Security Services Platform Metrics API

Security Services Platform Metrics API

Security Services Platform Metrics

Metrics on VMWare vDefend Security Services Platform (SSP), ​is the monitoring platform that aids in gaining valuable insights with Top N analysis, lifetime counters, and monitor historical trends to aid in troubleshooting firewall operational issues

It has various key performance indicators (KPIs) to monitor below with point-in-time, time-series, and lifetime information.

  1. Security Services Platform
  2. Gateway Security Appliances (NSX Edges)
  3. ESXi hosts for Distributed Security
  4. Distributed Firewall
  5. Gateway Firewall
  6. Intrusion Detection and Prevention System
  7. TLS and others

To learn more, visit : https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend/security-services-platform/5-0/security-services-platform/metrics.html

Feature Overview

Supports below types of metrics-data : 

  • Numeric statistics, reported periodically
  • Status/Events, reported only on transitions

Point-in-Time

  • Last known value
  • Lifetime counter
  • Top N analysis
  • Query time aggregations and filtering
Time Series
  • Ingestion time aggregation. Aggregates raw metrics data across multiple dimensions, such as aggregation function (rate/avg/sum/mean/min/max), time, reporters, entities, etc.
  • Querying with different granularity to get needed aggregations

High-precision data is extremely useful in making real-time decisions, but its value degrades exponentially as the data ages. The requirement to access such historical view is realized by less precise (e.g. 1-hour interval) data in most cases. Accordingly, the practical choice is made to compress the data as its usefulness decays. 

  • The metrics manager runs timers for each aggregation level. Aggregation levels default to 5 minutes, 1 hour, and 1 day. 
  • The 5-min timer collects all the  samples within the 5 min interval, and convert them into 5-min aggregate values. This is the aggregated/compressed datapoint stored in the DB and made available via API.
  • Periodic jobs run to carry out various rollups. Each table has a time-out age. Once the age-timer expires, the data in that table is aggregated and the whole table is deleted.

The supported granularity and data availability duration are as below.​

  • Time Series
    • 5 min granularity for a week​
    • 1 hour granularity for a month​
    • 1 day granularity for a year
  • Point In Time
    • Point In Time metrics older than 24Hrs will be cleaned up.
  • Status/String
    • Status values older than 7 Days will be cleaned up barring the last reported sample which will always be retained.
    • A max of 100 status transitions is maintained per entity. Subsequent values will lead to older values being cleaned up.

Metrics APIs

Security Services Platform Metrics APIs are defined using the OpenAPI standards. Clients interact with the API using RESTful web service calls over the HTTPS protocol. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified.

To learn more, visit : https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend/security-services-platform/5-0/security-services-platform/metrics/how-to-use-metrics-apis.html

Request Authentication

Basic authentication is used for all Security Services Platform APIs and for the features running on the platform including "metrics".

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user admin with password admin, include the following header with the request:

Authorization: Basic YWRtaW46YWRtaW4=

The following cURL command will authenticate to the SSP Ingress using basic authentication and will issue a API request:

curl -k -u USERNAME:PASSWORD https://<SSP>/metrics/key-info where:

USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
SSP is the IP address or host name of the Security Services Platform (SSP)

For example:

curl -k -u admin:secretPw99 https://<SSP>/metrics/key-info

Note: the -k argument instructs cURL to skip verifying the ssp's self-signed X.509 certificate. It is more secure to verify that the server's certificate is signed by a Certificate Authority (CA) that you trust. To do that, omit the -k argument and use the --cacert <ca-file> option, where <ca-file> is a PEM-formatted file containing the CA certificate to trust.

For example:

curl --cacert /home/me/certs/rootca.crt -u admin:secretPw99 https://<SSP>/metrics/key-info

Additional cURL examples below use the -k flag, but you can always substitute the --rootca <ca-file> argument for additional security.

In the above examples, USERNAME may be:

  1. A local user name. For example, "admin".
  2. A remote user name, of the form "user@domain", for example, "joe@example.com". The domain must match a domain for a configured VIDM identity source or a configured LDAP identity source.

Request Failures

It is possible for any request to fail. Errors are reported using standard HTTP response codes. The below table defines the HTTP Status codes these APIs may return

Status Code Description Reason
200 Ok API executed successfully. Check the response payload
204 No Content API executed successfully. No response payload
400 Bad Request If the request is not valid
401 Unauthorized Unauthorized user
403 Forbidden User is forbidden to perform the operation.