Manual Installation Using XML File

This guide explains how to configure the Cloudaware application when installed using the .xml file. Cloudaware extends the Configuration Item table in ServiceNow with additional cloud inventory data.

Summary

Get credentials for ServiceNow-to-Google from Cloudaware at support@cloudaware.com.
Download the Cloudaware app using the installation .xml file sys_remote_update_set_6911728433319610c71d58273e5c7b37.xml.

Configure the application in ServiceNow:
- Set up ServiceNow-to-Google integration
- Install the application
- Configure the workflow in Workflow Studio

For detailed setup instructions, refer to the in-depth guidelines below.

Configure Cloudaware CMDB application in ServiceNow

Cloudaware provides credentials for setting up ServiceNow-to-Google integration. This integration is required for JWT-based authorization. The configured JWT Provider will be used as the Connection when creating the data update workflow.

Set up ServiceNow-to-Google integration

Configure JWT Key and Certificate.
a. Create a JWT Key:
- Navigate to All → System OAuth → JWT Keys.
- Click New and fill out the form:
  WHERE
  Name: a meaningful name, e.g. Google JWT Key
  Signing Key: notasecret
  Signing Keystore: click the magnifier icon to create a new keystore (see step b below)
b. Create a JWT Certificate that will serve as a signing keystore:
- In the pop-up window, click New.
- Fill out the form:
  WHERE
  Name: a meaningful name, e.g. Google JWT Certificate
  Type: Java Key Store
  Key store password: notasecret
- Click the paperclip icon, then Choose file to attach the .p12 certificate provided by Cloudaware.
  Click Submit.
c. Return to the JWT Key form. Under Signing Keystore, select the created certificate (Google JWT Certificate).
Click Submit.
Configure JWT Provider.

Navigate to All → System OAuth → JWT Providers:
Click New and fill out the form:
WHERE
Name: a meaningful name, e.g. Google JWT Provider
Signing Configuration: click the magnifier icon (Lookup using list) and select the configured Google JWT Key from the list

Open the JWT provider record (in this example, Google JWT Provider) to edit settings. Select the tab 'Standard Claims'. Add the following claims:
iss - string - Service Account email address provided by Cloudaware
sub - string - Service Account email address provided by Cloudaware
aud - string - https://oauth2.googleapis.com/token
Click Update.
Configure Application Registry.

Navigate to All → System OAuth → Application Registry.
Click New → select 'Connect to a third party OAuth Provider' from the list. Fill out the form:
WHERE
Name: a meaningful name, e.g. Google JWT
Client ID: notneeded
Client secret: notneeded
Default grant type: JWT Bearer
Token: https://oauth2.googleapis.com/token
Refresh Token Lifespan: 10

Click Submit.

Click on the name of OAuth Entity Profile (in this example, Google JWT default_profile) to edit settings:
Next to the JWT Provider, click the magnifier icon (Lookup using list) and select the Google JWT Provider from the list.
Click Update.
Go back to JWT Providers. Select the configured Google JWT Provider from the list.

Select the tab 'Custom Claims'. Add a new claim: scope - string - https://www.googleapis.com/auth/bigquery.readonly
Click Update.
Configure Credentials.

Navigate to All → Connections & Credentials → Credentials.
Click New → select 'Auth 2.0 Credentials' from the list. Fill out the form:
WHERE
Name: a meaningful name, e.g. Google JWT Credentials
OAuth Entity Profile: select the configured OAuth Entity Profile (in this example, Google JWT default_profile)

Click Update. Click Get OAuth Token to test the connection.

Navigate to All → Connections & Credentials Aliases. Click New.

Set the alias as Google JWT and save it by right-clicking on the upper grey menu.
In the section that appears, click New to create a HTTP(s) Connection.
Fill out the form:
WHERE
Name: meaningful name, e.g. Google JWT Connection
Credential: select Google JWT Credentials
URL builder: check this box
Host: bigquery.googleapis.com

Click Submit.

Install the Cloudaware CMDB application

Navigate to All → Retrieved Update Sets:
Click the link Import Update Set from XML.
Choose the .xml file downloaded before. Click Upload.
Select the created application.
Click Preview Update Set.
Click Commit Update Set to install the application.

Please allow some time for the application to be created.

Configure the workflow

Navigate to All → Workflow Studio:
Open 'Flows'. Select the Update Import Settings and Fields Mapping flow.
Click Test → Run test (required once after installation):
Go back to all flows. Set the Updated column to descending order. Select the Import All CI Data from Cloudaware flow from the list.
In TRIGGER, click on the section to schedule a trigger. Select 'Scheduled' → Daily^* → set the time:
Click Done.

^*The recommended frequency is once per day.

In ACTIONS, click Set Flow Variables to select:
WHERE
Connection Alias – select the Connections & Credentials Aliases configured in the section ‘Set up ServiceNow-to-Google integration’ (in this example, Google JWT)
Cloudaware Import Settings Table – the value is auto-populated as this is a system table
Cloudaware Import Fields Mapping Table – the value is auto-populated as this is a system table
Project Id – the Import Project Id provided by Cloudaware
Dataset Id – the Import Dataset Id provided by Cloudaware
Click Done.
Save and activate the workflow.

Allow some time for data to load. Verify by checking upload status.

Tables

As a result, the following tables will be created in ServiceNow:

System tables

Label	Name
Cloudaware CI	`x_ca_cmdb_ci`
Cloudaware CMDB Schema	`x_ca_cmdb_schema`
CI Class Import	`x_ca_cmdb_ci_class_import`
Cloudaware Import Settings	`x_ca_cmdb_ci_class_import_settings`
Cloudaware Import Fields Mapping	`x_ca_cmdb_import_fields_mapping`

Application tables

Label	Name
AWS Account	`x_ca_cmdb_aws_account`
AWS DynamoDB Backup	`x_ca_cmdb_aws_dynamo_db_backup`
AWS DynamoDB Table	`x_ca_cmdb_aws_dynamo_db_table`
AWS EBS Snapshot	`x_ca_cmdb_aws_snapshot`
AWS EBS Volume	`x_ca_cmdb_aws_volume`
AWS EC2 Image	`x_ca_cmdb_aws_image`
AWS EC2 Instance	`x_ca_cmdb_aws_instance`
AWS EC2 Security Group	`x_ca_cmdb_aws_security_group`
AWS ELB Load Balancer	`x_ca_cmdb_aws_load_balancer`
AWS ElastiCache Cluster	`x_ca_cmdb_aws_cache_cluster`
AWS ElastiCache Node	`x_ca_cmdb_aws_cache_node`
AWS Lambda Function	`x_ca_cmdb_aws_lambda_function`
AWS RDS Cluster	`x_ca_cmdb_aws_db_cluster`
AWS RDS Instance	`x_ca_cmdb_aws_db_instance`
AWS Redshift Cluster	`x_ca_cmdb_aws_redshift_cluster`
AWS S3 Bucket	`x_ca_cmdb_aws_bucket`

Imports for some application tables can be disabled by the admin in the system table Cloudaware Import Settings (x_ca_cmdb_ci_class_import_settings). To disable the import, set the property 'Active' to False. Data for inactive tables will not be imported from Cloudaware.

Verify data upload status

Append /x_ca_cmdb_ci_class_import_settings.do to the ServiceNow instance URL in the web browser:

https://YOURINSTANCE.service-now.com/x_ca_cmdb_ci_class_import_settings.do where YOURINSTANCE is a placeholder for your ServiceNow instance ID.