I previously wrote about the VMware Cloud Notification Gateway (NGW) which provides curated notifications delivered to VMware Cloud on AWS users. By default, NGW supports several types of notification channels such as email, VMware Cloud Console UI, VMware Cloud Activity Log, vRealize Log Intelligence Cloud (vRLIC) and the vSphere UI when using the vCenter Cloud Gateway. A lesser known feature of NGW is the ability to extend into even more channels by leveraging its webhook functionality which is available when using NGW API.
For a basic "pass through" of the NGW notification to another cloud service such as Slack or Microsoft Teams as example, you can simple setup an incoming webhook on Slack or Microsoft Teams, which I had covered in the previous blog post. From there, you can configure an NGW subscription and forward the NGW notification to the specified incoming webhook.
For more interesting scenarios where customers may want to perform some additional data processing when the NGW notification arrives or run some code/automation and integrate that with other systems which can include your on-premises infrastructure, the basic webhook workflow is not sufficient. Having said that, at the end of the previous blog post I did hint at a solution that would enable customers to support such scenarios which is by leveraging the VMware Event Broker Appliance (VEBA) solution.
The way this works is that we are still taking advantage of the NGW webhook capability but instead of forwarding the NGW notification to a cloud service that supports an incoming webhook, we are sending it to VEBA for processing. Once the notification has been received by VEBA, customers can apply additional logic by using any language of their choice which runs as an automated function and is then responsible for sending the final payload to its destination. This is really the power of VEBA which enables customers to perform any additional processing or business logic to an event before sending it out to its intended target.
- VEBA must be deployed with a valid trusted TLS certificate. Self-Sign or Custom CA certificates will not work as NGW can only send to a trusted endpoint which is expected when using the webhook standard. For more details on this setup, please refer to PK's blog post on configuring VEBA with a trusted TLS certificate
- Inbound access to VEBA over HTTPS (443) is required for NGW communication. To ensure that VEBA is only accepting incoming requests from the VMware NGW service, it is recommended that you add the following IP Addresses (184.108.40.206, 220.127.116.11, 18.104.22.168) which are the source IPs for NGW service to connect to VEBA
To demonstrate this integration, I have created two simple VEBA functions that simply extend our Slack and Microsoft Teams scenario but you can certainly do much more including calling into your own on-premises solution which is not possible by just using NGW service.
Here is an example of what the customized Slack and Microsoft Teams message would look like for when a new SDDC is provisioned in VMware Cloud on AWS:
Hopefully this sparks some cool integrations and ideas that can be further extended by using VMware Cloud Notifications with VEBA! 😀