I don't know SCORCH.
I am discussing push versus pull with the Windows Team in terms of triggering SCORCH Workflows from ServiceNow (SN). I am an SN Solution Designer. The SCORCH Team want to poll the SN Incident Table every 3 minutes in order to implement Incident Automation (a.k.a. Recovery Actions).
I am telling them, its a better architecture to push to SCORCH via the SCORCH REST/API. Its faster (no delay) and marginally less of a performance impact.
They tell me that push is a non-started because the runbooks require Server Admin or Domain Admin in order to do their work so the credential would need to be stored in ServiceNow. It is true that credentials in SN are currently not secure - so we can only safely use low level credentials. So they want to use pull - and poll the incident table every 3 minutes.
But I just can't believe that with a product as flexible as SCORCH, it is not somehow possible to split the security requirements somehow: Maybe:
a) Create a generic SCORCH Workflow requiring low level privileges that I could call from SN via the REST API that would act as a Message Queue. I would post in a value for a key field which would indicate which Workflow I wanted to execute.
b) This Message Queue would then trigger the appropriate Workflow in SCORCH with Higher level permissions based on the key field in the Message Queue.
They are telling me no, no, no.. can't be done. I am thinking they just don't want to do it. Not that it can't be done. There must be a way - even if its not the way I outlined above.
Has anyone done this type of thing before? If so How? Are the Windows team fibbing? or telling me the truth?