Tech Zone Compute (vSphere)

Monitor Configuration Drift with Alarms for vSphere Configuration Profiles

You can create a custom alarm definition to trigger when a host, or multiple hosts, in a cluster is non-compliant with the cluster configuration. 

The alarm definition can be created at a vCenter or cluster level (or even folder and datacenter levels). For simplicity, creating one alarm definition at the vCenter level means a single alarm definition can be applied to all clusters but you can also create the definition at a cluster level if you want different clusters to trigger different alarm levels. For example, a production cluster might trigger a critical level alarm, and a test cluster might trigger a warning level alarm.


Alarms to notify for cluster configuration compliance are planned to be included as default alarms in the future.


vSphere Configuration Profiles runs an automatic compliance check every 8 hours. The configured alarm triggers when both manual compliance checks and automatic compliance checks are invoked.

How to create a vSphere Configuration Profiles cluster alarm

Creating an alarm that targets clusters results in the alarm being triggered on the cluster object.

In the vSphere Client, navigate to vCenter > Configure > Alarm Definitions

Click ADD

Give the alarm a distinct name, for example, Cluster configuration is out of compliance (vSphere Configuration Profiles). This name appears when the alarm is triggered so it is a good idea to include an identifier like “vSphere Configuration Profiles”

Change the Target type to Clusters and click NEXT.

In the alarm rule argument field, enter com.vmware.vcIntegrity.ClusterConfigurationOutOfCompliance.

Select a severity for the alarm and enable email notifications or SNMP traps if required.

Finish the new alarm definition workflow to create the alarm.

Test the alarm by making some minor, non-disruptive, configuration change to one host in a cluster. For example, create an empty vSphere standard switch without any uplinks. 

Navigate to the cluster’s desired state configuration interface and check for compliance. The host should appear as non-compliant and the cluster should have an alarm triggered.

How to create a vSphere Configuration Profiles host alarm

Creating an alarm that targets hosts results in the alarm being triggered on the specific host object.

In the vSphere Client, navigate to vCenter > Configure > Alarm Definitions

Click ADD

Give the alarm a distinct name, for example, Host configuration is out of compliance (vSphere Configuration Profiles). This name appears when the alarm is triggered so it is a good idea to include an identifier like “vSphere Configuration Profiles”

Change the Target type to Hosts and click NEXT.

In the alarm rule argument field, enter com.vmware.vcIntegrity.HostConfigurationOutOfCompliance.

Select a severity for the alarm and enable email notifications or SNMP traps if required.

Finish the new alarm definition workflow to create the alarm.

Test the alarm by making some minor, non-disruptive, configuration change to one host in a cluster. For example, create an empty vSphere standard switch without any uplinks. 

Navigate to the cluster’s desired state configuration interface and check for compliance. The host should appear as non-compliant and the specific host should have an alarm triggered. 

If multiple hosts are out of compliance, each host will show an alarm. You can easily see all hosts reporting the alarm at the vCenter or cluster level monitor tab.

Summary

You can create a custom alarm definition to trigger when a host, or multiple hosts, in a cluster is non-compliant with the cluster configuration. This allows administrators to be easily notified if cluster configuration drifts from the desired vSphere Configuration Profile and take the necessary actions.