Cisco ACI Application

Installation and Configuration Guide

(4.2.6)
Contents
1. Overview
2. Comptaibility Matrix
3. Application Dependencies
4. Cisco ACI Application Installation
5. Upgrade Application
a. Backward Compatibility for Endpoints
b. Backward Compatibility for Health and Fault table
c. Best Practices
6. Configuration Instructions
a. Permission and Roles
i. Procedure
b. Create Users
i. Procedure
c. MID Server Installation
7. Use Cases
a. Setup and Support
i. Guided Setup
ii. In App User Guide
b. Dashboard
c. MSO Configuration
d. MSO Discovery
e. ACI Configuration
f. Remote User Access
g. Cisco ACI Discovery
h. Cisco ACI Incremental Discovery
i. APIC and MSO Configuration Deletion
j. Nexus Switch Configuration
k. Cisco Nexus 9K Inventory Discovery
l. Nexus Switch Configuration Deletion
m. Cisco ACI Health and Faults Configuration
n. Cisco ACI Notification Configuration
o. Configuration for Endpoint Relationship
p. Creating MO on APIC by Automated workflow of Service Catalog:
i. Create MOs Using Portal Pages
 ii. Create MOs Using ServiceNow’s standard UI
q. Creating Tenant or Deleting Tenant from APIC
r. Configure Cisco ACI Components
s. Relationship between various Components
t. Flag for Deleted MOs in SNOW
u. Cleanup Scripts
v. Firmware Management
i. Fimware Remote Location
ii. Target Firmware Versions
iii. Fetch the Firmware Versions from the APIC
iv. Controller Upgrade
v. Switch Upgrade
vi. Fetch the Node Groups from the APIC
w. Cisco ACI Snapshot Management
x. Cisco Nexus Switch Snapshot Management
y. Additional Component Support
z. Process Monitor
aa. Invalidate Job
8. External Systems Connection
9. Support, Troubleshooting and Testing the Configuration
a. Support
b. Troubleshooting
c. Troubleshoot based on the Use Case
10. Known Limitations
11. FAQs
1. Overview
Cisco Application Policy Infrastructure Controller (APIC) centrally manages the Cisco ACI Fabric. Cisco ACI Fabric
includes Nexus 9000 Series switches run in the leaf/spine fabric mode. Cisco APIC has the knowledge of data center
fabric switches, servers/VMs and applications consuming these fabric resources. This rich information on network,
server and application is discovered through RESTful interfaces supported by Cisco APIC to populate ServiceNow
CMDB.

2. Comptaibility Matrix
This section lists down the ServiceNow compatible versions with Cisco ACI application.
ServiceNow Version : Tokyo, Utah, Vancouver and Washington DC
APIC Version : 4.x, 5.x
MSO Version : 2.x, 3.x

3. Application Dependencies
MID Server must be accessible from ServiceNow instance
Cisco APIC must be accessible from MID server
Cisco APIC REST APIs must be allowed from MID server
Cisco Nexus 9K Inventory Management has dependency on the following system plugin(s) that need to be installed
separately

Plugin ID Name

com.snc.cmdb Configuration Management

(CMDB)

com.snc.incident Incident

com.glideapp.servicecatalog.platform Service Catalog Platform

4. Cisco ACI Application Installation
Steps to install the application from ServiceNow Store:

Users with the System administrator(admin) role can install the application from the ServiceNow Store.
Go to https://store.servicenow.com
Search for the Cisco ACI application on the search tab.
Click on the Cisco ACI Application.
Click on the “Get” button and enter the HI credentials of your vendor instance.
Once it is added successfully then open the vendor instance and Navigate to Applications > All Available
Applications > All. (for Orlando,Paris and Quebec).
Find the application using the filter criteria and search bar.
Next to the application listing, click Install.
5. Upgrade Application
Steps to upgrade application from the store

Log in to the instance Navigate to System Applications > All Available Applications > All.
Find the application with the filter criteria and search bar.
Next to the application listing, select the version to install.
Click Update.

Note: - Existing workflow activity will not be affected by the Upgrade process.

5.1. Backward Compatibility for Endpoints

Note: This step is required only if you are upgrading your Application from older version to newer version. If you are
installing a new Application then you can skip this step.

Steps to get backward Compatibility for Endpoints.

Navigate to “System Definition” → “Scripts – Background”. This will open a text box to run a script.
Copy the following script into the given box and run this script in “global” scope.
Click on Run script.
var sysIDOfDeletedFabricInterface;
var grDistinct = new GlideAggregate('x_caci_cisco_aci_i_cisco_ep_instance');
grDistinct.groupBy('name');
grDistinct.groupBy('ip_address');
grDistinct.query();
function getRelationshipSysID(parent_descriptor) {
var tableGr = new GlideRecord("cmdb_rel_type");
tableGr.addQuery('parent_descriptor', parent_descriptor);
tableGr.query();
if (tableGr.next()) {
return tableGr.sys_id;
}
}
function deleteRelationship(epInstancesSysId, epInstanceName, fabric_interface) {
// deleting all the relationship
var tableGr = new GlideRecord('cmdb_rel_ci');
tableGr.addQuery('parent', epInstancesSysId).addOrCondition('child', epInstancesSysId);
tableGr.query();
if (tableGr.next()) {
tableGr.deleteMultiple();
}
else {
gs.info("No relationship found for EP Instance: " + epInstanceName);
}
// collecting the system id of deleted fabric node
var fabricInterfaceGr = new GlideRecord('x_caci_cisco_aci_i_cisco_fabric_node_interfaces');
fabricInterfaceGr.addQuery('name', fabric_interface);
fabricInterfaceGr.query();
if (fabricInterfaceGr.next()) {
sysIDOfDeletedFabricInterface.push(fabricInterfaceGr.sys_id);
}
else {
gs.info('Cannot able to find the Fabric Interface name: ' + fabric_interface);
}
}
function buildRelationship(epInstancesSysId, sysIDOfDeletedFabricInterface) {
// building relationship between EP Instance and Fabric Interface
var relationshipSysId = getRelationshipSysID('Runs on');
var relationshipTableStage = new GlideRecord('x_caci_cisco_aci_i_cisco_tenant_ap_relationship');
for(var sysIDOfFabricInterface in sysIDOfDeletedFabricInterface) {
relationshipTableStage.initialize();
relationshipTableStage.parent = epInstancesSysId;
relationshipTableStage.child = sysIDOfDeletedFabricInterface[sysIDOfFabricInterface];
relationshipTableStage.type = relationshipSysId;
relationshipTableStage.insert();
}
}
while (grDistinct.next()) {
var gr = new GlideRecord('x_caci_cisco_aci_i_cisco_ep_instance');
gr.addQuery('name', grDistinct.name);
gr.addQuery('ip_address', grDistinct.ip_address);
gr.query();
var totalRecord = gr.getRowCount();
if (totalRecord > 1) {
var flag = true;
var sys_id = '';
var allFabricInterface = '';
sysIDOfDeletedFabricInterface = [];
while (gr.next()) {
if (flag && gr.fabric_interface != '') {
sys_id = '' + gr.sys_id;
flag = false;
allFabricInterface = '' + gr.fabric_interface;
}
else {
allFabricInterface += ',' + gr.fabric_interface;
deleteRelationship(gr.sys_id, gr.name, gr.fabric_interface);
 gr.deleteRecord();
}
}
var finalRecord = new GlideRecord('x_caci_cisco_aci_i_cisco_ep_instance');
if(finalRecord.get(sys_id)) {
finalRecord.fabric_interface = allFabricInterface;
buildRelationship(finalRecord.sys_id, sysIDOfDeletedFabricInterface);
finalRecord.update();
}
}
}

5.2. Backward Compatibility for Health and Fault table

As the latest version of ServiceNow doesn’t support the tables which are extended from the Incident table. In the
Cisco ACI Application, the application does have two tables which are extended from Incident table i.e. Health and
Fault table.
With respect to ServiceNow best practices, the application is deprecating the support of old health and fault tables
which are extended from Incident tables. But to continue the support of health and fault functionality, the
application has introduced the new health and fault table which is not extended from the Incident table.
The application uses the new health and fault table in conjunction with Incident table to provide full support of
health and fault functionality. It will populate the data related to health and fault into their respective table and also
data related to Incident will populate into the Incident table and will create a relationship between both the data.
The application will seamlessly migrate the existing data of old health and fault table to new health and fault table
and will create the relationship with the existing data to continue the support of existing data of old health and fault
table.
The migration process may take some time and it solely depends on the number of records you have in the table i.e.
old health and fault tables.
Note : There is no change in naming convention of the health and fault application tables. Just the old health and
fault tables will be suffixed by Deprecated string.

5.3. Best Practices

It is recommended to run the full discovery of all the configured APICs after upgrading the Application.
6. Configuration Instructions
6.1. Permission and Roles
The application comes with one custom role out of the box. System roles must be added to these custom roles.

Role Required: System Administrator (admin)

Add these System roles to the Custom roles:

Custom Role System Roles to be added

CiscoACIAdmin(x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin) export_set_scheduler

6.1.1. Procedure
Navigate to Roles from navigator.
Search the custom role to which the system roles are to be added.

Open the record.

click the Edit button under the ‘Contains Roles’ Tab.

 Search for the system role you want to add in the custom role from Collection.
Move that role into Containes Roles List.

Click on Save Button.

6.2. Create Users

ServiceNow platform admin creates the various Cisco ACI users.

Username(For Description Role to be assigned Use case

Example)

mid user This user x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin, This user is used in

will be mid_server and ITIL configuration of the
added to the Note: add discovery_admin role if you are running this mid server and
config.xml integration for Cloud APIC as well responsible for
file of Mid- populating data
server. into ServiceNow.
Note : All the
communication
between
ServiceNow and
ACI will be done
through mid-server.
So a mid-server
user is compulsory
to create and
configure the mid-
server.
 Username(For Description Role to be assigned Use case
Example)

ACIAdmin This user x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin Discovery and

will be the and ITIL Incremental
admin of (Note: Make sure that Discovery
ServiceNow x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin
Health & Fault
Cisco ACI role is having the “export_set_scheduler” system role
pull
application added in it. If not then follow steps mention in above
and will “Permissions and Roles'' section) Create/update/d
have access elete the
to all the component
operation of from
the ServiceNow
applications. Service catalog
Snapshot
management
Firmware
upgrade

ACI User This user x_caci_cisco_aci_i.CiscoACIInventoryManagementUser Service Catalog

will be able and ITIL For more
to request information
MO on APIC related to
using Service Catalog
catalog. refer section
6.14 Creating
MO on APIC by
Automated
workflow of
Service Catalog

Request This user approver_user, catalog(optional: only give this role if you Service Catalog
Approver will be able want to give access for viewing the requested item as For more
to approve well as allow to create new request) and information
the request. x_caci_cisco_aci_i.CiscoACIInventoryManagementUser(to related to
approve the request from portal page) Service Catalog
refer section
6.14 Creating
MO on APIC by
Automated
workflow of
Service Catalog

Below is the example showing how to create an ACI Admin user and assign the
x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin role to it. Other users can be created in a similar manner by
assigning the corresponding role to him/her.

Role Required: = System Administrator (admin)

6.2.1. Procedure
Navigate to Organization = > Users.
Click the Users module.

On the Users list that is displayed, click New. A new user form is displayed.

Fill the form.

Note: The values shown in the following table and figure are example values.

Field Description

User ID Unique User ID for the role in your

ServiceNow platform instance. An example
is ACIAdmin

First Name First name of the person you are assigning

Last Name Last name of the person you are assigning

Title Job Title

Password The unique password created for this role

Email Unique email address

 Click Submit. Once submitted, you can assign the role.
On the Users list click on the name of the new user you have created just now, for example ACI Admin.
In user record go to the Roles section, and click Edit.
In the Collection column, select x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin and move it to the Roles
list.

Click Save.

6.3. MID Server Installation

Steps to install the mid server:
https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-server-
installation.html
7. Use Cases
7.1. Setup and Support
7.1.1. Guided Setup
Guided setup assists users with planning the roll-out of the product and performing the basic configuration to go live.
To configure the application using guided setup, navigate to “Cisco ACI Application” →“Guided Setup”.

Click on Get Started. Then ACI Admin will redirect to the screen below.
ACI Admin can mark the Task as complete by clicking on “Mark as Complete” and can skip the task by clicking on
“Skip”. ACI Admin can add notes to the task or view the previously added notes by Clicking on the “Add Notes(When
No Notes is added yet)”/”View Notes(When any note is already Added)”.
When ACI Admin Clicks on Mark as Complete, the Task will be marked as Complete as shown below. ACI Admin can
Skip the whole Task by clicking on Skip.

There are sub Tasks in each of the Main Tasks. ACI Admin can skip sub tasks individually by clicking on skip in
particular sub tasks.

Clicking on Configure will redirect ACI Admin to the servicenow page where ACI Admin can actually perform the
task.
 There are few steps that should be completed before performing other steps. Once the parent task is completed then
only child tasks will be unlocked. Once the task is unlocked then only ACI Admin can “Configure” it or “Mark as
Complete” it. Otherwise the UI Actions will be disabled.

Some of the Steps are mandatory to complete. So thoseTask/Subtask can’t be skipped

ACI Admin can assign Task/Sub Task to any user from assign to symbol.

Note: Some of the tasks can only be performed by system admin. So this type of task is read only for ACI Admin
from guided setup. For example - create Users, Give roles to the users etc.

7.1.2. In App User Guide

ACI Admin can see a brief description of Application from the Application itself. To see the InApp UserGuide navigate to
“Setup and Support”→ “Guide” from “Cisco ACI Application”.
7.2. Dashboard
ACI Admin can Select the 'ACI Overview' under 'Dashboards' in the application navigator to view Physical Inventory,
Application Inventory, Health and Faults. Filter of configured APIC IP is provided on the dashboard. Initially the total
count of entities are populated on the dashboard and only popular entities will be shown. If an ACI Admin wants to see
a detailed view then by clicking on the down arrow then He/she can see all the components of the inventory.

Cisco ACI Dashboard

Detailed view of Inventories

If ACI Admin selects Cloud APIC from the filter then only components which are fetched from Cloud APIC are visible
and Health and Fault data would be empty.

ACI Admin can apply a Date filter on Health and Faults. If ACI Admin didn’t provide a valid date then it will display
an error message. Users can clear the input given in dates by clicking on the “Clear Date” button.
 ACI Admin can Select the 'MSO Overview' under 'Dashboards' in application navigator to view MSO Overview which
contains Sites, Schemas,Templates, Policies and Users; Application Inventory, Schema Verification Status, Site Status,
Schema Health and Sites Information. Filter of configured MSO is provided on the dashboard.

Note: Color mapping of the Schema health is as follows:

Health Color

Health > 90 #6CC04A

90 >= Health > 70 #FF7300

70 >= Health > 50 #FFBF00

Health =< 50 #E2231A

7.3. MSO Configuration
Steps to configure the MSO :

Search for the “Cisco ACI Application”.

In the menu, under “Configuration”. Click on the “MSO” → New button to create a new configuration.
Enter all the required information like Name, IP Address(es)/ URL(s), Mid Server.
Select the Authentication Mechanism and based on the authentication type (Local and Remote) enter the credentials
in the respective fields.
Click on the “Add” button
7.4. MSO Discovery
Following are the two ways to run Discovery:

1) Using the “MSO Discovery” UI Action.

In the menu, under “Configuration”. Click on the “MSO”. It will open a list of records of MSO configurations.

Open any record and then click on ‘MSO Discovery’ UI Action.

2) Using Scheduled Job

To run the scheduled discovery click on the From the menu, under “Scripts”, click on “Scheduled job” then “MSO
Discovery”
Click on Execute now to run the scheduled job.
 Discovered inventory data is stored in different CMDB tables.
To view ACI Application Inventory. Click on tables under the MSO Topology. (As shown in the snapshot below)

Note: If the template is not associated with any site then we will not discover those templates.

7.5. ACI Configuration

Steps to configure the APIC

Search for the “Cisco ACI Application”.

In the menu, under “Configuration”. Click on the “APICs” → New button to create a new configuration.
Enter all the required information like Name, IP Address(es)/ URL(s), Mid Server.
Based on the authentication type (Local, Remote and External) enter the credentials in the respective tab.
Click on the “Add” button
7.6. Remote User Access
Remote User / Authentication (TACACS+ / RADIUS) is supported in this new version of the application.

Steps to configure the Remote User Login.

Search for the “Cisco ACI Application”.

In the menu, under “Configuration”. Click on the “APICs” → New button to create a new configuration.
Select the Authentication type as "Remote" and select the Remote tab.
Enter all the required information like Username, Login Domain Name, Password.
Click on the “Add” button.

Next -Go to “APICs” under “Configuration” in the “Cisco ACI Application” menu
Open the discovery IP record, Select Authentication type to Remote
Enter Username, Password and Login Domain name
Click Submit
 ACI Admin can delete the Remote Login from the APIC by performing the same UI Action “Cisco Login Domain” but
by selecting the method as Delete in the form view of Login Domain.

7.7. Cisco ACI Discovery

Steps to configure the applications to discover Cisco APIC are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu. (As shown in the snapshot below).

Following are the two ways to run the Discovery:

1) Using the “Cisco ACI Discovery” UI Action.

In the menu, under “Configuration”. Click on the “APICs” → New button to configure the APICs to be discovered.
(as shown in the snapshot below).
 Based on the authentication type (local, remote or external) enter values in the respective tab.
Click on the “Cisco ACI Discovery” UI Action.

2) Using Schedule Jobs

To run the scheduled discovery click on the From the menu, under “Scripts”, click on “Scheduled jobs” then
“Cisco ACI Discovery”

Click on Execute now to run the scheduled job.

Discovered inventory data is stored in different CMDB tables.
To view Controller Inventory. Click on tables under the Controller Inventory. (As shown in the snapshot below)

To view ACI Application Inventory. Click on tables under the Cisco Application Topology. (As shown in the
snapshot below)
To view Fabric Inventory. Click on tables under the Fabric Inventory. (As shown in the snapshot below)
 In the discovery process, the application builds CI relationships between the discovered configuration items. To see
these relationships through forms, just open the record of any one of the tables that is used to discover the MOs
from APIC. and When the form opens then you can see the “Related items” field. That indicates the relationship with
other MOs.

7.8. Cisco ACI Incremental Discovery

Cisco ACI Incremental Discovery is fetching the MOs from APIC which are updated after the last successful
discovery. Successful discovery can be Cisco ACI Discovery or Cisco ACI Incremental Discovery. Cisco ACI
Incremental Discovery will fetch the MOs by making a query on the “modTs” field.
Prerequisite: Cisco ACI Incremental Discovery can only run, once the Cisco ACI Discovery is successfully completed
for that particular IP Set. And Cisco ACI Incremental Discovery is only supported by On-Prime APIC, not Cloud APIC.

Following are the two ways to run Discovery:

1) Using the “Cisco ACI Incremental Discovery” UI Action

In the menu, under “Configuration”. Click on “APICs”. Click on one of the APIC that has successfully executed the
Cisco ACI Discovery.
After that click on Cisco ACI Incremental Discovery.

2) Using Scheduled Jobs

Prerequisite : Cisco ACI Incremental Discovery can only run, once the Cisco ACI Discovery is successfully completed
for that particular IP Set.

To run the scheduled discovery click on the From the menu, under “Scripts”, click on “Scheduled job” then “Cisco
ACI Incremental Discovery”.
Click on Execute now to run the scheduled job.
7.9. APIC and MSO Configuration Deletion
To delete any APIC or MSO Configuration follow this steps :

Navigate to “APICs” to delete the configuration.

Open any existing configuration.
Click on the “Delete APIC” UI Action. This will open a pop-up like this :

If “Delete configuration and data” is checked then it will delete all the data related to this APIC from all the tables.
And this data can not be recovered.
Deleting all the data will take time based on the amount of data. Process of deleting APIC can be tracked in Process
Monitor.
And if the checkbox is not checked then this will mark the APIC as deleted and data related to this APIC will not be
shown in the dashboard. And APIC must not be used in any MO configuration or Health and Fault configuration.
If an APIC is marked deleted then to use that APIC in configuration uncheck the deleted checkbox. UI Action will not
be visible for APICs marked as deleted. To delete APIC and its data uncheck the deleted flag and UI Action will be
visible.
7.10. Nexus Switch Configuration
Steps to configure the Nexus Switch

Search for the “Cisco ACI Application”.

In the menu, under “Configurations”. Click on the “Nexus Switches” → New button to create a new configuration.
Enter all the required information like Name, IP Address, Mid Server, Username and Password.
Click on the “Add” button.

7.11. Cisco Nexus 9K Inventory Discovery

Steps to configure the applications to discover Nexus Switch are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu. (As shown in the snapshot below).
Following are the two ways to run the Discovery:

1) Using the “Cisco Nexus 9K Inventory Discovery” UI Action.

In the menu, under “Configurations”. Click on the “Nexus Switches” → New button to configure the Nexus
Switches to be discovered. (as shown in the snapshot below).
 Enter values in the respective tab.
Click on the “Cisco Nexus 9K Inventory Discovery” UI Action.

2) Using Schedule Jobs

To run the scheduled discovery click on the From the menu, under “Scripts”, click on “Scheduled jobs” then
“Cisco Nexus 9K Inventory Discovery”
Click on Execute now to run the scheduled job.

Discovered inventory data is stored in different CMDB tables.

To view Fabric Inventory. Click on tables under the Fabric Inventory. (As shown in the snapshot below)
 In the discovery process, the application builds CI relationships between the discovered configuration items. To see
these relationships through forms, just open the record of any one of the tables that is used to discover the MOs
from Nexus Switch. and When the form opens then you can see the “Related items” field. That indicates the
relationship with other MOs.

7.12. Nexus Switch Configuration Deletion

To delete any Nexus Switch Configuration follow these steps :

Navigate to “Nexus Switches” to delete the configuration.

Open any existing configuration.
Click on the “Delete Nexus Switch” UI Action. This will open a pop-up like this :

If “Delete configuration and data” is checked then it will delete all the data related to this Nexus Switch from all
the tables. And this data can not be recovered.
Deleting all the data will take time based on the amount of data. Process of deleting Nexus Switch can be tracked in
Process Monitor.
 And if the checkbox is not checked then this will mark the Nexus Switch as deleted and data related to this Nexus
Switch will not be shown in the dashboard.
If a Nexus Switch is marked deleted then to use that Nexus Switch in configuration uncheck the deleted checkbox.
UI Action will not be visible for Nexus Switches marked as deleted. To delete Nexus Switch and its data uncheck the
deleted flag and UI Action will be visible.

7.13. Cisco ACI Health and Faults Configuration

Log in to the ServiceNow instance.
On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Configuration” go-to “Health and Fault” and open any existing record or create a new
record.
Fault Instance Tab:
Fault MO – is to select MO for which faults need to be generated. ACI Admin can select multiple fault MOs.
Severity – is to filter all the APIC faults based on the severity of the fault with respect to selected MO. This
configuration is to provide an option to the ACI Admin to filter out faults with specific severity for selected MO.

Health Instance Tab:

Health MO – is to select MO for which health instances need to be generated. ACI admin can select multiple health
MOs.
Health Threshold – is to provide a maximum acceptable threshold of the MOs health scores. If the health of the
MO drops below 50 (default threshold) or the specified threshold, an incident is created on ServiceNow
automatically.
 Priority mapping - is to configure priority based on the health score of MO. Default value of priorities is given so if
users are okay with default value then they do not need to configure it. Three input textboxes are given for
priority mapping.
Critical (⇐) - default value is 50. Health score starting from 0 to value in the textbox(inclusive) will be
considered as critical priority.
High (⇐) - default value is 70. Health score from input value of Critical(⇐) + 1 to input value of High (⇐) will be
considered as High Priority.
Moderate (⇐) - default value is 90. Health score from input value of High (⇐) + 1 to input value of Moderate (⇐)
will be considered as Moderate Priority.
Low priority will be calculated as per input value of Moderate (⇐). Health score from input value of Moderate
(⇐) + 1 to 100 will be considered as Moderate Priority.
We are setting the severity of the Health incidents based on priority itself.
Priority Severity

Critical High

High Medium

Moderate Low

Low Low

Note: The health score of the health instances will be less than the selected health threshold.

Notification Config – This is used to configure messaging tools for push notifications as and when an incident is
created or updated. Currently, Slack and Webex Teams integrations are available for push notifications. Please refer
to the next section for configuring the notifications.

ACIHealth&FaultNotificationConfigFormView

Once the health and fault discovery is completed the records will be shown in the Health and Fault tables
respectively.
As discussed in the previous section, the new health and fault tables are not extending the incident table, so there
will be some changes in the look and feel of health and fault table records.
The record in the Health table will look like the screenshot below:

The record in the Fault table will look like the screenshot below:

Relationship between the health/fault with the incident table and it will be shown as a related list (as shown in the
above screenshot. By clicking that link the user will be redirected to the incident record which is related to the
current health/fault record. The incident record will be shown as below:
 To navigate back to the related health/fault record from the incident record, scroll down to the bottom of the form
view in the incident record and find a related list for health and fault. If the incident belongs to a Health record,
then there will be a record of health under the Health related list. Same applies to Fault records.
To configure the related list follow these steps :
a) Open any existing incident record.
b) Click on the context menu icon. And select Configure > Related lists.

c) Search for Health→Incident and Fault→Incident from the Available list and add them in the Selected list.
d) Click on the Save button.

The related list will look like this:

Note - To delete the record from the Heath and Fault table, it is recommended to delete the reference from the Incident
table first and then delete the related Health and Fault record. If you missed deleting the reference record from the
extended Health and Fault table then those reference records might get migrated again whenever the application is
upgraded.

7.14. Cisco ACI Notification Configuration

Note -

Slack and Webex support is deprecated from Cisco ACI Application. But still if a user wants to integrate Slack with
Servicenow it is possible by using the Slack Spoke and Webex Teams spoke plugin provided by ServiceNow. For
more information visit : Slack spoke
(https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/integrationhub/concept/slack-spoke.html) and
Webex spoke
(https://docs.servicenow.com/bundle/paris-servicenow-platform/page/administer/integrationhub-store-spokes/concept/cisco-teams-
spoke.html)

In Order to generate Token, ACI admin have to create applications in Slack/Webex and provide the Credentials of
Application in this form. From now on, the Slack Application is deprecated for the notifications. Thus, if you install a
new Slack application, then it will not work but if you are using the older one then only it will work.

→ You can create the application of Slack from the Slack Document here (https://api.slack.com/start/overview).
→ You can create the application(Integration) of Webex from the Webex Document here
(https://developer.webex.com/docs/integrations).
→ While Creating the Application(Integration) Users have to add a redirect url in the slack/webex application.

→ Redirect URL should be in the given format -

<protocol><your instance URL>/x_caci_cisco_aci_i_redirectURL.do for example - https://myinstance.service-
now.com/x_caci_cisco_aci_i_redirectURL.do If you are configuring the Webex tool then the scope field of Webex
Integration should be “Spark:all”.
Once the application is created on Slack/Webex thenACI Admin can generate and store the token for slack/ webex. To
Generate the token perform below steps.

Navigate to “Notification Tool Integration” under “Configuration” from “Cisco ACI Application”.
Click on the new button.
Select Notification Tool(Slack/Webex) for which Token will be generated. Give any Application Name To distinguish
the token.
Enter Client ID and Client Secret of the application.
Click on the Submit button.

Once the record is Submitted open that record again.

Click on “Get Token”.

It will redirect you to slack/webex authentication. If Client ID, Client Secret and redirect URL is correct then after
authenticating, it will generate the token automatically, And the token will be stored in your particular record.
In the case of Slack it will open a screen similar to the snapshot below.
Click on Allow to give permission for communicating between slack and servicenow.
 In the case of Webex you just need to login to your account for authentication after clicking on ‘Get Token’.
Webex will generate Refresh Token and Token while Slack will generate only Token.
Slack Token is Long Lasting so it will never expire.
Webex Token will expire but it will regenerate automatically from Refresh Token.
Refresh Token will expire after 3 months, So ACI Admin have to perform “Get Token” UI Action again to generate
refresh token for Webex.
If Refresh Token is expired then “Error while updating token. Please Ensure that your refresh token is not expired.”
log will appear in Application Logs of Cisco ACI Application.

Webex Teams -

Under “Configuration” in the “Cisco ACI Application” menu, click on “Notification (Slack/Webex Teams)” and
open any record which has Webex Teams as Notification Tool..
From the related list create a new record for Webex Team Spaces.
Enter the Webex room name and application name(Which is configured in Notification Tool Integration)
Click on “Add”
If the room with the same name exists, then Status will be “Existing.”
If the room with the specified name does not exist, a room will be created and status will be changed to “Created.”
If a room is successfully created then the Webex Room ID will be added in Webex Room ID.
Slack -

Under “Configuration” in the “Cisco ACI Application” menu, click on “Notification (Slack/Webex Teams)” and
open any record which has Slack as Notification Tool.
From the related list create a new record for the Slack Channels.
Enter the Slack channel name and Application Name(Which is configured in Notification Tool Integration)
Click on “Add”
If the channel with the same name exists, then Status will be “Existing.”
If the channel with the specified name does not exist, a room will be created and status will be changed to “Created.”

7.15. Configuration for Endpoint Relationship

Users can enable or disable the Relationship creation for Endpoint. Steps to set the flag:

Navigate to “System Properties” under “Configuration”.

By default the checkbox for the creating relationship will be true. That means endpoints will create relationships
with other components.
System admin can uncheck this checkbox and can save the record.
If the checkbox is unchecked then subsequent discoveries will not create the relationships of Endpoints with other
components.
Note: Unchecking the checkbox will not affect the already created relationships of endpoints.

7.16. Creating MO on APIC by Automated workflow of Service Catalog:

ACI Users can request logical components from the service catalog. After the request is submitted, the Request
Approver will have to Approve the request. Once the request is approved, ACI Admin needs to perform an action to
create the components on APIC.
Prerequisites:

ACI Admin have to set Cisco ACI Admins group and Request Approver groups as system property.
ACI Admin needs to set the approver group.
ACI Admin needs to add the ‘Cisco ACI Components’ catalog into the catalogs page.

Note: To see the Application logs ACI Admin requires an admin role.

Steps to set ACI Application and Approver groups for the requested item:

Login as ‘ACI Admin’.

Navigate to the ‘Cisco ACI Application’ - Configuration - System Properties.
Set the value of the Cisco ACI Admin group. Once a request is approved, one catalog task will be created, and it will
be assigned to Cisco ACI Admin group to fulfill the request.
Set the group names of the approver(Give comma-separated group names in case of multiple approver groups).
Now whichever the catalog item requested by the user, it will ask for the approval from these users.
The request will be approved, if any of the approver (member of approver group) approves the request. If any
approver rejects the request then the request will automatically be rejected.
If approver groups are not set then the request will be approved automatically.

7.16.1. Create MOs Using Portal Pages

Log in as ACI User and Navigate to “Service Catalog”→”Catalog Item” in Cisco ACI Application Menu.

Click on Cisco ACI Logical Component.

Click on the Component that you would like to request. For example Application profile

Fill the necessary details

Click on Submit.
ACI User can see the requested Item by navigating to “Cisco ACI Application”→“Service Catalog”→”My Requests” .

Login As Request Approver.

Navigate to “Cisco ACI Application”→“Service Catalog”→”My Approvals”.
Open the request and approve/reject it or click on approve/reject the request from the list view.

Login as ACI Admin.

Navigate to “Cisco ACI Application”→“Service Catalog”→”My Groups Works”.
Open catalog task for which Component to be created on APIC.

Click on “Configure MO on APIC” to create the component automatically on APIC and ServiceNow else to create
components manually from ServiceNow then follow the steps provided in description of task.

If ACI admin clicks on Configure MO on APIC then it will take some time to process it and once request is processed
then he/she can see the message in form view and the request would be marked as close complete .
7.16.2. Create MOs Using ServiceNow’s standard UI
Steps to add ‘Cisco ACI Component’ Catalog to catalogs:

Only ‘ACI Admin’ can add a catalog. So login as ‘ACI Admin’

Navigate to the ‘Catalogs’ from the Application menu.

Click on the plus sign from the up-right corner.
Select Cisco ACI Component and click on ‘Add here’.

Steps to request the item:

Login as ACI User.

Navigate to ‘Service Catalog - Catalogs’ from Application Navigator. The screen shown below will be open.
Click on ‘Cisco ACI Components’.

We have 2 categories here. The first is Cisco ACI Logical Components and the second is Cisco ACI Physical
components.
Consider we want to create an Application Profile on APIC. As the Application profile is a logical component, click on
‘Cisco ACI Logical Components’.

Click on ‘Application Profile’. The screen shown below will be open.

Users must fill the form with proper values.
Field description:
APIC Cluster (dropdown list): Configured AIC Cluster listed here, and the user needs to select the APIC Cluster under
which the user needs to create an application profile.
Application Profile Name(string): Name of the new Application Profile.
Description of Application Profile (String): Description of a new Application profile.
Does Tenant exist? (true/false): If a user wants to create an Application Profile under a new tenant then the user
needs to select ‘No’. Otherwise, select ‘Yes’.
Tenant (reference field): Users can select tenants available in the ServiceNow table which is configured under the
selected APIC IP field.
If a user selects ‘No’ in ‘Does tenant exist?’ field, then Tenant value taken in string form instead of the reference field
and another tenant description field will pop up which is shown in the below image.
Fill all the required fields and then click on “Order Now”.

When you click on ‘Order Now’ it will create a request and the below screen will be shown. Now work of ACI User is
done. This request will be added to the ‘My approval’ module of Request Approver user.
Login as ‘Request Approver’ and navigate to ‘My approvals’ under Self-Service. It will show a list of approval
records. To approve the request, open the record and click on the ‘Approve’ or ‘Reject’ button as per requirement.
When a Request Approver user approves the request, one catalog task will be created. Now the work of Request
Approver is done. To create the component on APIC, ACI Admin needs to perform an action.

Login as ACI Admin if the request is approved. Navigate to ‘My Group Work’ under ‘Service Desk’.
Click on the Task associated with a requested item that was approved by the Request Approver.

If the ACI admin wants to create an Application profile automatically on APIC as well as on ServiceNow then click
on ‘Configure MO on APIC’.
ACI admin can edit the request before clicking on ‘Configure MO on APIC’.
ACI admin can close the task without creating a Component on APIC by clicking on ‘Close Task’. State of request
updates to ‘close complete’.
If ACI Admin clicks on ‘Configure MO on APIC’ but if there is any problem with API calls then based on the response
error message will be shown.
If ACI admin wants to create the component manually then follow the steps that are given in the catalog task’s
description. And after the completion of the task, mark tasks close to completion.
After clicking on the ‘Configure MO on APIC’ button by ACI admin, it takes some time to create the requested
component on the APIC and when it is created successfully it will show a message like ‘Application Profile is
successfully created on APIC’

If due to some reason creation of MO on APIC fails then Application allows ACI Admin to retry the creation of the
MO on the APIC based on configured Retry Threshold Times.
After clicking on the "Configure MO on APIC".If MO is not created on APIC then the failure message is displayed to
ACI admin and the task remains in the "Open" state.

If ACI Admin reaches the Retry Threshold times, then Catalog task remains open and the error message will be
displayed to ACI admin like “exceeding the limits” and then ACI admin needs to perform the manual steps for
creating MO on APIC. Still, the task remains in the "Open" state.
In case of hierarchical components, Consider creation of EPG, if error occurred in creation of EPG and Tenant and
Application Profile is created successfully then work note will be added like Tenant and Application Profile is
created and when next time ACI Admin tries to create same EPG on APIC then only EPG will be created as Tenant
and Application Profile is created already.

After ACI Admin executes the manual steps of creating components on APIC, ACI Admin needs to change the state of
the catalog task from "Open" to "Close"
Every failure message or success message will be added in the work note of the catalog task when ACI Admin tries to
create MO from the catalog task’s "Configure MO on APIC" UI action.

After successfully creating a component on APIC, open the assigned catalog task and under the ‘Configuration Item’
field, ACI admin can see the name of a created component on APIC.
ACI admin can also see list of all the affected configuration item fulfilling the request of the given component under
the ‘Affect CIs’ tab in the assigned Catalog task

After successfully creating a component on APIC, ACI User can also see the requested component under the
‘Configuration Item’ field in the Requested Item.

Below is the list of components creation and it’s affected CI and Configuration item

Component Created Configuration Item Affected CI

Tenant Tenant Name Tenant Name

Application Profile Application Profile Tenant Name

Name Application Profile
 Component Created Configuration Item Affected CI

Application EPG EPG Name Tenant Name

Application Profile
Name
EPG Name

Bridge Domain Bridge Domain Name Tenant Name

Bridge Domain Name

VRF VRF Name Tenant Name

VRF Name

Contract Contract Name Tenant Name

Contract Name

Contract Subject Contract Subject Name Tenant Name

Contract Name
Contract Subject Name

Filter Filter Name Tenant Name

Filter Name

Filter Entry Filter Entry Naame Tenant Name

Filter Name
Filter Entry Name

7.17. Creating Tenant or Deleting Tenant from APIC

ACI admin can create new Tenants into the APIC or Delete existing Tenants from the APIC.

Steps to create/ delete mo from APIC:

Navigate to Application Inventory - > Tenants.

After clicking on Tenants, the ACI admin can see all the list of Tenants from APIC.
ACI admin can create a new Tenant by clicking on the “New” button.
ACI admin can enter the details required for creating a Tenant it will create a tenant.
While updating or deleting tenants user can select method “ Perform Action on ACI” or “Perform Action on
ServiceNow”
Following are the details of each method vs UI actions.
Method: Perform Action on ServiceNow
1. Update Tenant: Update Tenant on SNOW side only.
2. Delete Tenant: Delete from SNOW first and Confirmation popup is displayed for deleting from ACI as well.
Method: Perform Action on ACI
1. Update Tenant: Update Tenant in ACI and SNOW.
2. Delete Tenant: Delete Tenant from ACI and Mark deleted true in SNOW side.
7.18. Configure Cisco ACI Components
ACI admin can configure the following Cisco ACI Components. As part of configuration I can delete, update or create
new ACI components in a similar way as specified above. The following are the list of configurable ACI components
from ServiceNow

ACI Components:

Tenants.
Application Profiles.
Application EPGs.
VRFs.
Bridge Domains.
Contracts.
Contract Subjects.
Filters.
Filter Entries.

7.19. Relationship between various Components

ACI admin can see the following relationship exists between various ACI entities.

Relationship For onPrem APIC

Table Relationship

Fabric Inventory

IP Switch [L1]In Rack - Leaf and Spines

Leaf and Spine [L1]Rack Contains - IP switches

[L1]Contains - Fabric Interfaces

[L1]Contains - Supervisor Modules

[L1]Contains - Line Modules

[L1]Cooled by - Fabric Fan Trays

[L1]Installed with - Fabric Firmwares

[L1]Powered by - Fabric Power Supply

Units

Fabric Interfaces [L1]Runs - Endpoints

[L1]Contained by - Leaf and Spines

Supervisor Modules [L1]Contained by - Leaf and Spine

 Table Relationship

Line Module [L1]Contained by - Leaf and Spine

Fabric Fan Trays [L1]Cools - Leaf and Spines

Fabric Firmwares [L1] InstalledOn- Leaf and Spines

Fabric Power Supply Units [L1]Powers - Leaf and Spine

Controller Inventory

Controller [L1]Contains - Controller Interfaces

[L1]Cooled by - Controller Equipment

Fans

[L1]Installed With - Controller

Firmwares

[L1]Powered By - Controller Power

Supply Units

Controller Equipment Fan [L1]Cools - Controllers

Controller Interface [L1]Contained by - Controllers

Controller Power Supply Units [L1]Powers - Controllers

Controller Firmware [L1]InstalledOn - Controllers

Application Inventory

Tenant [L1]Contains - Application Profiles

[L1]Contains - Bridge Domains

[L1]Contains – VRFs

[L1]Contains – Contracts

[L1]Contains – Filters

Application Profiles [L1]Contains - Application EPGs

[L1]Contained by - Tenant

Application EPGs [L1]Contains - Endpoints

[L1]Uses - Bridge Domains

[L1]Consumes - Contracts

[L1]Provides - Contracts
 Table Relationship

[L1]Contained by - Application Profile

Endpoints [L1]Rack contains - Servers(Not

included Endpoint data)

[L1]Runs on - Fabric Interfaces

[L1]Contained by - Application EPGs

Bridge Domains [L1] Contains - Subnets

[L1] Contained by - Tenants

[L1] Contained by - VRFs

[L1]Used by - Application EPGs

Subnets [L1] Contained by - Bridge Domain

VRFs [L1]Contains - Bridge Domains

[L1] Contained by - Tenants

Contracts [L1]Contains - Contract Subject

[L1] Contained by - Tenants

[L1]Consumed By - Application EPGs

[L1]Provided By - Application EPGs

Contract Subject [L1]Contains - Filters

[L1] Contained by - Contracts

Filters [L1]Contains - Filter Entries

[L1]Contained By - Contract Subjects

[L1] Contained by - Tenants

Filter Entry [L1] Contained by - Filters

Relationship For Cloud APIC

Table Relationships

Fabric Inventory

Controller [L1]Installed With - Controller

Firmwares

Controller Firmware [L1]InstalledOn - Controllers

 Table Relationships

Application Inventory

Tenant [L1]Contains - Application Profiles

[L1]Contains - VRFs

[L1]Contains - Cloud Context Profiles

[L1]Contains - Contracts

[L1]Contains - Filters

Application Profile [L1]Contains - Application EPGs

[L1]Contained by - Tenants

Application EPG [L1]Consumes - Contracts

[L1]Provides - Contracts

[L1]Contains - Endpoints

[L1]Contained by - Application profile

[L1]Contained by - VRFs

Endpoint [L1]Contained by - Application EPGs

[L1]Contained by - VRFs

[L1]Contained by - Regions

[L1]Contained by - Subnet

VRFs [L1]Contains - Cloud Context Profile

[L1]Contains - Application EPGs

[L1]Contains - Endpoints

[L1]Contained by - Tenants

Cloud Context Profile [L1]Contains - CIDR

[L1]Contains - Regions

[L1]Contained by - VRFs

[L1]Contained by - Tenants

CIDR [L1]Contains - Subnets

[L1]Contained by - Cloud Context

Profiles
 Table Relationships

Subnet [L1]Contained by - CIDR

[L1]Contains - Endpoint

Regions [L1]Contains - Endpoint

[L1]Contained by - Cloud Context

Profiles

Contracts [L1]Contains - Contract Subjects

[L1]Contained by - Tenants

[L1]Consumed By - Application EPGs

[L1]Provided By - Application EPGs

Contract Subjects [L1]Contains - Filters

[L1]Contained by - Contracts

Filters [L1]Contained by - Tenants

[L1]Contained by - Contract Subjects

Relationship For MSO(If the site is On-Prem)

Table Relationship

MSO

Schema [L1]Contains - Template

Template [L1]Uses - Tenant

[L1]Hosted On - Site

[L1]Contained by - Schema

Policy [L1]Used by - Tenant

Site [L1]Hosts - Templates

Application Inventory

Tenant [L1]Contains - Application Profiles

[L1]Contains - Bridge Domains

[L1]Contains – VRFs

[L1]Contains – Contracts
 Table Relationship

[L1]Contains – Filters

[L1]Uses - Policies

[L1]Used by - Template

Application Profiles [L1]Contains - Application EPGs

[L1]Contained by - Tenant

Application EPGs [L1]Uses - Bridge Domains

[L1]Consumes - Contracts

[L1]Provides - Contracts

[L1]Contained by - Application Profile

VRFs [L1]Contains - Bridge Domains

[L1] Contained by - Tenants

Bridge Domains [L1] Contains - Subnets

[L1] Contained by - Tenants

[L1] Contained by - VRFs

[L1]Used by - Application EPGs

Subnets [L1] Contained by - Bridge Domain

Contracts [L1]Contains - Contract Subject

[L1] Contained by - Tenants

[L1]Consumed By - Application EPGs

[L1]Provided By - Application EPGs

Contract Subject [L1]Contains - Filters

[L1] Contained by - Contracts

Filters [L1]Contains - Filter Entries

[L1]Contained By - Contract Subjects

[L1] Contained by - Tenants

Filter Entry [L1] Contained by - Filters

Relationship For MSO(If the site is Cloud)

 Table Relationship

MSO

Schema [L1]Contains - Template

Template [L1]Contains - Tenant

[L1]Hosted On - Site

[L1]Contained by - Schema

Policy [L1]Used by - Tenant

Site [L1]Hosts - Templates

Application Inventory

Tenant [L1]Contains - Application Profiles

[L1]Contains - Cloud Context Profiles

[L1]Contains – VRFs

[L1]Contains – Contracts

[L1]Contains – Filters

[L1]Uses - Policies

[L1]Contained by - Template

Application Profile [L1]Contains - Application EPGs

[L1]Contained by - Tenants

Application EPG [L1]Consumes - Contracts

[L1]Provides - Contracts

[L1]Contained by - Application profile

[L1]Contained by - VRFs

VRFs [L1]Contains - Cloud Context Profile

[L1]Contains - Application EPGs

[L1]Contained by - Tenants

Cloud Context Profile [L1]Contains - CIDR

[L1]Contains - Regions

[L1]Contained by - VRFs
 Table Relationship

[L1]Contained by - Tenants

CIDR [L1]Contains - Subnets

[L1]Contained by - Cloud Context

Profiles

Subnet [L1]Contained by - CIDR

Regions [L1]Contained by - Cloud Context

Profiles

Contracts [L1]Contains - Contract Subjects

[L1]Contained by - Tenants

[L1]Consumed By - Application EPGs

[L1]Provided By - Application EPGs

Contract Subjects [L1]Contains - Filters

[L1]Contained by - Contracts

Filters [L1]Contained by - Tenants

[L1]Contained by - Contract Subjects

Relationship For Nexus Switches

Table Relationship

Fabric Inventory

Leaf and Spine [L1]Contains - Fabric Interfaces

[L1]Cooled by - Fabric Fan Trays

[L1]Installed with - Fabric Firmwares

[L1]Powered by - Fabric Power Supply

Units

Fabric Interfaces [L1]Contained by - Leaf and Spines

Fabric Fan Trays [L1]Cools - Leaf and Spines

Fabric Firmwares [L1] InstalledOn- Leaf and Spines

Fabric Power Supply Units [L1]Powers - Leaf and Spine

7.20. Flag for Deleted MOs in SNOW
ACI admin can see the deleted column added in all the MOs and its value will be true when it is not found in current
ACI or MSO or Nexus Switch Discovery.

ACI admin can see the “Deleted” checkbox in the form view of all ACI and Nexus Switch Inventories.
ACI admin is not allowed to edit the “Deleted” checkbox or MSO status field.
Status fields of ACI Inventories will be set to “Retired” when the Deleted flag is true.

Steps to see deleted MO:

Navigate to ‘Leaf and Spines’ under the ‘Fabric Inventory’.

Open any record.
Find the below image showing the “Deleted” checkbox added in “Tenant”.

Similarly you can see deleted flags in all MOs.

ACI admin can see the “Deleted” flag as checked and status as retired when the Tenant (i.e.Any MO) is not found in the
next discovery.

7.21. Cleanup Scripts

ACI Admin can Delete all the data discovered in the ACI discovery from the scheduled job. ACI admin can also set the
scheduler for cleanup the data in the inventories. To perform the cleanup follow the below steps:

Navigate to “Scheduled Jobs” under “Scripts” from “Cisco ACI Application”.

Open the record named “ACI Cleanup”.
To perform cleanUp, Select Run as On Demand and click on Execute Now.
ACI Admin can set the scheduler by selecting a different option from Run Field.
 ACI Admin can also delete data from MSO inventories using the “MSO Cleanup” scheduled job.
Similarly ACI Admin can delete data from Nexus Switch inventories using the “CiscoNexusTablesCleanup”
scheduled job.
Similarly ACI Admin can delete data from Health and Fault tables from a scheduled script named “Cisco ACI Clear
Health and Faults”.
Note: They will just delete the record of Health and Fault table, Incidents, attached incident will not be deleted by
this scheduled script. Because of ServiceNow’s default behaviour.

7.22. Firmware Management

7.22.1. Fimware Remote Location
ACI Admin can add the firmware to APIC. To add the firmware to APIC from ServiceNow follow below mentioned steps:

ACI Admin can find the Firmware Remote Location by navigating to “Firmware Management”→“Firmware Remote
Location” in ServiceNow.

Click on “New”. This will open a form view where the ACI admin needs to provide the basic information about the
firmware.
 ACI Admin needs to provide information like APIC Cluster, Download Name, Protocol (Secure Copy, HTTP), URL, User
Name, Authentication Type (Use Password, Use SSH Public/Private Key Files), Password, SSH Key Contents and SSH
Key Passphrase.
After providing all the information, Click on “Download Image” button to start the downloading of image on APIC
from the given URL.
After that the state of the created record will be changed from New to Processing and also a new record will be
created in the Process Monitor.
ACI Admin can also see the Download Percentage.
Once the downloading is successfully completed, the state of the record will be changed from Processing to
Processed.
ACI Admin can see the downloaded firmware in the “Target Firmware Versions” under the Firmware Management
section in the navigation menu.

Note: If the user has given the wrong remote path, then also the location will be created successfully, but when
capturing the snapshot it will fail.

7.22.2. Target Firmware Versions

ACI Admin can see the downloaded firmware versions in the “Target Firmware Versions” under the Firmware
Management section in the navigation menu.
7.22.3. Fetch the Firmware Versions from the APIC
Admin can fetch the firmware versions from the APIC and can see those fetched firmware versions in “Target
Firmware Version”. To fetch the firmware versions perform below mentioned steps:

System Admin can fetch the firmware versions using scheduled script. To execute the scheduled script, system
admin has to navigate Scripts→Scheduled Jobs in the navigation menu of Cisco ACI Application.
Click on “Cisco ACI Target Firmware Versions” record in the Scheduled Job.
Admin can run this script based on their requirements by selecting the option from the “Run” field and then click on
the “Execute Now” button.

Admin can see the progress of this process in Process Monitor.

To see the fetched firmware versions from the APIC, Admin can navigate to the “Target Firmware Version” under
the Firmware Management section in the navigation menu.

7.22.4. Controller Upgrade

ACI Admin can upgrade the controller from the ServiceNow. To upgrade the controller, follow below mentioned steps:

ACI Admin can find the Controller Upgrade under the Firmware Management section in the navigation menu.
Click on the “New” button to create the record and add the necessary information.
ACI Admin needs to provide the information like APIC and Target Firmware Version.
 After giving all the information, click on the “Upgrade Now” button to start the upgrading process of the controller.
Once the upgrade process starts the state of the record will change to Processing from New and ACI admin can also
see the upgrade progress and upgrade activity of that process.
After the completion of the upgrade process, state will change to Success from the Processing.

7.22.5. Switch Upgrade

ACI Admin can upgrade the Switch from the ServiceNow. To upgrade the Switches, follow below mentioned steps:

ACI Admin can find the Switch Upgrade under the Firmware Management section in the navigation menu.
Click on the “New” button to create the record and add the necessary information.
ACI Admin needs to provide the information like Upgrade Group Name, APIC, Target Firmware Version, Graceful
Maintenance, Run Mode, Node Selection, Group Node Ids, All Nodes.

After entering all the information, click on the “Upgrade Now” button to start the upgrading process of the nodes.
Once the upgrade process starts the state of the record will change to Processing from New and ACI admin can also
see the upgrade progress and upgrade activity of that process.
 After the completion of the upgrade process, state will change to Success from the Processing.

7.22.6. Fetch the Node Groups from the APIC

Admin can fetch the node groups from the APIC and can see those fetched node groups in “Node Upgrade”. To fetch the
node groups perform below mentioned steps:

Admin can fetch the node groups using scheduled script. To execute the script admin can navigate to the Scheduled
Jobs under Scripts section in the navigation menu of Cisco ACI Application.
Click on “Cisco ACI Node Groups” record in the Scheduled Job.

Admin can run this script based on their requirements by selecting the option from the “Run” field and then click on
the “Execute Now” button.

Admin can see the progress of this process in Process Monitor.

To see the fetched node groups from the APIC, Admin can navigate to the “Switch Upgrade” under the Firmware
Management section in the navigation menu.

7.23. Cisco ACI Snapshot Management

Steps to create a remote location for the APIC Snapshot to be exported are as below:
 Log in to the ServiceNow instance.
On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Snapshot Management”. Click on the “Remote Location Configuration” → New button to
configure the remote location where the Snapshot will be exported from apic. (as shown in the image below)
To configure remote location click on the new button. Enter required details and click on the “Configure Remote
Location” button. Note: If the user has given the wrong remote path, then also the location will be created
successfully, but when capturing the snapshot it will fail.

Steps to pull the APIC Snapshot into ServiceNow are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Snapshot Management”. Click on the “Snapshot Configuration” → New button to pull the
APIC Snapshot into ServiceNow. (as shown in the image below)
To pull the APIC Snapshot select the record and click on the “Generate Snapshot” button
The Snapshot file is stored as an attachment in inventory data stored in the CMDB tables.

To view the Snapshot file Inventory. Click on the table “Snapshot Files” under the “Snapshot Management” (As
shown in the snapshot below)
To view the Snapshot file, select the record and view the attachment. (As shown in the snapshot below)

Steps to get the diff between 2 Snapshot into ServiceNow are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Snapshot Management”, Click on the “Snapshot Diff Configuration” → New button to pull
Snapshot diff into ServiceNow. (as shown in the snapshot below)
To pull the Snapshot select the record and click on the “Generate Diff” button
Snapshot diff file is stored as an attachment in inventory data.

To view the Snapshot diff file Inventory. Click on the manu “Snapshot Diff Files” under the “Snapshot Management”
(As shown in the snapshot below)
To view the Snapshot diff file, select the record and view the attachment. (As shown in the snapshot below)

7.24. Cisco Nexus Switch Snapshot Management

Steps to pull the Nexus Switch Snapshot into ServiceNow are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Snapshot Management”. Click on the “Snapshot Configuration” → New button to pull the
Nexus Switch Snapshot into ServiceNow (as shown in the image below).
To pull the Nexus Switch Snapshot select the record and click on the “Generate Snapshot” button
The Snapshot file is stored as an attachment in inventory data stored in the CMDB tables.

To view the Snapshot file Inventory. Click on the table “Snapshot Files” under the “Snapshot Management” (As
shown in the snapshot below).
To view the Snapshot file, select the record and view the attachment (As shown in the snapshot below).

Steps to get the diff between 2 Snapshot into ServiceNow are as below:

Log in to the ServiceNow instance.

On the left-hand top corner, in the search menu enter the “Cisco ACI Application”. This should open up the Cisco ACI
Application menu.
In the menu, under “Snapshot Management”, Click on the “Snapshot Diff Configuration” → New button to pull
Snapshot diff into ServiceNow. (as shown in the snapshot below)
To pull the Snapshot select the record and click on the “Generate Diff” button
Snapshot diff file is stored as an attachment in inventory data.

To view the Snapshot diff file Inventory. Click on the manu “Snapshot Diff Files” under the “Snapshot Management”
(As shown in the snapshot below)
To view the Snapshot diff file, select the record and view the attachment. (As shown in the snapshot below)

7.25. Additional Component Support

Users can fetch the additional components by following below steps:

Navigate to “Scheduled Job”.

User can see the list of scheduled jobs which have scheduled jobs for each component.
By clicking on the ‘Execute Now’ button, scheduled jobs will fetch that particular component from the configured
APICs.
User can set the scheduler for any scheduled job.
User can create/Update/delete the component from the form view of any component
Navigate to any additional component under “Additional Components”
Click on the new button and then provide details and click on Create <Component Name> will create the component
on APIC.
Similarly for Delete and Update functionality

7.26. Process Monitor

ACI Admin can see the process of running discoveries of ACI, MSO and Nexus Switch to find out the status of Discovery.

Following are different Status:

 Initiated: When the Discovery is started.
MO Discovery Complete: When the fetching of data from APIC or Nexus Switch is completed.
Building Relationships: When the building of the relationship is started.
Success: When Discovery is successfully executed, and all the relationships build successfully.
Failed: The Following are the scenarios for failure discovery.
Any exception occurs during the Discovery of Fabric and Application inventory.
If “Invalidate Job” UI action is performed.

ACI Admin can see the process of health or fault pull from the APIC. Following are different Status:

Initiated: When the Discovery is started.

Success: When Health/fault pull is successfully executed.
Failed: The Following are the scenarios for failure discovery.
Any exception occurs during the fetching of Healths/Faults.
If “Invalidate Job” UI action is performed.

Steps to see process monitor.

ACI admin can see the Process Monitor from “Diagnostics” ⇒ “Process Monitor”.
After Clicking on the menu ACI admin can see the list view of the Process Monitor Table.
After initiating discovery (From UI Action or From Scheduler) ACI admin can see new records created in the Process
Monitor table and have Discovering column value as “APIC” or “Cloud APIC” or (depends on the type of APIC) and
Status is set as “Initiated”.
After initiating MSO discovery (From UI Action or From Scheduler) ACI admin can see new records created in the
Process Monitor table and have the Discovering column value as “MSO” and Status is set as “Initiated”.
After initiating Nexus Switch discovery (From UI Action or From Scheduler) ACI admin can see new records created
in the Process Monitor table and have the Discovering column value as “Nexus Switch” and Status is set as
“Initiated”.
After Health/fault pull initiated(From UI Action or From Scheduler) ACI admin can see new records created in the
Process Monitor table and have Discovering column value as “Healths”, “Faults” (if pull initiated from UI Action) or
“Faults_Healths” (if pull is initiated from scheduler) and Status is set as “Initiated”.
ACI admin can see “Failed” status in the above-mentioned scenarios. ACI admin can also see the detailed description
of failure discovery.
When discovery is completed successfully, ACI admin can see the “Success” status.
7.27. Invalidate Job
When ACI discovery or incremental discovery or Health or fault pull or MSO Discovery of Nexus Switch Inventory
Discovery job is stuck, then ACI admin can invalidate a job. This updates the status of the process monitor record to
Failed to unblock the user from running next discovery or pull. ACI admin can invalidate the job by following either of
below option

ACI Admin can invalidate running ACI or MSO or Nexus Switch discovery or health or fault pull from the form view
of the process monitor record.

ACI Admin can also invalidate multiple ACI or MSO discoveries or health or fault pull from the list choice of process
monitor.

Note - Invalidate Job UI action just changes the state of discovery/pull to Failed In process monitor. In the background
actual discovery/pull is running.
8. External Systems Connection
If your application contains integration components please clearly outlined them here and provide integration user
creation instructions:

Connectivity to APIC should be present

9. Support, Troubleshooting and Testing the Configuration

9.1. Support
World wide support phone numbers: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-
contacts.html#telephone
Cisco Support Community: https://supportforums.cisco.com/

ACI Admin can see the Support Contact page in the application. There are three ways to get in touch with Cisco Support.
To see the details of Cisco Support Contact navigate to “Setup and Support”→ “Contact Cisco Support” from the Cisco
ACI Application.

9.2. Troubleshooting
ServiceNow Logs : The scripts use gs.error () and gs.info () methods to print errors and information messages
respectively.
The “Application Logs” under “Diagnostics” will contain all the logs for the application.
Critical error messages are listed as Error and debug statements are listed as Information.
Few failures generated by ServiceNow like maximum execution time exceeded are listed in “Warnings” under “System
logs”. An example is shown below

Mid Server Logs: The error logs are populated in the file “../logs/agent0.log”.
To turn the debug logs on do the following:

Navigate to ‘Servers’ under ‘Mid Server’ from navigator.

Open record of mid server for which you want to turn debug logs on.
Navigate to the configuration parameter tab.
Click on new.
Enter parameter name - ‘debug,logging’.
Enter value - ‘true’.
Click on submit.
Restart mid server after assigning the role if any role related issue is coming in mid server logs.

Diagnosis : All the application logs are also available under Diagnosis.

Go to “Application Logs” under “Diagnostics” from the “Cisco ACI Application” menu for all script logs
Go to “Process Monitor” under “Diagnostics” from the “Cisco ACI Application” menu for all Health and Faults pull
status and discovery status.
Go to “EEC Queue requests” under “Diagnostics” from the “Cisco ACI Application” menu for all ECC Queue
information.

9.3. Troubleshoot based on the Use Case

1) Cisco ACI Discovery Failed and an error log message is “No credentials available for the given APIC”.

Ans - Please ensure the below steps for troubleshooting.

 For local authentication please try to login to the APIC by giving the same credentials as you give in the APIC
Configuration Table in ServiceNow and Domain dropdown of APIC select “DefaultAuth” as a domain.
For Remote authentication try to login into the APIC by giving the same remote credentials and from the Domain
drop-down select your Remote domain.
If you are not able to login to the APIC then the credentials are not correct. So try to get correct credentials and enter
the same correct credentials into Discovery IP Sets and run the discovery again.
Please check the reachability of ServiceNow and APIC from the mid server using the following command as follows.
$ curl <APIC URL>
ping <ServiceNow instance URL>
Check do you have a proper role to write into the ServiceNow Table? ServiceNow mid user must have “mid_server”,
“x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin” and “ITIL” roles.

2) After taking upgrade ordering of the columns of the list view of Discovered MOs is changed.”

Ans – This is a known bug on SNOW listed on their community page. Please ensure the below steps for troubleshooting.
The admin role is required to perform the below steps.

Open up the sys_update_version table

Choose the default list that you have updated in dev it will end with a "_null".
Review that the payload is what the List layout should look like
Under Related Links, There will be a "Revert to this Version" link if this is not the current version
Click : Revert to this Version
 Find the below link for more detail:
https://community.servicenow.com/community?
id=community_question&sys_id=7c25876ddbd8dbc01dcaf3231f9619cc

3) Application creating duplicate relationships for ip Switches which are already present in cmdb_ci table.

Ans - From next release, we will not add discovery data into IP-Switch table (i.e. cmdb_ci_ip_switch). So if anyone is
using the previous version of ACI Application and has data in cmdb_ci_ip_switch table. Then it will create a duplicate
relationship. So to avoid this situation, Please delete the record manually.
Follow Below Steps:

Open table by typing cmdb_ci_ip_switch.list in the navigation module.

Delete the records manually which are of ACI Application.
10. Known Limitations
DN values of the “Controller Firmware” and “Fabric Firmware” are based on one of the nodes for which respective
firmware is attached.

In the Schemas Verification Status table, status "INIT" is considered as "UNVERIFIED".

11. FAQs
1. How to install the MID server?
Ans – Refer the following link for installation https://docs.servicenow.com/bundle/quebec-servicenow-
platform/page/product/mid-server/concept/mid-server-installation.html
2. How to check APIC reachability from the MID server?
Ans - The reachability can be tested using the “curl” command. For example - To retrieve a web page
$ curl <APIC URL>
3. How to check ServiceNow’s reachability?
Ans – The ServiceNow reachability can be tested using the ping command.
For Example – ping <ServiceNow instance url>
4. How to configure the ACI application?
Ans – To configure the ACI application ACI Admin will need following prerequisites credentials from Cisco
APIC IP(es)/URL(s)
Username
Password
MID server must be Up and running MID users must have “mid_server”,
“x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin” and “itil” roles.
For running the Cloud Discovery you also need to add one more role “discovery_admin” with the above
mentioned 3 roles.
Once the ACI Admin has all this information he needs to navigate to Cisco ACI Application → Configuration →
APICs and create a new configuration.
5. Which access roles does the ACI admin need to run the ACI application?
Ans – ACI admin must need the following the access
Need user id and password for ServiceNow instance
ACI admin must have “export_set_scheduler”, “x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin”
roles.
6. How to change the user role?
Ans – User needs to navigate to Organization → Users. Find the correct user ID and click on that record. Press the
“Edit” button next to the Roles tab. Select “x_caci_cisco_aci_i.CiscoACIInventoryManagementAdmin,
“export_set_scheduler” from the list and press the save button.