In today's Objective we'll discuss VCP6-DCV Objective 8.2 – Customize Host Profile Settings. Host profiles are feature which is present in the vSphere enterprise plus licensing, and allows the to “uniformize” and/or push configuration changes to all hosts in the cluster. Host profiles are necessary when using VMware vSphere Autodeploy, which takes advantage of host profile after the stateless image is loaded in memory, to apply a configuration through that host profile. What’s needed is also an Autodeploy installed and configured, together with DHCP options enabled for Autodeploy to work with. But we'll look at this Objective another time.
- Create/Edit/Remove a Host Profile from an ESXi host
- Import/Export a Host Profile
- Attach/Apply a Host Profile to an ESXi host or cluster
- Perform compliance scanning and remediation of an ESXi host using Host Profiles
Create/Edit/Remove a Host Profile from an ESXi host
Create host profile by extracting a reference host's config.
vSphere web client > Host profiles > Click the Plus sign > Select Host > Enter Name for the host profile > Next > Finish
To delete host profile:
Select the host profile to delete > Actions > delete
To Edit Host profile:
Select the Host profile > Actions > Edit settings > Next > Edit Host profile > When done, click Finish.
Host Profiles can be also used to validate the configuration of a host by checking compliance of a host or cluster against the Host Profile that is associated with that host or cluster.
Import/Export a Host Profile
It's possible to export host profile as a *.vpf file (VMware Profile Format) … As you can see the administrator's password aren't exported for security reasons.
You will be prompted to re-enter the values for the password after the profile is imported and the password is applied to a host.
How to export?
vSphere Web Client > Host Profiles > Select Profile > Actions > Export Host Profile
Attach/Apply a Host Profile to an ESXi host or cluster
That the second step after creating a host profile from reference host. You need to attach the host or cluster to the Host Profile.
Web Client > Select Host profile > Actions > Attach/detach Hosts and Clusters
And then on this screen you can select single host or whole cluster…
You can update or change the user input parameters for the Host Profiles policies by customizing the host.
Perform compliance scanning and remediation of an ESXi host using Host Profiles
vSphere host profiles PDF p. 12
You can confirm the compliance of a host or cluster to its attached Host Profile and determine which, if any, configuration parameters on a host are different from those specified in the Host Profile.
How to perform compliance scanning?
After attaching the host/cluster to a profile you can check the compliance….
Select the host profile > click the check the compliance icon (or go to Actions > Check Host Profile compliance) .
To see more detail on compliance failures, select a Host Profile from the Objects tab for which the last compliance check produced one or more failures. In order to see specific detail on which parameters differ between the host that failed compliance and the Host Profile, click on the Monitor tab and select the Compliance view. Then, expand the object hierarchy and select the failing host. The differing parameters are displayed in the Compliance window, below the hierarchy.
Remediate a host
In the event of a compliance failure, use the Remediate function to apply the Host Profile settings onto the host. This action changes all Host Profile managed parameters to the values contained in the Host Profile attached to the host.
Navigate to the Host profile > Select Monitor Tab > Click Compliance > Right click the host > Host profiles > Remediate
vSphere Documentation and Tools
- vSphere Installation and Setup Guide
- vSphere Host Profiles Guide
- vSphere Client / vSphere Web Client
So another VCP6-DCV topic done. Host profiles with autodeploy are advanced enterprise features/topics which some of you might not need every day or will never implement, especially Autodeploy as IMHO it introduces SPOF (single point of failure) – dependent on vCenter server. But it's just my own opinion and it's also possible to mitigate such a risk with protecting vCenter server FT. But that's another story…