- Create/Edit/Remove a Host Profile from an ESXi host
- Import/Export a Host Profile
- Attach/Apply a Host Profile to an ESXi host or cluster
-
Perform compliance scanning and remediation of an ESXi host using Host Profiles
Using Host Profiles
The Host Profiles feature creates a profile that encapsulates the host configuration and helps to manage the host configuration, especially in environments where an administrator manages multiple hosts or clusters in vCenter Server.
Host Profiles provide an automated and centrally-managed mechanism for host configuration and configuration compliance. Host Profiles can improve efficiency by reducing reliance upon repetitive, manual tasks. Host Profiles capture the configuration of a pre-configured and validated reference host, store the configuration as a managed object and use the catalog of parameters contained within to configure networking, storage, security and other host-level parameters. Host Profiles can be applied to either individual hosts or to a cluster; applying a Host Profile to a cluster will affect all hosts in the cluster and result in a consistent configuration across all hosts in that cluster.
Host Profiles can be used to validate the configuration of a host by checking compliance of a host or cluster against the Host Profile that is associated with that host or cluster.
Create a Host Profile
You create a new Host Profile by extracting the designated reference host’s configuration.
Note
You can also extract a host profile by navigating to the specific host or cluster.
Prerequisites
Verify that you have a working vSphere installation and at least one completely and properly configured host that will act as the reference host.
Procedure
1. Navigate to the Host profiles view.
2. Click the Extract Profile from a Host icon ( ).
3. Select the host that will act as the reference host and click Next.
The selected host must be a valid host.
4. Type the name and enter a description for the new profile and click Next.
5. Review the summary information for the new profile and click Finish.
The new profile appears in the profile list.
Note
Host profiles do not capture offline or unpresented devices. Any changes made to offline devices after extracting a host profile will not make a difference to the compliance check results.
Edit a Host Profile
You can view and edit Host Profile policies, select a policy to be checked for compliance, and change the policy name or description.
Procedure
1.vNavigate to the Host Profile that you want to edit and click the Manage tab.
2.vClick Edit Host Profile.
3. (Optional) Change the profile name and description and click Next.
4. Make changes to the profile policies.
See Edit a Policy for detailed instructions for editing a Host Profile policy. See Disable Host Profile Component for detailed instructions on enabling or disabling a policy from compliance check or remediation.
5. (Optional) Customize the hosts.
Make any changes to the available configuration values for this profile.
6. Click Finish.
The changes are made when the “Update Host Profile” task is completed in the Recent Tasks status. If you attempt to remediate the profile before the task is complete, the profile configuration does not contain the change.
Disable Host Profile Component
You can decide whether a Host Profile component is applied or considered during compliance check. This allows administrators to eliminate non-critical attributes from consideration or ignore values that, while part of the Host Profile, are likely to vary between hosts.
Procedure
1. Edit a Host Profile.
2. Expand the Host Profile Component hierarchy until you reach the desired component or component element.
3. Disable the checkbox next to a component to remove it from being applied during remediation or considered during a profile compliance check.
Note
The check box is enabled by default. If you disable the check box so this component or component element is not checked for compliance or applied during remediation, the other policies that are enabled will still be applied and checked.
Import a Host Profile
You can import a profile from a file in the VMware profile format (.vpf).
When a host profile is exported, administrator and user profile passwords are not exported. This is a security measure and stops passwords from being exported in plain text when the profile is exported. You will be prompted to re-enter the values for the password after the profile is imported and the password is applied to a host.
Procedure
1. Navigate to the Host Profiles view.
2. Click the Import Host Profile icon ( ).
3. Click Browse to browse for the VMware Profile Format file to import
4. Enter the Name and Description for the imported Host Profile, and click OK.
The imported profile appears in the profile list.
Export a Host Profile
You can export a profile to a file that is in the VMware profile format (.vpf).
When a host profile is exported, administrator and user profile passwords are not exported. This is a security measure and stops passwords from being exported in plain text when the profile is exported. You will be prompted to re-enter the values for the password after the profile is imported and the password is applied to a host.
Procedure
1. Navigate to the Host Profile you want to export.
2. Right-click the profile and select Export Host Profile.
3. Select the location and type the name of the file to export the profile.
4. Click Save.
Attach Entities to a Host Profile
After creating a Host Profile from a reference host, you must attach the host or cluster to the Host Profile.
Procedure
1. From the Profile List in the Host Profiles main view, select the Host Profile to be applied to a host or cluster.
2. Click the Attach/Detach Hosts and clusters to a host profile icon.
3. Select the host or cluster from the expanded list and click Attach.
The host or cluster is added to the Attached Entities list.
4. (Optional) Click Attach All to attach all listed hosts and clusters to the profile.
5. Click Next.
6. (Optional) You can update or change the user input parameters for the Host Profiles policies by customizing the host.
See Host Profiles and vSphere Auto Deploy.
7. Click Finish to complete attaching the host or cluster to the profile.
Detach Entities From a Host Profile
In order to remove the policy-managed configuration from a host or cluster, that host or cluster must be detached from the Host Profile.
When a Host Profile is attached to a cluster, the host or hosts within that cluster are also attached to the Host Profile. However, when the Host Profile is detached from the cluster, the association between the host or host within the cluster and that Host Profile remains.
Procedure
1. From the Profile List in the Host Profiles main view, select the Host Profile to be detached from a host or cluster.
2. Click the Attach/Detach Hosts and clusters to a host profile icon.
3. Select the host or cluster from the expanded list and click Detach.
The host or cluster is added to the Attached Entities list.
4. (Optional) Click Detach All to detach all listed hosts and clusters from the profile.
5. Click Next.
6. Click Finish to complete attaching the host or cluster to the profile.
Check Compliance
You can confirm the compliance of a host or cluster to its attached Host Profile and determine which, if any, configuration parameters on a host are different from those specified in the Host Profile.
Procedure
1. Navigate to a Host Profile.
The Objects tab lists all Host Profies, the number or hosts attached to that Host Profile, and summarized results of the last compliance check.
2. Click the Check Host Profile Compliance icon.
In the Objects tab, the compliance status is updated as Compliant, Unknown, or Non-compliant.
A non-compliant status indicates a discovered and specific inconsistency between the profile and the host. To resolve this, you should remediate the host. And unknown status indicates that the compliance of the host could not be verified; to resolve the issue, remediate the host through the Host Profile.
Note
Host profiles do not capture offline or unpresented devices. Any changes made to offline devices after extracting a host profile will not make a difference to the compliance check results.
What to do next
To see more detail on compliance failures, select a Host Profile from the Objects tab for which the last compliance check produced one or more failures. In order to see specific detail on which parameters differ between the host that failed compliance and the Host Profile, click on the Monitor tab and select the Compliance view. Then, expand the object hierarchy and select the failing host. The differing parametersare displayed in the Compliance window, below the hierarchy.
Remediate a Host
In the event of a compliance failure, use the Remediate function to apply the Host Profile settings onto the host. This action changes all Host Profile managed parameters to the values contained in the Host Profile attached to the host.
Prerequisites
Verify that the profile is attached to the host.
Procedure
1. Navigate to the profile you want to remediate to the host.
2. Select the Monitor tab, then click Compliance.
3. Right-click the host or hosts that you want remediated and select Host Profiles > Remediate
Note
Certain Host Profile policy configurations require that the host be rebooted after remediation. In those cases, you are prompted to place the host into maintenance mode.
4. (Optional) You can update or change the user input parameters for the Host Profiles policies by customizing the host, and click Next.
See Host Profiles and vSphere Auto Deploy for more information about vSphere Auto Deploy.
5. Review the tasks that are necessary to remediate the Host Profile and click Finish.
The compliance status is updated.
vWannabe 