The ServiceNow Nerd

The musings of a ServiceNow platform developer and enthusiast

The SN Nerd

Customisation Case Study: Is Updating Store Flow a No-Go?

by snnerd

Customisation Case Study Series

Welcome to my blog series focused on customizing ServiceNow! Drawing from real-world case studies based on my daily experiences, I’ll delve deep into the intricacies of ServiceNow customization. We’ll journey through the thought processes, decisions, and steps in actual customization projects. Along the way, we’ll weigh the pros and cons of various customization alternatives. Each post promises to offer insights into best practices and potential pitfalls. Whether you’re a seasoned ServiceNow pro or just starting out, this series aims to enhance your understanding and approach to customization. Join me as we explore the dynamic world of ServiceNow through a hands-on lens.

For this article, we will use the following definition of customisation – the modification of any configuration record (anything captured by an Update Set) created by the vendor (from the store, plugin, or family release) that may be updated in future.

In this case study, we will look at the ServiceNow store application Certificate and Inventory Management and how to extend its functionality to solve a specific problem around incident prioritisation of expired certificates.

Certificate Inventory and Management

This isn’t a blog about Certificate Inventory and Management (CIM). However, we need to set some context to get to the problem.

What is Certificate Inventory and Management

ServiceNow’s CIM application offers a streamlined solution for managing your TLS certificates. Paired with Discovery, this tool automatically discovers and inventories all your certificates, ensuring you never lose track. It proactively alerts you to upcoming expirations, facilitating timely renewals and reducing the risk of unforeseen outages. Expired certificates trigger incident creation, ensuring prompt attention. The application’s various discovery methods highlight Its versatility, ensuring no certificate goes unnoticed. With its commitment to regular updates and seamless integration, you’re equipped with a robust solution to safeguard your IT operations.

Generating Incidents

Incidents get created for expired certificates based on the renewal policy set on the impacted certificate.

Incidents created based on the Renewal tracking policy on the Unique Certificate record

However, Incident priority gets set based on Impact and Urgency. To set the priority based on what is specified on the Certificate, some assumptions must be made on what Impact and Urgency sets the given Priority.

Priority Problem

OOB priority matrix

In the OOB priority matrix, there is only one way to set a priority 1. For priority 3, there are three different combinations that can set this value. In CIM, the assumption is that you are using the OOB priority matrix, and that an impact and urgency of 2 is a priority 3. In my ten+ years of ServiceNow consulting, I have never seen a customer adopt the OOB priority matrix verbatim. Consider a different priority matrix, with four levels of impact/urgency:

Custom Priority Matrix

In this matrix, the impact and urgency of 2 results in a priority 2.

Now Imagine if the wrong priority makes every generated incident that was supposed to be a P3 incident into a major incident (P2), and there are hundreds of expired certificates. It is very typical for major incidents to trigger SMS to on-call teams, emails to managers, and SLAs with financial implications.

We are going to need to fix this…

Customisation Calamity

Let’s take a look at how priority is set in CIM.

The Incident Priority, set in Subflow ‘Certificate Notification’, is responsible for creating renewal tasks and incidents for at-risk and expired certificates.

Actions in the ‘Certificate Notification’ Subflow responsible for setting priority

The Script Include Certificate Notifier that calls the above Subflow is read-only, and the flow name is hard coded in that script.

Read-only Script include CertificateTaskNotifier
var flowOutput = sn_fd.FlowAPI.executeSubflow('sn_disco_certmgmt.certificate_notification', inputs);

A Scheduled job runs the notify() method, which calls the triggerSubFlowSynchronously() function.

Scheduled Job that triggers the Subflow

Looks like we might have customise the subflow!

Customising Store Applications

The CIM solution is a ServiceNow Store application.

When updating a store application, ServiceNow employs a strategy that aims to preserve customizations while integrating new features or improvements. Customized objects within are preserved during an update to ensure user changes aren’t overwritten. ServiceNow uses the “Skip” pattern for updates, meaning that if an object has been customised, the update will skip over it, leaving the customization intact. Any new features or changes in the update are added around these customisations. However, this can sometimes result in missing out on certain updated functionalities.

After the app is upgraded, ServiceNow administrators can review skipped upgrades and merge in changes as required. While this is the process for family upgrades, it is often forgotten when upgrading Store apps with a monthly upgrade cycle. For this reason, extra caution is advised when customising a Store application, especially if a robust process for updating Store application is not in place.

Customising Flows

When customizing Subflows in ServiceNow, it’s essential to be aware of potential challenges with future system updates. Once a Subflow is altered, any forthcoming upgrades targeting that flow will be skipped, ensuring your modifications remain intact but potentially causing you to miss out on new features or optimizations. Moreover, merging customized objects can be complex due to intricate dependencies and varied configurations, often leading to unforeseen complications. Merging Subflows isn’t feasible and poses excessive challenges.

Extending the application

There are many ways to extend an application. In the more binary sense, there are only two options – customise; or not.

Extension by design

The designers of the CIM application have considered extensibility within their design. The last Action of the Subflow calls another Subflow called Certificate Notification Customisation, where extra functionality can be added. OOB, the Subflow does nothing except write the system log.

Extensibility by design on a Subflow

For this example, we will not consider updating this Sublfow as a customisation since it was intended for that purpose and will never be updated by ServiceNow (in theory).

Weighing up the options

Updating the Certificate Notification Customisation may seem the best alternative to customising the ‘Create Notification Customisation’ Flow.

But is it?

I was faced with this decision. Rather than taking the designer’s intended path, I weighed all my options, including customisation, and assessed the pros and cons of each option. I have listed my final considerations below, in no particular order:

Update the Customisation Subflow to set the correct priorityUpgradability: Future changes to Subflow will be passed on.
Support: The solution uses no-code configuration and is easier to support
Poor performance: The incident is updated twice.
Wrong Process: The incident may already be set to incorrect priority, setting off the major incident workflow.
Higher Coupling: Logic to update priority is in two places, making the solution more complex
Create a before Business rule on update to change the priority of the incident to the correct impact and urgency Correct Process: Priority is correctly set the first time, preventing the major incident process from startingHigher coupling: The solution now uses a combination of flow and business rules, making it harder to maintain.
Copy the Subflow and modify the logic to raise the correct priority. Create a new Script include to override the OOB method and copy code using your new Flow instead.Correct Process: Priority is correctly set the first time, preventing the major incident process from starting
Support: The solution uses no-code configuration and is easier to support
Poor Upgradability: Future upgrades to Flow or Script include will not be incorporated into the application. Solution has now deviated from OOB.
Customise the original Sublow and change the impact and urgency.Lower coupling: Incident generation logic is in one place
Support: The solution uses no-code configuration and is easier to support
Correct Process: Priority is correctly set the first time, preventing the major incident process from starting
Poor Supportability: Future upgrades to Flow or Script include will not be incorporated into the application.
Alternatives to customisation

What would you do?

Which option would you pick? Is there an option I didn’t consider? Or is there a case for business smart customisation?

I’m not going to tell you which option I picked. Not yet, at least. That isn’t the point of this post. The point is to enhance your understanding and approach to customization by exploring a case study. And maybe you learned a little about the CIM application as a bonus.

Post your preferred option on my LinkedIn poll, and post any other alternative options you can choose!

Related Posts

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More