VMware Host Profiles are useful for standardizing a VMware host configuration across a large cluster(s). It's very important to keep the same security configuration, storage configuration, networking configuration for all your environment as it makes the hosts behave the same way with the same level of security. To understand what are VMware Host Profiles is not difficult. At first, you take “snapshot” of one reference host and extract all configuration and this configuration becomes a host profile, which then can be applied to host or group of hosts.
This host profile can be applied to other hosts. You obviously have to introduce some variables for hostnames, IP addresses, but those variables can be read from a CSV file. Those differences which must be applied on per-host basis are called “host customization”. You can also apply settings from CSV file to a group of hosts.
The latest version of VMware vSphere has introduced some enhancements to VMware vSphere Host Profiles. Admins can now create a hierarchy of Host Profiles by using a new capability to copy settings from one profile to one (or many others), and they can see if there are any differences between those before applying the changes.
You can use host profiles to provision a new host much quicker and have the possibility to apply a predefined profile to new hosts will only reduce the human error factor.
How to get started?
Extract a profile from a host first.
Note: Host profiles are a feature available on VMware vSphere Enterprise Plus license only.
Home > Hosts and Clusters > Right click Host > Host Profiles > Extract Host Profile.
Once done, you can manage this profile from the Policies and Profiles area within the vSphere Web Client page there. You can make modifications or changes and once done, you'll want to attach this host profile to a host to see if it is compliant. Usually, if you do that to a newly installed host, the host will not show as compliant.
You must remediate this host.
What are compliance checks?
Compliance checks displaying detailed side-by-side comparison between host profile and actual values on the host. The previous version of VMware vSphere Host Profiles only allowed you to notice that the host isn't compliant, but there were no more details.
See a side-by-side comparison between host profile and value present on the host…
What is Host remediation?
This is a process where we actually apply the changes to a host.
Remediation can be done automated fashion (DRS integrated) within vSphere 6.5. The host will go into maintenance mode > remediate the host > reboot if needed > get host out of maintenance mode > done.
Perform compliance scanning and remediation of an ESXi host using Host Profiles
You can confirm the compliance of a host or cluster to its attached Host Profile and determine which, if any, configuration parameters on a host are different from those specified in the Host Profile.
How to perform compliance scanning?
After attaching the host/cluster to a profile you can check the compliance….
Select the host profile > click the check the compliance icon (or go to Actions > Check Host Profile compliance).
To see more detail on compliance failures, select a Host Profile from the Objects tab for which the last compliance check produced one or more failures. In order to see the specific detail on which parameters differ between the host that failed compliance and the Host Profile, click on the Monitor tab and select the Compliance view.
Then, expand the object hierarchy and select the failing host. The differing parameters are displayed in the Compliance window, below the hierarchy.
Remediate a host
In the event of a compliance failure, use the Remediate function to apply the Host Profile settings onto the host. This action changes all Host Profile managed parameters to the values contained in the Host Profile attached to the host.
Navigate to the Host profile > Select Monitor Tab > Click Compliance > Right click the host > Host profiles > Remediate
What if I don't have Enterprise Plus License?
Well, then you cannot use host profiles. However, you might be still interested in backing up configuration via PowerCLI. If you backup a configuration of a host, and this host will fail. After replacing, you can restore the configuration to the newly deployed server and it will find its “original” state.
However, you'll have to manage the backup configuration for individual hosts. With the inconvenience of when doing some change on your host/cluster config, you'll have to re-take a new backup. (You can perhaps automate it with PowerCLI).
I've written a detailed post about backup/restore ESXi configuration with PowerCLI here.
More from ESX Virtualization:
- What is The Difference between VMware vSphere, ESXi and vCenter
- VyOS – Vyatta Open Source
- WinDirStat – Windows Directory Statistics Freeware
- What is VMware Cluster?
- What is VMware Enhanced vMotion Compatibility (EVC)