You can check the compliance of hosts and clusters to a vSphere host profile to verify if the host configuration matches the configuration of the host profile. Learn how to check compliance manually or schedule regular compliance checks of hosts and clusters, and how to remediate hosts that are not compliant with the host profile configuration.

How Do You Check Compliance of Hosts or Clusters to a vSphere Host Profile?

Learn how to check the compliance of a host or cluster to the host profile attached to them. By using the compliance check, you can see if any configuration parameters on a host are different from those specified in the host profile.

As a result of the compliance check, the host status is labeled as Compliant, Unknown, or Non-compliant.

Procedure

  1. In the vSphere Client, select Menu > Policies and Profiles.
  2. Under Policies and Profiles, click Host Profiles.
  3. Right-click a host profile and click Check Host Profile Compliance.
    Note: Host profiles do not capture offline or unpresented devices. Any changes made to offline devices after extracting a host profile do not make a difference to the compliance check results.

Results

The compliance status is updated as Compliant, Unknown, or Non-compliant.

A non-compliant status indicates a discovered and specific inconsistency between the profile and the host. To resolve this, you should remediate the host. Any unknown status indicates that the compliance of the host cannot be verified. To resolve the issue, remediate the host through the host profile. Often the compliance check fails because the host is disconnected.

During a compliance check of an ESXi host to the host profile, two groups of advanced option parameters are not managed by the host profile and their values remain unchanged for the host:
  • advanced option parameters which are disabled in the host profile.
  • advanced option parameters which exist in the ESXi host you want to remediate, and do not exist in the host profile.

What to do next

To see more details on compliance failures, select a host profile from the Host Profiles main view for which the last compliance check displayed one or more failures. To see which parameters differ between the host that failed compliance and the host profile, click the Monitor tab and select the Compliance view. Then select the failing host. The differing parameters are displayed in the Compliance window, below the host list.

How Do You Schedule a Compliance Check of Hosts or Clusters to a vSphere Host Profile?

You can schedule a regular compliance check of a host or cluster, using a standard vSphere Client scheduled tasks workflow. This automation determines whether any configuration parameters are different from those specified in the host profile.

Procedure

  1. In the vSphere Client, select Menu > Policies and Profiles.
  2. Under Policies and Profiles, click Host Profiles.
  3. Select the desired host profile and navigate to the Monitor tab.
  4. From the Monitor tab, select Scheduled Tasks -> New Scheduled Task -> Check Compliance.
    The Schedule New Tasks (Check Compliance) dialog box appears.
  5. (Optional) Enter a new task name.
    Additional details about the task can be entered in the Description text box.
  6. Choose a frequency how often to run the task.
    You can postpone when the task is run for the first time and schedule when it ends.
  7. (Optional) To receive a notification after the task is finished, enter an email.
  8. Click Schedule The Task.

Results

The newly created task is visible on the Scheduled Tasks list. You can Edit, Run or Remove the task.

What to do next

To understand more about compliance status, checks or failures, see Check Compliance.

How Do You Remediate a Host to Comply with a vSphere Host Profile Configuration?

When you check the compliance of a host to a host profile and a host is non-compliant, you can use the remediate option to apply the host profile settings to the host. During remediation, all host profile parameters are updated to the values defined in the host profile that is attached to the host.

Prerequisites

Verify that a host profile is attached to the host.

Procedure

  1. In the vSphere Client, select Menu > Policies and Profiles.
  2. Under Policies and Profiles, click Host Profiles.
  3. Right-click the host profile and select Remediate.
    Note: Certain Host Profile policy configurations require that the host is rebooted after remediation. In such cases, you are prompted to place the host into maintenance mode. You might be required to place hosts into maintenance mode before remediation. Hosts that are in a fully automated DRS cluster are placed into maintenance mode during remediation. Alternatively, if the host is not placed into maintenance mode when required, the remediation process stops.
  4. Select the hosts you want to remediate against the host profile.
    Note:
    When you remediate an ESXi host to comply with a host profile, two groups of advanced option parameters are not managed by the host profile and their values remain unchanged for the host:
    • advanced option parameters which are disabled in the host profile.
    • advanced option parameters which exist in the ESXi host you want to remediate, and do not exist in the host profile.

    The remediation pre-check results do not contain tasks related to these two groups of advanced option parameters.

  5. (Optional) To specify host properties, enter your host customizations or import a host customization file.

    You can modify the user input parameters for the host profiles policies by customizing the host and clicking Next. See Host Profiles and vSphere Auto Deploy for more information about vSphere Auto Deploy.

  6. To check if the selected hosts can be remediated, click Pre-check Remediation.
    The pre-check generates a list of tasks that will be performed on the host.
  7. If needed, select the check box to reboot the hosts.
    Alternatively you can reboot the hosts manually after the remediation process.
  8. Review the tasks that are necessary to remediate the host profile and click Finish.

Results

The compliance status is updated.