Host Profiles available through VMware vCenter Server and with the Enterprise Plus license, are used to standardize and simplify management of vSphere host configurations and to automate compliance to these configurations. It simplifies operational management of large-scale environments and reduces errors caused by misconfigurations.

Host Profiles eliminates per-host, manual or UI-based host configuration and maintains configuration consistency and correctness across the datacenter by using Host Profiles policies. These policies capture the blueprint of a known, validated reference host configuration, including the networking, storage, security and other settings. You can then use this profile to:

• Automate host configuration across a large number of hosts and clusters. You can use Host Profiles to simplify the host provisioning process, configure multiple hosts in a similar way, and reduce the time spent on configuring and deploying new VMware ESX/ESXi hosts.
• Monitor for host configuration errors and deviations. You can use Host Profiles to monitor for host configuration changes, detect errors in host configuration, and ensure that the hosts are brought back into a compliant state.

When you join a host to an Active Directory domain, you must define roles on the host for a user or group in that domain. Otherwise, the host is not accessible to Active Directory users or groups. You can use host profiles to set a required role for a user or group and to apply the change to one or more hosts.

Prerequisites
You must have an existing host profile.
Verify that the hosts to which you apply a profile are in maintenance mode.

Procedure

1. Using the vSphere Client, select View > Management > Host Profiles.
2. Right-click an existing host profile and select Edit Profile.
3. Expand the profile tree, and then expand Security configuration.
4. Right-click the Permission rules folder and select Add Profile.
5. Expand Permission rules and select Permission.
6. On the Configuration Details tab in the right pane, click the Configure a permission drop-down menu and select Require a Permission Rule.
7. Enter the name of a user and group.
   Use the format DOMAIN\name, where DOMAIN is the name of the Active Directory domain and name is the user name or group name.
8. (Optional) If the name you entered is a group (not a single user), select the Name refers to a group of users check box.
9. Enter the assigned role name for the user or group (usually Admin).
   The role name is case-sensitive. If this is a system role, you must use the nonlocalized role name. For example, for the Administrator role, enter Admin. For the Read-only role, enter ReadOnly.
10. Select the Propagate permission check box and click OK.

What to do next

1. Attach the profile to the hosts.
2. Apply the profile to the hosts.

References:

• http://pubs.vmware.com/vsphere-4-esxi-installable-vcenter/index.jsp?topic=/com.vmware.vsphere.esxi_server_config.doc_41/
  esx_server_config/authentication_and_user_management/t_directory_service_host_profile.html
• http://www.vmware.com/files/pdf/techpaper/VMW-Host-Profiles-Tech-Overview.pdf
• http://www.scribd.com/doc/59224961/70/Configuring-AD-Integration-with-Host-Profiles