Mastering ITAM Tools: Navigating ServiceNow and Flexera Solutions

Kris Johnson: Hi, and welcome to another episode of the ITAM Executive. I’m Kris Johnson, Chief Product Officer at Anglepoint. And with me are Rich Toomey and Alan Legerlotz, ITAM technology professionals with different areas of experience and expertise with various SAM and ITAM tooling platforms. So, let’s maybe start with some introductions to familiarize everyone with your backgrounds and areas of expertise. Rich, maybe we can start with you.

Rich Toomey: Sure. I’ve been in the ITAM field for about 15 years. I started out as a software developer and worked on some custom projects for large companies related to both hardware and software asset management. This was before ServiceNow had really taken off—that’s the primary platform I’ve been working with. People had to do things in a custom way back then. For example, how did you build catalogs? Around 2012, I worked on an integration project that involved Flexera.

That client happened to use ServiceNow, and that was my first engagement with both Flexera and ServiceNow. I fell in love with the platform from day one.

I ended up taking a full-time position in asset and configuration management at a large insurance company on the East Coast. Now, I’m here, supporting the tools team to ensure that, on the ServiceNow side, the infrastructure is in place to support the license management teams, the operational teams, and the managed service team here.

Kris Johnson: Yeah, wonderful. Alan?

Alan Legerlotz: I don’t know how I’m supposed to follow that—15 years of ITAM experience and coming from a software development background! That’s actually where I started as well, Kris. Coming out of college, I was a software developer for a few years, but I liked being the hero sometimes.

So, the people who handled the build and release system and the nightly tests said, “Hey, do you want to do this? Nobody wants to.” So, I got into release engineering and became a packaging expert, which is how I got connected with Flexera—before it was even Flexera.

Kris Johnson: Flexera.

Alan Legerlotz: Right. I did consulting for them for about six years and really enjoyed working with the customers. Eventually, I needed to get off the road, so I took a position with another software company near where I lived in New England. I commuted back and forth for a few years, then moved to the West Coast, where I reconnected with Flexera. There was a great opportunity in what was, at the time, their SLO practice or their SAM practice. I was a solution architect there for a few years, and now I’m at Anglepoint, specializing in Flexera One and all its different modules. I really enjoy working with customers here, helping turn the promises and outcomes we talked about into reality. It’s really rewarding.

Kris Johnson: Now, correct me if I’m wrong, but while you were at Flexera, you managed a number of solution consultants who reported to you as they supported pre-sales efforts, right?

Alan Legerlotz: Yes, primarily in pre-sales. We handled accounts ranging from small businesses to some of the largest enterprise customers in the industry.

Kris Johnson: Just a few weeks ago, you and I were working together with a client on the East Coast. They were evaluating a few different tooling options, with Flexera being one of them. They had some pre-sales folks present, including solution consultants who used to report to you, which added an interesting dynamic. It was great to have someone like you on the team to help fact-check and ensure that the information from the tool vendors was accurate and realistic, without any marketing spin. It’s always nice when we can work with clients to make sure they’re getting real-world, trustworthy information.

Alan Legerlotz: Yeah, I have to say, I enjoyed watching the “bake-off” from this side of the table, rather than being the one doing the demos for all the use cases. The vendors did a great job.

Kris Johnson: You might’ve been sweating a little on their behalf, though.

Alan Legerlotz: Exactly! But they came through like troopers. That engagement was interesting because it focused on what the customers were trying to achieve, their requirements, and allowed us to see how the different vendors stacked up against each other. It was eye-opening to see the results.

Kris Johnson: Yeah, and Rich, you were also involved in that engagement, so we had the chance to work together on it. You represented the ServiceNow perspective, especially from an implementation standpoint. Let’s talk about that—whether specific to that engagement or more generally—what are some of the “dirty secrets” of implementing these tools? What are the challenges that no one likes to talk about but inevitably arise in large organizations where “the rubber meets the road”?

One thing that comes to mind, which I mentioned in that engagement, is credential management. If a company doesn’t have good credential management processes in place, it’s going to be very hard to keep inventories accurate and up to date. For instance, if every 90 days passwords need to be changed by policy, and they have to change them in this other application, which system admins aren’t used to. This is where credential management applications like CyberArk or Okta come in handy. That’s just one example I’ve run into—credential management is key when it comes to inventory and discovery, especially with agentless approaches.

In fact, you probably shouldn’t even attempt agentless horizontal or top-down discovery without robust credential management processes in place.

Alan Legerlotz: Yeah, absolutely. I actually have something in response to your question, and it’s not so much in the weeds. I think the most important factor for a successful implementation is executive sponsorship and buy-in. If the security team isn’t on board with the ITAM team doing the implementation, you’ll end up spinning your wheels as different groups inside the enterprise argue about what to do.

But if this becomes an executive-sponsored project—where someone with the authority says, “We’re doing this, go make it happen”—then things like robust credential management, agent rollout, firewall access, or network access get done. Without that, it’s the biggest time waster and the biggest obstacle I see.

Rich Toomey: So true. To add to that, assuming you have the sponsorship and the champion in place, let’s talk about discovery as a general topic. Environments aren’t static. New subnets pop up, new security issues arise, and zero trust is becoming a big theme. ServiceNow, for example, is making changes to how they handle credential management to align with that new ideal and best practice. But it’s a process of constant care and feeding—it’s not “set it and forget it.”

Kris Johnson: Yeah.

Rich Toomey: You can have a successful implementation that works for a while, but it can suffer from benign neglect over time, right? You need someone monitoring it continuously. For instance, with CMDB, data quality heavily depends on the quality of discovery and the sources you’re pulling from. Both Flexera and ServiceNow offer model normalization, which is complex and difficult to maintain.

Kris Johnson: Absolutely. It’s often easier for IT organizations to budget for buying the tool, going through the selection process, getting procurement involved, selecting a vendor, and buying the tool. They might even hire an implementer to turn it on. But then, what? The tools don’t manage themselves, right?

Rich Toomey: Exactly. I was at the ServiceNow Knowledge event, talking to ServiceNow partners, and many of them said they implement SAM Pro (ServiceNow’s software asset management solution). So I asked, “How do you handle publisher onboarding?” And their response was, “What’s publisher onboarding?” They think turning the tool on equals implementation, but the real work starts after that.

Kris Johnson: In the ServiceNow context, enabling that module is super fast and easy, but the real work is in the onboarding. This is where cutting through the marketing speak is important. Salespeople only know enough to sell the tools, but they don’t know the intricacies of implementation, which leads to glossing over some of the steps needed to extract value. The solutions aren’t bad, but it’s not an easy button.

Rich Toomey: During the tool comparison project we mentioned earlier, we asked, “How many full-time employees (FTEs) will it take to run your system once it’s in place?” I don’t think we got a solid answer from either vendor.

Alan Legerlotz: Exactly, it’s not just that the tools aren’t bad—some are so good they can do many things. The key is prioritizing the outcomes you want to drive and focusing your program on those outcomes. You can’t do everything at once. For example, Flexera is an ITAM tool that handles SaaS and cloud cost optimization, but you need to direct the tool to the outcomes you care about most.

ServiceNow is essentially a giant database—you can do anything with it, but you have to decide what outcomes to focus on. Is cost savings paramount? Risk mitigation? Pick one, put all your efforts into that, and don’t try to tackle everything at once.

Kris Johnson: That’s great advice. Focusing on everything at the same time isn’t a good recipe for success. Another topic I’d love to hear your thoughts on is the functionality that salespeople like to highlight—like integrations with Coupa, Ariba, or SAP Financials. They make it sound like you can automatically bring in purchase information, and suddenly, all your entitlement data is beautifully normalized. But the reality is much different.

Rich Toomey: Exactly. The reality is, to make that integration work, your accounts payable team would need to include specific SKU numbers in the purchase orders, which nobody does.

Kris Johnson: Right! Your IBM PO just says “Quantity 1—IBM stuff for $10 million,” without breaking it down into software and services. Sure, the tool can connect to those data sources, but it’s not magic. You still have to manually analyze and match the data.

Alan Legerlotz: Yeah, especially with SaaS. The tool might connect to a vendor’s API, but when you compare the invoice to the API data, they often don’t match. And the integrations are only great after you’ve configured them properly—there’s still manual work involved.

Rich Toomey: Exactly. I’m glad you brought up SaaS. Yes, you can integrate with a SaaS platform, but the integration is often limited. You won’t get full lifecycle management through the tool. You’ll still need to go to the vendor’s portal for some tasks.

Alan Legerlotz: It’s about having realistic expectations. I don’t think salespeople are trying to mislead anyone, but they often believe everything works seamlessly, when, in reality, the devil is in the details.

Kris Johnson: And speaking of devilish details, IBM bundling is another area where no tool does it natively very well. Even IBM’s own tool, ILMT (IBM License Metric Tool), which is supposed to do bundling, isn’t very accurate. With Flexera, for instance, you still have to manually provide the bundling logic and make those associations.

Alan Legerlotz: Yeah, and anything manual is prone to errors.

Kris Johnson: Yeah. On the ServiceNow side, it’s not really even an option, except as some of our audience may be aware, Anglepoint has developed an app in the ServiceNow App Store that allows you, within SAM Pro, to install a module that enables us to, through the ServiceNow API, pull in that source data. We do our bundling logic and then sync it back to the ServiceNow database. We do that also for ILMT as well, and we are in discussions with Flexera to do the same kind of thing. It’s been happening for quite some time.

But that’s one of those things — to do the bundling, there are some big caveats there, and it’s certainly not as easy as someone might think.

Rich Toomey: Yeah, that’s another good example where, yes, ServiceNow integrates with ILMT, but all it can do is provide the information that ILMT has. If that information is flawed, you still face the challenge of how to handle the bundling.

Alan Legerlotz: Yeah. And here’s another—oh, go ahead.

Rich Toomey: I was going to say, one of the things you said is key here: it’s a free tool from IBM. When I’ve been dealing with things like cloud cost optimization and talking to customers about that, I use what is provided by my cloud vendors to tell me how to optimize. Then I step back and say, “Let’s think about this: your cloud vendor is selling you something, but they’re going to help you save money on it?” I don’t think the CEO of company X is going to lose sleep saving you money.

So, when you look at these things, yeah, they’re going to give you just enough to do some manual configuration and get some benefits. But when you look at the time Anglepoint has invested in IBM bundling and things like that, there’s a reason we don’t give that away for free. We’ve put money into this intellectual property, but it will pay off when you’re actually getting as much savings as you possibly can. Those free tools are free for a reason, in my opinion. And they’re free, like a puppy.

Kris Johnson: Exactly.

Rich Toomey: And our plugin for ServiceNow is available to managed service customers only at this time.

Kris Johnson: Yeah, it’s wrapped around the service. Good point.

Rich Toomey: Yeah. What about from a CMDB standpoint? We’ve had other episodes on the podcast talking specifically about the health and shape your CMDB needs to be in to get full value out of a ServiceNow SAM Pro implementation. Any quick common challenges there to make listeners informed and aware of things they should be watching out for?

Rich Toomey: Sure. Don’t customize your instance of ServiceNow. Don’t add new statuses, especially as we move to the new CSDM models. ServiceNow is going to start locking down those lifecycle statuses for things. They’re building a lot of functionality that will be impacted if you have custom statuses. Plus, it makes it harder for them, as a service provider, to answer your questions. If every ServiceNow implementation is unique, it’s like you have to debug a completely separate system.

Kris Johnson: Spoiler alert: every ServiceNow implementation is unique.

Rich Toomey: It’s like a snowflake—no two are exactly the same. A lot of companies are being faced with the challenge of trying to put the genie back in the bottle and undo customizations. Some are even considering page re-implementations. Sure, you can extend tables, extend the data you’re capturing, and put workflows through—all that wonderful stuff. But when it comes to the core functioning of the system, you want to stay within the guidelines and best practices they provide.

Kris Johnson: Yeah.

Rich Toomey: I know a lot of companies are considering CSDM and moving towards it. I know ServiceNow is pushing for it. It would make everybody’s life easier.

Kris Johnson: The Common Services Data Model — keeping data in the structure and format that other component applications rely on for consistency.

Rich Toomey: Some of the other challenges you’ll see with the CMDB are that discovery is a broad animal. Devices can be discovered from multiple sources, and sometimes it’s hard to get those things to reconcile, right? I always see it as that layered tier—the common picture. First, core data. Then you want your software data. Then you can do your license compliance. That’s the top of the pyramid. There’s a lot of foundational stuff that has to happen before you can get to that nirvana.

Kris Johnson: Yeah, we were talking about this earlier as well. This speaks to the need to do a pre-implementation health check of the CMDB if you’re looking to implement SAM Pro and rely on CMDB data. You want to look retroactively and modify to conform to the Common Services Data Model. Look at your import sets. Look at your IRE rules. If you’ve got multiple sources of inventory, which ones are you prioritizing in which circumstances? Are you appending versus replacing? If you’ve got no values in one, what’s your primary data source? What do you use as a secondary or tertiary, and so forth?

Rich Toomey: Yeah. We do an extensive health check before we take on a SAM Pro project, whether we’re doing the entire project or just the license management portion. If somebody is an existing customer and already has a SAM Pro implementation in place, we’ll do that very deep dive into their CMDB and discovery—always with an eye on license compliance or anything that could impact that.

Kris Johnson: Otherwise, it’s garbage in, garbage out, right? The worst thing you can do is sabotage yourself, because if you can’t rely on the data coming out of these tools due to bad data going in, you’ve now shot your reputation internally with your stakeholders. “Oh, the tool is bad.” No, the tool is fine. It’s designed to do great things. We just started feeding it bad data. It comes back to master data management.

Rich Toomey: This is more of a unique challenge to ServiceNow than Flexera. ServiceNow is a platform for so many things that it can potentially be impacted by changes made by other parts of the organization—whether it’s the GRC team, HR team, or whoever. Over time, in addition to the upfront check, we constantly recheck the instances of our customers to make sure something outside our control hasn’t happened that will impact the quality of our work.

Kris Johnson: Although even with a Flexera implementation, if you’re integrating and pulling data from a ServiceNow CMDB—or any other CMDB for that matter—the quality of that data still absolutely matters.

Rich Toomey: Good point. That same dependency exists.

Alan Legerlotz: And those custom fields impact what gets done with that data when it gets pulled into a tool like Flexera. If you have different statuses, and it’s looking for “retired” but you’ve changed that to something else, it’s not going to be recognized unless you do all the manual steps to enable that recognition—like custom business adapters for things like that. All of a sudden, you’ve taken a process that was set up, but because of all this customization, the work snowballs.

Flexera’s capability to do that round-trip with the CMDB to normalize the data and feed it back can cause some issues too. I’m dealing with a large customer that has people doing a lot of manual updates to the CMDB for various reasons—machines being retired, ownership changes, etc. These are all manual processes. When the Flexera inventory agent brings in data that says one thing, and the ServiceNow CMDB says something completely different, now these two things are arguing with one another: which one is correct? Countless hours are spent on resolving that because the processes at this customer around those manual updates are less than optimal, to put it that way. It’s difficult.

Rich Toomey: Yeah. I heard something recently. Someone at Anglepoint made this comment. They said, “If you can get your CMDB to a level that’s required for quality, trustworthy data that’s necessary for software asset management, all your stakeholders are going to be happy because we have the most stringent requirements on the level of data we need.” Think about it—we’ve got to go from the hardware level down to the software level, right? Whether it’s cloud, virtual, or physical, vendor-owned or self-owned.

Alan Legerlotz: One thing I wanted to bring up when you were talking about the CMDB and how hard it can be—I’ve seen, with the same customer, some of the disparity of data between Flexera and ServiceNow. Most big enterprises have both; they may be using ServiceNow for ITSM, CMDB, etc., but this particular customer I’m thinking of has done a lot of mergers and acquisitions. Thinking through the process of how you’re going to integrate those has caused more issues with the data in ServiceNow because it’s legacy data that has been imported and not kept up to date. The care and feeding, the updating, to make it reflect what the company looks like now hasn’t been done, and that’s been a constant source of issues—a real problem.

Rich Toomey: And we come across that a lot. Customers have done a quick-and-dirty import of data because it’s got to be in a report, it’s got to be seen, it’s got to be managed. They think, “We’re going to retire this anyway, so let’s not worry about it.” What we end up finding is that these records need to be deleted. We need to establish good practices.

Now I’ve got back to my train of thought. Everything we’re talking about—care and feeding, this whole discussion—it’s all governance, right? You can’t govern what you can’t measure. If you don’t measure it, you can’t correct it. A lot of what we end up doing is just looking for the variance, recording it, and making sure the people accountable for fixing it are addressing it.

I was actually involved in a very large CMDB cleanup two years after the previous one, and the difference was that instead of doing it as a one-time thing, every discrepancy we uncovered, I required we put in a catch. If this ever happens again, I want to know about it. Further, I wanted it run every month and reported to the steering committee. So, they’d say, “Hey, we cleaned up 10,000 servers that shouldn’t have existed in the first place—they existed for very specific reasons. If that reason ever comes back, we want to catch it.”

You can’t identify every mistake that’s ever going to happen in the future, but it’s like an earthquake: it may not happen again, but it tends to happen where it’s happened before. So, if you make that part of your plan, it becomes a growing safety net over time. It’s one thing for us to come in and measure periodically. It’s another thing to say, “Here are new measurements unique to your organization that you should keep tabs on.” Once you grow that library, it gives you much more confidence because you’re catching things, you’re seeing things before management asks about them, and you’re addressing them as quickly as possible.

That’s a practice I don’t see often. Usually, things are more tactical. You have a problem today, you fix it today, but you don’t think about preventing it from recurring tomorrow.

Alan Legerlotz: I think what you’re talking about is program maturity, right? You go from being reactive to proactive, putting governance in place, adding some automation, some watchdog-type features, and then suddenly, you’re able to deal with new initiatives and outcomes you want to drive instead of just managing issues. Everyone starts at that immature point, but the benefits really come when you reach that mature point. The question is, how quickly can you get there?

Kris Johnson: Yeah. We’ve been talking about specific tools and tool vendors in the ITAM platform space. There are many others, maybe not with the same market share, but they have compelling offerings depending on your use case. We should mention that, for Anglepoint’s part, we are tool-independent. We don’t sponsor, resell, or promote one tool over another. We try to be experts in all solutions, and we’ve noticed differences and some leaders in this category, but we remain independent in our view and assessment of their offerings and what use cases they’re suited for or less suited for.

Alan Legerlotz: One thing that’s stood out to me since I joined Anglepoint is how we specialize our consultants—some for publishers, some for tooling, and for different aspects. We want to use the best consultant for the job and the best tool for the job, but every job is different, right? So, half the time Flexera might be the right choice, and half the time it could be ServiceNow, or one of the other tools.

Rich Toomey: Yeah, it depends on the client, their priorities, their situation today, their install base, and their capacity for managing a large-scale platform like ServiceNow. Or maybe they need a point solution like Flexera. Where do they need to get to? Do they have a CMDB? If not, ServiceNow comes with one, but Flexera will take data from any source—CMDB or otherwise.

Alan Legerlotz: But Flexera doesn’t have workflows or a CMDB, so in some cases, you’re putting different tools together.

Rich Toomey: And that might be the right answer for some clients.

Kris Johnson: It all comes down to use cases again. What do you value? What outcomes are you trying to drive? There are differences, and it’s important to know those differences, but it’s more important to know what you value. Otherwise, you’ll be spun around by marketing.

Alan Legerlotz: Yeah, if it comes down to price or internal company politics, you might end up with a tool, but it may not be the best one for your use cases and outcomes. When you evaluate tools based on what you need to achieve, then you’ll pick the right one. That’s what we’ve done with that large customer you mentioned. We made some specific recommendations, and I think they’ll be quite successful if they follow them.

Kris Johnson: Here’s a harsh reality: the best tool for you right now may not be the best tool for you in five or ten years. Your use cases will evolve and change. Hopefully, the platform will evolve with you, and you’ll give feedback to make sure it meets your needs as they change.

This has been a great discussion. Alan, Rich, thanks for your time. I hope this conversation has been valuable for our audience to learn about the challenges you only face when you’re in the trenches of delivery and implementation of these platforms. As I’ve said before, a fool with a tool is still a fool. There’s no reason to remain uninformed. Get the information you need, talk to people like Rich and Alan who know the challenges you’ll face when implementing these tools.

We started with governance, and we ended with governance from a data standpoint. We talk about governance a lot on this podcast for a reason. Make sure it’s the priority it needs to be and don’t default to the easy solution—just buying a tool without the necessary governance. Thanks again, and hopefully, we’ll have a follow-up discussion as the tooling landscape continues to evolve.

Alan Legerlotz & Rich Toomey: Sounds great. Thank you.