ServiceNow and SysTrack Workspace Analytics for ITSM


Well-planned and managed service improvement initiatives deliver benefits beyond efficiency; they win business respect for the clear operational improvement delivered. People-centric operational efficiencies can unlock significant cost savings and increase employee productivity.

Today, the biggest "traffic jams" in IT Service Management are intermittent issues.

To help streamline resolution and automate as much of the ITSM investigative process as possible Lakeside Software has introduced SysTrack Workspace Analytics for IT Service Management as a ServiceNow store app.

With this new functionality the generation of an incident in the ServiceNow platform creates a snapshot of SysTrack's Blackbox data, making it available offline instantly for deep forensics and investigation. This enables IT to gain purview not only to the context of when a user filed a complaint, but also to the historical details that surround past performance problems. The net is a data driven reduction in resolution time and vastly improved user experience.

IT Service Management and the Challenge of the Service Desk

One of the greatest challenges in IT is combining an effective incident and problem management system with a workflow to enable rapid troubleshooting and analysis. Often when a ticket is created a user complaint may be as simple as "it's slow", and this starts a potentially lengthy process of question asking and iterative investigation that may involve numerous tiers of escalation. Stemming from this may be the need for remote viewing or shadowing sessions or even an in-person visit depending on the nature of the issue. Even worse, with the massive explosion in Software as a Service and cloud hosted applications, it can be intensely vexatious to try and find out what side may own the underlying cause. The net is a potentially costly and time consuming process that may end up becoming even more frustrating for the end user than the problem that drove them to complain in the first place.

ServiceNow provides an ideal method for IT organizations to have fluid control of their ticketing system and contextually relevant information presented to them when dealing with user complaints. It also provides workflows and management for user generated ticketing to allow even more flexibility for tracking and resolving concerns. With inbuilt mechanisms for CMDB and business rules to be applied on top of routine process tasks, it's a fantastic platform for IT organizations to augment their service desk. This provides a key component of managing the workflow for incidents, but there remains a need to provide critical data for understanding the cause of complex problems.

This is where SysTrack's workspace analytics steps in to help augment the service desk's toolset. SysTrack provides a continuous capture of all of the system activities and associated components an end user interacts with during their normal activities. This creates a complete historical record of performance characteristics. Coupled with this granular data, is a structured and automated approach to diagnosis within SysTrack Resolve where problems are structured into automated rules that are checked against dynamically and positioned as tiered items for response. This means that if a problem requires escalation (i.e. there isn't a quick fix or known issue) it can immediately be triaged and passed to the next level of support.

Logically, the next question is obvious: how can I combine these two systems? It stands to reason that when a ticket is created within ServiceNow it would be ideal to have a snapshot of that SysTrack data, basically a black box data recorder that has exactly what the user was up to when the incident occurred. With the SysTrack

Workspace Analytics, ServiceNow app the integration of the two systems requires almost no setup and provides an immediate link into SysTrack's deep analysis directly in the notes of an incident. This puts automated analysis directly at the fingertips of anyone supporting the ticket without any additional work.

How Does It Come Together?

SysTrack's architecture is based on a distributed database model with a central collection platform ("Master Server") acting as a reporting and collection node that can be accessed for integration. The result is a compiled, statistically representative cache of information known as the DataMine. Included with this is a series of reporting and operational APIs that allow external systems to make data requests, input data, or invoke certain actions. In this case we'll focus on the SnapshotAPI.

The SnapshotAPI creates a cached, offline record of the Black Box Data Recorder and all associated records from a chosen system. This means that even if the system goes offline or the user disconnects from the network the data is available for investigation at any time in SysTrack Resolve. It is this function that's invoked to make the combination of SysTrack and ServiceNow work perfectly.

When a ticket is created in the ServiceNow system and a workstation/computer object is selected, the FQDN of that object is taken and used to craft an API call that is sent out to generate a snapshot. The ServiceNow application makes an API call through a ServiceNow Management, Instrumentation, and Discovery (MID) server in order to hit the SnapshotAPI on the SysTrack master server (or directly between ServiceNow and SysTrack in the case of SysTrack Cloud Edition), resulting in the creation of a cached data reserve that can be accessed using SysTrack Resolve. Figure 1 contains a basic overview of what this architecture looks like.

Figure 1 – A basic diagram of the SysTrack Workspace Analytics architecture

A Sample Workflow

Let's take a hypothetical situation where a user has intermittent slowness with an application that's remotely hosted. As an example, take a user with a physical desktop and a user with periodic issues with system slowness. In practice an end user is unlikely to be intimately familiar with the underpinnings of how their system is provisioned and their application resource usage, but they will certainly notice when their experience is degraded. In this case we can start with a user who has requested a ticket be opened to investigate an issue he has with what he describes as "system slowness" (Figure 2).

Figure 2: A sample incident with a link to SysTrack's Resolve with a Black Box snapshot for offline analysis

After the SysTrack Workspace Analytics component creates its stored black box record the service desk support staff has the ability to simply click it and immediately get an overview of known bad conditions (Figure 3).

Figure 3: Resolve's diagnostic overview pinpointing Disk Time as a potential concern

From this it's clear that a very likely source of concern for this end user is the performance of one of their disks. This is now where a break point can occur. Because troubleshooting that issue may fall into a higher tier of support the call can immediately be escalated up, saving time and effort, for more detailed investigation. There's a hand off to level two at this point, meaning there may be an additional delay. In this case, as it's not a high priority issue, there's a delay of one business day. That means that the level two technician doesn't pick the ticket up until well after the events have transpired. In the traditional model they'd be starting over again, possibly even having to contact the end user directly and start asking questions again. With the cached data, however, they simply click the link and get into the details.

Once the support ticket is escalated numerous advanced forensic tools are available for troubleshooting. For example, an overview of the historical performance of this system is available for an advanced investigator to see if this user is consistently impacted by problems of this nature (Figure 4).

Figure 4: A thirty day summary of end user experience trends for the impacted user. Note the high impact from the Disk category.

Additional context for issues, like this one, that may only occur on occasion is essential. In this case something stands out: much higher relative impact from the Disk category. Because the ticket is escalated to a higher tier of the service desk, they can now review some additional information on performance and time correlate it to when the user had a problem (Figure 5).

Figure 5: The detailed Black Box view of the application and resource activity around the time of the issue. Note that Windows Defender, and inbuilt A/V application, is driving tremendous I/O load at the time of the complaint.

This example shows that there was a service issue with the locally installed antivirus application, Windows Defender that is used on the user's endpoint. In this case the incident appears to be related to something that may well impact other users at that site. This means the final step is to start comparing this user's health to others in the same physical location and using the same OS. In this case, we can use the Comparative Analytics to start drawing some conclusions about whether this user has unusual disk related impact (Figure 6).

Figure 6: Disk impact for the selected system versus other physical desktops

In this case it appears to be less of a widespread issue as this user has two times the disk related problems of other physical systems. That means it's unlikely that the issue is as pervasive as it could be, and implies a fix for this individual user may be required.

Tying the Story Together

The marriage of historical and real time performance data from the end point (the point of view of the end user) and the workflow around ticket management, provides an ideal way to improve user experience and decrease resolution times. By having a mechanism in ServiceNow directly embedded within the existing ticket flow it's simple to fully leverage the SysTrack toolset to augment the service desk. Not only does it save frustration from being asked the same questions each time a ticket is escalated (as well as the logistical nightmare of scheduling those conversations), but it also automates the process of pinpointing where to focus the attention of the service desk. This gives IT organizations unparalleled ability to save money and time, and more importantly makes users much more productive and satisfied with their experience.

What Next?

The ServiceNow SysTrack Workspace Analytics store app is available and ready for installation, and is fully supported in version 8.1 of SysTrack.