Out Of Box Actions

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Out Of Box Actions

    The Out of the Box (OOB) Actions provide pre-built deployment, tagging, retrieval, and post-provisioning operations designed for use within ServiceNow’s Flow Designer. These actions are implemented as Integration Hub sub-flows and support automation in catalog item deployments, especially for cloud and virtual machine provisioning scenarios.

    Show full answer Show less

    Key Features

    • Deploy ACC Agent: Automatically deploys the Agent Client Collector (ACC) on Linux VMs as a post-provisioning step. Requires a configured MID Server with a listener and API key. Ensures secure SSH connectivity from the MID Server to the provisioned VM. Failure triggers follow-up tasks and stack state changes.
    • CCG Policy Scan: Performs compliance scans using default Cloud Compliance Governance (CCG) policies on Windows and Linux deployments. Violations set the stack state to require follow-up and must be resolved before the stack is reactivated.
    • Tagging Action: Updates key-value pairs such as StackName, Application, CostCenter, and BusinessService in the CMDB post-provisioning. Tags with empty values are excluded. This action does not update cloud resources directly.
    • Retrieve Windows Password: For Windows VMs, fetches the administrator password post-deployment by decrypting it using an SSH key (pem file) on a Terraform Linux server. Requires specific credential alias setup and catalog variable configuration for key paths. Passwords are emailed to requesters.
    • Email URL for Azure Scalable Web Server: Sends the deployed application endpoint URL from Microsoft Azure to the requester after deployment completes.
    • Retrieve Azure Function App Host Name: Retrieves and delivers the host name of a deployed Azure Function App to the requester as a post-provisioning step.

    Practical Considerations for ServiceNow Customers

    • Ensure MID Server and ACC Listener are properly configured and accessible for ACC deployment.
    • Verify SSH connectivity and correct public IP usage for MID Server endpoints in environments requiring internet access.
    • Monitor and remediate compliance violations flagged by CCG scans to maintain active stack status.
    • Configure Terraform server credentials and key paths correctly to enable Windows password retrieval.
    • Confirm requesters have valid email addresses configured to receive deployment credentials and URLs.

    These out-of-the-box actions streamline common provisioning and post-provisioning tasks, reduce manual intervention, and improve compliance and operational efficiency within ServiceNow deployments.

    The Out of the Box Actions comprise OOB deployment, tagging, retrieving and post-provisioning operations. All these actions are based on Flow Designer and implemented as Integration Hub Sub-flows.

    Actions Flow Designer Sub-flow Name Description
    Deploy ACC-* in post provisioning CSC Content- Post Provisioning- Deploy ACC in Stack VMs

    ACC (agent client collector) is deployed through a Flow Designer action. This is called as post-provision step for the Linux basic VM deployment catalog item. Pre-requisites:

    1. ACC Listener must be configured in any MID Server. This will generate a mid web server endpoint and a MID Server API Key.
    2. In the post provisioning operation parameters of the Basic Linux VM catalog, these two parameters – web server end point (typically in format wss://<IP_Address>:3389/ws/events) and MID Server API Keys, need to be set. Out of the box, these parameters have empty values.
      Note:
      If the generated WS endpoint URL returns the private IP of the MID Server, then that private IP needs to be replaced with public IP of the MID Server VM for the internet-based connectivity.
    3. There should be connectivity over SSH port from the MID Server to the provisioned VM.

    In case of any failure in installing agent on the provisioned VM, a task is created, and stack is set to a 'follow-up required' state and automatically turns active, once all the follow-on tasks are closed.
    CCG Scan in post provisioning CSC Content- Create CCG Policy Scan on Stack Items

    CCG Scan with the default OOB Policy Set in CCG is called with the simple windows and Linux deployment. When a CCG scan fails owing to violation, the stack is set to a follow-up needed state. The operator must ensure that the violation is remediated and close the violation task. Once all the follow-on tasks are closed, the stack automatically turns to active state and can be used by requester.
    Tagging Action CSC Content- Post Provisioning- Update Key Values in CMDB

    All catalog items have a tagging action run as post-provision step. This action only updates the key-value entries in CMDB, not in cloud. The standard tags updated are StackName, Application, CostCenter and BusinessService. Fields with empty values will not be saved as key-value records.
    Retrieve Windows Password CSC Content- Post Provisioning- Retrieve Windows Password

    All windows catalogs have a retrieve password action, which emails the Administrator, the password of the provisioned windows VM to the requester. The password is obtained from AWS after the deployment is complete using a ssh key ('pem') file to decrypt the password. Follow these pre-requisite steps to set up this pem file on the Terraform Linux server:

    1. Ensure that the SSH Private Key credential to the VM with Terraform CLI installed, is associated with the credential alias named 'TFO Server Credential Alias'. This alias is already created with installation of CSC Content pack. This alias is used to SSH into the terraform server to get the windows password from output variable.
    2. Ensure that in the Catalog’s Provision variable set, the variable called 'keypath' has the default value set to the path of the management key (the key which can decrypt the password) on the terraform VM.
    3. Ensure that the requester has set up the email
    Note:
    For custom catalogs, this operation is available for use only, with Terraform Opensource- Linux based catalog items.
    Email URL For Microsoft Azure Scalable Web Server Application CSC Content- Email URL For Microsoft Azure Scalable Web Server Application

    This action is added as a post provision operation in 'CSC Microsoft Azure Linux with Scalable Web Server' catalog item, which emails the deployed application's end point URL to the requester.

    The URL is obtained from Microsoft Azure after the deployment is complete. Ensure the requester has set up the email.
    Retrieve Microsoft Azure Function App Host name CSC Content- Post Provisioning- Retrieve Microsoft Azure Function App Host name

    This action is added as a post provision operation in 'CSC Microsoft Azure Function App catalog item which retrieves the deployed function app's host name to the requester.