Press "Enter" to skip to content

VCAP5-DCA Objective 5.1 – Implement and Maintain host profiles

  • Use Profile Editor to edit and/or disable policies

Host profiles eliminate the manual setup of ESXi hosts in a cluster, They ensure that all hosts are identical and there is no user error when making setting changes across a number of ESXi Hosts.

Host profiles currently require Enterprise Plus licencing, the general workflow for creating a host profile is:

  1. Setup and configure a single host, exactly how you want it, firewall rules, storage, networking, NTP, syslog etc etc.
  2. Create a profile from the configured hosts, this is whats called a reference host.
  3. Attach profile to a cluster or host, but cluster is the best as all hosts will automatically get assigned this profile when made part of the cluster.
  4. Apply profile on a vanilla built host.
  5. Check the host is compliant with the profile.

Policies can be enabled or disabled or edited through the profile editor, this is located under the host profile home page, right click on a profile and select Edit to make changes to the profile policies or Enable/Disable profile configuration to enable or disable certain policies with out making configuration changes to them.

hostprofile edit

 

Here we will do something that is very common practice and that’s to disable some storage policies because when SAS local drives are being used in servers it will pick it up as SAN drive and expect all the ESXi hosts to have access, when checking compliance it will complain and will never be compliant unless we disable some policies.

Un-check PSA device configuration and PSP configuration. Select OK and re check compliance it should come up green.

hostprofile disable

  • Create sub-profiles

Sub-profiles is a little confusing, I dont see them as sub-profiles but policies of a profile. In the policy editor you will notice a profile made up of sub-profiles these being network configuration, storage configuration, Firewall configuration etc.

Under these sub profiles we have policies that are applied, you can create and remove policies. Lets for example add a local user that’s required for some monitoring application onto all hosts using a profile. (When adding a user locally on an ESXi hosts and creating a profile from that host, the local users will not be included.)

Open up policy editor.

hostprofile editor

Select user configuration folder -> right click and select add profile

hostprofile editor-2

Pick an option from the drop down under the user, I have picked just a basic user.

hostprofile editor-3

 

Fill out the details and select OK, the profile will be updated and next time you apply the profile the user should be present.

 

  • Use Host Profiles to deploy vDS

This is a little confusing, as Host Profiles cant “deploy” a vDS but can defiantly attach a hosts to a vDS. If the host is part of a cluster, the best way to do this is make a reference host, join this host to the vDS and when applying the profile made from this host to future hosts in the cluster it will automatically join the hosts to the vDS with the appropriate uplinks.

Obviously if your deploying vDS for the first time and have existing VMs on standard switches, there will need to be additional work done outside of Host Profiles to migrate the networking over to vDS

  • Use Host Profiles to deploy vStorage policies

You can see from the below picture that most storage configurations are covered in Host Profiles, these can either be set manually, or when setting up a reference host all hosts that follow it should be configured with the same storage settings, but with unique IP address or wwns etc.

hostprofile editor-4

  • Manage Answer Files

When applying a host profile for the first time, it will prompt you to fill out additional information like iSCS IP address, vMotion IP address etc. this is placed into an answer file, which is retained for future profile applications.

You can update this answer file if config changes or if a mistake was made the first time.

hostprofile editor-5

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti SPAM BOT Question * Time limit is exhausted. Please reload CAPTCHA.