Extending VMware Cloud on AWS Notifications using the Notification Gateway API

The VMware Cloud Notification Gateway (NGW) Service was launched back in May 2019 and is used to communicate important customer-facing notifications which can be delivered across a number of different communication channels as shown in the diagram below.

Of all the different communication channels, I think one of the most interesting one is the ability to send an outgoing webhook based on a specific VMware Cloud Event. In fact, this was the very first thing that caught my attention when I had first learned about the NGW Service from Nancy Cheng, the Product Manager for this service.

You can probably guess why I was so excited for this feature as it mimics a similiar capability to our VMware Event Broker Appliance (VEBA) solution. This not only enables our customers to consume other public cloud services that support webhooks but it also opens up the door for more advanced integrations, more on this at the end of this blog post 😀

As of publishing this blog post, there are over 75+ VMware Cloud Events which customers can subscribe to such including when a new SDDC is created or deleted, a new ESXi host has been added either manually or automatically via our Elastic DRS (eDRS) Service, SDDC maintenance notices to subscription reminders to just name a few. Although the default email and UI channels are great, many customers would also like to receive these notifications using other popular communications channels such as Slack or Microsoft Teams.

To help demonstrate the webhook functionality of the NGW Service API, I have created a PowerShell Module for VMware Cloud Notifications called VMware.VMC.Notification which is also published i then Microsoft Powershell Gallery. The module contains the following functions:

• Connect-VmcNotification
• Get-VmcNotificationEvent
• Get-VmcNotificationWebhook
• Test-VmcNotificationWebhook
• Remove-VmcNotificationWebhook

Pre-Reqs:

• PowerCLI 12.0 or newer
• VMware Cloud on AWS scoped Refresh Token

Note: Each function supports a -Troubleshoot parameter which outputs both the payload along with the specific NGW REST API endpoints for both troubleshooting purposes but also if you wish to use another language or simply native REST.

Step 1 - Install the VMware.VMC.Notification module:

Import-Module VMware.VMC.Notification

Step 2 - Connect to the VMC Service API endpoint using Connect-VMC cmdlet:

Connect-VMC -RefreshToken $RefreshToken

Step 3 - Connect to the VMC Notification Gateway API endpoint using Connect-VmcNotification function:

Connect-VmcNotification -OrgName $OrgName -RefreshToken $RefreshToken

Step 4 - To create a new VMC Notification Webhoook, use the New-VmcNotificationWebhook function:

Here is an example of subscribing to the SDDC Create/Delete Event and posting the VMC Notification to Slack which requires that you to configure an incoming Webhook for Slack

$vmcSlackNotificationParams = @{
ClientId = "vmc-sddc-slack-notification";
WebhookURL = "https://hooks.slack.com/services/FILL-ME-IN";
NotificationEvents = @("SDDC-PROVISION","SDDC-DELETE");
}
New-VmcNotificationWebhook @vmcSlackNotificationParams

Here is an example of subscribing to the SDDC Create/Delete Event and posting the VMC Notification to Microsoft Teams which requires that you to configure an incoming Webhook for Microsoft Teams

$vmcMSTeamsNotificationParams = @{
ClientId = "vmc-sddc-ms-teams-notification";
WebhookURL = "https://outlook.office.com/webhook/FILL-ME-IN";
NotificationEvents = @("SDDC-PROVISION","SDDC-DELETE");
}
New-VmcNotificationWebhook @vmcMSTeamsNotificationParams

Step 5 - To list all VMC Notification Webhook, use the Get-VmcNotificationWebhook function:

Get-VmcNotificationWebhook

Step 6 - To verify that your VMC Notification Webhook was setup correctly, the NGW Service supports the ability to "simulate" the configured webhook. This has been implemented using the Test-VmcNotificationWebhook which requires the ID of the webhook you had created along with the name of one of the NGW Events which you have subscribed to within the configuration.

Test-VmcNotificationWebhook -Id [NGW-WEBHOOK-ID] -EventId [NGW-EVENT-ID]

Note: If you did not receive a successful message, you probably have a miss-configuration. One way to troubleshoot is to manually call your incoming webhook using something like cURL or Invoke-Webrequest to ensure that it is functioning

If everything was configured correctly, you should now see that the NGW test webhook has been sent to either your Slack or Microsoft Teams channel that you had setup earlier. Let's now take a look at what a real SDDC Provision Event would look like!

Here is what you would see in Slack after a new SDDC has been created:

Here is what you would see in Microsoft Teams after a new SDDC has been created:

To delete a VMC Notification Webhook, you will use the Remove-VmcNotificationWebhook function and specify the NGW Webhook ID:

Remove-VmcNotificationEvent -Id [NGW-WEBHOOK-ID]

As you can see the possibilities are endless in the different ways you can control which VMware Cloud on AWS Notifications are received and where they are sent to beyond the default communication channels that VMware offers. I am super excited to see what our customers will do with this new notification capability and as new features and services are enabled, additional VMware Cloud notification events will be added. If there is something that is not there today, feel free to leave a comment and I will make sure our Product Manager is aware.

Lastly, I wanted to circle back on why I was so excited for this webhook capability as it can enable more than just custom communication channels. Instead of just sending a notification, what if you could execute a custom automation script that was written in the language of your choice that allowed for additional logic processing? What about integrating with other IT solutions that you have within your organization or with other cloud services to perform configuration changes within or outside of your infrastructure? What about automatic remediation based on specific VMware Cloud events which could even trigger incident management systems with the results of the automation?

If this sounds all too familiar, you are right, these are just some of the common use cases we have seen from customers benefiting from their use of the VMware Event Broker Appliance (VEBA). In a follow-up blog post, I will demonstrate how you can integrate the VMware Cloud Notification Gateway and automatically call into the VEBA solution and its respective functions. I believe this will unlock even more possibilities, especially for customers interested in building event-driven automation which will allow them to focus their efforts on what is most critical to their organization, which are the scripts and code that powers their business logic.

Here is a sneak peak at extending our Slack and Microsoft Teams example and augmenting it further to include additional processed information within a VEBA function to deliver a richer experience as it relates to the alerting and notification use case. This is a very basic example but for existing VMware Cloud on AWS customers, you can now take advantage of the same benefits of VEBA but now for VMware Cloud Events!