VCF Compute (vSphere)

Using vSphere Configuration Profiles in VMware vSphere 8 Update 3 with baseline-managed clusters

vSphere Configuration Profiles now supports baseline-managed clusters, vSphere Distributed Switch configurations and more…

The earlier article, Configuration Management using vSphere Configuration Profiles, details the basics of this capability, requirements for use of this capability in vSphere 8.0, and how to enable its use on a newly created image-managed cluster. In this article, we will discuss how this feature can be enabled in clusters that are managed by baselines.

What’s New?

In vSphere 8 Update 3, you can use vSphere Configuration Profiles with the following new capabilities:

  • Support to baseline-managed clusters (formerly referred to as VUM clusters): Having an image-managed cluster is no longer a prerequisite for using vSphere Configuration Profiles. You can use vSphere Configuration Profiles to configure either baseline-managed clusters or image-managed clusters.
  • Support for vSphere Distributed Switch (VDS): vSphere Configuration Profiles is fully integrated with VDS and supports drift detection and remediation of VDS configurations at a cluster level.
  • Firewall ruleset management: You can manage custom firewall rules at a cluster level by using vSphere Configuration Profiles.
  • ESXi Lockdown Mode: vSphere administrators can use the vSphere Configuration Profiles desired configuration document to enforce Lockdown Mode on all hosts in a cluster.
  • Support for SNMP and PCI device configurations: You can manage SNMP and PCI devices at a cluster level by using vSphere Configuration Profiles.

Note: Baseline-managed clusters (VUM clusters) are deprecated. It is advised to move to image-managed using vSphere Lifecycle Manager.

When moving from baseline-managed to image-managed on a vSphere Configuration Profiles enabled cluster, there should be no additional work needed. Simply convert the cluster to use image-managed from vSphere Lifecycle Manager.

vSphere Configuration Profiles with baseline-managed clusters

vSphere Configuration Profiles now support baseline-managed clusters (formerly referred to as VUM clusters). Having an image-managed cluster is no longer a prerequisite for using vSphere Configuration Profiles. The vSphere Configuration Profiles configuration management workflows remain similar to those in image-managed clusters. In image-managed clusters, the vSphere Configuration Profiles framework relies on the desired software specification to generate the configuration schema, while in case of baseline-managed clusters, the administrator is required to select a reference host in the cluster so that vSphere Configuration Profiles framework can generate the configuration schema. The following section provides more details about the workflows in baseline-managed clusters.

Enabling vSphere Configuration Profiles when creating a new baseline-managed cluster.

Start with creating a new cluster. Navigate to Datacenter > New Cluster.

  • Un-select “Manage all hosts in the cluster with a single image
  • Select “Manage configurations at a cluster level
A screenshot of a computerDescription automatically generated

Now, add hosts in the newly created cluster.

Navigate to Cluster > Configure > Configuration. Click on Go to the draft tab to edit these settings.

A screenshot of a computerDescription automatically generated

Select IMPORT FROM HOST.

A screenshot of a computerDescription automatically generated

Select a Reference host and click IMPORT.

The reference host in a baseline-managed cluster acts as a source of truth for configuration schema of the cluster. The configuration schema defines the set of properties that can be configured at the cluster-level through vSphere Configuration Profiles. The configuration document for the cluster is also generated from the reference host. The configuration of non-reference host in the cluster which differs from the reference host will be added in the host-override section of the configuration document

A screenshot of a computerDescription automatically generated

Verify the setting under Draft and Click APPLY CHANGES.

A screenshot of a computerDescription automatically generated

On clicking APPLY CHANGES, Pre-Check gets triggered which shall run the necessary checks.

A screenshot of a computerDescription automatically generated

Once Pre-Check is run, the result shall show the impact on Hosts, if any.

Once Impact is reviewed, Click on REMEDIATE.

A screenshot of a computerDescription automatically generated

Upon completion of Remediation, all hosts will be compliant with the desired cluster configuration.

The remediation steps perform two things:

  1. The configuration in the draft is set as the desired configuration of the cluster. The reference host used to generate configuration and schema is also stored in the cluster. The reference host to cluster mapping is maintained by vSphere Configuration Profiles so that the host can be used in the future to change configuration of the cluster.
  2. The configuration is also applied to those hosts in the cluster which are not compliant with the desired configuration.
A screenshot of a computerDescription automatically generated

Enabling vSphere Configuration Profile on an existing baseline-managed cluster

Navigate to Cluster > Configure > Configuration.

Click on CREATE CONFIGURATION.

.

Click on “IMPORT FROM REFERENCE HOST” option

A screenshot of a computerDescription automatically generated

The reference host in a baseline-managed cluster acts as a source of truth for configuration schema of the cluster. The configuration schema defines the set of properties that can be configured at the cluster-level through vSphere Configuration Profiles. The configuration document for the cluster is also generated from the reference host.

The configuration of the non-reference host in the cluster which differs from the reference host will be added in the host-override section of the configuration document.

Select any of the hosts as Reference and Click IMPORT.

A screenshot of a computerDescription automatically generated

Once the document is imported, Click Next.

The Import process validates the generated document against all ESXi hosts in the cluster. If there are any validation errors, you can click on “Export Configuration” to export the JSON document.

Export Configuration Schema” allows you to download the JSON schema for this document. The JSON document along with the schema can be used to fix the validation errors.

Once the errors are fixed, the document can be imported by using the “Import Configuration” option.

Once the document validates successfully, Click Next.

.

Pre-Check and Apply.

In the last step, check hosts in the cluster for compliance to the desired configuration, and remediate any drifts found during the compliance check.

Review the impact to the hosts that applying the configuration changes will have. Click Finish and Apply.

 

A screenshot of a computerDescription automatically generated

vSphere Configuration Profiles is now enabled, and you can review the configurations that have been set.

.