Host Profiles
Objective: Use host profiles and manage compliance
In this lab, you will perform the following tasks:
1. Create and Export a Host Profile
2. Import a Host Profile
3. Attach an ESXi Host to the Imported Host Profile
4. Run an Initial Compliance Check
5. Introduce a Configuration Drift
6. Run a Compliance Check and Remediate the Configuration Drift
7. Introduce a Second Configuration Drift
8. Run a Compatibility Check and Try to Remediate the Host
Task 1: Create and Export a Host Profile
A host profile is a configuration template that is applied to any or all VMware ESXi™ hosts in a cluster to verify and enforce specific configuration rules. Normally, a host profile has a reference host. In this task, each student exports a profile for importation. The imported profile lacks a reference host. Students should do this task individually.
Use the following information from the class configuration handout: • Host profile export name
1. In the Firefox window, click the vSphere Web Client tab.
2. Point to the Home icon and select Home.
3. In the middle pane, under Monitoring, click Host Profiles.
4. Extract a host profile from an ESXi host.
a. In the Objects panel, click the green plus symbol icon.
b. In the Extract Host Profile dialog box, click the ESXi host button and click Next.
c. Under Name and Description, enter Local-Profile in the Name text box and click Next.
d. Under Ready to complete, click Finish.
e. In the Recent Tasks pane, monitor the task to completion.
5. In the Objects list, select the new profile and from the Actions drop-down menu, select Export
Host Profile.
6. When prompted, click Save.
13
Task 2: Import a Host Profile
You import the host profile that you exported in task 1. Because host profiles do not store the reference host, host profiles can easily be imported and exported.
Students should do this task individually.
Use the following information from the class configuration handout: • Host profile import name
1. In the row of icons above the Objects list, click the Import Host Profile icon.
2. In the Import Host Profile dialog box, import the file.
a. Click Browse, navigate to the desktop of the student machine, and select the
Profile.vpf file.
b. Enter Imported-Profile in the Name text box.
c. Click OK.
Task 3: Attach an ESXi Host to the Imported Host Profile
Hosts and clusters can be attached or detached from a host profile in the host profiles view or in the Hosts and Clusters inventory.
Students should do this task individually.
1. In the Objects list, click the Imported-Profile link to navigate to that object and click the
Summary tab.
2. Click the Manage tab and click the Settings tab.
You can review and edit the comprehensive list of configuration settings that define the host profile.
3. At the top of the inventory tree, click Host Profiles.
4. In the Objects list, select Imported-Profile and select Attach/Detach Hosts and Clusters from the Actions drop-down menu.
5. In the Attach/Detach Hosts and Clusters dialog box, attach a host.
a. In the left-side Host/Cluster list, select the ESXi host.
b. Click Attach > to move the selected host to right-side list.
c. Click Next.
A list of settings that can be customized for the host appears. The customized values are prepopulated based on information extracted from the selected host.
d. Review the host customization settings and click Finish.
Task 4: Run an Initial Compliance Check
A compliance check verifies the attached host configuration against all the settings that are specified by the host profile.
Students should do this task individually.
1. In the Host Profiles inventory tree, select Imported-Profile.
2. In the middle pane, click the Monitor tab and click Compliance.
3. In the Entity Name list, select the ESXi host and click the Check Host Profile Compliance icon.
4. In the Recent Tasks pane, monitor the compliance check to completion.
Task 5: Introduce a Configuration Drift
You test host profile compliance verification and remediation by introducing a noncompliant change on the host.
Students should do this task individually.
1. Point to the Home icon and select Networking.
2. In the Networking inventory tree, select the dvs-Infrastructure distributed switch.
13
4. In the Add and Manage Hosts dialog box, configure settings.a. Select Manage host networking and click Next.
b. Under Select hosts, click the Attached hosts link, select the ESXi host check box, and click OK.
c. Click Next.
d. Under Select network adapter tasks, deselect the Manage VMkernel adapters check box and click Next.
e. Under Manage physical network adapters, select vmnic1 and record the attached uplink. __________
f. Click Unassign adapter and click Next.
g. Under Analyze impact, click Next.
h. Click Finish.
Task 6: Run a Compliance Check and Remediate the Configuration
Drift
You run a compliance check to detect noncompliant configuration changes that have been made to hosts attached to a host profile.
Students should do this task individually.
1. Point to the Home icon and select Home.
2. On the Home tab, click the Host Profiles icon.
3. In the Host Profiles inventory tree, select Imported-Profile.
4. In the center pane Monitor > Compliance view, select the ESXi host and click the Check
Compliance icon.
5. In the Recent Tasks pane, monitor the compliance check to completion.
6. In the Compliance panel, review the compliance categories.
Q1. How do the results of the compliance check differ from the compliance check performed in task 4?
1. The Virtual Network Setting category appears. If the category was previously reported, a new issue is added relating to the uplink reconfiguration.
Q2. In the new category, does the specific issue reported relate to the configuration change made in the previous task?
7. To place the host in maintenance mode, click the Enter Maintenance Mode icon and click OK to confirm the action.
Hosts must be in maintenance mode for compliance remediation.
8. To begin host remediation, click the Remediate host based on its host profile icon.
9. Under Customize hosts, review the host customization settings and click Next.
10. Under Review Remediation Tasks, expand the ESXi host container and review tasks that are created in response to the specific compliance issues found.
11. Click Finish.
12. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to completion.
13. In the hosts list, select the ESXi host.
14. In the Compliance panel, verify that the Virtual Network Setting category no longer appears in the list.
15. Verify the action taken by host remediation.
a. Point to the Home icon and select Networking.
b. In the Networking inventory tree, select the dvs-Infrastructure distributed switch.
c. In the middle pane, click the Manage tab and click Settings.
d. Click the Topology link and verify that remediation automatically reconnected vmnic1 to the appropriate uplink.
Task 7: Introduce a Second Configuration Drift
Host profile compliance depends on the names of the objects in a vCenter Server inventory, such as the name of an uplink port group. A change is introduced that cannot be remediated because it is an object owned by vCenter Server that cannot be changed by the ESXi host. Because of object name dependencies, the use of imported profiles can be problematic. However, you can exclude
configuration items from the profile that might cause naming problems. Students should do this task individually.
1. In the Networking inventory tree, select the pg-vMotion port group.
13
Task 8: Run a Compatibility Check and Try to Remediate the Host
You run a compliance check to detect the noncompliant configuration change and try to remediate the host.
Students should do this task individually.
1. Point to the Home icon and select Home.
2. In the center pane, click Host Profiles.
3. In the Host Profiles inventory tree, select Imported-Profile.
4. In the center pane Monitor > Compliance view, select the ESXi host.
5. Click the Check Compliance icon.
6. In the Recent Tasks pane, monitor the compliance check to completion.
7. In the Compliance panel, review the reported categories to answer questions.
Q1. How do results of the compliance check differ from the compliance check performed task 6?
1. The Virtual Network Setting category appears. If the category was previously reported, a new issue is added relating to the uplink reconfiguration. Or the compliance status might be reported as Unknown.
Q2. In the new category, does the issue reported relate to the configuration change made in the previous task?
2. Yes. The vMotion uplink port group is not found.
8. To begin host remediation, click the Remediate host icon.
a. Review the host customization settings and click Next.
b. Under Review Remediation Tasks, expand the ESXi host container and review tasks that are created in response to the specific compliance issues found.
c. Click Finish.
9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to completion.
10. In the hosts list, select the ESXi host.
11. In the Compliance panel, verify that the configuration category observed in step 7 was not remediated.
The configuration drift involves changes to the control plane of the distributed switch and thus cannot be remediated with a host profile. An object owned by vCenter Server cannot be
Task 9: Detach the Host Profile and Exit Maintenance Mode
Clean up after using a host profile. Students should do this task individually.
1. Click the Exit Maintenance Mode icon.
2. In the Recent Tasks pane, monitor the task to completion.
3. In the Host Profiles inventory tree, click the Host Profiles link.
4. In the middle pane, from the Actions drop-down menu, select Imported-Profile > Attach/
Detach Hosts and Clusters.
5. In the Attach/Detach Hosts and Clusters dialog box, detach the host profile.
a. In the right-side list, select the ESXi host.
b. Click < Detach to move the host to the left-side list.
c. Click Next.
d. Click Finish.
6. Point to the Home icon and select Networking.
7. In the Networking inventory tree, select the pg-vMotionx port group.
8. From the Actions drop-down menu, select Rename.
9. In the Rename dialog box, enter vMotion.