What’s the best way to create ServiceNow Incidents from SCOM?

Written By Guest User

If you have ServiceNow and SCOM you will want to integrate these tools to ensure they deliver maximum value for your business. There are four key benefits of creating ServiceNow incidents from SCOM:

1) Increase value of existing infrastructure monitoring tools by consolidating information and integrating them with connectors.

2) Understand root cause of the problem and reduce Mean Time to Repair (MTTR) by transforming incidents into actionable alerts.

3) Improve service availability by proactively understanding and eliminating outages and critical IT operational issues.

4) Save time and money through automation of processes, as you’ll cut down on the manpower needed to do these tasks and resolve issues quicker ensuring your business can operate at maximum efficiency. SCOM is not designed with workflows in mind - its primary way of consuming alert data is via email, whereas workflows are at the heart of ServiceNow.

There are a few options to make this happen; depending on your budget, business needs & individual programming skills. We will explore the pros and cons of each approach below:

ServiceNow Event Management

If you are already using ServiceNow IT Operations Management (ITOM) then their solution, Event Management, is a great way to seamlessly integrate all your monitoring tools into ServiceNow (including SCOM). Event Management uses machine-learning techniques to correlate events and produce actionable alerts and incidents. You can also make use of your CMDB and Service Maps, to further increase visibility and speed of incident resolution. Plus, bolt on a few extra tools; to define rules, set conditions, and automated actions for resolving these. This is complemented by their Operator Workspace, a dashboard to view service performance at scale and really understand the full impact of issues and how they are caused.

However, ServiceNow ITOM is not only complex and time-consuming to set up, but the licensing fees are also expensive.

This is a great tool for enterprise organizations, wanting to invest in a large scale view of IT operational performance and see the value in being able to drill down into complex issues, but it comes with a price tag to reflect all this functionality!  To find out more about their prices you’ll need to schedule a consultation, so ServiceNow can develop a bespoke quote for your specific business case.

OpsLogix Connector

The OpsLogix Connector synchronizes your service desk and monitoring, using a bi-directional connection between SCOM alerts and ServiceNow incidents. It is simple to setup and configure, as you don’t need any additional software in your SCOM environment or to open any firewall ports for SCOM and ServiceNow to connect. Just configure the connector then import the generated MP into SCOM and you’re done.

Once setup this tool will provide you with the following functionality to turn your incidents into actionable alerts:

•   Create ServiceNow incidents for alerts in SCOM.

•   Create custom Mapping for SCOM alerts and ServiceNow incidents.

•   Close or set any resolution state when an incident is resolved or changes status.

Easy to setup and once you are done this tool provides the basic functionality required to successfully review and manage your alerts and incidents.

Another benefit is the pay as you go pricing model (starting at $199/month + Azure infrastructure costs) which means you can give it a spin without committing much time or money, though no free trial option is available at the time of writing.

PowerShell Scripting

If you are a whiz at writing scripts, then you may decide to go it alone and rely on your own skills rather than a tool. We explored how getting SCOM alerts with PowerShell and sending them to a REST endpoint (which is akin to how ServiceNow receives alerts) could work. Clearly this is the cheapest method of performing this task in the short term (as no up front budget is required), but it would be difficult to build in additional functionality and visibility. Therefore, the value that this method can add to your business is limited, or you will need to invest a significant amount of time into building functionality in scripts that would overall work out cheaper to buy. As we all know creating your own scripts can also make it hard for other people to understand or manage this process, if they lack similar skills.

But if you want to give it a go then check out our blog on ‘How to pull SCOM Alerts from your Management Group and push them via REST to a specified endpoint’ just click here.

Kelverion System Center Orchestrator (SCORCH)

The Kelverion integration pack provides bi-directional integration and automation of ServiceNow using the Microsoft System Center Orchestrator. The first step is to use Kelverion smart discovery Integration Pack to interrogate the ServiceNow instance and discover how it has been configured; providing a form-based view of the tables, fields, properties and inputs for mandatory/optional fields. This feature will significantly reduce the complexity of integrating and configuring ServiceNow. So, now you can start to send this information into ServiceNow using the Representational State Transfer (REST) API solution. Once this process is complete you can automate the following IT functions:

·   Service Desk – create service records from a range of enterprise management tools.

·   Monitor Service Records – for new or changed service records to automate the diagnostic/remediation process.

·   Configuration Management – initiate automated changes and populate ServiceNow data into CMDBs. 

Although the final product provides a reasonably good tool for integrating SCOM and ServiceNow, the process itself is a bit clunky, requiring you to bolt together a number of integration packs and configure some of the data yourself, it is also only a viable option if you already have a SCORCH license, so this could be more time consuming and complex than other options. If you are looking for something refined and seamless, then this is not the solution for you! 

Evanios SCOM integration to ServiceNow

It is fair to say Evanios had one of the most simple, flexible, and functionally complete solutions on the market. It maintained all SCOMs event details, allowed you to correlate SCOM alerts to prevent duplicate incidents, and could be implemented in just a few hours. Sound great right! The only problem is they have been acquired by HP and it is no longer possible to purchase this as a stand-alone solution. So save yourself some time and don’t get caught up on all the information online, as this will send you down an endless rabbit hole…!  

Cookdown Alert Sync

Cookdown Alert Sync converts critical Microsoft SCOM alerts into actionable ServiceNow incidents with real-time, two-way synchronization. 

Setup is easy and quick, just install the SCOM Management Pack and ServiceNow Certified Store App, and use the wizard-driven setup experience to connect. There are no fussy scripts or hidden moving parts to troubleshoot. 

You’ll be up and running in minutes, with the following features:

  • Specialized for SCOM - Correct handling of SCOM monitors vs rules and full alert details including; alert context, pushed through to incidents.

  • Alert correlation - prevent raising Incidents where the server is down with correlation and reduce alert storms being reflected in your list of Incidents.

  • Flexible customization - Customize workflows using native tools in either SCOM or ServiceNow - whatever suits your process.

  • Two-way sync - Alerts and incidents kept in sync across the lifetime of the issue.

  • Compatible with Event Management - Optionally integrate with ServiceNow Event Management for extended analytics.

  • Extend with CMDB Discovery - Use with Cookdown CMDB Discovery to associate each incident with the correct CI (Configuration Item) in ServiceNow. 

  • Native solution - Alert Sync is made up of a SCOM Management Pack and ServiceNow certified store app. There is no need for additional moving parts (web services/VMs/MID-servers etc) to get going.

The best bit is you don’t need to do loads of research to see if this is the best solution for you, we offer a 30 day free trial so you can try before you buy.  Then assuming you are happy, then rest assured, Cookdown are committed to delivering affordable, hassle-free enterprise software so our products are great value for money – subscriptions start from just $5,000/ annum.

Alert Sync is the full package, its possibly the easiest solution to setup and offers a competitive set of features, all at a great price. 

To take a look at Alert Sync in action, here’s our
3 Minute Intro Video >>>

So, what’s the right solution for you? 

There are lots of solutions on the market all of which differ in setup complexity, lifetime cost and functionality and only you can decide which one will best meet the needs of you and your business. But in case you’re still pondering this decision we’ve provided a simple score table to recap on the key pros and cons below:

Alert+Sync+Table.jpg

If you have any questions our team are always happy to discuss your business challenges and how we can help fix them, so just drop us a line at: hello@cookdown.com

Guest User
Previous

Bringing override sprawl under control with PowerBI
Next

Alert Sync 2.0 is here!