As promised I will talk a bit more about host profiles in this post. You actually create and manage host profiles for the polices and profiles window in center, from there you can export a host profile from one select ESXi host with the configuration you’e looking for and export it for use. From there you can select the profile and add it to select hosts or even the clusters themselves. Before remediating any differences between the hosts according to the host profile you must select your customization settings on the hosts, these setting allow you to exclude anything you don’t want to be applied to all hosts and can even be changed on a per host basis, configuration that may differ from each host, perhaps the hosts use different standard switch configuration, you could prevent that from being applied under the customization settings for the host profile. After confirming customization you can run the remediation, you can run a pre-check beforehand which you can monitor from host profile monitoring tab by selecting the host profile under policies and profiles. Once remediation is run all selected hosts will automatically be configured according to the host profile and you configured customizations. Lockdown mode is rather simple, if it’s enabled you can only manage host from vCenter, no ESXi or SSH, unless your user account has explicit permission. There are two types of lockdown mode, normal, which leaves DCUI running so if you lose access to your host in vCenter you can disable it from there. With strict lockdown DCUI is stopped and you can only manage or disable lockdown mode from vCenter, so if you lose access you must reinstall ESXi.