fbpx

Extend Observability With ServiceNow and Veeam Data Platform

Protecting your organization’s data is important. Not only do organizations rely on their data, but they also need to ensure applications are available to customers and end users. The Veeam Data Platform not only provides a way for you to protect and recover your data when an outage occurs, it also allows you to monitor and get notified of events that are happening in the data center. Events including how an application is performing, how resources are being utilized, and if any unusual activity is happening are all factors in ensuring your business remains operational. Every business is concerned with keeping their data and infrastructure secure from malicious actors, and one way to help mitigate a cyber disaster from happening is to monitor and detect these actors/events as fast as possible.

That is why many organizations have adopted the National Institute of Standards and Technology (NIST) Security Framework. This framework provides guidance on how to manage IT infrastructure security through five core functions including identify, protect, detect, respond, and recover. By looking at these functions, organizations can address areas that are not compliant with their security strategy. To help with this, many organizations have adopted the use of IT Service Management Platforms. These platforms encompass all aspects of information technology within a company, from configuring to identifying and then responding. This is critical for businesses to ensure they are operating as normal and as expected. They need to be able to address how resources are being consumed per workload, optimize resource usage, and pinpoint troubling behavior. This extends not only to the production environment, but also to the backup environment, to ensure a healthy, secure backup that can be recovered in a disaster scenario. For this, the Veeam Data Platform integrates with existing toolboxes like ServiceNow and Syslog for timely incident response and prevention, ensuring effective monitoring for data protection.

The Veeam Data Platform delivers ultimate monitoring and analytics for your backup environment, providing you real-time alerts about important events, changes, and potential problems. Veeam ONE, the monitoring and analytics tool included in Veeam Data Platform, provides over 300 alarms that provide visibility into your data center. These include alarms about backup jobs, unprotected machines, the virtual environment, and potential ransomware activity plus much more. With this integration, these alarms can now be directed to ServiceNow, a widely used enterprise tool, to expedite notification and remediation.

The Alarm Lifecycle

When you install the platform, and set up Veeam ONE, it immediately begins to collect data on the events and behaviors happening within your environment. If an issue is identified, an alarm will be triggered to notify you of the problem and provide you with relevant information to help you resolve that problem. The complete alarm cycle from event to remediation looks like this:

This is the alarm lifecycle, from issue to resolution, which can use automation and orchestration to fix problem areas. Veeam ONE is the best tool to provide this information to backup administrators, but in some situations, we need to extend these notifications and actions to other areas of the organization. This is where the ServiceNow integration can be very useful.

Enhanced Platform Observability with Veeam and ServiceNow

ServiceNow is a widely used tool for IT services, operations, and business management. With the ability to direct alarms from Veeam ONE into ServiceNow, you can act and resolve them directly from the ServiceNow page.

Configuring Notifications

Each alarm in Veeam ONE is not only adjustable but can be configured to send notifications to ensure you do not miss critical events. It’s important to have notifications set up so alarms are not ignored and can be remediated immediately. However, this brings to question, does every alert need immediate attention? This is the problem with alert fatigue, the most critical issues like backup failure or suspicious activity identified can go undetected due to the sheer number of notifications administrators receive daily.

Traditionally, these notifications within the platform included email, SNMP Traps, and custom scripts, but now you have the added availability to configure ServiceNow incidents and Syslog Alarms. By directing the most important alarms to ServiceNow, you can address these issues immediately, ensuring they are not overlooked and reduce alert fatigue.

First you need to make sure you add your ServiceNow server into Veeam ONE. In the server settings, you can configure the ServiceNow server. This is as simple as entering your instance URL, the proper credentials, and any other desired fields that are relevant to your ServiceNow instance.

After filling out the required fields, you can test the connection to the ServiceNow incident to ensure its working properly. Now that you are connected, you need to choose which Veeam ONE alarms you want to push to ServiceNow. This step will need to be configured in the alarm settings.

Alarms that can identify abnormal activity such as Suspicious Incremental backup size, Possible Ransomware Activity, and Veeam Malware detection activity can be useful to help mitigate and detect a cyber-event in the backup infrastructure.

Other alarms that are useful to ensure your data is being properly protected are Backup job state, VM with no backup, and Restore Activity to name a few. These can help make sure you are meeting the backup and compliance requirements of the business. You can even send events occurring in your virtual environment to ServiceNow including Bad username attempt, CPU Usage, Snapshot age and Guest Free Space. These alarms can help identify what is happening in your virtual environment and how you can adjust resource usage based on the applications demands.

Once configured, the alarm will send an incident to your ServiceNow portal. This allows you to respond to incidents and take action to improve operations.

Quick Incident Response With Veeam ONE and ServiceNow Integration

ServiceNow is one of the leading platforms in the industry for automating IT management workflows. It is used by many organizations to help track tasks, activities, and processes to meet business standards and compliance. The Veeam Data platform watches the entire backup environment, ensuring product configuration, security best practices and data protection requirements are met. This interoperability between the two platforms extends data across the organization to allow ServiceNow operators to take actions on incidents occurring in the backup infrastructure and resolve them from their normal ServiceNow page. This improves platform observability and flexibility so that you can remediate issues fast and keep applications running and secure.