Discovery for Alibaba Cloud

  • Release version: Xanadu
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Discovery for Alibaba Cloud

    Discovery for Alibaba Cloud is an automated cloud resource identification process within the IT Operations Management (ITOM) Visibility framework. It scans and detects Alibaba Cloud resources across your organization’s cloud infrastructure to maintain an accurate Configuration Management Database (CMDB). Using pattern-based discovery, it identifies resources like cloud service accounts, datacenters, availability zones, hardware types, and OS images, while also mapping relationships among these resources.

    Show full answer Show less

    Key Features

    • Pattern-Based Discovery: Uses Discovery and Service Mapping Patterns to find and map Alibaba Cloud resources and their relationships, creating configuration items (CIs) in the CMDB.
    • Metadata Detection: Collects detailed information including cloud accounts, datacenters, zones, hardware types, and OS-level details.
    • REST API Permissions Verification: A downloadable spreadsheet assists in granting required user permissions, listing pattern details, CI classes, and vendor documentation links.
    • Quarterly Pattern Updates: Patterns are updated regularly to ensure comprehensive and current discovery capabilities.
    • Role-Based Access Control: Discovery permissions depend on Alibaba Cloud user roles, supporting Root Account, RAM user, and RAM Role with varying access scopes.
    • Integration and Configuration: Requires installation of ServiceNow plugins, MID Server setup, and proper credential configuration within ServiceNow and Alibaba Cloud.

    Practical Configuration Steps for ServiceNow Customers

    • Assign Roles: Use the discoveryadmin role in ServiceNow to create Alibaba Cloud API credentials and manage discovery.
    • Manage Alibaba Cloud Permissions: Ensure the Alibaba Cloud user has at least read-only access to necessary services to enable effective discovery.
    • MID Server Setup: Install and configure a MID Server with the appropriate roles to connect securely to Alibaba Cloud environments.
    • Create and Use API Credentials: Configure Alibaba Cloud API credentials using Access Key ID and Secret to authorize discovery operations.
    • Schedule Discovery: Establish a discovery schedule to automate regular scans and updates of Alibaba Cloud resources within the CMDB.

    Key Outcomes

    • An accurate and trustworthy CMDB reflecting your Alibaba Cloud infrastructure.
    • Automated and continuous discovery of Alibaba Cloud resources and their dependencies.
    • Improved visibility and management of cloud assets through relationship mapping and metadata collection.
    • A scalable discovery solution that evolves with quarterly pattern updates for comprehensive coverage.

    Alibaba Cloud discovery is one of the overall Cloud discovery offerings within the IT Operations Management (ITOM) Visibility framework. It’s an automated process used to scan and identify Alibaba Cloud resources within your organization's cloud infrastructure. This discovery process is critical for maintaining an accurate and trustworthy data foundation—the Configuration Management Database (CMDB).

    Pattern-based cloud discovery

    Using Discovery and Service Mapping Patterns to perform horizontal discovery enables you to find and map your organization's Alibaba Cloud resources. You can discover Alibaba Cloud metadata including:
    • Cloud service accounts.
    • Datacenters.
    • Availability zones.
    • Hardware types.
    Patterns also support OS level discovery, for example OS images.

    Discovery and Service Mapping Patterns create configuration items (CIs) for your Alibaba Cloud resources. Additionally, patterns discover the relationships between your organization's Alibaba Cloud resources, such as Hosted On :: Hosts.

    See Alibaba Cloud discovery using patterns to learn about all Alibaba Cloud resources you can discover using Patterns.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Alibaba Cloud discovery configuration

    The basic steps to configure pattern-based discovery for Alibaba Cloud involve preparation on the ServiceNow AI Platform side like installing necessary plugins and setting up credentials. The discovery_admin role in ServiceNow AI Platform is required for creating Alibaba Cloud API credentials and service accounts.

    The discovery process requires configuration within Alibaba Cloud, like setting up Identity and Access Management roles. The discovery permissions of Alibaba Cloud users are determined by their access levels within Alibaba Cloud.

    To promote proper discovery, the Alibaba Cloud user must have at least read-only access to the necessary Alibaba Cloud services.

    Table 1. Alibaba Cloud user discovery permissions
    Alibaba Cloud user Discovery permissions
    Root Account (Master Account) Full access to all Alibaba Cloud resources and services, including Elastic Compute Service (ECS), Object Storage Service (OSS), Relational Database Service (RDS), and Resource Access Management (RAM). Can create and manage RAM users, assign permissions, and perform billing operations.
    RAM user Access to specific Alibaba Cloud resources and services based on assigned policies. Can be granted read-only access for discovery purposes.
    RAM Role (AssumedRoleUser) Temporary access to Alibaba Cloud resources and services based on assumed role policies. Useful for cross-account access, temporary access, or access by ECS instances.
    Table 2. Alibaba Cloud discovery users and tasks
    Typical persona Roles and permissions Responsibility Link to detailed documentation
    ServiceNow administrator or IT Implementation Specialist admin Install the store applications and update them on every store release:
    • Discovery
    • Discovery and Service Mapping Patterns
    • Visibility content.
    • CMDB CI Class Models
    • Discovery Admin Workspace
    		 ITOM Store upgrades
    ServiceNow administrator admin
    • Create a MID Server user.
    • Assign the MID Server role to the user.
    		 Create the MID Server user and grant the role
    ServiceNow administrator admin, mid_server Install a MID Server.
    ServiceNow administrator admin Validate that the MID Server is installed correctly. Validate the MID Server
    ServiceNow administrator admin Assigning users with discovery_admin roles and giving them permission for discovery. Managing roles
    Cloud administrator or Discovery administrator discovery_admin Creating Alibaba Cloud service accounts Set up Alibaba Cloud service accounts
    Cloud administrator or Discovery administrator The person configuring the API credentials must have the discovery_admin role in ServiceNow and must have access to the Alibaba Cloud Access Key ID and Access Key Secret. Configuring Alibaba Cloud API credentials Create Alibaba Cloud API Credentials
    Discovery administrator discovery_admin Use Discovery and Service Mapping Patterns Alibaba Cloud discovery using patterns
    Discovery administrator discovery_admin Set up a discovery schedule for Alibaba Cloud Create a Discovery Schedule for Alibaba Cloud