ServiceNow ITOM

8 important ITOM updates in ServiceNow Rome

The release notes of the latest ServiceNow version is out in public and this time we’re going all the way to Rome. The new release is packed with improvements, additions and developments in the ITOM parts of the platform. In this article by Einar & Partners we give you all the important highlights and news in ServiceNow ITOM for the Rome release.

Site Reliability Metrics for SRE’s and Ops

Site Reliability Operations, or SRO – is a product by ServiceNow created specifically for SRE teams that are working heavily with microservices and site reliability engineering. In the Rome Release, the SRO product is being improved additionally with Site Reliability Metrics. Engineers and operations teams that are working with site reliability engineering can now see performance, error budgets, indicators and service level objectives. All within one workspace.

Site Reliability Metrics

This is a welcome addition to the previously rather lightweight SRO application. It also demonstrates that ServiceNow is more serious than ever to develop their positioning towards cutting edge DevOps and containerized practices.

Containerized MID-servers

Speaking of containerized practices, the MID-server is now officially put into a docker image and available to be pushed out as a container based application. This has already existed for a while, although not supported officially by ServiceNow – until now that is. In practice this means that the MID server capacity and sizing can be scaled and sized very easily depending on load and anticipated activity (for example, discovery).

At the time of this article being written, IntegrationHub and Orchestration is not (officially) supported when using containerized MID-server docker images.

Agent Client Collector – agent based discovery

The agent client collector (ACC) is officially released in its full capacity in Rome, and is starting to become quite the mature alternative to agentless discovery. The agent based discovery in ServiceNow solves the long-standing challenge of having to provide credentials and opening firewalls across the infrastructure. When using the agent based discovery, customers should still be aware that products such as service mapping is not yet supported.

Nonetheless, agent based discovery is perfectly suited for endpoints, laptops and infrastructure where agentless discovery is not permitted.

For more information about the ACC-V framework, check out our video below.

More sources for Health Log Analytics

Health Log Analytics, originating from the acquisition of Loom Systems roughly 2 years ago, has now matured to a strong core-piece of the ServiceNow AIOps portfolio. In the latest release the Health Log Analytics product supports a whole bunch of new sources for ingesting log data, such as:

  • Amazon CloudWatch
  • Amazon S3
  • Microsoft Azure Log Analytics
  • Microsoft Azure Event Hubs
  • Apache Kafka
  • REST API, for streaming your log data to the instance in JSON format

Event Management news

For Event Management it is now possible to integrate Grafana events out of the box and plugin directly to the Event Management engine in ServiceNow. Additionally, ServiceNow has added support for EIF format (Event Integration Facility). It might sounds obscure, but this format is the de-facto standard format for a lot of IBM products. With the closer relationship between ServiceNow and IBM, this will save a lot of headache when integrating technologies such as IBM Tivoli and the corresponding monitoring agents.

Oracle Cloud Discovery – official support

Oracle Cloud can now fully be discovered by ServiceNow Cloud Discovery. Previously only available as an app to the ServiceNow App store, it is now fully integrated in the core part of Discovery. This means that cloud resources that customers have in oracle cloud can now be real-time refreshed and included in the CMDB with a very simple connection.

Kubernetes and cloud components in Service Maps

For organizations that are using tag based service mapping, the latest release will make a big difference. Previously every resource that needed to show up in a tag-based service map also needed a tag. Although this principle makes sense from a logical standpoint, in containerized environments, not every pod and component is tagged.

In the Rome release Kubernetes and cloud components can now be automatically be included based on their relationships. In other words, you just need to have the parent tagged in order to include children.

Tag Governance – a new application

Tag Governance

Keeping track of tags in ServiceNow have already been possible for a few releases. But with the latest release, the capability have been lifted to entirely new levels. This is perhaps the most exciting product in the Rome release in our opinion.

With the new tag governance application, tags can be tracked, certified and kept up-to-date through workflows and rulesets. But perhaps more importantly, any tags that are found not be compliant with the defined rules can be remediated. In other words, ServiceNow can correct tags in Azure, AWS and other cloud platforms.

A single pane of glass to keep track for the tagging across multiple clouds and applying smart workflow logic. Isn’t that what we love about this platform?

Read more in the official community post here.

Summary and final thoughts

As we can see each release continues to be packed with additions to the ITOM portfolio. It appears like ServiceNow is pushing with full force towards keeping control, visibility and compliance on cloud resources and modern architectures (containers, serverless).

Additionally, in the latest release we also see evidence of just how serious ServiceNow are about bridging in to the space of observability and site reliability engineering. With the recent acquisition of Lightstep, a DevOps observability platform, ServiceNow chooses to strategically position themselves towards the modern era of IT Operations more and more.

Exciting times!

Einar & Partners adds ITOM expertise to The Cloud People in new partnership

Einar & Partners have entered a partnership with The Cloud People, a ServiceNow- & Google partner based in the Nordics. The partnership will strengthen the mutual cooperation between the companies in the areas of modern IT Operations powered by Machine Learning & AI.

The Cloud People – Smart Resourcing

The Cloud People approaches projects and engagement through a new method of “smart resourcing” for consulting – leading to the right skills getting involved at the right time. The methodology aligns well with the philosophy of Einar & Partners, where we believe in pinpointed and target efforts as a good substitute for more traditional implementations.

ITOM Expertise to the Nordic market

The partnership’s goal is to expose Einar & Partners resources (with their unique industry insight and experience in ITOps) towards the eco-system of The Cloud People.

The IT landscape is growing more complex, with IT shifting more workloads to the cloud and experiencing a surge in modern DevOps practices. As a result, the demand for strategies that reduce complexity is massive, with machine learning & AI knocking on the doorstep.

This is where Einar & Partners meet with The Cloud People, providing A+ ServiceNow ITOM resources to companies who want to simplify the nature of their ITOps.

Below are some comments from the leadership team. 

“We’re thrilled to expose our expertise to the network of The Cloud People. But perhaps more importantly, we feel there’s fundamentally a strong common ground between how projects should be delivered, with a no-fuzz approach and full transparency. It will be an exciting future, that’s for sure.”

Alexander Ljungström, Managing Director @ E&P 

“The Cloud People are all about finding the right talent for the right job. With the partnership of Einar & Partners, we are taking our ServiceNow ITOM skills and capabilities to a whole new level. We look forward to working with Einar & Partners team to bring added value to our customers around the world.”

Hannes Hirvikallio, Director & Advisor @ The Cloud People 

More Information:

The Cloud People A.S
Rådhusgata 5, 0151
Oslo, Norway

+47 23 29 23 00

Einar & Partners B.V
Herengracht 420, 1017BZ
Amsterdam, Netherlands

+46 8-559 25 275

Amsterdam/Oslo – 22/04/2021

Masterclass: Service Mapping Demystified

Welcome to our second masterclass about creating real value from the ITOM portfolio in ServiceNow. This particular masterclass will cover service mapping and the factors to consider for creating a successful rollout.

The ultimate end-goal for any Service Mapping project is to map infrastructure to the application layer automatically. However, there are many pitfalls, especially in a dynamic and DevOps-driven world of cloud and infrastructure.

Based on over 15 Service Mapping implementations and rich practical experience, industry-leading experts will share their lessons. In this fast-paced webinar by Einar & Partners and iTSM Group, we will cut to the chase of the strategies that work and what does not.

Who is the webinar for?

The webinar is aimed for decision-makers, experienced consultants, and platform owners who are planning to rollout Service Mapping in ServiceNow. During the one-hour session, listeners will find out about the organizational- & budget aspects for success, the technical hurdles to overcome, and proven models to formulate a rollout plan for Service Mapping.


We assume any attendees are already familiarized with the concept of ServiceNow discovery and what it does. If not click here to read more.


Alexander Ljungström, who previously worked at ServiceNow in the Service Mapping team and Fabian Kunzke, ITOM- & AIOps lead (iTSM Group), will disclose their knowledge without any sales-fuzz or reiterating product documentation.

Alexander Ljungstrom, Managing Director & ITOM enthusiast @ Einar & Partners.

Alexander Ljungstrom

“Having previously worked in the ITOM team at ServiceNow, leading the ITOM BU at Fujitsu and now days the forefront at Einar & Partners – Alexander have helped over 40 organizations transformed with ITOM & the ServiceNow platform.”

Fabian Kunzke, AIOps & ITOM Lead @ iTSM Group

Fabian Kunzke

“Fabian is the AIOps & ITOM lead at iTSM Group. With great technical experience in multiple large-sized ITOM rollouts, and avid community contributor, he gives a strong innovative and sharp technical view on the ITOM journey. “

Quebec ServiceNow

10 most significant ITOM news in Quebec

The Quebec version of ServiceNow was recently released to the general public and available for upgrade to customers. For ITOM- & AIOps enthusiasts in the industry, the new release is packed with exciting new additions and completely new product offerings from ServiceNow. It was a long time ago so many updates were added to ITOM and we’re very excited about what new innovation it will bring. To get people up to speed, we’ve compelled this deep-dive article of the 10 most significant and essential ITOM updates in Quebec.

Loom becomes Health Log Analytics – machine learning for log-data

Approximately a year ago, ServiceNow acquired Loom Systems. The company produces a platform which can detect, analyze and act on anomalies in log data across the IT landscape. As we all know, today’s dynamic IT infrastructure generates huge amount of logging. As a matter of fact, logs are the primary tool for SRE’s and engineers during root cause analysis and troubleshooting.

One year later and we can witness Loom System for the first time integrated as a native product in ServiceNow ITOM platform. The new product is called “Health Log Analytics” and it ties directly into the ITOM Health part of ServiceNow (event management & machine learning).

This is a potential game-changer in the ServiceNow AIOps portfolio. Customers can connect to Elasticsearch, Splunk and many more tools to start ingesting log-data to ServiceNow in realtime. With the proprietary and powerful machine learning algorithms that the platform provides, ITOps teams can see anomalies, trends, and log-data patterns at the tip of their fingers.

Traditional metrics are becoming more outdated and with the explosion of DevOps and containerized environments, log-data is more critical than ever before. We can already now start seeing synergies between the Agent Client Collector for monitoring logs and Heath Log Analytics .

For a quick overview of Health Log Analytics, see the video below by ServiceNow.

Kubernetes Discovery Improvements

Kubernetes ServiceNow Dashboard

Kubernetes and containerized environments are more and more important. In the latest Quebec release, customers have the ability to track the YAML files for Kubernetes configurations. By tracking the configuration files, you essentially audit the YAML setup for Kubernetes which is very powerful in troubleshooting scenarios. Additionally, customers who are relying on Istio service mesh can also discover the service mesh fully.

Site Reliability Operations – Track your microservices

Site Reliability Operations ServiceNow

Speaking of microservices, in the past months ServiceNow has deployed an excellent app to their app-store for registering and tracking microservices. Through the “Site Reliability Operations” free application, developers can easily register microservices in ServiceNow. Additionally, it has an API that can be hooked into CI/CD pipelines to keep microservices up-to-date. Integrated with Event Management and lifecycle workflows, the application is an excellent way to bridge DevOps into IT Operations.

Changes to licensing model (node counting)

In Quebec PaaS-managed virtual machines and desktops are no longer counted towards the licensing cost. To quote ServiceNow:

“You can identify virtual machines (VMs) that are used as desktops (such as VMware VDI) or managed automatically by PaaS (such as AWS EC2 Container Service). You can exclude VMs from the Server Licensed Resource category.”

ServiceNow Documentation – Quebec Release

Machine Learning in Service Mapping

Traffic Based Service Mapping

When running traffic-based service mapping, ServiceNow will automatically track TCP traffic occurrence and frequency and apply machine learning to the dataset. Over time the platform will learn what likely candidates should be included in Service Mapping, their role, their function and give “connection suggestions”. For companies that run application stacks with a lot of incoming and outgoing traffic, this is an excellent way to discover “shadow-dependencies”.

ServiceNow will try to categorize if connections and CI’s have one of the following functions:

  • Central: Connection used by the entire organization. For example, SSO.
  • Observer: Likely an application deployed in many places of the infrastructure. For example, monitoring agents.
  • Middleware: The connection is a middleware component that exchanges data between multiple services.
  • Internal: A connection only occurring for a particular application service.

Audit MID-server calls for increased security insights

MID-server calls, such as WMI, SSH or WinRM are now audited in a structured way. Discovery administrators can now easily see what machines have recently received remote calls, status, timestamp and trigger. This is a small but important feature that will be highly relevant for a lot of security teams.

Credential aliases – pinning credentials to discovery

Speaking of security, credential aliases can now be used in discovery. For readers who are unfamiliar with this concept, it used to only exist in orchestration, whereas you can “pin” credentials to activities. Now you can use this functionality for discovery, which is a big improvement from a security standpoint. Administrators and the security team can lock credentials on an even more granular level to apply for specific discovery schedules.

Help the helpdesk gone

The good and old-school “Help the helpdesk”-script came into existence before the discovery product. It’s one of the oldest relics in the ITOM suite and has been a faithful companion for many, many releases. But like with many stories, all good things come to an end. The script, which was reasonably outdated by this point, has now been deprecated.

What will replace it? Most likely the agent client collector with agent-based discovery in the future.

IntegrationHub updates

For those who love the flowdesigner, IntegrationHub has been updated with some serious goodies. If you’re an old-school workflow-guru, you will remember the “scratchpad” variables. This is now also a feature in flow designer. Additionally, from an ITOM perspective, you can now write direct SQL queries through JDBC and transfer files through SFTP.

New Linux installer for MID-servers

The Linux installer for MID-servers has received an extensive upgrade in cosmetics and user-friendliness. The new installer guides users through a user-friendly manner during installations to ensure that system requirements are met accordingly.


As we can see, the new Quebec release is absolutely packed with a lot of new innovative features, especially related to machine learning, algorithms and anomaly detection. We’re especially excited about the improvements in Service Mapping for traffic-based connections as well as the new fantastic Health Log Analytics addition. An exciting future and year head!

What do you think is the most exciting feature? Let us know in the comments below.

Creating a kick-ass ITOM roadmap after discovery: Part 1

At the beginning of February 2021, Einar & Partners hosted a webinar with iTSM Group about the factors to consider when moving beyond discovery in ServiceNow ITOM. Many organizations that purchase ServiceNow find themselves stuck in moving beyond the basic CMDB and ITSM setup.

This article is an in-depth report by Einar & Partners on how to move away from stagnation to harvest the benefits of IT Operations Management.

Welcome to our deep-dive about creating the ultimate ServiceNow ITOM Roadmap after Discovery.

Before we get started – let’s define a roadmap

When approaching ITOM transformations in the industry, one will often find that a roadmap is drafted and created based on the available ServiceNow ITOM modules, or sometimes – the licensing model.

Such as ITOM Visibility, Health & Insights.

Although this approach is not wrong, we argue that it does not constitute a roadmap per se, but rather a module- or license ramp-up model.

In other words, a roadmap should not be driven by when functionality is enabled, but by the needs of the organization (and therein lies the priorities).

Ultimately the ITOM modules or licensing ramp-up should come as a result of a planned roadmap – not the other way around.

To give a practical example, think of the difference “In 6 months, IT should be doing automatic impact analysis” compared to “In 6 months we are going to activate licenses for Service Mapping”.

The former is the driver, the latter is the result.

Simplifying the ITOM portfolio

Perhaps you are a decision-maker who is planning for ServiceNow ITOM, or perhaps you are a consultant that finds yourself embarking on the ITOM journey advising a client. Regardless of your job or purpose for being interested in an ITOM roadmap – let’s try to first simplify the ITOM portfolio.

Have a look at the blueprint below. As you can see there are many modules to take into consideration (click on the images for larger size).

Functional blueprint ServiceNow ITOM

To make things simple, regardless of which modules we are interested in – the road we take after discovery can generally be categorized in one of two areas; Business- or IT Innovation.

In this article, we will cover the first area of business innovation. One assumption before we continue is that your organization already is using ITSM and have a basic CMDB coming from ServiceNow Discovery.

Business innovation in ServiceNow – what’s that?

Business innovation might sound like a fuzzy concept made out of buzzwords, so let’s debunk what it means in the context of ServiceNow ITOM. With business innovation the primary benefits are:

  • Moving to a service-minded mindset as an organization – defining service portfolio, mapping IT services and application portfolio management. The framework encompasses everything from enterprise architects to service owners, application owners, IT staff & end-users.
  • The ability to measure, report and benchmark business KPI’s
  • Internal billing & cost calculations
  • Accurate and up-to-date mapping of IT services and what role infrastructure play in the bigger picture

Business innovation aims to have clear definitions of what services an organization provides to internal- and external users. Thanks to a service-oriented definition throughout the organization, internal billing, support, reporting & impact analysis can be made a reality (as a few examples).

In the ServiceNow ITOM language this means getting started with CSDM tightly followed by Service Mapping (to map IT services).

Avoiding budget overspend for CSDM & Service Mapping

Starting with CSDM (common service data model) and Service Mapping is an organizational effort more than anything else. As the ServiceNow team embarks on the journey to implement an application- & service portfolio, pretty much the entire organization will be involved in one capacity or another.

The bulk of the effort is coordinating between different stakeholders. Such as service owners, application owners, enterprise architects, process owners, technical staff, and the support organization. With the end-goal of defining the service- & application portfolio (including IT services).

Many organizations find this journey overwhelming and hire expensive consultants to do the work for them, but the reality is that the determining success factor is an organization’s involvement and ability to bring together, prioritize and agree upon definitions more than anything.

Average implementation time

When starting with CSDM and service mapping to build a portfolio, the time to completion might vary greatly depending on several variables (like with any project). It is essential to understand that CSDM and Service Mapping is an ongoing journey with no real end-date as such, but merely different milestones. It is expected that elements will change, iterate and be refined upon over time.

The main factor determining the implementation time and budget is the organization’s existing maturity of service awareness. An organization that already has a certain degree of “service-minded” definitions, albeit informal, will have a more comfortable journey than a fragmented organization that starts from a large legacy.

See example below:

Service Mapping Implementation time

Notice how the size of the organization necessary isn’t a variable, or play a big part. Global organizations of thousands of employees can be quicker than small regional organizations if the conditions are right.

Build- & maintaining CSDM & Service Mapping

During the build phase of “Business Innovation” typically 1 FTE is required. The primary work of this person would be to map IT services with Service Mapping. Most of the time the FTE translated to a Service Mapping Specialist familiar with the product.

There’s also an internal investment spent with agreeing on services & definitions from a broader perspective. During the maintenance phase of Service Mapping, the ongoing up-keep typically translates to 0.5 FTE.

We recommend training an in-house resource for maintaining Service Mapping and formalize the role (Service Mapping Specialist).

The cost of implementing CSDM & Service Mapping

With the right approach, consultancy companies should be engaged on a strategic “need for”-basis. For example, the initial efforts of mapping services and assisting with framework/governance structure for CSDM. Too many organizations fall into the pitfall of having consultants start to finish when it comes to CSDM. If the conditions are right, with good coordination and buy-in from leadership – consultants can be used smartly.

The majority of the budget allocation is an organization’s internal effort when defining services and engaging infrastructure teams for mapping the IT services. The cost of configuration and development is neglectable in the grand scheme of things.

Keep in mind that to utilize Service Mapping discovery must first be in place (providing a basic CMDB).

Licensing cost

From a ServiceNow licensing perspective the ITOM package called “ITOM Visibility” is the more strategic choice for most organizations, as it includes a bundle of both Discovery- & Service Mapping licenses. The rest of CSDM comes without licensing costs as it is part of the normal CMDB.

Tip: Consider combining ITOM modules for better “deals” at ServiceNow

Many organizations stuck on the CMDB plateau

We meet some clients and organizations who feel “stuck” on the basic ITSM with some discovery data in place. Often the question is how to proceed and if it pay’s off to start with CSDM & Service Mapping.

Below we can see an example of the most common setup driving the need for change.

Progressing beyond Discovery ServiceNow

To get “out of the CMDB plateau”, we suggest following the previously mentioned tips- & recommendations. They are summarized below.

  • Simplify the priorities and try categorizing them according to business- or IT innovation
  • For business innovation (CSDM & Service Mapping) the majority of the effort will be an internal one
  • Agreeing on definitions and how to describe services tend to engage multiple different teams and require much input
  • The maturity of where the organization already are in regards to service-oriented thinking will also determine the timeline
  • The most important factor is the ability to coordinate, tightly followed by leadership buy-in

Ultimately, embarking on a journey of CSDM is a cultural shift in mindset. The goal is to have the business & IT agreeing upon a standard method for describing the services they provide in the organization.

Next steps from here

Our next article will dive into the “IT Innovation” part and how it relates to business innovation. We recommend our readers to familiarize themselves with the topic by watching our webinar below about ITOM roadmaps (on-demand).

Any questions? Feel free to contact us without any strings attached.

Partnership Announcement AIMS

Einar & Partners enters global partnership with AIMS Innovation

Einar & Partners have entered an exclusive agreement with the innovative and upcoming AIOps vendor AIMS Innovation. AIMS Innovation, based out of Norway, provides the market with a unique AIOps platform. The platform aims to cut implementation time and costs for enterprises and companies wanting to get started with anomaly detection and AIOps.

AIMS – The quickest way to reach AIOps 

AIMS is a platform specifically tailored for enterprises that want quick time-to-value and ROI when it comes to anomaly detection and observability. AIMS can be installed in a matter of hours and start monitoring the infrastructure across the stack for anomalies and deviating patterns.

AIMS initially started as a scientific research project at the University Of Oslo and has in the past years seen big commercial success with well-renowned multinationals using the platform. The platform utilizes it’s own and proprietary algorithms developed by industry-leading data scientists.

Thanks to AIMS, enterprises can easily tap into over 200 different technologies and telemetry data sources to generate anomalies, service topologies and behavioral reports in real-time. The platform’s ultimate goal is to provide the next level of observability in a user-friendly and low-code approach – cutting time-to-value and increasing ROI.

A partnership of strategic value 

The partnership between AIMS Innovation and Einar & Partners is unique in the market and of strategic value. With in-depth industry expertise in AIOps, both firms will offer a combined approach to get started with AIOps faster than with any other platform in the market. 

Einar & Partners will deliver a special ServiceNow integration between the AIMS platform and ServiceNow ITSM & ITOM. The integration aims to enrich and complement the ServiceNow platform with anomaly incidents, anomaly alerts and CMDB data from AIMS. 

Furthermore, Einar & Partners will facilitate stand-alone rollouts and implementation expertise of the AIMS platform towards customers around EU. With Einar & Partners’ strategic mindset in combination with the technology from AIMS Innovation – the partnership represents a synergy difficult to find elsewhere.  

Below are some comments from the leadership team. 

“We’re very excited about this partnership. The intellectual property and scientific background of AIMS align very well with the philosophy we have – to always push the limits of what AIOps can do. We’ve seen evidence of this platform truly can scale in enterprises and we’re excited about the integration possibilities to other platforms.”

Alexander Ljungström, Managing Director @ E&P 

“At AIMS we have invested for years in scientific research and development of the AIMS platform.  We have patiently been waiting for the AIOps market to mature.  Our mission is to make AIOps affordable and available for any organization of any size.  This is a fundamental belief shared with Einar & Partners.  Bringing our unique technology to market requires working with the best and the most innovative in the AIOps eco-system globally – and that Einar & Partners represent.”

Ivar Sagemo, CEO @ AIMS Innovation 

More Information:

AIMS Innovation A/S
Gaustadalleen 21, 0349
Oslo, Norway

+ 47 4822 3424

Einar & Partners B.V
Herengracht 420, 1017BZ
Amsterdam, Netherlands

+46 8-559 25 275

Amsterdam/Oslo – 27/01/2021

Optimal ITOM roadmap after Discovery – how?

How does the optimal ServiceNow ITOM roadmap look after implementing discovery and CMDB? A simple enough question but with many possible answers and factors to consider.

Many are aware of the ServiceNow portfolio and what the possibilities in ITOM are. Yet few people know how to intelligently leverage the different ITOM modules for optimizing time-to-value, speed of implementation and ROI when moving beyond discovery.

Based on over 40 implementations of ITOM and industry leading experience, Einar & Partners together with iTSM Group is providing an in-depth session for platform owners, architects and decision makers interested in optimizing their ServiceNow ITOM journey.

In our webinar you’ll learn what really matters when moving beyond discovery; avoiding common pitfalls, boosting ROI and tackling organizational obstacles behind each decision. This will directly help to make educated decisions based on real experience that cut’s implementation time and saves budget.

Who is the webinar for?

Platform owners, budget makers or technical architects interested in learning the bigger picture and realistic efforts behind each ITOM module to create successful models for rolling out ITOM.

What do we promise?

This is not your average sales-pitch or “scratching-the-surface” webinar. Our webinar is pure knowledge condensed in 60 minutes – covering both technical and organizational aspects.

Why should I listen?

To get an insight into realistic implementation time, ROI, organizational challenges and technical pitfalls not mentioned in the product documentation for ITOM. Ultimately allowing you to create a fact-based and successful model to move beyond discovery.


We assume any attendees are already familiarized with the concept of ServiceNow discovery and what it does. If not click here to read more.


Alexander Ljungstrom, Managing Director & ITOM enthusiast @ Einar & Partners.

Alexander Ljungstrom

“Having previously worked in the ITOM team at ServiceNow, leading the ITOM BU at Fujitsu and now days the forefront at Einar & Partners – Alexander have helped over 40 organizations transformed with ITOM & the ServiceNow platform.”

Fabian Kunzke, AIOps & ITOM Lead @ iTSM Group

Fabian Kunzke

“Fabian is the AIOps & ITOM lead at iTSM Group. With great technical experience in multiple large-sized ITOM rollouts, and avid community contributor, he gives a strong innovative and sharp technical view on the ITOM journey. “

ITSM Group and Einar & Partners

Einar & Partners enters partnership with ITSM Group

Einar & Partners are happy to announce the major news that we’re entering a strategic partnership with ITSM Group – a ServiceNow elite partner in the DACH region. ITSM Group is veterans in the German-speaking market in regards to digital transformation, enterprise service management, and organizational transformation.

Approaching the market in DACH

Jointly approaching the market in D-A-CH, the partnership aims to launch successful AIOps- & ITOM transformations to drive innovation at scale around the region.

Combining both companies’ forces and innovative nature into one mutual approach creates leading quality in the german-speaking market for ServiceNow ITOM & AIOps; difficult to find somewhere else.

Together the two companies will be at the forefront of ITOM, helping clients in the region from a strategic, organizational and technical perspective.

The specialized competence from Einar & Partners, and their successful strategies around ITOM programs, with the local expertise and in-depth knowledge at ITSM Group – form a winning alliance.

Our view on the partnership

Alexander Ljungstrom, Managing Director at Einar & Partners describes his view on the partnership.

Alexander Ljungstrom

“We’re extremely pleased with the partnership, entering 2021 together as a joint force in DACH. With special competence in DevOps, and resources with the technical know-how in ServiceNow ITOM – ITSM Group was the natural choice for us.”

Alexander Ljungstrom, Managing Director @ E&P

Fabian Kunzke, AIOps & ITOM Lead at ITSM Group comments on the partnership below.

Fabian Kunzke

“We’re equally excited to enter this new partnership in 2021. The reputation and in-depth strategic expertise at Einar & Partners is rock-solid and creates fantastic synergies between our companies and resources.”

Fabian Kunzke, AIOps & ITOM Lead @ ITSM Group

Amsterdam, 15/12/2020 - 08:00 CET

Further Information

iTSM Group
Siegfried Riedel
Am Kuemmerling 21-25
D-55294 Bodenheim
Phone: + 49 61 35 93 34 0

Further Information

Einar & Partners
Alexander Ljungström
Herengracht 420
1017BZ, Amsterdam
Phone: +31 6 146 55 199

Discovery ServiceNow ITOM

Succeeding with ServiceNow Discovery & ITOM

Having a successful discovery project is not easy, as a matter of fact, it is one of the most challenging areas of ITOM to “get right”. ServiceNow Discovery serves as one of the main tools to create a reliable data layer used in other processes. Through using discovery organizations get their meta-data, cloud/PaaS & infrastructure in order. Yet how come so many organizations fail in this endeavor? In this article we deep-dive into the most critical areas to succeed with ServiceNow Discovery.

The three strategic pillars of discovery

Discovery typically comes as an exercise for the entire enterprise and leadership team. We have chosen to categorize the different topics into three strategic pillars through our Einar & Partners experience. Each pillar is of equal importance yet many customers, enterprises, and experts focus on just a few. As the old cliché goes, sometimes one can’t see the forest from the tree’s.

Discovery Best Practice ITOM ServiceNow
Our quick reference chart of the most critical areas to keep in mind


The perhaps most important pillar is the organizational one. Discovery is not so much a technical exercise as it is organizational. Based on our experience, over 80% of failed discovery projects fails due to neglect in this area.

Security Policies

Security and discovery go hand-in-hand. It is of critical importance to align with the security team at an early stage. This is especially common if you are an organization with a lot of legacy IT. Exposing your entire infrastructure inventory in the cloud can be sensitive. Then there’s also the questions about credentials, encryption, security and access. Failure to involve the security team early might cause unpleasant discussions at best and a complete stop of the project at worst.

Political buy-in

Political buy-in does not necessarily mean the management team, although that’s also important. It’s more about finding champions within the organization that can work as diplomats. If you do not already use a discovery tool or have a CMDB, there’s a large probability that it will become a politically sensitive topic. Why? You might ask. Job security is the answer based on our experience.

When introducing a discovery tool people fear their relevancy and role. Silo’s of data is often a thinly hidden veil of a firm’s internal boundaries. Different departments within a company, afraid of relinquishing power, are loth to share their data or change what they collect and how. There for getting the political influencers and buy-in is extremely critical and one of the more difficult tasks.

Roles & Responsibilities

Expecting a successful discovery project? Then expect to allocate budget for some new roles and responsibilities. Failure to do so results in little to no accountability and frustration from co-workers who suddenly are expected to help without formal approval. Setting expectations towards the organization, assigning the right roles and who is in the driver seat is a must.


Having solid processes are critical to succeed with discovery. After all, we’re trying to coordinate potentially hundreds of data sources and stakeholders into one data lake at the end of the day. Not streamlining the processes regarding how to execute is dangerous. Thinking one can do things “ad-hoc” as the need arises? A critical mistake too many organizations fall victim to.

Access & Credentials

Tightly aligned with the security policies and team, this is one of the more critical pieces. How will credentials be created, facilitated and stored for discovery? When a new system or source is connected so must the credentials be. Following a rigid process for handling of credentials regarding discovery is a critical puzzle piece.

Firewall changes

When working with discovery there is a need to allow access and open firewalls. Some organizations have a very fragmented network or have strict segmentation. Relying on a process for how to maintain firewall openings suddenly becomes very important. The right ports, the right subnets and the right protocols must be documented and managed. Without it you’re running into the risk of constant errors, access issues and long lead-times to get a successful discovery going.

Rollout method

We’ve seen discovery projects complete in two months and we’ve seen them finish in two years. It all depends on the rollout method and how you plan around it. When rolling out discovery it can be done in many different ways. Yet one common factor is the coordination between different teams and sign-off by CI owners. Choose the right rollout method and stick to the planning.


The last pillar of the discovery strategy is to get your house in order from a technological perspective. Neglecting this part might lead to a successful discovery project but without anybody using the data or caring about it.

Scoping CI Classes

One of the first and most crucial step is to scope the appropriate CI classes. Meaning, what do we want discovery to discover for us? This determines which key stakeholders to involve. Who investigates and inspect the data, and who uses it? Having a clear scope of CI classes to include, preferably in a stepped approach is our recommendation.

Subnets and sources

Once CI classes are scoped it’s time to dig deeper into the different network segments and sources. Where is the data residing and how to we access it? Where are the credentials stored and how can we optimize the discovery schedules? If you are a global company with data centers spread across the world, multiple clouds and local differences, this exercise tends to be the most time-consuming. Optimize the discovery for which networks and sources to target (and when) ensures stability and consistency.

Sign off by CI owners

Different CI owners also have different requirements. Some owners might be concerned on the impact of the network. Others on the impact on CPU & Load. Meanwhile the third team might be worried about the data quality and individual attributes. In other words, it’s essential to have a governance process for CMDB and to have CI owners inspect and sign off discovery results. This way they also feel more connected to the project and are more likely to use the data.

Conclusion – making discovery successful

As we can see, there are many elements to a discovery rollout that need to be in place for success. The one’s mentioned above are just a few with many more puzzle pieces in the equation. More than anything it is indeed an exercise of politics, coordination and careful planning. Spending adequate time in the preparation phase is key to having a long-lasting discovery success. At Einar & Partners we recognize these elements and the sensitivity of each area. We therefore hope that our readers and clients will find this quick-guide useful moving forward in their discovery adventures. And as always, we’re here to help.

AIOps Self Healing

Self-healing & AIOps – demystifying the hype

A hot topic within AIOps is without a doubt the promised land of self-healing, where an AIOps solution is assisting engineers and SRE’s with automatic actions. But just how efficient is the technology of self-healing? Can it be relied upon or is it merely a buzz-word with little to no practical use? This introduction article from Einar & Partners covers the art of self-healing and what you can expect of it.

History and background

Typically an engineer or SRE has a busy job. One of the more intense positions within a company is having to be available at uncommon hours and fighting outages with unhappy end-users waiting for updates. How often have we not heard the joke of “never push to production on a Friday afternoon” to be followed up by a weekend of technical troubleshooting and pulling out hair in frustration? A horror scenario indeed but more and more common when organizations have to be extremely agile.

As indicated by the name, SRE – or site reliability engineer, has to be on-call and fix issues as they arise while ensuring the business runs smoothly. Statistics indicate that an SRE spends at best 50% of their time fixing issues (like at Google) and at most organizations significantly more. But zooming in on that statistics, the question asked by big organizations like Google and Amazon is, how is the time fixing spent?

The answer is quite simple, whereas most of the “troubleshooting” time is unfortunately spent on a concept called “TOIL”.

TOIL & DevOps – What is TOIL?

Toil is the repetitive, the mundane, the tedious and unproductive work that an SRE has to execute daily. In other words, the tasks that can be automated and create the most significant overhead in terms of time-investment for an organization. Some examples include fetching log-files, rebooting services, running scripts, finding information, service checks, applying configurations or copying and pasting commands from a playbook.

Unless an engineering department is not careful, too much TOIL can easily result in a burnout due to its dull and repetitive nature. Simultaneously, as engineers have to deal with TOIL overload, they are expected to contribute to the development and code-base of applications and services. This situation can easily create confusion about what an SRE is supposed to do. Fighting endless fires or contributing to design and optimization?

Why is TOIL bad?

  • Slows down innovation & progress
  • Reduction of quality due to manual work
  • Never-ending list of manual tasks that takes a long time to teach new resources
  • Burnout
  • High OPEX due to low efficiency

TOIL is the kind of work tied to running a production service that tends to be manual, repetitive, automatable, tactical devoid of enduring value and that scales linearly as a service grows“.

Vivek Rau, Google

Best strategy for automatic remediation?

How can organizations leverage modern solutions and technology to reduce the TOIL with the previous introduction in mind? In a DevOps world where any given application may have hundreds of microservices, states to keep track of, and endless dependencies; automation is vital.

A common misconception is that self-healing and automatic remediation will replace the in-depth troubleshooting that SRE’s and Ops perform. This is not the case, as fixing more complicated issues will always require skilled engineers for the foreseeable future. Implementing auto-remediation has a different focus and concentrates on automating the many small tasks rather than the few big.

Auto remediation and realistic use cases in AIOps

The philosophy of auto-remediation and self-healing is to shift the model that any given alert from an application should start with a human response. It flips this equation in favor of AIOps as the first point of contact rather than a person. Most applications and alerts have a set of standard steps to resolve a given issue. Sometimes, the steps are simple, like restarting a service or gathering data. Other times the fix can be to change a configuration or starting a workflow (think a decision tree).

On top of this Ops teams and SRE’s have the normally expected tasks, like acknowledging alerts, categorizing issues, prioritizing incidents and update tickets. Individually the tasks are very small but put them together and you end up with most of the time spent just repeating the same steps. Over and over again. Self-healing aims to remove the element of repetition from the equation.

How organizations can save time (for real)

The data suggests that a significant portion of the time that engineers spend is related to repetitive tasks. As such AIOps & automatic remediation are about helping relieve the pressure of these types of tasks. That way SRE’s and OP teams can focus on what really is essential, which is the troubleshooting and investigations where AI and automation fall short. The work only fit for the eyes and brain of a person.

Auto-remediation is there for merely another tool in the toolbox of engineers. A right AIOps solution should analyze historical solutions of issues, see what worked, and suggest appropriate actions for the engineers. With enough confidence (based on data) AIOps can start automatic workflows and trigger actions to assist the engineer in his work.

This way, engineers are allowed to focus on the work which matters and free up headspace from the manual tasks. Ultimately this will enable organizations to lower operational expenditure and have a more innovative workforce. The time saved on automating can be re-invested in further automation, creating a positive feedback loop.

Risks and pitfalls with self-healing

Unfortunately, not everything is as picture-perfect as the hypothetical world that AIOps often suggests. To fully realize the value of automatic remediation, several pre-conditions must be met, such as:

  • Having core data connected to the AIOps platform. Without historical knowledge of how incidents were resolved, what solution worked, and the relation to infrastructure changes, AIOps will have a difficult time suggesting actions.
  • Connecting monitoring data. Having alerts and monitoring data feeding the AIOps system is crucial to reduce volume and correlate which remediation fits to what alert type.
  • Culture of automation. The cultural aspect of automation must not be forgotten. Allowing employees to dedicate time to create automation workflows that can be used by AIOps is crucial.

In the end automatic remediation is about handling expectations about what it can and can’t do. We’re quite not at the stage yet where it replaces the role of an operator completely. Yet what an organization should expect is for AIOps to help significantly with the workload and to reduce operational tasks.

Always keep in mind that “anything a human can do, a machine can also do.”

Moving beyond self-healing

So far we’ve covered the concept of TOIL and how it relates to self-healing. But what comes after automatic remediation? There are many paths a successful rollout of AIOps can take, but the holy grail (at least in the year 2021) will be in anomaly detection and proactive alerts. Ideally, SRE’s and operators should focus on proactive alerts rather than reactive alerts. Meaning that anomalies and deviant behaviors can be detected early in logs, metrics, and infrastructure through machine learning. Hopefully, before a P1 ticket has been created.

Anomaly detection is not just buzz-words but one of the few areas where machine learning can be applied in the real world. Detecting outliers based on historical patterns is an area almost impossible for a human operator to engage in, as the sheer volume of metrics & alerts is simply too high. When SRE’s moves from just reacting to alerts to proactively observing the state and behavior of application and services – a technical wonder is in the making.

Getting to that stage is a maturity process just like anything else. A maturity process which more often than not starts with the organization and culture. If the mindset around how SRE’s spend their time does not change, and if TOIL is allowed to wreak havoc, the tools are of little importance at the end of the day.


Is automatic remediation a bit of hype? It depends.

Focusing on the real-world use cases and managing the expectations accordingly, one can quickly see that there is also truth to the story. Self-healing was never about replacing the complex and intrinsic nature of human troubleshooting abilities. It is about freeing up the time to allow people to focus on what matters.  

Starting to automate basic tasks such as gathering information and fetching data is a significant first step to self-healing. With connected monitoring systems and core data (like incidents, changes and problems) AIOps is allowed to form a better contextual awareness to automate remediation. Sometimes much better than what an operator ever could do on her own.

Final words

With the right investment, SRE teams’ costs can be significantly reduced and a culture of continuous improvement and automation is allowed to flourish. Spending time on reducing alert fatigue and TOIL will have resounding positive effects, both in terms of employee satisfaction and performance.

A happy SRE team is a team that is allowed to be innovative and creative. Creative brains are a valuable, limited resource. They shouldn’t be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

Wouldn’t you agree?