A policy describes how a specific configuration setting is applied. You can edit policies belonging to a specific Host Profile.

When you edit the Host Profile, you can expand the Host Profile's configuration hierarchy to see the sub-profile components that comprise the Host Profile. These components are categorized by functional group or resource class to make it easier to find a particular parameter. Each subprofile component contains one or more attributes and parameters, with the policies and compliance checks.

Each policy consists of one or more options that contain one or more parameters. Each parameter consists of a key and a value. The value can be one of a few basic types, for example integer, string, string array, or integer array.

Note: Currently, there is no way to remove or replace policy options policies, or sub-profiles that are deprecated in this release. Metadata is added to these deprecated policies that allows old host profiles to continue working but will extract new host profiles with only non-deprecated parts of a host profile.
Table 1. Subset of Host Profile Subprofile Configurations
Component Categories Configuration Settings Notes and Examples
Advanced Configuration Settings Advanced Options, Agent VM, DirectPath I/O, Hosts file, Power System, System Image Cache
  • Host Profiles do not check advanced settings if they are the same as the default settings. vCenter Server copies only the advanced configuration settings that have changed and that differ from the default values. In addition, compliance checks are limited to the settings that are copied.
  • Host Profiles does not support the configuration of PCI devices for virtual machine passthrough on the ESXi host.
General System Settings Console, Core Dump, Device Alias, Host Cache, Kernel Module, Management Agent, System Resource Pool, System Swap, vFlash Host Swap Cache, CIM-XML Indication Subscriptions For Date and Time Configuration:
  • For the time zone, enter a UTC string. For example, "America/Los_Angeles" for United States Pacific time zone.
  • The default time zone is set to the local time and location of the vSphere Client machine.
  • Configure Network Time Protocol (NTP) correctly. You can configure the NTP settings on the host's Configure tab. Click Time Configuration (under System). Click Edit to configure the time settings .
Note: Enter host cache size as а whole GB in MB. For example, 1024 MB.
Networking vSwitch, Port groups, Physical NIC speed, security and NIC teaming policies, vSphere Distributed Switch, and vSphere Distributed Switch uplink port.

When DHCPv6 is enabled in the networking subprofile, manually turn on the corresponding rule set in the firewall subprofile.

Security Firewall, Security Settings, Service
Storage Configure storage options, including Native Multi-Pathing (NMP), Pluggable Storage Architecture (PSA), FCoE and iSCSI adapters, and NFS storage.
  • Use the vSphere CLI to configure or modify the NMP and PSA policies on a reference host, and then extract the Host Profile from that host. If you use the Profile Editor to edit the policies, to avoid compliance failures, make sure that you understand interrelationships between the NMP and PSA policies and the consequences of changing individual policies. For information about the NMP and PSA, see the vSphere Storage documentation.
  • Add the rules that change device attributes before extracting the Host Profile from the reference host. After attaching a host to the Host Profile, if you edit the profile and change the device attributes (for example, mask device paths or adding SATP rules to mark the device as SSD) you are prompted to reboot the host to make the changes. However, after rebooting, compliance failures occur because the attributes changed. Because Host Profiles extract device attributes before rebooting, if any changes occur after the reboot, it evaluates and finds those changes, and reports it as noncompliant.
  • Use the vSphere Client to configure or modify the SatpDeviceProfile policy after extracting the Host Profile. For compliance purposes, the policy option strings must be in the following format:
    • For an ALUA supported array, for example, SATP_ALUA, the policy options must be separated by a semicolon (;).

      For example: implicit_support=<on/off>; explicit_support=<on/off>; action_onRetryErrors=<on/off>

    • For an ALUA supported array with CX, for example, SATP_ALUA_CX, the policy options must be separated by a semicolon (;).

      For example: navireg=<on/off>; implicit_support=<on/off>; action_onRetryErrors=<on/off>

    • For a CX array, for example, SATP_CX or SATP_INV, the policy options must be separated by a space.

      For example: navireg=<on/off> ipfilter=<on/off> action_onRetryErrors=<on/off>

      Note: The policy configuration options that are marked with off are not present in the configuration string.

Other profile configuration categories include: user group, authentication, kernel module, DCUI keyboard, host cache settings, SFCB, resource pools, login banner, SNMP agent, power system, and CIM indication subscriptions.


  1. Edit the Host Profile.
  2. Expand a subprofile until you reach the policy to edit.
  3. Select the policy.
    The policy options and parameters appear on the right side of the Edit Host Profile dialog box.
  4. Make changes to the policy.