chris - Fotolia


Use VMware Host Profiles to create consistent configuration settings

Maintaining consistent host configurations is essential to the security and stability of your environment. Create a host profile to help make sure your settings remain consistent.

When managing ESXi hosts, it's important to have a consistent configuration, whether it's certain groups or all...

hosts. Having an identical configuration of settings for security, networking, storage and so on improves the overall stability of your environment because it makes sure that all hosts behave in the same way and have the same level of security. VMware vSphere Host Profiles is one option that can help keep your hosts aligned.

Say, for example, that your company policy is to enforce certain firewall rules on your ESXi host; Host Profiles not only maintains configuration consistency, but can also verify host compliance. This greatly improves the troubleshooting process because it allows you to detect whether there is a deviation in the settings of one of your hosts and figure out why that host is behaving differently. Host Profiles also helps with the configuration of new and failed hosts. If you manually configure each host, there's always the risk you'll forget to configure a specific setting or configure something incorrectly, which can cause problems in your environment. If a host fails, Host Profiles allows you to remove the old, failed host from your inventory and replace it with a new host.

Get started with VMware Host Profiles

In order to use Host Profiles, start by extracting the configuration of one of your hosts into a new host profile (Figure A). You can do so by right-clicking your reference host -- the host containing your desired set of configuration items -- and selecting Host Profiles > Extract Host Profile from the actions menu.

Extract a host profile.
Figure A. Extract a host profile in vSphere.

Once you've extracted the host profile, you can manage it from the Policies and Profiles section of the vSphere Web Client homepage. Once you've configured the host profile to meet your standards, attach it to a host or cluster of hosts and check to see whether they are compliant. New servers are not compliant, so, in order to make them compliant, you must remediate them (Figure B).

Remediate new servers.
Figure B. Remediate new servers to make them compliant.

Avoid the hassle of maintenance mode

If a host fails, Host Profiles allow you to remove the old, failed host from your inventory and replace it with a new host.

In previous versions of vSphere, if the settings on one of your hosts was inconsistent with the host profile, you had to place your ESXi server into maintenance mode in order to adjust those settings. This was a real pain, especially if you had to remediate an entire cluster to change a setting, because it involved migrating VMs to other hosts. Fortunately, VMware made changes to maintenance mode requirements in vSphere 6. Maintenance mode is now only necessary in situations where the host profile properties require it.

VMware Host Profiles and PowerShell: A winning combination
The primary goal of replacing a host is to get the replacement host with the right settings up and running as quickly as possible. You could do this using a combination of Host Profiles and PowerCLI in PowerShell, or you could use Host Profiles' out of the box compliance check feature, though this requires more work than scripting with PowerCLI. The beauty of using Host Profiles with PowerShell is that you can use Host Profiles to configure hosts with their initial configuration and to check for compliance, and then use PowerCLI to update hosts with new settings as needed. For example, if you want to change the Network Transfer Protocol (NTP) server on all hosts, you add a new NTP server and replace the old one by entering the following commands:

Get-VMHost | Add-VMHostNtpServer -NtpServer
Get-VMHost | Remove-VMHostNtpServer -NtpServer

A vSphere admin could also use vRealize Orchestrator, since it is available for free to all customers with a vCenter Standard license.

So, if VMware Host Profiles and PowerShell are such a winning combination, why don't all customers use these features together? Unfortunately, the Host Profiles feature is only available to those using vSphere Enterprise Plus licenses -- customers using Essentials or Standard Licenses do not have access to it, though they do have access to PowerShell.

Even so, some Enterprise Plus users still don't use Host Profiles in conjunction with PowerCLI because they've already invested time and effort performing initial configurations and reconfigurations with PowerShell, and don't want the hassle of adding another tool to their toolbox. After all, learning how to use a new tool, maintain it during upgrades and troubleshoot when things don't work as expected can be a time-consuming and frustrating endeavor.

The vSphere Auto Deploy feature relies on Host Profiles and is also only available to Enterprise Plus customers. Auto Deploy starts ESXi hosts via a network Preboot Execution Environment boot and loads the OS image in RAM from the network. Since these hosts can be completely diskless, there's no place to store the configuration. Host Profiles configures these ESXi servers with all the required settings.

New in vSphere 6.5

Now that we've discussed how Host Profiles works and how you can use it in your environment, let's take a look at what new Host Profiles capabilities were introduced in vSphere 6.5.

In previous versions of Host Profiles, administrators had to address compliance issues on their own. The more granular level of detail provided by Host Profiles in vSphere 6.5 also applies to remediating hosts, as Host Profiles will show you exactly what needs to be reconfigured on each host. The Host Profiles user interface in vSphere 6.5 also comes with a new search box that allows you to easily locate and view the status of certain settings. When editing a host profile (Figure C) you can click the Favorites icon -- the star icon -- and add it to your list of frequently used settings.

Add a host profile to your favorites.
Figure C. Add a host profile to your favorites.

VSphere 6.5 also simplifies Host Profiles management by allowing users to copy settings from one host profile to another profile. This makes it much easier to update certain corporate-wide settings and configure hosts more consistently throughout the environment when managing multiples profiles.

Customize a large number of hosts

Many settings in Host Profiles, including the NTP server, firewall rules, service settings and advanced parameters, are generic by default. There are, however, settings that require a unique setting per host, such as an IP address for the management or storage, VMKernel port or the iSCSI initiator name.

Prior to vSphere 6.5, you had to configure those settings through the Host Profiles wizard, which was both time-consuming and inconvenient if you were working with a large number of hosts. VSphere 6.5 allows you to export the table of necessary customizations, manage it externally (Figure D) and then import it back into your environment, making it easier to manage a large number of hosts. The Edit Host Customizations wizard also allows you to choose one host and then import customizations from the centrally stored file to update a single host.

Customize host settings.
Figure D. Customize host settings in a spreadsheet.

Next Steps

Preserve host consistency with Microsoft SCVMM

What's new in VMware vSphere 6.5?

Update misconfigured ESXi shared storage settings

Dig Deeper on Creating and upgrading VMware servers and VMs