Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. After this date, we support two types of subscriptions: Operations for Applications subscriptions onboarded to the VMware Cloud services platform and original subscriptions. Original subscriptions are the existing ones and they remain as is until they migrate to VMware Cloud services.
For best performance, when you set up most of our integrations, it is recommended to use the Wavefront proxy. The Wavefront proxy ingests metrics and forwards them to Operations for Applications in a secure, fast, and reliable manner.
VMware Cloud Services Subscriptions
When your Operations for Applications service is onboarded to the VMware Cloud services platform you have the following choices for the Wavefront proxy authentication:
VMware Cloud Services Access Token
The Wavefront proxy requires a VMware Cloud services access token with the Proxies service role. There are two options for the proxy to retrieve an access token. You can configure the Wavefront proxy to use:
OAuth App authentication (recommended):
You must use the credentials (client ID and client secret) of an existing server to server OAuth app which has the Proxies service role assigned and is added to the VMware Cloud organization running the service. You must also provide the long ID of the VMware Cloud organization running the service.
If you don’t have a server to server app already, you can create one in the VMware Cloud Services Console. For details, see How to use OAuth 2.0 for server to server apps in the VMware Cloud services documentation. You can also try out the Windows host integration tutorial.
When the access token expires, depending on the token TTL configuration of the server to server app, the Wavefront proxy automatically retrieves a new access token.
API Token authentication:
The API token must be generated in the VMware Cloud Services Console by an active user account. It also must have the Proxies service role assigned. For more information, see How do I generate API tokens.
You might need to regenerate and reconfigure the API token periodically depending on the TTL configuration.
Operations for Applications API token
For a limited number of integrations, you must still use an Operations for Applications API token, associated with a service account that has the Proxies permission. As a user with the Admin service role, you can create a service account with the Proxies permission and generate an API token for it. Then, you can install the Wavefront proxy and set up your integration to pass the API token of the service account.
To understand how you can manage the API tokens for service accounts, see Managing the Operations for Applications API Tokens for a Service Account.
When your Operations for Applications service instance is not onboarded to VMware Cloud services, the proxy requires an Operations for Applications API token.
Before you add a proxy, you must have an API token associated with your user account or a service account with the Proxies permission. See Manage API Tokens for details.
Integrations That Use VMware Cloud Services Access Tokens
We’re in the process of incrementally updating our integrations so that you can authenticate with a VMware Cloud services API token or OAuth server to server app credentials.
When your Operations for Applications service is onboarded to the VMware Cloud services platform, the list of the integrations that are updated as of today is in the table below. This list grows with each release. If you urgently need an integration to become available and configurable with a VMware Cloud services access token, please contact technical support.
Integrations That Use Operations for Applications API Tokens
Here’s the list of the integrations that still use API tokens. Currently, if your service is onboarded to VMware Cloud services, direct ingestion by using the Wavefront Output Plugin for Telegraf is supported only when you use a service account.
- AWS Lambda Functions
- Spring Boot
- VMware Tanzu Mission Control Advanced
- VMware GemFire
- VMware Tanzu Kubernetes Grid Integration
- Terraform Provider
- Ansible Role
- VMware Aria Operations for Logs
- VMware Spring Cloud Data Flow for Kubernetes
- VMware tc Server
- Microsoft Azure Deployment Manager
- Chef Server
- AVI Networks (NSX ALB)
- VMware Blockchain
- C Sharp
List of Unaffected Integrations
The following integrations do not depend on the subscription type and work as expected, no matter whether your Operations for Applications service is onboarded to VMware Cloud services platform or not.
- Google Cloud Platform
- Amazon Web Services
- Microsoft Azure
- New Relic
Note that currently this integration works with a VMware Cloud services API token only.
- Apache collectd Integration
- Cassandra collectd Integration
- Memcached collectd Integration
- MySQL collectd Integration
- NGiNX collectd Integration
- Redis collectd Integration
- Zookeeper collectd Integration