Whether you manage the ESXi hosts in your environment with baselines or with images, you can configure the behavior of vSphere Lifecycle Manager during remediation.

The vSphere Lifecycle Manager remediation settings for hosts and clusters that use baselines differ from the remediation settings for hosts and clusters that you manage with a single vSphere Lifecycle Manager image. For example, allowing the installation of software on PXE booted hosts and the removal of media devices before maintenance mode are settings that you can configure only for hosts and clusters that use baselines. Virtual machine migration settings, maintenance mode settings, and Quick Boot are examples of remediation settings that you can configure for both hosts and clusters that use baselines or images.

You can modify the default vSphere Lifecycle Manager settings only if you have the appropriate privileges. The permission must be assigned to the vCenter Server instance where vSphere Lifecycle Manager runs. For more information about managing users, groups, roles, and permissions, see the vSphere Security documentation. For a list of the vSphere Lifecycle Manager privileges and their descriptions, see Required Privileges for Using vSphere Lifecycle Manager and vSphere Configuration Profiles.

If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain, you can configure the remediation settings for each vSphere Lifecycle Manager instance. The configuration properties that you modify are applied only to the vSphere Lifecycle Manager instance that you specify, and are not propagated to the other instances in the domain.

How Do Cluster Settings Affect Remediation?

When you remediate ESXi hosts that are in a cluster, certain cluster settings might cause remediation failure. You must configure the cluster settings in such a way as to ensure successful remediation.
Distributed Resource Scheduler (DRS)
Updates might require a host to enter maintenance mode during remediation. Virtual machines cannot run when a host is in maintenance mode. To ensure availability, you can activate DRS for the cluster and you can configure it for vSphere vMotion. In this case, before the host is put in maintenance mode, vCenter Server migrates the virtual machines to another ESXi host within the cluster.

To help ensure vSphere vMotion compatibility between the hosts in the cluster, you can enable Enhanced vMotion Compatibility (EVC). EVC ensures that all hosts in the cluster present the same CPU feature set to virtual machines, even if the actual CPUs on the hosts differ. EVC prevents migration failures due to incompatible CPUs. You can enable EVC only in a cluster where the host CPUs meet the compatibility requirements. For more information about EVC and the requirements that the hosts in an EVC cluster must meet, see the vCenter Server and Host Management documentation.

Distributed Power Management (DPM)
If a host has no running virtual machines, DPM might put the host in standby mode, which might interrupt a vSphere Lifecycle Manager operation. So, to make sure that all vSphere Lifecycle Manager operations finish successfully, you must deactivate DPM during these operations.

For successful remediation, you must configure vSphere Lifecycle Manager to deactivate DPM. After the remediation task finishes, vSphere Lifecycle Manager restores DPM. If DPM has already put a host in standby mode, vSphere Lifecycle Manager powers on the host before compliance checks, remediation, and staging. After the respective task finishes, vSphere Lifecycle Manager turns on DPM and lets DPM put the host into standby mode, if needed. vSphere Lifecycle Manager does not remediate powered off hosts.

If a host is put in standby mode and DPM is manually deactivated for a reason, vSphere Lifecycle Manager does not remediate or power on the host.

HA Admission Control
Within a cluster, you must deactivate HA admission control temporarily to let vSphere vMotion proceed. This action prevents downtime for the machines on the hosts that you remediate. You can configure vSphere Lifecycle Manager to deactivate HA admission control during remediation. After the remediation of the entire cluster is complete, vSphere Lifecycle Manager restores the HA admission control settings. vSphere Lifecycle Manager deactivates HA admission control before remediation, but not before compliance checks. Additionally, for clusters that you manage with baselines, vSphere Lifecycle Manager deactivates HA admission control before staging.
Note:
Deactivating HA admission control before you remediate a two-node cluster that uses a single vSphere Lifecycle Manager image causes the cluster to practically lose all its high availability guarantees. The reason is that when one of the two hosts enters maintenance mode, vCenter Server cannot failover virtual machines to that host and HA failovers are never successful. For more information about HA admission control, see the vSphere Availability documentation.
Fault Tolerance (FT)
If FT is turned on for any of the virtual machines on a host within a cluster, you must temporarily turn off FT before performing any vSphere Lifecycle Manager operation on the cluster. If FT is turned on for any of the virtual machines on a host, vSphere Lifecycle Manager does not remediate that host. You must remediate all hosts in a cluster with the same updates, so that FT can be reactivated after remediation. A primary virtual machine and a secondary virtual machine cannot reside on hosts of different ESXi versions and patch levels.