Checking host compliance
Host Profiles - Granular Compliance Results Walkthrough
Understanding Host Customizations
Understanding How Host Profiles Handles Host-Specific Configuration Settings Through Customizations
Host Profiles is an advanced capability of VMware vSphere that provides for configuration and compliance checking of multiple VMware ESXi hosts. Although a profile can be attached directly to a single host in vCenter Server, typically, a profile is attached to a vSphere cluster, where all the hosts have the same hardware, storage, and networking configurations. The latest release of vSphere includes several enhancements to Host Profiles. This article discusses two different sources of configuration settings for a host.
While Host Profiles focuses on configuring identical settings across multiple hosts, certain items must be unique for each host. These unique items are known as customizations; in the past, known as answer files.
Administrators initially configure a reference host to meet business requirements and then extract the entire configuration into a new profile which can be subsequently edited or updated as requirements change. These settings are applied to other hosts in the cluster through the process of remediation, and hosts that are not able to meet all the profile requirements are flagged as non-compliant.
Profiles That Use Dynamic Addressing Require Little Customization
In a very basic scenario, it is possible to forego customizations that require administrator input. This is the case if hosts are using DHCP for network identity – IP address and hostname – and there are no specific business requirements for setting unique root passwords per host.
Typical vSphere Host Configurations Use Static IP Addresses
But for most customers, static IP addresses are desirable in the datacenter, at least for IP storage and perhaps for vMotion or other VMkernel interfaces. Security guidelines may require all hosts to have unique root credentials, and there are other configurable items in a profile that also need to be specified per host. In general, when an attribute in Host Profiles is set to prompt for “user specified” input, that item will need to be configured per-host through customizations.
The following image gives some examples of settings on a host that will require customization:
When these customizations are missing, the profile will not be compliant – for many reasons. For example, shared datastores cannot be mounted if the appropriate VMkernel IP address is not configured.
Host Customizations Supply the Necessary Static Elements
Host customizations can be provided by vSphere administrators through a wizard during the remediation process, or they can be uploaded in bulk via CSV file – a new feature of vSphere 6.5.
Once the host customizations have been provided and stored on vCenter Server, the associated profile can be remediated to become compliant.
Persistence of Host Customization Data
Host customization data is stored on vCenter Server, and will be deleted if a host is removed from inventory. This is an important behavior to be aware of, as sometimes hosts are removed and re-added to vCenter Server as part of troubleshooting or during a major rolling upgrade.
And finally, be aware that these host customizations apply to both stateful hosts using traditional on-disk installation, as well as stateless hosts that are booted from the network with Auto Deploy.
- Host Profiles is a feature of vSphere designed to apply identical configuration to multiple VMware ESXi hosts
- Settings that are unique for individual hosts are provided through customizations
- vSphere Administrators enter or update customizations through graphical clients or via CSV file
Batch host customization
Host Profiles - Batch Host Customization Walkthrough