We are looking for researchers & co-creators!


Top 9 ITOM Highlights in ServiceNow San Diego Release

San Diego. The location where ServiceNow headquarters used to reside before moving to the silicon valley-influenced “Santa Clara”-region in California. Given the history of ServiceNow and their heart for San Diego, what can we analyze and conclude from their latest release? You guessed right; it’s time for the official San Diego release notes of the platform.

With the market of 2022 bringing digitalization on steroids, the ServiceNow swiss-army knife of automating and integrating every process of the enterprise steamrolls ahead. Meta and some of the larger tech companies might be taking a hit on the stock markets, but nothing indicates the same for our workflow beast.

In this analysis, we focus our eyes on the growing and in-demand suite of their ITOM (IT Operations Management) and AiOps portfolio. During an investment call with Servicenow in 2021, it became apparent that the natural step for many customers is ITOM. 13 out of the 20 biggest deals included ITOM during 2021 according to a transcript dating back 12 months. Hence we’re happy to see that the release of San Diego provides plentiful of highlights in the AIOps- & ITOM arena.  


More secure Discovery with gMSA

Not to be confused with service accounts, gMSA (Group Managed Service Accounts) is the hot thing at the moment. They allow you to run programs as an account that doesn’t require a password while still having the security of a strong password. The way it works, simply put but accurate, is that gMSA of course have a password – but it doesn’t require the administrator to know the password.

Groups Managed Service Accounts, or gMSAs, are a type of managed service account that offers more security than traditional managed service accounts for automated, non-interactive applications, services, processes, or tasks that still require credentials.

In the last release of San Diego, ServiceNow ITOM can now leverage gMSA accounts which means that no credentials needs to be stored in ServiceNow. The benefits are many, such as increasing the security additionally through cycling gMSA passwords (credential rotation).

A very important component in the battle for a secure discovery solution. If you’re curious about securing discovery and best practices, here is more in-depth information.

More powerful connection suggestions in Service Maps

The connection suggestions of Service Mapping sniffs, analyses and parses all the active TCP connections within an organization. Based on the TCP traffic it suggests “Connection Candidates” for Service Maps (application services/application layer). With the latest release this part of Service Mapping is starting to become very comprehensive. Supporting load balancers, virtual IPs and provides automatic suggestion of how confident the connection is relevant.

Connection Suggestions Service Mapping

The immediate benefit of having connection suggestions is that application owners and ITOps becomes aware of how their services truly are constructed. Frequently the enterprise architects draws a theoretical picture but the reality with integrations, dataflows and processes which speaks and depend on each other is vastly different.


Agent Client Collector – Log Analytics (ACC-L)

The agent client collector is a framework provided by ServiceNow which serves a multitude of purposes. Originally an acquisition of Loom systems, health log analytics is now fully integrated into the ServiceNow ITOM portfolio. We see the “Health Log Analytics” as part of Event Management, where it’s possible to analyze logs with Machine Learning. Previously it’s only been possible to ingest log data through connecting to existing log services, such as splunk, azure, rsyslog and others.

Starting from the San Diego release, it’s possible to ingest and get log data with the agent client collector framework. In other words leveraging ServiceNow to grab log-data in real-time (Linux & Win) allows to potentially consolidate a companies log monitoring tools. The ACC-L is rather lightweight as it’s built on Sensu, and through the collectors, you don’t only gather log data but also a multitude of hardware related attributes (discovery).

See the blueprint below for an overview of the Agent Client Collector Framework.

Agent Client Collector Framework ServiceNow
The agent client collector framework from ServiceNow

New look for Event Management

In case you’ve missed it, ServiceNow is enabling a major UI rehaul called the “Next Experience”. This new UI is not enabled per default (unless you’re a new customer) but for those curious and working in Operator Workspace, it’s a possibility to enjoy the latest already now.

The new UI have been a project internally at ServiceNow for a longer time and we’re now at the stage where it is slowly being rolled out. “A new UI, again?” – you might ask yourself. Although there’s been many redesigns the past decade at ServiceNow, this particular UI is for a first-time truly created by UX designers with UX designers in mind.

In other words, an organization can build powerful front-ends for ITOM.

Tag-based clustering engine for alerts

Traditionally alerts in ServiceNow ITOM have been very dependent on corresponding CI’s (configuration items). Meaning that for Event Management values to fully take effect a CMDB needs to be in place for all the monitored objects, ideally with relationships. However, the reality is that much of monitoring is not always bound to a host-machine but more abstract concepts such as microservices and applications.

ServiceNow introduces the “Tag-based clustering engine” for event management in the latest release. Based on text semantics alerts can now be grouped in tagging structures. This is very useful in scenarios where CI’s are missing entirely or there is a need to normalize text. For example, an application called different naming conventions depending on the monitoring source.

The alert-based clustering is a powerful addition and can serve as a great option to boost the alert groupings and “fill out the gaps” where the CMDB is lacking.

New event connectors ready to be used

Multiple new OOTB (out-of-the-box) connectors have been added to the Event Management suite. Such as:

  • MID push connector for GCP
  • MID push connector for Azure
  • Azure Bi-directional
  • Logic Monitor
  • Lightstep
  • ThousandEyes
  • Prometheus
  • Oracle Cloud

Enrich the CMDB based on log-data with Health Log Analytics

Logs can tell a lot about the infrastructure. In logs we can find components, disks, application names, services and much more. It would be a shame if all of this data went to waste with only analyzing it for errors. Instead in the latest release, ServiceNow Health Log Analytics can scan logs and try to find references to configuration items that are missing. Users of HLA (health log analytics) can there for enjoy an immensely enriched CMDB of suggested CI’s that discovery potentially have missed or can’t discover at all.


Automatically deep-discover resources after provisioning

Are you using ServiceNow Cloud Provisioning and Governance to create new cloud resources? Then you will be happy to know that as soon as a resource has been created, a “targeted discovery” to the resource can be automatically triggered. Previously the deeper discovery of cloud resources would only take place if a discovery schedule was defined and the resource included. Meanwhile in the latest release pattern-based discovery can automatically be launched after provisioning of a resource – enriching the CMDB even further without delay.

Azure Usage Tracking – mapping the footprint of user behavior in Azure

Organizations who uses Cloud Provisioning and Governance tend to be large in size. Typically MSPs or global enterprises can justify the cost of consolidating multiple clouds into one portal. As a result the number of orderable catalog items tend to be rather large. As different groups, departments and regions expect to be able to order different type of cloud resources.

Keeping track of how users are interacting with the order process of catalog items has not always been easy. In the latest release, ServiceNow have added “Usage Tracking” for Azure. Which means that cloud resources in Azure gets enriched with information about what catalog item was the trigger. This is an excellent way to see which cloud catalog items really are in use, which have the greatest impact and where are there room for optimization (where there’s high volume, there’s always room!).

Final words – ITOM and the San Diego Release

Clearly ServiceNow continues to show their commitment and investments in the ITOM portfolio. The challenges of the past years, such as automating service maps even better as well as too much reliance on the CMDB appears to be seriously addressed for the first time. For customers who consider the time-to-value (TTV) of ServiceNow ITOM these aspects are hugely important.

ServiceNow HQ San Diego
The old HQ of ServiceNow (photographed by the author of this article)

It’s been a long time since we’ve seen these any new features added to a release, the last time was in Orlando. It would appear like ServiceNow still have an affinity for San Diego after all.


San Diego - ITOM Score

The ITOM release rating is a score we give to each new release of ServiceNow where we combine multiple factors to calculate a score. The final rating indicates the relevancy and value of the release from an ITOM point-of-view.

Feature scoring


Market trend keep-up


Upgrade worthy





  • Vastly increased security for Discovery
  • Increased value for orgs that lacks a CMDB
  • Usage of ACC continue to increase


  • No signs of the acquired product Lightstep
About author

Alexander is the Managing Director of Einar & Partners. Highly passionate about the cultural and organizational components in ITOM transformations.
Related posts
ServiceNow ITOM

Top three changes for ITOM Visibility in Vancouver

Archived Webinars

Scaling CMDB Governance Successfully

AnalysisDiscoveryServiceNow ITOM

Having issues discovering CIs in your ServiceNow instance? It is most probably your fault 

AnalysisServiceNow ITOM

ServiceNow ITOM Trends 2023