Bluemix Secure Gateway Component
The Bluemix Secure Gateway component have 2 pieces – the service running on the Bluemix and the client installed on the target server.
Bluemix Secure Gateway can be created following steps below:
- Log in to Bluemix;
- Click on the “Catalog” to access the Bluemix services’ catalog;
- Type “Secure Gateway” on the search field;
- Click on the “Secure Gateway” service that should apears as result of the search;
- Click on “Create” button;
- Once created, new service will be available on the dashboard;
- Access the service that was just created to configure it;
- Under “Manage” menu option, click on the plus icon to add a new gateway;
- Click on the “Advanced Setup” tab;
- Enter the destination name, hostname and port to where the data flow should go to;
- For the destination information, assuming the gateway client will be in the same server as Omnibus, the MessageBus Probe information should be used (e.g. localhost on port 16316);
- Click at “Add Destination” button.
- On the new box created for the destination just created. click on the engine icon and copy the “Cloud Host : Port” information. That will be used later to send events to Bluemix service.
At this point the Secure Gateway Service is created and configured to point to the Message Bus Probe host and port.
Secure Gateway Client
The Secure Gateway client needs to be installed on the target server to close the conection from the Bluemix service to the target host running the message bus probe.
By using the Secure Gateway solution the connection is outbound from target host where the Secure Gateway client was installed to Bluemix, avoiding opening inbound connection on the customer firewall.
Follow steps below to have the Secure Gateway client installed:
- On the Bluemix, inside the Secure Gateway Service and the destination just created, click on the “Clients” tab;
- Click on the “Connect Client” button;
- Download the install pack for the correnponding target server’s OS;
- Keep the “Gateway ID” and “Security Token” info to be used on the client configuration;
- Transfer the install pack to the target server and proceed with installation;
- Installation details can be found at – https://console.bluemix.net/docs/services/SecureGateway/sg_025.html
- Once client is installed and process is running on the target server, the client connection should apears on the Secure Gateway Service, under “Destinations”.
- Add and ACL rule to allow the connection between Secure Gateway and Message Bus Probe by adding “acl allow localhost:16316” to the /etc/ibm/acl.rules file.
Azure Alert Rule
Now that the Secure Gateway is available and the flow to the on premise Message Bus probe is created the Azure alert rules can be defined.
Follow steps below to add new alert rules on the Azure environment:
- Login into Azure account;
- On the Dashboard, go to “Monitor”;
- Under “MANAGE”, goto “Alerts”;
- Locate the resource to add a metric alert;
- Click on “Add Metric Alert”;
- Fill the alert details like name and description;
- Choose a condition, a threshold and a metric to be monitored;
- On the “Webhook” field put the information from the Secure Gateway address collected on the step 1.
- Click OK.
Now the Azure alert was set to be forwarded to the Secure Gateway public address.
Note: this solution is very flexible to accept events from any other system that has Webhook feature enabled. For testing, the Postman (https://www.getpostman.com/) tool can also be used.
The event should flow from Azure to the private Omnibus as show below