[AI-6411] Add HPE Aruba EdgeConnect integration

.ddev/config.toml

@@ -43,6 +43,7 @@ krakend = "KrakenD"
 lustre = "Lustre"
 prefect = "Prefect"
 n8n = "n8n"
+hpe_aruba_edgeconnect = "HPE Aruba EdgeConnect"
 control_m = "Control-M"
 nifi = "Apache NiFi"
 
@@ -53,6 +54,7 @@ prefect = "prefect.server."
 n8n = "n8n."
 control_m = "control_m."
 nifi = "nifi."
+hpe_aruba_edgeconnect = "hpe_aruba_edgeconnect."
 
 [overrides.ci.ddev]
 platforms = ["linux", "windows"]
@@ -271,3 +273,5 @@ prefect = ["linux", "windows", "mac_os"]
 n8n = ["linux", "windows", "mac_os"]
 control_m = ["linux", "windows", "mac_os"]
 nifi = ["linux", "windows", "mac_os"]
+hpe_aruba_edgeconnect = ["linux", "windows", "mac_os"]
+

.github/workflows/config/labeler.yml

@@ -657,6 +657,10 @@ integration/hivemq:
 - changed-files:
   - any-glob-to-any-file:
     - hivemq/**/*
+integration/hpe_aruba_edgeconnect:
+- changed-files:
+  - any-glob-to-any-file:
+    - hpe_aruba_edgeconnect/**/*
 integration/http_check:
 - changed-files:
   - any-glob-to-any-file:

.github/workflows/test-all.yml

@@ -1618,6 +1618,26 @@ jobs:
       minimum-base-package: ${{ inputs.minimum-base-package }}
       pytest-args: ${{ inputs.pytest-args }}
     secrets: inherit
+  j0be27fe:
+    uses: ./.github/workflows/test-target.yml
+    with:
+      job-name: HPE Aruba EdgeConnect
+      target: hpe_aruba_edgeconnect
+      platform: linux
+      runner: '["ubuntu-22.04"]'
+      repo: "${{ inputs.repo }}"
+      context: ${{ inputs.context }}
+      python-version: "${{ inputs.python-version }}"
+      latest: ${{ inputs.latest }}
+      agent-image: "${{ inputs.agent-image }}"
+      agent-image-py2: "${{ inputs.agent-image-py2 }}"
+      agent-image-windows: "${{ inputs.agent-image-windows }}"
+      agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
+      test-py2: ${{ inputs.test-py2 }}
+      test-py3: ${{ inputs.test-py3 }}
+      minimum-base-package: ${{ inputs.minimum-base-package }}
+      pytest-args: ${{ inputs.pytest-args }}
+    secrets: inherit
   j56d6f32:
     uses: ./.github/workflows/test-target.yml
     with:

code-coverage.datadog.yml

@@ -322,6 +322,9 @@ services:
 - id: hdfs_namenode
   paths:
   - hdfs_namenode/datadog_checks/hdfs_namenode/
+- id: hpe_aruba_edgeconnect
+  paths:
+  - hpe_aruba_edgeconnect/datadog_checks/hpe_aruba_edgeconnect/
 - id: http_check
   paths:
   - http_check/datadog_checks/http_check/

hpe_aruba_edgeconnect/CHANGELOG.md

@@ -0,0 +1,4 @@
+# CHANGELOG - HPE Aruba EdgeConnect
+
+<!-- towncrier release notes start -->
+

hpe_aruba_edgeconnect/README.md

@@ -0,0 +1,90 @@
+# Agent Check: HPE Aruba EdgeConnect
+
+## Overview
+
+This check monitors [HPE Aruba EdgeConnect][1] through the Datadog Agent.
+
+HPE Aruba EdgeConnect is an SD-WAN platform used to connect branch offices, data centers, and cloud environments through an overlay of secure tunnels managed centrally by an Orchestrator. This integration authenticates against the Orchestrator and the individual EdgeConnect appliances, collects health and performance metrics from each appliance's REST API and minute-stats archives, and reports the topology of the SD-WAN fabric (devices, interfaces, and tunnels) to Network Device Monitoring (NDM).
+
+### What this integration monitors
+
+The integration collects metrics across multiple layers of the EdgeConnect SD-WAN fabric, including:
+
+- **Orchestrator and appliance inventory**: Discovers all EdgeConnect appliances managed by the Orchestrator. Surfaces reachability status, uptime, hostname, site, model, and software version.
+- **Appliance health**: Reports CPU, memory, and disk usage percentages, as well as hardware alarm state, to detect overloaded or failing devices.
+- **Network interfaces**: Provides administrative and operational status, configured speed, RX/TX bandwidth and rate, peak and average utilization, and forward-drop counters per interface.
+- **SD-WAN tunnels**: Reports per-tunnel latency, jitter, packet loss (pre- and post-FEC), Mean Opinion Score (MOS) for voice-quality tracking, downtime during the interval, and bidirectional throughput in both bits and packets per second. Allows detection of path degradation and SLA violations across the overlay.
+- **Internet breakout tunnels**: Monitors RX/TX bandwidth, peak rates, and configured maximum throughput on local-internet breakout tunnels to observe direct-to-cloud traffic.
+- **QoS and traffic shaping**: Tracks per-DSCP-class bandwidth and rate counters, shaper drop counts, and drop percentages. Useful for validating QoS policies and spotting classes being starved or over-subscribed.
+- **Circuit SLA probes**: Reports average latency, jitter, and packet loss from SLA probes, plus next-hop administrative and operational status, to monitor underlay link quality independently of the overlay.
+- **Application performance**: Provides per-application latency, enabling drill-down from tunnel or interface issues to the specific affected applications.
+- **Network Device Monitoring topology**: Pushes device, interface, and tunnel metadata to NDM, enabling visualization of the SD-WAN fabric and correlation with the rest of the network.
+
+## Setup
+
+Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the [Autodiscovery Integration Templates][3] for guidance on applying these instructions.
+
+### Installation
+
+The HPE Aruba EdgeConnect check is included in the [Datadog Agent][2] package.
+No additional installation is needed on your server.
+
+### Configuration
+
+1. Edit the `hpe_aruba_edgeconnect.d/conf.yaml` file, in the `conf.d/` folder at the root of your Agent's configuration directory to start collecting your HPE Aruba EdgeConnect performance data. See the [sample hpe_aruba_edgeconnect.d/conf.yaml][4] for all available configuration options.
+
+   **Note**: Monitor permissions are enough to collect most metrics. Admin permissions are required to collect the `hpe_aruba_edgeconnect.device.cpu.usage` metric on the appliances. If the configured credentials do not have admin access, the Agent skips this metric, but collects the rest of the metrics.
+
+2. [Restart the Agent][5].
+
+### Validation
+
+[Run the Agent's status subcommand][6] and look for `hpe_aruba_edgeconnect` under the Checks section.
+
+## Data Collected
+
+### Metrics
+
+See [metadata.csv][7] for a list of metrics provided by this integration.
+
+### Logs
+
+The recommended way to collect logs from HPE Aruba EdgeConnect is to configure the appliance to forward logs through syslog, as described in the [HPE Aruba Networking documentation][8].
+
+1. Enable log collection in your `datadog.yaml` file:
+
+    ```yaml
+    logs_enabled: true
+    ```
+2. Uncomment and edit the logs configuration block in your `hpe_aruba_edgeconnect.d/conf.yaml` file. For example:
+
+    ```yaml
+    logs:
+      - type: tcp
+        port: 10514
+        source: hpe_aruba_edgeconnect
+        service: <SERVICE>
+    ```
+
+### Events
+
+The HPE Aruba EdgeConnect integration includes alarm event support. Events are disabled by default; to enable them, set `collect_events` to `true` in the configuration.
+
+
+### Service Checks
+
+The HPE Aruba EdgeConnect integration does not include any service checks.
+
+## Troubleshooting
+
+Need help? Contact [Datadog support][9].
+
+[1]: https://www.hpe.com/us/en/aruba-edgeconnect-sd-wan.html
+[2]: https://app.datadoghq.com/account/settings/agent/latest
+[3]: https://docs.datadoghq.com/containers/kubernetes/integrations/
+[4]: https://github.com/DataDog/integrations-core/blob/master/hpe_aruba_edgeconnect/datadog_checks/hpe_aruba_edgeconnect/data/conf.yaml.example
+[5]: https://docs.datadoghq.com/agent/configuration/agent-commands/#start-stop-and-restart-the-agent
+[6]: https://docs.datadoghq.com/agent/configuration/agent-commands/#agent-status-and-information
+[7]: https://github.com/DataDog/integrations-core/blob/master/hpe_aruba_edgeconnect/metadata.csv
+[8]: https://arubanetworking.hpe.com/techdocs/sdwan/docs/orch/support/tech-assistance/remote-log-msgs/
+[9]: https://docs.datadoghq.com/help/

hpe_aruba_edgeconnect/assets/configuration/spec.yaml

@@ -0,0 +1,157 @@
+name: HPE Aruba EdgeConnect
+fleet_configurable: true
+files:
+- name: hpe_aruba_edgeconnect.yaml
+  options:
+  - template: init_config
+    options:
+    - template: init_config/default
+  - template: instances
+    options:
+    - name: orchestrator_ip
+      fleet_configurable: true
+      required: true
+      description: Hostname or IP address of the HPE Aruba EdgeConnect Orchestrator.
+      value:
+        type: string
+        example: 10.0.0.1
+
+    - name: orchestrator_username
+      fleet_configurable: true
+      required: true
+      description: |
+        Username for the Orchestrator. If no appliance-specific credentials are provided,
+        this username is used as the default for appliances.
+      value:
+        type: string
+
+    - name: orchestrator_password
+      fleet_configurable: true
+      required: true
+      secret: true
+      description: |
+        Password for the Orchestrator. If no appliance-specific credentials are provided,
+        this password is used as the default for appliances.
+      value:
+        type: string
+
+    - name: namespace
+      fleet_configurable: true
+      description: Namespace to use for NDM device metadata. Defaults to "default".
+      value:
+        type: string
+        example: default
+        default: default
+    - name: appliance_ips
+      fleet_configurable: true
+      description: |
+          HPE Aruba EdgeConnect appliance IP filters. CIDR entries match any appliance IP within the block.
+          If no filters are configured, all discovered appliances are included.
+          Use `include` to specify which appliances to poll and `exclude` to skip individual appliances.
+          `exclude` takes precedence over `include`.
+      value:
+        type: object
+        properties:
+          - name: include
+            type: array
+            items:
+              type: string
+          - name: exclude
+            type: array
+            items:
+              type: string
+
+        example:
+          include:
+            - 10.0.0.0/24
+            - 192.168.1.5
+          exclude:
+            - 10.0.0.99
+    - name: max_concurrency
+      fleet_configurable: true
+      description: Maximum number of appliances to poll concurrently.
+      value:
+        type: integer
+        minimum: 1
+        default: 50
+        example: 50
+    - name: max_backfill_minutes
+      fleet_configurable: true
+      description: |
+        How many minutes of historical data to recover for each appliance after the Agent has been
+        offline. If the Agent stops collecting for a while (for example, during a restart or an
+        outage), this controls how far back in time it looks when it starts up again.
+
+        For example, with the default of 5, the Agent collects at most the last 5 minutes
+        of data per appliance after coming back online. Anything older than that is skipped, and
+        collection resumes normally from the most recent point.
+      value:
+        type: integer
+        minimum: 1
+        default: 5
+        example: 5
+    - name: appliance_credentials_overrides
+      fleet_configurable: true
+      description: |
+        Per-appliance credential overrides matched by CIDR. When an appliance IP falls within a listed
+        CIDR block, the associated username and password are used instead of the main credentials.
+        If multiple CIDR blocks match, the Agent uses the first match. Each entry must specify all three
+        fields: `cidr`, `username`, and `password`.
+      value:
+        type: array
+        items:
+          type: object
+          required:
+            - cidr
+            - username
+            - password
+          properties:
+            - name: cidr
+              type: string
+            - name: username
+              type: string
+            - name: password
+              type: string
+              secret: true
+        example:
+          - cidr: 10.0.0.0/24
+            username: admin
+            password: secret
+    - template: instances/http
+      overrides:
+        persist_connections.value.default: true
+        persist_connections.value.example: true
+        persist_connections.description: |
+          Connections are always persisted to use cookies and connection pooling for improved performance.
+    - template: instances/default
+      overrides:
+        min_collection_interval.value.example: 60
+        min_collection_interval.value.display_default: 60
+        min_collection_interval.description: |
+          Changes the collection interval of the check. For more information, see
+          https://docs.datadoghq.com/developers/write_agent_check/#collection-interval.
+          The default is 60 seconds. Statistics are only available at one-minute intervals, 
+          so more frequent runs do not collect additional data.
+
+    - name: send_ndm_metadata
+      fleet_configurable: true
+      description: |
+        Set to `true` to enable Network Device Monitoring metadata (for devices, interfaces, topology) to be sent.
+      value:
+        type: boolean
+        example: False
+        default: False
+    - name: collect_events
+      fleet_configurable: true
+      description: |
+        Set to `true` to enable collection of HPE Aruba EdgeConnect alarm events.
+      value:
+        type: boolean
+        example: False
+        default: False
+  - template: logs
+    example:
+    - type: tcp
+      port: 10514
+      service: hpe_aruba_edgeconnect
+      source: hpe_aruba_edgeconnect

hpe_aruba_edgeconnect/changelog.d/23594.added

@@ -0,0 +1 @@
+Initial Release

hpe_aruba_edgeconnect/datadog_checks/hpe_aruba_edgeconnect/__about__.py

@@ -0,0 +1,4 @@
+# (C) Datadog, Inc. 2026-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+__version__ = '0.0.1'

hpe_aruba_edgeconnect/datadog_checks/hpe_aruba_edgeconnect/__init__.py

@@ -0,0 +1,7 @@
+# (C) Datadog, Inc. 2026-present
+# All rights reserved
+# Licensed under a 3-clause BSD style license (see LICENSE)
+from .__about__ import __version__
+from .check import HpeArubaEdgeconnectCheck
+
+__all__ = ['__version__', 'HpeArubaEdgeconnectCheck']