The Host Profile feature is a powerful tool for managing and configuring VMware hosts consistently within a vSphere environment. It allows administrators to define a set of desired host configurations, validate compliance, and automatically remediate hosts that fall out of compliance. Below is an overview of all the host profile parameters you can configure and the settings that control how each host is uniquely identified or customized when applying a profile.

1. General / Identity / Host Customization

These settings define how the host will be uniquely identified or customized when applying a profile. Host Customizations allow you to specify which settings require per-host input, such as static IP addresses, host names, iSCSI IQNs, etc.

Host Customizations

Purpose: Allows you to specify settings that require input per host, such as hostnames or IP addresses. These will prompt for input during profile application.

Hostname / DNS / Domain Name

Fixed or Dynamic: Choose to use a fixed hostname, or have the system prompt you for a unique name per host. For instance, you can decide if you want a generic name or if each host in the cluster should have a distinct identifier.

IP Address / IPv4 / IPv6

Static or Dynamic: Specify a static IP address for management, vMotion, or VMkernel interfaces, or allow the system to prompt for the address on a per-host basis during profile application.

MAC Address Assignment

Fixed or Dynamic: When configuring distributed virtual switch (vDS) environments, you can either specify a fixed MAC address for each host or allow the system to prompt you for the MAC address per host.

Root / Administrator Password / User Accounts

Credentials Input: You can either embed user credentials within the profile or configure it to prompt for the root password or other user accounts during profile application.

2. Time / Date / NTP Settings

Ensuring all hosts synchronize their clocks and use the same time zone is essential for proper operation.

Time Zone

Reference Host: Captures the desired time zone from the reference host and ensures that the target hosts adopt the same time zone.

NTP Servers

Synchronization Source: Defines a list of NTP servers to use for time synchronization across hosts.

NTP Configuration Behavior

Always Apply or Prompt: You can configure whether the NTP settings should always be applied or only prompt if missing.

3. Networking Configuration

Networking configurations define how virtual switches, network adapters, and port groups are set up.

vSwitch Creation / Existence

Dynamic Creation: Configure when a virtual switch should be created, such as always or only if certain physical NICs are detected.

Link / Uplink Configuration

NIC Selection: Choose which physical NICs (vmnics) back each vSwitch. The system can be configured to select NICs based on criteria such as name, bandwidth, or link state.

Network Policy / Switch Settings

Traffic Management: Includes settings for:

Security Policy (e.g., promiscuous mode, MAC address changes, forged transmits)

Traffic Shaping (average/peak/burst)

NIC Teaming/Load Balancing (e.g., Active-Standby, Load Balancing policies)

Failover/Path Loss Detection

Port Groups (VM, Management, vMotion, etc.)

VLAN Configuration: Define the port group names, associated VLAN IDs, and whether these settings are applied to vSwitches or distributed switches.

Network Settings: Define IPs, subnets, gateways, and static routes for management or VMkernel port groups.

Distributed Switch (vDS) Settings

vDS Port Groups: For hosts using vSphere Distributed Switches, configure uplinks, port group memberships, and other networking policies.

4. Storage Configuration

Storage configuration settings manage the storage adapters, paths, multipathing, and network protocols for storage access.

NFS Datastores

Mounting Configuration: Capture NFS mounts to ensure consistent datastore configurations across hosts.

iSCSI Initiator / Target / CHAP Settings

iSCSI Setup: For iSCSI storage, configure the iSCSI initiator, target server addresses, and CHAP credentials. These settings may prompt for input per host if host-specific details are needed.

Native Multipathing (NMP) / PSP / Path Policies

Multipathing Policies: Set path selection policies (MRU, Round Robin, Fixed), preferred paths, and other multipath settings.

Boot Device / SAN Boot LUNs

Boot Configuration: If the host boots from SAN, you can capture SAN Boot LUN settings and ensure all target hosts are configured similarly.

Advanced Storage Attributes

Performance Tuning: Includes settings like queue depths, I/O limits, and other device-specific settings.

5. Security & Services

Security settings control the host's exposure to external networks and define how services are accessed and secured.

Firewall Rules / Allowed Services

Access Control: Define the allowed ports and services (e.g., SSH, vMotion, ESXi services) to ensure the host is secure.

Lockdown Mode

Access Restriction: Lockdown mode controls whether direct root login is allowed or if all access must go through vCenter.

SSH / Shell / Management Services

Service Control: Determine when SSH and shell services are enabled (startup), and whether other management-related services are active.

User & Group Configuration

User Setup: Configure non-root user accounts, including group membership, shell type, etc.

Authentication / Directory / AD Integration

Active Directory Settings: For hosts that need to authenticate via AD or other directory services, configure those settings here.

6. Advanced / Custom Settings

These settings allow for deeper customization and system-specific configuration.

Advanced System Settings / Kernel / vmkernel Parameters

Tuning: Parameters like Net.TcpipHeapSize and security settings for kernel-level optimization can be embedded in the host profile.

BIOS / Firmware / Hardware Settings

Hardware Integration: Some setups allow you to capture BIOS or firmware versions or settings, depending on the host's hardware and the management tools used.

PCI Device / Passthrough / SR-IOV / Device Groups

Hardware Pass-Through: For GPU, NIC, or other device passthrough, you can define which PCI devices are passed through, or configure SR-IOV virtual functions.

NUMA / ESXi Reservation

Resource Reservation: Reserve CPU or memory resources for the ESXi host to ensure critical services always have the resources they need.

7. Compliance & Remediation Settings

Host Profiles include compliance checks to ensure that hosts remain aligned with the defined configuration.

Enable / Disable Subprofiles

Selective Checks: You can choose to exclude specific subprofiles from compliance checks or remediation if you want to ignore certain settings during validation.

Compliance Checks

Validation: During compliance checks, certain parameters are validated. If a host drifts from the profile, it will be flagged for remediation.

Remediation / Corrective Actions

Automated Fixes: If a host falls out of compliance, remediation will apply the necessary configuration to bring it back in line with the profile. Some changes may require putting the host into maintenance mode or rebooting.

Remediation Order / Dependency Handling

Change Sequencing: When applying multiple changes, the system ensures the correct order of operations. For example, networking should be configured before vMotion to ensure proper functionality.