One of the most useful additions in VMware Cloud Foundation (VCF) 9.1 is Configuration Drift Management which is similar to the Host Profiles which was to keep ESXi advanced settings consistent across large environments.
Drift Management gives us a way to define templates, check for differences, and keep our vCenters aligned with policy.
We’ll focus on vCenter drift management—creating a config template, running drift detection, and scheduling compliance checks
Creating a Config Template
Once you’re logged into VCF Operations, head to Fleet Management > Lifecycle → Configuration Drift
From here, under the VCF instances, click on Configuration Templates > Create Config Template
For this example, we’ll keep it simple by adding a small compliance check so give a name for it
We will ensure some of the settings such ntp is set to run always and ssh is set to true at all times
Apply the default policy, which targets all vCenters in the environment.
Click Create to save the Config Template
Go back to Fleet Management → Configuration Drift.
Assign the policy to additional vCenters if required
Select the vCenters and we can see the policy is active
Click Detect Drift
Once the detection completes, you can click on each vCenter to view the results
While drift detection highlights deviations, administrators must apply corrections themselves for now.
A powerful application of drift detection is security compliance. For example: we can schedule drift detection on a regular basis
Click Schedule Drift Detection
Give the policy a name
Drag and drop the vCenters you want to include
Select the vCenters you want to include
Add filters or metrics if required
Define your schedule and click Save.
Our policy is now set.
Quite a handy feature so administrators are alerted to compliance issues in real time.