When you check the compliance of a cluster or host against an image, vSphere Lifecycle Manager compares the software on each host in the cluster or on the standalone host with the software specified in the image. If the image contains a firmware and drivers add-on, the compliance check also calculates the firmware compliance of the hosts with the image. If some of the hosts in the cluster or the standalone host contain DPU devices, vSphere Lifecycle Manager compares the software and firmware on the DPU devices on the hosts with the software and firmware specified in the cluster or host image.

In addition to calculating the compliance state for each host in the cluster or the standalone host, the compliance check gives you information about the impact that the remediate operation will have on a single host, for example if remediation will cause host reboot or if maintenance mode is needed for the host.

A host can have any of the four compliance states: compliant, non-compliant, incompatible, and unknown. If a host has a DPU device, the compliance state of the DPU device is merged into the overall host compliance result.

Compliant
A host is compliant if the image on the host matches the image that you set for the cluster or host.

A DPU-backed host is compliant when the software and firmware on the server and on the DPU device are the same as the software and firmware specified in the image for the cluster or host.

Non-Compliant
A host is non-compliant if the image on the host does not match the image that you set for the cluster or host. A compliant host becomes non-compliant when you set a new image for the cluster or host or manually add or remove components on the host. You remediate non-compliant hosts to make them compliant.
For example, a host is non-compliant in the following cases.
  • The ESXi version on the host is earlier than the ESXi version included in the image for the cluster or host.
  • The firmware on the host is different from the firmware add-on in the image for the cluster or host.
  • The host has a component that is not included in the image for the cluster or host.
  • The host contains a standalone VIB.
A DPU-backed host is non-compliant in the following cases:
  • ESXi on the server, ESXi on the DPU device, or both have software components of earlier versions than the software and firmware specified in the image for the cluster or host.
  • You edit the image for the cluster or host and add a component that contains one or multiple VIBs that are applicable to ESXi on the server, ESXi on the DPU device, or both platforms.
  • The remediation of a cluster or a host fails and as a result, the software and firmware components on the host are updated, but the DPU is not updated or the reverse.
Incompatible
A host is incompatible when the image for the cluster or host cannot be applied to the host.
For example, a host is incompatible in the following cases.
  • The ESXi version on the host is later than the ESXi version included in the image for the cluster or host.
  • The host does not have sufficient resources, for example RAM.
  • The hardware of the host is incompatible with the vSphere Lifecycle Manager image for the cluster or host.

A DPU-backed host has the incompatible compliance state when the ESXi version on the DPU is later than the ESXi version included in the image for the cluster or host.

Unknown
The unknown compliance state indicates that there is no compliance information about the host.
For example, the compliance state of a host is unknown in the following cases.
  • You add a new host to the cluster. The compliance state of the newly added hosts is unknown until you perform a compliance check operation on the cluster.
  • You add a new standalone host to the data center or folder. The compliance state of the standalone host is unknown until you perform a compliance check operation on the host.
  • You edit the image for the cluster or host and save the modifications. The compliance state of all hosts in the cluster or the standalone host is unknown until you check the compliance of the cluster or host against the new image.

Compliance information about the hosts in a cluster or the standalone hosts is displayed on the Updates tab for that cluster or host, in the Image Compliance card. If you select a cluster, the Image Compliance card displays a list of all hosts in the cluster that are out of compliance with the image for the cluster. When you select a host from the cluster, the compliance information about the host appears on the right. If you select a standalone host, the Image Compliance card displays the compliance information about the host.

If a host has a DPU device, it is listed directly below the host. The compliance information about the DPU device appears on the right and is presented in an identical manner as the overall compliance information about the host. You can see full image comparison or drift comparison.
A screenshot showing that DPU is placed under the host it belongs to.

Check the Compliance of a Cluster Against a vSphere Lifecycle Manager Image

You check the cluster compliance against an image to understand how each of the hosts in the cluster compares to the specified image.

When you initiate the check compliance operation on an object that contains multiple clusters that you manage with a single image, for example a data center or vCenter Server instance, vSphere Lifecycle Manager performs compliance checks on all those clusters.

Prerequisites

Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using Images.

Procedure

  1. In the vSphere Client, navigate to a cluster that you manage with a single image.
  2. On the Updates tab, select Hosts > Image.
  3. In the Image Compliance card, click the Check Compliance button.

Results

The Image Compliance card displays information about the overall number of non-compliant and incompatible hosts in the cluster. You can view detailed compliance information for every host. If the host has a DPU device, you can also view compliance information about the DPU device only.

What to do next

Remediate the cluster to make the non-compliant hosts compliant. See Run a Remediation Pre-Check for a Cluster, a Host Within a Cluster, or a Standalone Host and Remediate a Cluster Against a Single Image.

View Host Compliance Information

You can view detailed compliance information for every non-compliant host in a cluster or for every standalone host that you manage with a single image. You can also view compliance information about the DPU device on the host, if the host has a DPU device. As a result, you can easily find what causes the host to become out of compliance with the cluster or host image.

Detailed compliance information is displayed only for hosts that are out of compliance with the image in the cluster or the standalone host. vSphere Lifecycle Manager displays no compliance details for compliant hosts.

For hosts that have the incompatible compliance state, vSphere Lifecycle Manager shows in a signpost information about what causes the compatibility issues.

Prerequisites

  • Run a compliance check.
  • Verify that no host is added to the cluster after your last compliance check.

Procedure

  1. In the vSphere Client, navigate to a cluster or host that you manage with a single image.
  2. On the Updates tab, select Hosts > Image.
  3. View compliance information for the hosts in a cluster or for a standalone host.
    Option Action
    View the compliance information for a host in the cluster.
    1. In the Image Compliance card, select a host from the Hosts list.
      Note: Only non-compliant hosts are listed.
    2. (Optional) To view the full comparison between the image on the host and the image for the cluster, select Full image comparison from the drop-down menu for the Software compliance table.
    3. (Optional) To view only the image elements that make the host non-compliant with the image for the cluster, select Only drift comparison from the drop-down menu for the Software compliance table.
    View the compliance information for a standalone host. You can view the compliance information for a standalone host in the Image Compliance card.
    • To view the full comparison between the software that runs on the host and the image for the host, select Full image comparison from the drop-down menu for the Software compliance table.
    • To view only the image elements that make the host non-compliant with the image, select Only drift comparison from the drop-down menu for the Software compliance table.
  4. If you want to view compliance details about a DPU device on a host, select the DPU device listed for the host.
    DPU devices are listed directly under the host they belong to.
    • To view the full comparison between the image on the DPU device and the image for the cluster or the standalone host, select Full image comparison from the drop-down menu for the Software compliance table.
    • To view only the image elements that make the DPU device non-compliant with the image for the cluster or the standalone host, select Only drift comparison from the drop-down menu for the Software compliance table.
    An information panel appears on the right. In the Software compliance table, you can see what software runs on the selected host and what is the software specification in the image for the cluster or the standalone host.