (Versions prior to Eureka) Enter the quantity of instances of this type that you want.
Account: Select the AWS account.
VPCs: Select the VPC to provision the virtual machine into.
VPC Security Group: Select and add the VPC security groups from the list of available security groups. You
can only add up to 5 security groups.
Subnets: Select the subnet to provision the virtual machine into. The available subnets are automatically
populated when you select the VPC.
51
4. Click Order Now to order the
instance.
Your view changes either to the
My Virtual Assets portal or to
the
Order
Status
form,
depending on how the Service
Catalog is configured. The portal
shows the various gauges
associated with the logged in
user's virtual assets and requests.
To view the current request,
click the request item number in
the My Virtual Asset Requests
list or expand the Stage column
to determine where the request is
in the provisioning process.
5. Bookmark this page and return to it to track the status of this request.
Upon successful creation of the instance, you receive an email containing the instance ID, IP address, and the
public DNS for the instances created. (Eureka) If the provisioning request fails for any reason, an incident is
automatically created and assigned to the Cloud Administrators group (if the glide.vm.create_incident system
property is enabled).
Terminating an Instance
You can request the termination of a running EC2 instance provisioned for you any time during the lease by using
the My Virtual Assets portal in the service catalog. When the virtual machine reaches the end of its lease or grace
period, ServiceNow automatically terminates the instance without notice. Virtual machines with a Used for value of
Production do not automatically expire (Dublin release). You must manually terminate these virtual machines.
Enhancements
Calgary
The following enhancement has been added in the Calgary release.
Lab termination time: When you generate lab records, ServiceNow gives you the option of setting a termination
date and time for the lab instance. This allows you to terminate the virtual machine when it is no longer needed, to
avoid unnecessary cost.
Property
The glide.vm.ec2_lab_duration property sets the duration, in days, for all virtual lab instances (Calgary
release). Lab instances are automatically terminated when they reach this limit. The default duration in the base
system is 5 days. To configure this property, navigate to Amazon EC2 > Lab Management > Lab Properties.
Tables
52
53
Table
Lab [lab]
Description
Stores the labs, which are expected to be one per class.
Lab link [lab_link] Stores the individual lab instances, which are expected to be one per student.
Business Rules
Business Rule
Description
Updates the State in the Lab link [lab_link] table when an instance state in the Computer [cmdb_ci_computer] table
changes from pending install to installed or from installed to retired.
Prevents a lab from being deleted when the lab contains open instances. Users are notified to close any open instances
before the lab is terminated.
Script includes
Script Include
Description
GenerateLabs
EC2LabUtil
54
55
56
in
the
variable
References
[1] http:/ / aws. amazon. com/ contact-us/ ec2-request/
[2] http:/ / aws. amazon. com/
forms
the
URL
57
VMware
VMware for Cloud Provisioning
Overview
The VMware application for cloud provisioning enables users to request VMware virtual servers through the
ServiceNow service catalog. When a user requests a virtual server, Orchestration executes preconfigured approval
and provisioning tasks. If the request is approved, Orchestration automatically creates a virtual server from a stored
template, configures the virtual machine, and then starts the server. Cloud provisioning is available with the Calgary
release.
VMware for cloud provisioning is a feature of Orchestration, which is available as a separate subscription from the
rest of the ServiceNow platform.
Upgrade Instructions
After you upgrade from an earlier version to the Calgary release, the information in VMware vCenter must be
updated. To add data and update the relationships, either run ServiceNow Discovery or discover vCenter details
using the discovery utility that does not require the full Discovery product.
How it Works
Orchestration in the ServiceNow platform integrates with the vCenter [1] API and adds VMware workflow activities
to the existing Workflow application. These activities enable Orchestration to clone new virtual machines from
templates, configure virtual machines, and power virtual machines on and off.
Requirements
All virtual machine templates must contain VMware Tools.
For Windows virtual machines (VMs), click here [2] to determine whether Microsoft Sysprep is required on the
vCenter instance.
The vCenter user must have proper credentials for cloning, customization, and powering on the virtual machine.
On Windows 2003 templates, the password for an Administrator must be blank on the base image.
58
Full access
It is possible define a role that provides the ServiceNow instance enough access to perform all supported operations
without granting full Administrator privileges. With this role, ServiceNow users can run Discovery, view all
resources, perform all operations (Start, Stop, Pause, Snapshot, Terminate, VM Modifications), and provision new
VMs (including guest customization).
One way to accomplish this is to clone the "Virtual Machine Power User (sample)" role that is provided with
vCenter and then edit the role to add the following additional permissions:
59
Read-only user
The "Read-only" role allows a user limited read access to the system without any other privileges. The role allows
ServiceNow users to run Discovery and view resources.
The role does not have permission to provision new VMs or to run any VM operations.
Enhancements
Eureka
The new activities Delete Snapshot, Get VM Events, and Get VM Guest Info are available.
Configuration of Windows VMs has been updated to support Windows workgroups.
An alternate IP address can be provided when using an IP pool to select a static IP address.
DHCP is supported for configuring VMs.
A cloud administrator can provision VMs to use datastores with the least remaining space sufficient to create the
VM.
References
[1] http:/ / www. vmware. com/ products/ vcenter-server/
[2] http:/ / kb. vmware. com/ selfservice/ microsites/ search. do?language=en_US& cmd=displayKC& externalId=1005593
Define vCenters
Define catalog offerings
Set pricing for the offerings
Define provisioning rules
Define change control parameters for a virtual machine
Approve change requests associated with virtual machine modifications
Set properties applicable to cloud provisioning
Set up networking information for VMware guest customization
Monitor requests and key metrics related to requests surrounding virtual machines
60
Required Roles
The Virtual Provisioning Cloud Administrators group has or inherits these roles:
cloud_admin
itil
cloud_user
For more information about cloud provisioning roles and capabilities, see Cloud Provisioning Security.
Prerequisites
Before configuring your instance for cloud provisioning, complete these prerequisites.
Install vCenter
Install the vCenter management application from VMware. Create the Windows and Linux templates on your ESX
Server that ServiceNow can use to create virtual machines from service catalog requests. Refer to VMware product
documentation for vCenter and the ESX Server for details about these procedures.
Example Configurations
Cloud administration tasks can be divided into these configurations:
Basic service catalog offerings: Use ServiceNow presets to test cloud provisioning in your environment and to
determine how you want to customize service catalog offerings. This is the easiest and quickest procedure for
configuring cloud provisioning.
Custom service catalog offerings: Build on the basic configuration by adding features to the provisioning
workflow. Give users more choices and apply prices to your catalog items.
Advanced service catalog offerings: Customize your catalog offerings, allowing users to request special
configurations or allowing provisioners to skip approvals and automate provisioning tasks.
61
62
63
Required Roles
Users who are members of the Virtual Provisioning Cloud Administrators group (cloud_admin role) can configure
VMware accounts in ServiceNow.
64
ESX Servers
With the proper credentials, ServiceNow Discovery can detect and explore all the ESX Servers in a network.
Discovery returns the hardware characteristics of the ESX machines and the relationships to the other VMware
components. If you are not using ServiceNow Discovery, you must configure each ESX Server record manually. To
view the ESX records in ServiceNow, navigate to VMware > Configuration > ESX Servers.
To configure the relationships between VMware components manually, click the green plus sign ( + ) beside
Related Items and use the Define Relationships form provided. See VMware Component Relationships for the
relationships in the base ServiceNow system.
vCenter
Create a record for each vCenter instance in the network.
1. Navigate to VMware > Configuration > vCenter Instances.
2. Click New.
3. Enter the Name of an active vCenter machine and the URL to the instance, then save the record.
The location of this vCenter is for convenience and is not used anywhere else.
4. Click the Discover vCenter Details related link to have ServiceNow explore vCenter and record the relationships
between the vCenter and the other VMware components.
This action does not require the ServiceNow Discovery application, but performs the same type of scan. For
more information on this utility, see Gathering vCenter Data Without Running Discovery. A MID Server is
required for this procedure. See VMware Component Relationships for the relationships provided in the base
system.
65
VM Configuration in ServiceNow
The VM configuration in ServiceNow provides the information necessary to create each type of virtual server
offered in the service catalog and to power up the virtual machines on the network. This includes:
List of available IP addresses (IP pools) to assign to virtual machines as they are added to the network.
Credentials and connection information for Windows and Linux.
Catalog offering configuration.
IP Pools
IP pools are collections of IP addresses that can be or have been assigned to newly-provisioned virtual machines
(VMs). Each IP pool can be associated with one or more VMware networks. When the Select IP Address activity
runs, it identifies the IP pools associated with the VMware network selected for the virtual machine (generally by the
Select Datacenter, Network, and Folder activity), chooses the one with the most available IP addresses, and allocates
an IP address to the virtual machine from that pool.
An administrator must ensure that there are IP pools associated with all active VMware networks and that the IP
pools contain enough IP addresses to meet the demand for new virtual servers. Associate VMware networks with an
IP pool by editing the VMware Network related list on the IP Pool form. When you provision a new virtual
machine through vCenter, select a VMware network. Orchestration assigns an available IP address from the VMware
network's IP pool to the new virtual machine. If the VMware network contains multiple IP pools, Orchestration
selects an IP address from the pool with the most available addresses.
Note: vCenter contains VMware networks that Discovery (including DiscoverNow) adds to the CMDB as VMware CIs.
66
67
3. Save the record.
4. To add IP addresses to the pool,
click Add Allocatable IPs under
Related Links.
5. Add ranges, networks, or individual
addresses in a comma separated list.
VM IP Pool Configuration
VM IP Pool Allocation
Windows VMs
The following describes how to
configure
Windows
connection
information starting with the Eureka
release. If you are using an earlier
release,
see
previous
version
information.
To configure Windows connection
information:
Allocated IP addresses
3.
4.
5.
6.
7.
8.
68
This value appears in the Operating System choice list for the catalog request item. The user's selection tells
the provisioning task which configuration information to use.
Enter the registered user's name and organization.
Enter the Product key, select the License mode, and, if the selected license type is Per server, enter the
maximum number of Concurrent connections.
Enter the Administrator password.
Choose a Membership option, either Domain or Workgroup. If you choose Workgroup, enter the workgroup
name. If you choose, Domain, enter the domain name and login credentials.
[Optional] Add any number of Windows commands, each listed on a new line, to the Run once field.
In the Choose networking through field, choose whether to use IP Pool or DHCP.
9. Click Submit.
Windows configuration
Navigate to VMware > Customization Specifications > Windows and click New.
Enter a unique and descriptive Name that includes the operating system.
This value appears in the Operating System choice list for the catalog request item. The user's selection tells the provisioning task which
configuration information to use.
Enter the machine and domain login credentials for the virtual machine, the operating system product key, and the registered user's name.
Select the License type and, if the selected license type is Per server, enter the maximum number of Concurrent connections (Dublin release).
[Optional] Add any number of Windows commands, each listed on a new line, to the Run once field (Dublin release).
Click Submit.
69
Linux VMs
To configure Linux connection information:
1. Navigate to VMware > Customization Specifications > Linux and click New.
2. Enter a unique and descriptive Name that includes the operating system.
This value appears in the Operating System choice list for the catalog request item. The user's selection tells
the provisioning task which configuration information to use.
3. Enter the DNS name in the Domain field.
4. Choose whether to use IP Pool or DHCP in the Choose networking through field (Eureka release).
5. Click Submit.
Group Membership
Linux configuration
groups:
VMware Approvers: approve requests for VMware instances.
VMware Operators: are responsible for the technical operation of the VMware cloud provisioning environment.
To add users to these groups:
1.
2.
3.
4.
Size Selections
A VMware size defines a virtual hardware package that includes predefined number of CPUs, amount of memory,
data disk size, and related details. Users can choose a VMware size or select separate attributes. When the user
selects a size, the individual selections for CPU, memory, and disk size are hidden.
1. Navigate to VMware > Service Catalog > Sizes and click New.
2. Complete the form with the following considerations:
The Name should indicate some increment of size, such as Large or Standard.
In the CPUs, Memory, and Data disk size fields, enter a label to appear in the service catalog. For example,
enter 4 GB of memory or 30 GB for the data disk size.
In the corresponding value fields, enter the value of that element in the specified units. For example, a data
disk size with a label of 30 GB has a value of 30,720 (in MB).
3. Click Submit.
Offering Selections
1. Navigate to VMware > Service Catalog > Offerings and click New.
2. Enter the virtual server's Offering description as it should appear in the service catalog.
Typically, this contains the operating system and some version information, such as Windows Server 2003 or
CentOS 6.
3. Click Submit.
Pricing
All prices for virtual servers or modifications to virtual servers are calculated from the per-unit price for the
following components:
CPU
Memory
Data disk size
The Catalog VM Element Price [sc_vm_element_price] table stores the prices for VMware components included in
the base system. Each component has a single record that defines the units and the price per unit. Users with the
cloud_admin role can access these records to change the unit price for each component.
To change the price for a component:
1. Navigate to VMware > Service Catalog > Prices.
2. Select a component.
70
4. Click Update.
ServiceNow recalculates the price for all items in the service catalog that use this Element type.
Editing Prices
By default, the price of an instance is determined by the selection in the VM Size field in the VMware Catalog Item
form. If a requester changes the desired size when ordering a virtual machine, or an administrator changes the price
of the size, ServiceNow recalculates the instance price automatically. The administrator can make price changes by
modifying the specifications of the instance in the VMware Size Definition form or override the calculated price in
the VMware Catalog Item form when creating a service catalog item. You cannot adjust instance size prices by
editing quantities in the VMware Size Definitions list view.
1.
2.
3.
4.
CPU Selections
You can customize service catalog hardware selections so that users can request the number of CPUs for a virtual
server. The service catalog shows the CPU option only when the user declines the choice of a predefined virtual
server size.
1. Navigate to VMware > Service Catalog > CPU Selections and click New.
2. In the CPUs label field, enter a description of this CPU selection to be displayed in the service catalog.
3. In the Value field, enter the quantity for this CPU selection.
Be sure the CPU label quantity matches the number in the Value field. ServiceNow calculates the cost for
each CPU quantity based on the configured price per unit.
4. Click Submit.
Memory Selections
You can customize service catalog hardware selections so that users can request a specific amount of memory for a
virtual server. The service catalog shows the VM memory option when the user declines the choice of a predefined
virtual server size.
1. Navigate to VMware > Service Catalog > Memory Selections and click New.
2. In the Memory label field, enter the memory quantity to be displayed in the service catalog.
This field typically includes a number and size abbreviation, such as 4 GB.
3. Enter the Value for this memory selection as an integer representing the total number of MB.
In the example used here, 4 GB of memory would have a value of 4,096. ServiceNow calculates the cost for
the amount of memory selected based on the configured price per unit.
71
4. Click Submit.
4. Click Submit.
Lease Duration
The default setting for a lease period and the maximum allowed duration of a virtual server lease are controlled by
the following properties found in Cloud Provisioning > Management > Properties (Calgary release). For
instructions on configuring lease start and end times for individual virtual machines, see Requesting a VMware
Instance in Cloud Provisioning.
Default lease duration: This property (glide.vm.lease_duration) controls the length of the lease period
automatically configured for a virtual server request. The default duration is 60 days from the lease start time,
which always begins on the current date and time.
Max lease duration: This property (glide.vm.max_lease_duration) controls the maximum length of
the lease period permitted for a virtual server. The default maximum duration is 90 days from the lease start time.
This property prevents virtual resources that have been ignored from running indefinitely.
Note: ServiceNow applies the same values to both Amazon EC2 and VMware lease durations.
72
Grace Period
A configurable grace period enables an administrator to delay the termination of a virtual machine when the lease
end date expires. When the lease ends, the virtual machine is powered off, but is available for use until the end of the
grace period. To change the default grace period of 7 days, navigate to Cloud Provisioning > Management >
Properties and edit the value in the Grace period after lease end until VM termination property
(glide.vm.grace_period).
When the lease ends, the platform runs the VMware End of Lease workflow, which notifies the requestor that the
lease has expired, and then powers off the virtual machine. The VMware End of Lease workflow evaluates the
glide.vm.grace_period property to determine when the VMware Termination workflow should run. The
requestor is notified when the virtual machine is terminated, or if termination failed.
To configure a different workflow to run when a lease is terminated.
1. In the application navigation filter, enter task_action_workflow.list.
2. Select the end_of_lease action for the VMware Virtual Machine Instance [cmdb_ci_vmware_instance] table.
Managing Datastores
Datastores represent storage locations for virtual machine files. The VM vCenter Datastores form shows the most
recent datastore availability and capacity information for the the datastores, and allows you to manage how storage
space is handled when provisioning VMs. Using this form you can make most efficient use of space, reducing the
amount of wasted space. This section describes datastore functionality available starting with the Eureka release.
73
74
discovery, a task to fix the issue is created for the cloud operator. If the VM request is canceled, the reserved
space is decremented to remove requested disk space.
For automated provisioning, the datastore with the least disk space, but sufficient for the VM request, is
automatically selected.
When the VM is provisioned, the reserved space is decremented to remove provisioned disk size, and recently
provisioned space is updated to provisioned disk size.
Whenever a datastore is rediscovered and updated accordingly, the amount of recently provisioned space is reset
to 0. When a VM provisioned from a ServiceNow instance is terminated, the provisioned space is released and the
free space is incremented. If the workflow is canceled before the VM is provisioned, the reserved space is updated
to remove not provisioned disk size.
When a VM is modified, the requested amount of space is reserved, and the reserved space field is updated. When
the Modify VM workflow finishes, the reserved space is updated to decrease the disk size added and the recently
provisioned space is increased. When the VM is terminated (Terminate VM), the recently provisioned space in all
affected datastores is released.
When a catalog task is created and a cloud operator chooses a datastore, only those datastores with the enough space
to continue are shown in the choice list.
Configuring Datastores
The Datastores module allows cloud administrators to configure the VMware vCenter datastores. Cloud
administrators can modify recently provisioned space and reserved space fields to manually adjust space usage, and
can block VM provisioned space or reserve extra space for specified datastores.
To manage datastores:
1. Navigate to VMware > Datastores.
Current information on each datastore is displayed in the table.
2. To set availability for a datastore, double-click the Availability for provisioning field and select Include or
Exclude.
Datastore configuration
Field
Description
Name
Capacity
Recently
provisioned space
(GB)
The space requested by recent VM provisioning requests since the most recent discovery. Whenever a datastore is
rediscovered and updated accordingly, the amount of recently provisioned space is reset to 0. If a VM was terminated, the
provisioned space may be a negative number.
Reserved space
(GB)
The amount of space reserved on the datastore for scheduled VM provision requests and extra disk space requests for modify
VM requests. The Reserved space for the requested VM must be less than Free space - (Recently provisioned space +
Reserved space) - Minimum free space' in order for that datastore to be used by the VM.
Availability for
provisioning
Indicates whether the datastore is available (Include) or unavailable (Exclude) for provisioning. For newly discovered
datastores, the default value is Include. Running Discovery does not change this field.
75
Description
Description
Name
Capacity
Free space (GB) The free space available for VM provisioning on the datastore.
VMware Networks
Overview
vCenter contains VMware networks that Discovery and the Discover vCenter Data utility add to the CMDB as
VMware CIs. A VMware network record names the network and identifies one or more IP pools assigned to it. An
IP pool is a collection of IP addresses that are available for provisioning virtual machines.
When you provision a new virtual machine (VM) through vCenter, select a VMware network (see the Select
Datacenter, Network, and Folder Orchestration activity for details). Orchestration assigns an available IP address
from the VMware network's IP pool to the new virtual machine. If the VMware network contains multiple IP pools,
Orchestration selects an IP address from the pool with the most available addresses.
VMware Networks
5. Click Save.
The new IP Pool appears in the related list in the VMware vCenter Network form.
76
VMware Networks
77
78
Tables
The following tables are used for this feature.
Table
Description
Contains virtual machine templates from Amazon EC2 and VMware. This table is available starting with
the Calgary release.
Contains virtual machine catalog items created from VMware templates. This table extends the Catalog
Item [sc_cat_item] table.
Contains size definitions (specifications) for the VMware offerings. This is the parent table to the
Catalog VM Class Selection [sc_vm_class_selection] table.
Configuration
Before you create a catalog item from a VMware template, configure the categories in the service catalog, determine
the appropriate setting for the check-out redirect property, and define the virtual machines sizes.
Categories
See Service Catalog Categories for instructions on creating categories and sub-categories for organizing catalog
items.
Size Definitions
Create virtual machine offerings with different specifications, or sizes, based on a single VMware template. For
example, a CentOS 5.3 Linux template might come in three sizes (large, medium, or small) based on the number of
CPUs, memory, and disk space offered. The requester then selects the operating system for the item and the size
required from the service catalog.
To create size definitions:
1. Navigate to VMware > Service Catalog > Sizes.
2. Click New.
3. Complete the form with the following considerations:
Enter a Name that contains some indication of the size, such as Large or Standard.
Enter the label for each element that appears in the service catalog. For example, enter 2 GB for the Memory
label or 15 GB for the Data disk size label.
Enter the Value in megabytes (MB) for each element. For example, a data disk size with a label of 15 GB has
a Value of 15,360 (in MB).
4. Click Submit.
79
3. Under Related Links, click Create Catalog Item to create a new item from this template.
The VM Catalog Item form opens with the following fields pre-populated based on the default size.
80
81
9. Select Guest customization if any operating system-specific customizations will be applied to the newly
provisioned virtual machine. This option is only allowed for Linux and Windows virtual resources and not for
custom templates with other offerings.
10. Select a Customization specification that contains all the settings to be applied to the newly provisioned virtual
resource. This option is only available if Guest customization is selected.
11. Click Update.
By default the new catalog item
is placed into the Virtual
Resources catalog category.
Catalog items created from
VMware templates are listed in
VMware > Service Catalog >
Maintain Items.
Short description
Price
Description
If you change the image size, but no other values, the pre-populated data adjusts according to the parameters of the
new size. However, if you change a value in a pre-populated field before selecting the new size, the field value you
changed is not updated when the size changes. This behavior allows you to change the price, name, or description of
specific sized images.
Example
The default name of a service catalog item is VMware Instance - Small - Red Hat 6 Server. You change the size to
Medium without modifying the Name field. The system changes the name to VMware Instance - Medium - Red
Hat 6 Server. If you change the Name field to Dev Red Hat 6 Server - Small before changing the size, the name of
the item is not changed.
Each of the four pre-populated fields behaves the same and is independent of the others. For example, if you change
the name of the item but not the short description before selecting a new size, the name value is unaffected, but the
short description adjusts to match the requirements of the new size.
Workflow
The approval and provisioning process for each virtual server request in the base system is controlled by a workflow
(Workflow > Workflow Editor) called Virtual Server. This workflow performs the following tasks:
Creates approval tasks for the approval group.
Collects the provisioning information when the request is approved. (If the request is rejected, the workflow
ends.) The workflow determines if the request is for a Windows or Linux virtual machine.
Creates a catalog task to select the proper virtual server template and supply it with the necessary requirements,
including the appropriate ESX resource pool.
Sets the variables and provisions the virtual server. Using the template selected, Orchestration clones the virtual
server, attaches the IP address to the new virtual machine if guest customization is configured.
Powers up the virtual server.
Notifies the requester that the virtual machine has been created successfully.
82
Description
Template
Destination
folder
Each template belongs to a vCenter datacenter, which contains folders of virtual machines. Select a folder from the datacenter
that contains the provisioned virtual machine. If no folder is selected, the resulting cloned instance is placed in the folder
containing the template that was used to create the clone.
Clone name
Provide the name of the virtual machine as it should appear in VMware vCenter. This name must be unique on the ESX Server (or
the cluster) on which it is being provisioned.
Cluster
Clusters appearing in the list are those from the datacenter in which the selected destination folder resides. If the virtual machine
is not being attached to a cluster, choose None. In this case, make sure to select a non-clustered Host.
ESX Host
Select the ESX Server on which to deploy the virtual machine. If you selected None in the Cluster field, only those hosts that are
not part of a cluster are available. If you did select a cluster for this virtual server, then the available hosts all belong to the
selected cluster.
Resource pool
Select the ESX resource pool to use for this virtual machine. If a cluster was chosen, the available resource pools belong to that
cluster. If a host was selected (and no cluster), the available resource pools belong to the selected host. Resource pools define the
maximum amount of resources that templates using that pool can consume. An ESX Server property enables resource pools to
expand when necessary if the ESX Server has additional resources to spare. If you select the Resources pool, the ESX Server
creates a virtual machine for use under a normal load.
Datastore
Select the datastore on which to provision the virtual server and any data disks. To put the virtual server on the datastore where
the template is located, select None. The available datastores are for the selected host.
Network
Select the network that the virtual server will use. Available networks are those from the datacenter in which the selected
destination folder resides.
83
Guest
customizations
If guest customizations are configured for this virtual server, select one of the following:
VM's host name: [Required] Name of the server hosting the virtual machine being provisioned. Check the Notes in the
request form for the name designated by the requester.
Windows/Linux configuration: [Required] Specifics for Windows or Linux virtual machines configured in VMware >
Customization Specifications. Configuration information includes DNS for Linux and the product key and domain
credentials for Windows.
Network configuration: [Required] Select the network and the network configuration for the virtual server. The IP address
allocated to the virtual server is selected from a list of available addresses configured in the network record.
If you choose not to apply guest customizations to the virtual server, Orchestration provisions the server directly from the
template, using only the configuration available to that template.
Provisioning Rules
Provisioning rules enable an administrator to select which vCenter resources (datacenter, network, and folder) are
used to provision virtual machines for a specific virtual machine category (such as Dev, QA, or Prod) or for any
category if the Category field in the rule is left empty.
Rule Order
Each rule has an Order field that defines the sequence for evaluating the rules. The rules are evaluated by the Select
Datacenter, Network, and Folder activity. When that activity runs, it finds all the provisioning rules that apply to a
particular vCenter instance and category (rules with a blank category match any category), and then uses the
provisioning rule with the lowest order value. By carefully choosing order values for provisioning rules, you can
ensure that rules for specific categories are evaluated before (low order values) provisioning rules for any category
(high order values).
84
Weight
You might want more than one datacenter, network, or folder to be used for virtual machines on a particular vCenter
instance and category. For example, you have a vCenter containing two datacenters, and you'd like to provision 75%
of the virtual machines to one datacenter, and 25% to the other. You can do this by creating two provisioning rules
for the particular vCenter and category with the same order value for each. Multiple rules with the same vCenter,
Category, and Order values trigger this special behavior. Give each provisioning rule a Weight value proportional
to the percentage of the time you want the rule to be used. For this example, you might choose Weight values of 300
and 100. Any other numbers in the same proportion would also work, like 3 and 1. To check the percentage for any
given rule, calculate the Weight value of that rule divided by the sum of the Weight values for all the rules with the
same vCenter, category, and order value. In the example, the calculations would be 300 / (300 + 100) = 75%, and
100 / (300 + 100) = 25%, which meets the goal.
85
86
Administrators
For details about the tasks and roles required for provisioning virtual machines, see Cloud Operations.
following fields:
Business purpose: Enter a brief description of how this virtual server will be used.
Start and End: Select the start and end times for this virtual machine lease. The lease start time is set
automatically for the current date and time. In the base ServiceNow system, the lease end time is set to 60 days
after the start time, and the maximum lease duration is limited to 90 days. The system does not allow
requesters to set a lease end time beyond the configured limit. The lease duration is calculated from the time
the virtual machine is actually provisioned, which occurs after the request is approved. If you request a virtual
machine for now (the current date), and there is a delay in approval, the end date is reset according to the
87
5. Bookmark this page and return to it to track the status of this request.
You are notified by email of the results of your request. (Eureka) If the provisioning request fails for any
reason, an incident is automatically created and assigned to the Cloud Administrators group (if the
glide.vm.create_incident system property is enabled).
88
Workflow
The approval and provisioning process for each virtual server request in the base system is controlled by a workflow
(Workflow > Workflow Editor) called Virtual Server. This workflow performs the following tasks:
Creates approval tasks for the approval group.
Collects the provisioning information when the request is approved. (If the request is rejected, the workflow
ends.) The workflow determines if the request is for a Windows or Linux virtual machine.
Creates a catalog task to select the proper virtual server template and supply it with the necessary requirements,
including the appropriate ESX resource pool.
Sets the variables and provisions the virtual server. Using the template selected, Orchestration clones the virtual
server, attaches the IP address to the new virtual machine if guest customization is configured.
Powers up the virtual server.
Notifies the requester that the virtual machine has been created successfully.
89
Description
Template
Destination
folder
Each template belongs to a vCenter datacenter, which contains folders of virtual machines. Select a folder from the datacenter
that contains the provisioned virtual machine. If no folder is selected, the resulting cloned instance is placed in the folder
containing the template that was used to create the clone.
Clone name
Provide the name of the virtual machine as it should appear in VMware vCenter. This name must be unique on the ESX Server (or
the cluster) on which it is being provisioned.
Cluster
Clusters appearing in the list are those from the datacenter in which the selected destination folder resides. If the virtual machine
is not being attached to a cluster, choose None. In this case, make sure to select a non-clustered Host.
ESX Host
Select the ESX Server on which to deploy the virtual machine. If you selected None in the Cluster field, only those hosts that are
not part of a cluster are available. If you did select a cluster for this virtual server, then the available hosts all belong to the
selected cluster.
Resource pool
Select the ESX resource pool to use for this virtual machine. If a cluster was chosen, the available resource pools belong to that
cluster. If a host was selected (and no cluster), the available resource pools belong to the selected host. Resource pools define the
maximum amount of resources that templates using that pool can consume. An ESX Server property enables resource pools to
expand when necessary if the ESX Server has additional resources to spare. If you select the Resources pool, the ESX Server
creates a virtual machine for use under a normal load.
Datastore
Select the datastore on which to provision the virtual server and any data disks. To put the virtual server on the datastore where
the template is located, select None. The available datastores are for the selected host.
Network
Select the network that the virtual server will use. Available networks are those from the datacenter in which the selected
destination folder resides.
90
Guest
customizations
If guest customizations are configured for this virtual server, select one of the following:
VM's host name: [Required] Name of the server hosting the virtual machine being provisioned. Check the Notes in the
request form for the name designated by the requester.
Windows/Linux configuration: [Required] Specifics for Windows or Linux virtual machines configured in VMware >
Customization Specifications. Configuration information includes DNS for Linux and the product key and domain
credentials for Windows.
Network configuration: [Required] Select the network and the network configuration for the virtual server. The IP address
allocated to the virtual server is selected from a list of available addresses configured in the network record.
If you choose not to apply guest customizations to the virtual server, Orchestration provisions the server directly from the
template, using only the configuration available to that template.
Provisioning Rules
Provisioning rules enable an administrator to select which vCenter resources (datacenter, network, and folder) are
used to provision virtual machines for a specific virtual machine category (such as Dev, QA, or Prod) or for any
category if the Category field in the rule is left empty.
Rule Order
Each rule has an Order field that defines the sequence for evaluating the rules. The rules are evaluated by the Select
Datacenter, Network, and Folder activity. When that activity runs, it finds all the provisioning rules that apply to a
particular vCenter instance and category (rules with a blank category match any category), and then uses the
provisioning rule with the lowest order value. By carefully choosing order values for provisioning rules, you can
ensure that rules for specific categories are evaluated before (low order values) provisioning rules for any category
(high order values).
91
Weight
You might want more than one datacenter, network, or folder to be used for virtual machines on a particular vCenter
instance and category. For example, you have a vCenter containing two datacenters, and you'd like to provision 75%
of the virtual machines to one datacenter, and 25% to the other. You can do this by creating two provisioning rules
for the particular vCenter and category with the same order value for each. Multiple rules with the same vCenter,
Category, and Order values trigger this special behavior. Give each provisioning rule a Weight value proportional
to the percentage of the time you want the rule to be used. For this example, you might choose Weight values of 300
and 100. Any other numbers in the same proportion would also work, like 3 and 1. To check the percentage for any
given rule, calculate the Weight value of that rule divided by the sum of the Weight values for all the rules with the
same vCenter, category, and order value. In the example, the calculations would be 300 / (300 + 100) = 75%, and
100 / (300 + 100) = 25%, which meets the goal.
92
93
Possible Errors
Clone
Reconfigure
Change Network
Add Disk
Change State
Select IP Address
Out of space in the IP pool or problems configuring the IP pool. Incorrect guest customization
specifications.
Configure Windows
Configure Linux
This task shows that a requested instance named global-by-1 has generated an error.
3. The provisioner opens the task and attempts to identify the error.
4. The provisioner then opens the original request by clicking the link in the Request item field.
5. The provisioner enters a unique name for the virtual machine and clicks Update.
The catalog task appears.
94
References
[1] http:/ / www. vmware. com/ support/ pubs/
95
96
Reference
vCenter API User Privileges for Cloud
Provisioning
Overview
ServiceNow VMware Orchestration activities require specific user privileges to access the vCenter APIs necessary to
run workflows for VMware support. These login privileges are not for use within the ServiceNow platform, but are
configured for the VMware activities on the vCenter instance. Refer to the vCenter documentation [1] for assistance.
Note: If you are using a version of ServiceNow earlier than Calgary, see previous version information in Accessing the vCenter API
- Versions Prior to Calgary.
Determining Privileges
To determine the user privileges required by the VMware activity that logs into vCenter:
1. Navigate to the VMware API documentation [1].
2. In the vCenter API page, select All Types in the left navigation menu.
6. Click the following methods to see the required vCenter login privileges:
CloneVM_Task: No privileges are required.
CustomizeVM_Task: Requires VirtualMachine.Provisioning.Customize
PowerOnVM_Task: Requires VirtualMachine.Interact.PowerOn
References
[1] http:/ / www. vmware. com/ support/ developer/ vc-sdk/ visdk41pubs/ ApiReference/ index. html
97
98
99
100