When managing ESXi hosts, it's important to have a consistent configuration, whether it's certain groups or all...
hosts. Having an identical configuration of settings for security, networking, storage and so on improves the overall stability of your environment because it makes sure that all hosts behave in the same way and have the same level of security. VMware vSphere Host Profiles is one option that can help keep your hosts aligned.
Say, for example, that your company policy is to enforce certain firewall rules on your ESXi host; Host Profiles not only maintains configuration consistency, but can also verify host compliance. This greatly improves the troubleshooting process because it allows you to detect whether there is a deviation in the settings of one of your hosts and figure out why that host is behaving differently. Host Profiles also helps with the configuration of new and failed hosts. If you manually configure each host, there's always the risk you'll forget to configure a specific setting or configure something incorrectly, which can cause problems in your environment. If a host fails, Host Profiles allows you to remove the old, failed host from your inventory and replace it with a new host.
Get started with VMware Host Profiles
In order to use Host Profiles, start by extracting the configuration of one of your hosts into a new host profile (Figure A). You can do so by right-clicking your reference host -- the host containing your desired set of configuration items -- and selecting Host Profiles > Extract Host Profile from the actions menu.
Once you've extracted the host profile, you can manage it from the Policies and Profiles section of the vSphere Web Client homepage. Once you've configured the host profile to meet your standards, attach it to a host or cluster of hosts and check to see whether they are compliant. New servers are not compliant, so, in order to make them compliant, you must remediate them (Figure B).
Avoid the hassle of maintenance mode
In previous versions of vSphere, if the settings on one of your hosts was inconsistent with the host profile, you had to place your ESXi server into maintenance mode in order to adjust those settings. This was a real pain, especially if you had to remediate an entire cluster to change a setting, because it involved migrating VMs to other hosts. Fortunately, VMware made changes to maintenance mode requirements in vSphere 6. Maintenance mode is now only necessary in situations where the host profile properties require it.
VMware Host Profiles and PowerShell: A winning combination
The primary goal of replacing a host is to get the replacement host with the right settings up and running as quickly as possible. You could do this using a combination of Host Profiles and PowerCLI in PowerShell, or you could use Host Profiles' out of the box compliance check feature, though this requires more work than scripting with PowerCLI. The beauty of using Host Profiles with PowerShell is that you can use Host Profiles to configure hosts with their initial configuration and to check for compliance, and then use PowerCLI to update hosts with new settings as needed. For example, if you want to change the Network Transfer Protocol (NTP) server on all hosts, you add a new NTP server and replace the old one by entering the following commands:
Get-VMHost | Add-VMHostNtpServer -NtpServer us.pool.ntp.org
Get-VMHost | Remove-VMHostNtpServer -NtpServer ntp.somedomain.com
A vSphere admin could also use vRealize Orchestrator, since it is available for free to all customers with a vCenter Standard license.
So, if VMware Host Profiles and PowerShell are such a winning combination, why don't all customers use these features together? Unfortunately, the Host Profiles feature is only available to those using vSphere Enterprise Plus licenses -- customers using Essentials or Standard Licenses do not have access to it, though they do have access to PowerShell.
Even so, some Enterprise Plus users still don't use Host Profiles in conjunction with PowerCLI because they've already invested time and effort performing initial configurations and reconfigurations with PowerShell, and don't want the hassle of adding another tool to their toolbox. After all, learning how to use a new tool, maintain it during upgrades and troubleshoot when things don't work as expected can be a time-consuming and frustrating endeavor.
The vSphere Auto Deploy feature relies on Host Profiles and is also only available to Enterprise Plus customers. Auto Deploy starts ESXi hosts via a network Preboot Execution Environment boot and loads the OS image in RAM from the network. Since these hosts can be completely diskless, there's no place to store the configuration. Host Profiles configures these ESXi servers with all the required settings.
New in vSphere 6.5
Now that we've discussed how Host Profiles works and how you can use it in your environment, let's take a look at what new Host Profiles capabilities were introduced in vSphere 6.5.
In previous versions of Host Profiles, administrators had to address compliance issues on their own. The more granular level of detail provided by Host Profiles in vSphere 6.5 also applies to remediating hosts, as Host Profiles will show you exactly what needs to be reconfigured on each host. The Host Profiles user interface in vSphere 6.5 also comes with a new search box that allows you to easily locate and view the status of certain settings. When editing a host profile (Figure C) you can click the Favorites icon -- the star icon -- and add it to your list of frequently used settings.
VSphere 6.5 also simplifies Host Profiles management by allowing users to copy settings from one host profile to another profile. This makes it much easier to update certain corporate-wide settings and configure hosts more consistently throughout the environment when managing multiples profiles.
Customize a large number of hosts
Many settings in Host Profiles, including the NTP server, firewall rules, service settings and advanced parameters, are generic by default. There are, however, settings that require a unique setting per host, such as an IP address for the management or storage, VMKernel port or the iSCSI initiator name.
Prior to vSphere 6.5, you had to configure those settings through the Host Profiles wizard, which was both time-consuming and inconvenient if you were working with a large number of hosts. VSphere 6.5 allows you to export the table of necessary customizations, manage it externally (Figure D) and then import it back into your environment, making it easier to manage a large number of hosts. The Edit Host Customizations wizard also allows you to choose one host and then import customizations from the centrally stored file to update a single host.
Preserve host consistency with Microsoft SCVMM
What's new in VMware vSphere 6.5?