VMware Cloud Foundation Products Technical VCF Automation

VMware Aria Operations Eliminates Configuration Drifts for vCenter

When it comes to Configuration Management, Admins face the challenge of enforcing global and regional standards as they struggle to manage configurations across hosts, clusters, VCs, and SDDCs. The process is manual, tedious, prone to error, hard-to-track, and often requires them to use multiple technologies and interfaces.

This drives up operational costs and complexity, at the expense of maintaining strong compliance and security.

The new VMware Aria Operations Configuration Drifts feature addresses this issue, enabling Admins to monitor and view vCenter configuration settings that have drifted from assigned templates without needing to track every change manually.

Configuration Drifts show the changes in product configuration over time and allows you to compare the changes to the assigned template values. It helps to prevent misconfiguration from going unnoticed, reduces the risk of security breaches, and keeps the environment running smoothly.

A screenshot of a computerDescription automatically generated

Prerequisites

To create, manage, or view Configurations for vCenter in Aria Operations, please do the following:

  • Ensure that you have the Administrator role.
  • Verify that you have Configuration Drifts privileges to access configuration templates. There are two options:
    • Manage Privilege: for creating templates, assigning them to policy, and running drift check.
    • View Privilege: for viewing template content and viewing existing drift.
  • Verify that you have vCenter version 8.0.3 or later.

Creating A Configuration Drift Template

Configuration templates allow administrators to define and review specific configuration settings for vCenter instances. The desired state can be defined as a configuration template or as a JSON-based file that contains settings for vCenter instances, such as network configuration, storage, security, advanced settings, and performance.

As an Appliance Management Administrator, if you need to create a template specifically for appliance settings and focus solely on monitoring drifts for those configurations or controls, you can achieve this by creating an appliance configuration template.

A screenshot of a computerDescription automatically generated

Assigning Templates to vCenter Policies

Once a template is created, it be assigned to an active vSphere Policy to be become active.

A screenshot of a computer programDescription automatically generated

Detecting Drifts

With an active Configuration Drift Template, drifts can be detected from the left navigation pane.

Simply go to Operations > Configuration Drifts and select Drifts.

All supported vCenters (8.0.3) or higher will be available as a selection.

A screenshot of a computerDescription automatically generated

If a drift is detected, you’ll see a side-by-side comparison of the vCenter Template Value (in Red) next to the vCenter Configuration Template Value.

In this case, the parameters for the Password Policy has changed.

In order to make the draft compliant, simply log into your vSphere Client and adjust them back to the Configuration Template value.

A screenshot of a computer programDescription automatically generated

Configuration Drift Dashboard

The Configuration Drift dashboard allows you to view and monitor all vCenter instances and their configuration specifications in one place.

You can view and compare configuration drifts, identify changed settings, and determine the root cause of problems. Additionally, you can view the configuration templates assigned to your vCenter instances.

Let’s look at each.

vCenter by Drift Status

The vCenter by Drift Status pie-chart represents the state of the vCenter at a given point in time. The total number of vCenter drift statuses are:

  • Compliant: This state shows vCenter with no drifts against the template it has been associated with.
  • Non-Compliant: This state shows whether the vCenter configurations deviate from the desired standard configurations.
  • Unavailable: This state occurs when vCenter is unavailable, the drift computation is in progress, the drift has not been computed against that specific resource, or an internal error has occurred.
  • Not-Supported: This state shows the list of vCenter instances that are either below version 8.0.3 or are not registered with the cloud proxy.

A screenshot of a computerDescription automatically generated

vCenter by Templates

The vCenter by Templates displays the number of configuration templates associated with vCenter instances.

  • With Templates: This state shows the number of vCenter instances that have at least one template associated with them.
  • No templates: This state shows the number of vCenter instances that have no template associated with them.
  • Not-Supported: This state displays the list of vCenter instances that are not registered with the cloud proxy or are below version 8.0.3.

Conclusion

This concludes the overview of Configuration Drifts for vCenter. Its benefits include the following:

  • Consistency: By defining a template, administrators can ensure that a specific group of vCenter instances or all of them are configured consistently. This helps reduce errors and improves the overall reliability of the virtual infrastructure.
  • Compliance: Configuration Drift helps ensure that vCenter instances are configured in compliance with organizational policies and regulations.
  • Scalability: As your infrastructure environment scales up, managing configuration drifts becomes crucial for maintaining consistency and control across global on-prem vCenter instances.