Why You Shouldn’t Configure ESXi Manually
Managing a small cluster with 2-3 ESXi hosts might make manual configuration of NTP, Syslog, or vSwitches seem manageable. However, imagine scaling that system to 30, 50, or even 100 hosts. Manually clicking through every setting is not only exhausting but also extremely prone to error.
A single host with a mismatched VLAN on a Port Group or a typo in a Syslog IP address can cause intermittent system issues that are difficult to diagnose. Administrators call this Configuration Drift. VMware Host Profiles were designed to solve this exact problem. It creates a “Blueprint” from a reference host and then enforces strict adherence to that template across all other nodes.
In past projects I’ve handled, implementing Host Profiles reduced the deployment time for 20 new hosts from 5 hours to less than 30 minutes, with near-perfect accuracy.
Note: You need a vSphere Enterprise Plus license to use this feature. If you are using the Standard edition, the Host Profiles option will be hidden.
Preparation: Creating a “Golden Host”
Before extracting a Profile, you need to select an ESXi host to serve as your standard (Reference Host). Ensure this host has all parameters fully configured:
- Networking: vSwitches, Port Groups, VMkernel adapters, and Load Balancing policies.
- Storage: iSCSI targets and Multipathing configurations.
- Security: Firewall rules, SSH activation, and password policies.
- Services: NTP servers, Syslog, and DNS.
VMware Host Profiles Configuration Process
1. Extracting the Profile from the Reference Host
In the vSphere Client, right-click the reference host you prepared. Select Host Profiles > Extract Host Profile…
Give it a descriptive name like Production-Cluster-Standard. vCenter will scan the current configuration and package it into a Profile in the library.
2. Attaching the Profile to the Cluster
Instead of attaching it to individual hosts, I recommend attaching it directly to the Cluster. This way, any new host added to the Cluster in the future will automatically have the common Profile applied.
- Go to the Policies and Profiles menu > Host Profiles.
- Select the Profile you just created and click Attach/Detach Hosts and Clusters.
- Select the target Cluster and confirm.
3. Checking for Configuration Drift (Compliance Check)
After attaching, vCenter won’t change anything on your hosts immediately. You need to check how much the hosts deviate from the template. Right-click the Cluster and select Host Profiles > Check Host Profile Compliance.
If you see a Non-compliant status (in red), click to view the details. The system will explicitly identify the issues: “Host 02 has the wrong NTP address” or “Host 05 is missing VLAN 20”.
4. Synchronizing Configuration (Remediation)
This is the step that brings the hosts back to the standard state. Note: Some changes to Network or Storage may require the host to enter Maintenance Mode.
Before running Remediate, you must perform Edit Host Customizations. Since each host has unique identification parameters (such as VMkernel IPs), you need to input these values into the table to prevent hosts from overwriting each other’s IPs.
# Quickly check the Compliance status of all hosts using PowerCLI
Get-VMHost | Select Name, @{N="Status";E={(Test-VMHostProfileCompliance -VMHost $_).Status}}Real-world Operational Experience
Once the status turns Compliant (green), your infrastructure is uniform. However, administration doesn’t stop there.
Beware of manual changes: Sometimes another engineer on the team might temporarily modify a host configuration for testing. Host Profiles will detect this during the next check. I usually schedule a weekly PowerCLI script to email reports of any hosts with configuration drift.
# Basic script to automatically apply a Profile
$hp = Get-VMHostProfile -Name "Production-Cluster-Standard"
$vmhost = Get-VMHost "esxi-node-01.company.com"
Set-VMHostProfile -Entity $vmhost -Profile $hp
Apply-VMHostProfile -Entity $vmhost -Confirm:$falseCrucial Tips and Lessons Learned:
- CSV Files: When configuring dozens of hosts, use the Export/Import Host Customizations feature via CSV files to avoid IP entry errors.
- vLCM: Host Profiles do not manage Driver/Firmware versions. You should combine them with vSphere Lifecycle Manager for comprehensive management from hardware to software.
- Permissions: Limit Remediate permissions. A single mistaken click on a network Profile can cause the entire Cluster to lose connectivity in an instant.
Mastering Host Profiles is a major step from being a typical system administrator to becoming a professional infrastructure engineer. Don’t let your time be wasted on repetitive tasks.
