Fetching dependencies from the CMDB and BIA

Release version: Xanadu

Updated July 31, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Fetching Dependencies from the CMDB and BIA

This content outlines how to fetch dependencies for services or business services from the Configuration Management Database (CMDB) and Business Impact Analysis (BIA) within the Operational Resilience application starting with the Xanadu release. The Data Relationships Framework facilitates this process by retrieving dependency updates through an API call.

Show full answer Show less

Key Features

CMDB Dependency Retrieval: Administrators must activate the Service (CMDB) main node configuration in the Data Relationships Framework to fetch dependencies.
Dependency Evaluation: For each dependency fetched, the application checks for existing entities. If none exist, the dependency is skipped; if it belongs to an Operational Resilience entity type, it is added to the parent entity's downstream.
BIA Dependency Updates: The application retrieves BIA dependencies based on specific conditions, such as the BIA being in an Approved state and applicable to a business process used in Operational Resilience.

Key Outcomes

By following these procedures, ServiceNow customers can effectively manage and update service dependencies, ensuring that the Operational Resilience application has accurate and up-to-date information. It is essential to manually add any dependencies that do not belong to recognized entity types, as the system will not create them automatically.

You can fetch the dependencies for the services or business services from CMDB in Operational Resilience. Similarly, when the BCM applications are installed, the Operational Resilience scheduled job also monitors for the changes in the business impact analysis (BIA) dependencies and fetches the dependency updates.

Fetching the dependencies from CMDB for the services

Beginning with the Xanadu release, the Data Relationships Framework supports the Operational Resilience application with the underlying framework to fetch the dependencies from CMDB. The Data Relationships Framework (app-grc-relationship-config) is installed with the Operational Resilience application by default. The CMDB dependencies are retrieved by calling an API from the Data Relationships Framework.

To get the CMDB dependencies, the Operational Resilience administrator must activate the main node configuration, labeled as Service (CMDB) in the Data Relationships Framework first.

For each retrieved dependency, the Operational Resilience application searches for an existing entity first. If there is no existing entity, the dependency is skipped. If there is an existing entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent’s entity. If the entity does not belong to any entity type, such as Facilities/People/Suppliers/Technology, you must add it manually to the corresponding entity type in Operational Resilience.

The following example shows a sample CMDB relationship setup for a business service. When the service Windows mobile updates its dependencies, the entity of OWA-SD-01 gets added to the downstream of its entity, IronMail-SD-01 and IronMail-SD-02 gets added to the downstream of the Email child service entity.

Table 1. Sample relationship setup for a business service
Business service	Associated dependency, business process, and business service: Email	Process and dependencies associated with business service: Email
Windows mobile	Dependency: OWA-SD-01 Business process: Inbound payment validation Business service: Email	Process: Fraud_escalation Dependency 1: IronMail-SD-01 (The table is cmdb_ci_email_server.) Dependency 2: IronMail-SD-02 (The table is cmdb_ci_email_server.)

Fetching the dependencies from the business impact analysis (BIA)

When the BCM applications are installed, Operational Resilience fetches the BIA's dependency update if the BIA's Applies to field is a business process used in Operational Resilience.

The following conditions must be met for pulling the BIA dependencies in Operational Resilience:

The BIA has to be in the Approved state.
The BIA should not be in the Expired state.
The dependency group has to be completed.

Note:

Only when the Applies to field of the BIA record matches with any business process within the Business Processes Entity Type, its dependencies are fetched by the scheduled job.

For each fetched dependency, the Operational Resilience application looks for an existing valid entity first. If the dependency has an existing valid entity and the entity belongs to any entity type in Operational Resilience, it is added to the downstream of its parent's entity.

To fetch the CMDB dependency updates or BIA dependency updates, the following conditions are followed:

If there is no entity for the dependency, it is skipped. Operational Resilience does not create an entity for the dependency.
If a dependency entity is inactive, it is ignored.
If a dependency entity is active, but it has no pillar, it is ignored.
If a dependency entity is active and has a pillar, but it does not belong to any Operational Resilience entity type, it is ignored.

Adding the dependencies manually

If the entity does not belong to an entity type such as Facilities, People, Suppliers, Technology, Operational Resilience users must add it to the corresponding entity type manually. Instead of using the scheduled job, Operational Resilience administrators and managers can update the dependencies manually.

Support for main node configuration in Data Relationships Framework

For information on the Data Relationships Framework and main node configuration, see Data Relationships Framework and Create a main node configuration record.