Integrating CMDB with AppViewX

To configure the CMDB with AppViewX:
  1. Go to (Menu ) > Automation > Workflow > Integration.
    The Workflow > Integration page is displayed. This page is a centralized interface for integrating external systems with AppViewX across technology categories such as DevOps, ITSM, Source Control, ASM, QTH, and so on.
  2. From the Select Category dropdown list, select only the QTH category.
  3. Click Apply.
    The Workflow > Integration page is updated to display only the QTH integration vendors.
  4. Select the cmdb-qth-integration tile.
    This is a default setting that is pre-shipped with AppViewX, and has most of the fields configured with the required values.

    The Workflow > Integration > Vendor configuration page is displayed with fields required for the integration.

  5. Enter/Select the integration Information.
    Table 1. Field description for the Credentials section
    Field Description
    *Category Identifies the technology category being integrated with AppViewX

    This field is pre-populated with the category selected on the Workflow > Integration page and is non-editable.
    *Vendor Identifies the external system being integrated with AppViewX, from the selected technology category

    This field is pre-populated with the vendor selected here and is non-editable.
    *Name Indicates the unique name used internally to identify the vendor configuration

    This field is pre-populated based on the selection here and is non-editable.
    Version Enter the version number of the vendor being integrated.
    Description Enter any additional details related to the purpose or the usage of the integration.
    Upload image To upload a vendor icon or logo for representing the integration:
    1. Click and navigate to the location where the image is stored on your local system.
    2. Select the required image and click Open.
    Tags Enter any keywords or labels that will be associated with this integration.
    For example, in case of multiple settings, you can use the tag priority to indicate the priority of a setting over others.
    Remember: For the priority tag, ensure that only one integration is tagged as priority. If multiple integrations have the same tag, the latest configured integration is prioritized.
    Data center From the dropdown list, select the data center where the integration will operate.
    *: Mandatory Fields
  6. Enter/Select the Credentials details
    Table 2. Field description for the Credentials section
    Field Description
    Type From the following options, select the connection method for communication with the vendor system:
    • REST
    • SSH
    Auth Type For generating credentials and tokens, as well as validating the connection with the vendor system, from the dropdown list, select the authentication mechanism that will be used to access the vendor API.
    *URL To establish communication and send API requests to the external platform, enter the base endpoint URL of the vendor system.
    Validate URL To check if the URL entered is correct and in the valid format, click Validate URL.
    *Username Enter the username associated with the vendor account.
    *Password Enter the password associated with the vendor account.
    *Access Token URL Enter the URL of the provider’s authentication server. This URL will be used to exchange authorization codes with the server for an access token.
    Client ID Enter the client application’s ID registered with the API Provider.
    Client Secret Enter the client secret key provided by the API provider.
    Grant Type From the dropdown list, select the OAuth authorization flow that will be used to obtain access tokens (for example, Password grant).

    The selected grant type determines the parameters required during the token generation process.
    Scope Enter the permissions or access level requested from the vendor API.
    *: Mandatory Fields
  7. Edit the JSON for your customized Configurations.
    The Configurations editor is prepopulated with a reference JSON template with placeholder values to let you define your custom configuration parameters and query logic.
  8. In this JSON:
    1. In the CMDB asset query template, map the hostname and IP address input parameters to the corresponding CMDB fields that will be used during queries.
      Similarly, in the certificate query template, map the certificate serial number, serial number format, and common name to the corresponding CMDB fields.
      For the serialNumber_format field, specify the format in which the serial number is stored in your CMDB. The chosen format determines how many crypto assets can be included in each API call, as it is limited by the maximum URL length.
      • ColonDelimited: The serial number is stored with colon separators.

        Example: B6:5B:C5:1A:E6:23:20:AA:35:EA:18:20:77:88:3C:2F:D6:EC:D5

      • plainHex: The serial number is stored as a continuous hexadecimal string.

        Example: b65bc51ae62320aa35ea182077883c2fd6ecd5

      • Both: The serial number in the CMDB can be in either of the above formats. Use this option when the format is inconsistent across records.
    2. To specifically look for CMDB entries that have been updated since the last successful job execution, set deltaSync to true.
      Full Sync with deltaSync: To perform a full sync each time the scheduler job runs, set deltaSync to false. The job will continue to perform a full sync until this setting is changed.
    3. Configure output parameters to retrieve data for the Business Application, Owner, Operational Status, and Business Criticality fields from CMDB.
    4. Modify the default/suggested batch limits for the CMDB processing. The default/suggested batch limits are 30 and 30 for the asset and certificate scans, respectively. These can be modified using the following sample code snippet: 
      
  "batchLimit": {
    "asset": 30,
    "cert": 30
  }
  9. Click Update.

Reference JSON Template

The following JSON template tells the integration to search the CMDB and retrieve metadata [business application, owner, and business criticality] about servers and certificates in the target cryptographic environment.

To retrieve the required metadata for servers, it uses the CMDB asset query template to specify the input parameters that will be used as the search criteria and the expected output. In case of tables with a child-parent relationship, the JSON instructs the integration to perform a second lookup in the child table if the information required is not found in the parent table, creating a multi-stage lookup chain across CMDB tables.

To retrieve the required metadata for certificates, the JSON uses the certificate query template, using the same multi-stage lookup chain across CMDB tables.

{
	"display_value": true,
	"avxPaginationLimit": 10000,
	"paginationLimit": 10000,
	"deltaSync": true,
	"cmdb_ci_asset_query_template": [
		{
			"level": "level_1_mandatory_primary_table_search",
			"path": [
				{
					"id": "1",
					"table": "<mandatory_level_1_primary_snow_table_name>",
					"inputs": [
						{
							"field": "<mandatory_level_1_hostname_field_name_in_snow>",
							"value": "${hostname}"
						},
						{
							"field": "<mandatory_level_1_ip_address_field_name_in_snow>",
							"value": "${ip_address}"
						}
					],
					"outputs": [
						{
							"field": "<business_owner_is_mandatory_from_id1_or_any_other_id_mapped>",
							"value": "${business_owner}"
						},
						{
							"field": "<criticality_is_mandatory_from_id1_or_any_other_id_mapped>",
							"value": "${criticality}"
						},
						{
							"field": "<optional_reference_output_for_next_optional_id_or_level_business_app_reference_field>",
							"value": "${business_app_ref_in_snow}",
							"reference": true
						}
					]
				},
				{
					"id": "2",
					"table": "<optional_if_required_related_table_referenced_with_output_of_id1>",
					"inputs": [
						{
							"field": "<lookup_field_in_this_table>",
							"value": "${<id>.<value_from_stage>}"
						},
						{
							"field": "<ip_address_field_if_needed>",
							"value": "${ip_address}"
						}
					],
					"outputs": [
						{
							"field": "<fetch_business_application_here_if_not_found_in_id1>",
							"value": "${business_application}"
						},
						{
							"field": "<fetch_business_owner_here_if_not_found_in_id1>",
							"value": "${business_owner}"
						},
						{
							"field": "<fetch_criticality_here_if_not_found_in_id1>",
							"value": "${criticality}"
						}
					]
				}
			]
		},
		{
			"level": "optional_additional_level_only_if_required_for_unrelated_table_lookup"
		}
	],
	"cmdb_ci_certificate_query_template": [
		{
			"level": "level_1_mandatory_primary_table_search",
			"path": [
				{
					"id": "1",
					"table": "<mandatory_level_1_primary_snow_certificate_table_name>",
					"inputs": [
						{
							"field": "<mandatory_level_1_common_name_field_name_in_snow>",
							"value": "${common_name}"
						},
						{
							"field": "<mandatory_level_1_serial_number_field_name_in_snow>",
							"value": "${serial_number}",
							"serialNumber_format": "plainHex_Or_ColonDelimited_Or_Both"
						}
					],
					"outputs": [
						{
							"field": "<business_owner_is_mandatory_from_id1_or_any_other_id_mapped>",
							"value": "${business_owner}"
						},
						{
							"field": "<criticality_is_mandatory_from_id1_or_any_other_id_mapped>",
							"value": "${criticality}"
						},
						{
							"field": "<optional_reference_output_for_next_optional_id_or_level_business_app_reference_field>",
							"value": "business_app_ref",
							"reference": true
						}
					]
				},
				{
					"id": "2",
					"table": "<optional_if_required_related_table_referenced_with_id1_output_field>",
					"inputs": [
						{
							"field": "<lookup_field_in_this_table>",
							"value": "${<id>.<value_from_stage>}"
						},
						{
							"field": "<common_name_field_if_needed>",
							"value": "${common_name}"
						}
					],
					"outputs": [
						{
							"field": "<fetch_business_application_here_if_not_found_in_id1>",
							"value": "${business_application}"
						},
						{
							"field": "<fetch_business_owner_here_if_not_found_in_id1>",
							"value": "${business_owner}"
						},
						{
							"field": "<fetch_criticality_here_if_not_found_in_id1>",
							"value": "${criticality}"
						}
					]
				}
			]
		},
		{
			"level": "optional_additional_level_only_if_required_for_unrelated_table_lookup"
		}
	]
}
In this JSON structure:
  • Two query templates are used to search for assets in the CMDB: the CMDB asset query template and the certificate query template.
  • Each level corresponds to an unrelated table; tables across levels don’t have an inheritance relationship.
  • A path object is used to define the table to search for the assets, the input parameters, and the expected outputs.
  • In each path object:
    • id is the unique identifier assigned to the query
    • table refers to the CMDB table
    • inputs defines the fields that will be used as the search criteria when querying the CMDB
    • field refers to the field name in the CMDB table
    • value refers to the corresponding field name in the AppViewX configuration

Scheduled CMDB Synchronization Jobs

The following scheduled background jobs have been created to map the discovered assets with the corresponding CMDB records and retrieve the associated business data, using the configured JSON templates:
  • CMDB Business Context Synchronization for Certificates
  • Endpoint CMDB Business Context Synchronization
To read in detail about what these jobs do and how they can be configured, use the following links: