SCP

User Manual
Version 6.1.0
Change Log
Date Change Description

July 27, 2020 Edited the SCP user manual

CONTENT
Chapter 1 Overview ...................................................................................................................................................... 5

1.1 Brief Introduction of SCP Products.................................................................................................................... 5

1.2 SCP Architecture.................................................................................................................................................. 7

1.3 SCP Key Characteristics....................................................................................................................................... 9

Chapter 2 Installation and Upgrading.......................................................................................................................17

2.1 New deployment...............................................................................................................................................17

2.2 Deployment of Operating and Standby Units (If Necessary) .......................................................................20

2.3 Network Configuration.....................................................................................................................................23

2.4 SCP Activation....................................................................................................................................................28

2.5 Add Physical Resources ....................................................................................................................................35

2.6 HCI Cluster Licensing.........................................................................................................................................38

2.7 Security Resource Licensing.............................................................................................................................42

2.8 Division of Resource Pool.................................................................................................................................43

2.9 Upgrade ..............................................................................................................................................................46

2.10 Delete Cluster ..........................................................................................................................................49

Chapter3 Operation Maintenance and Management............................................................................................53

3.1 System ................................................................................................................................................................53

3.1.1 General Configuration .............................................................................................................................53
3.1.2 System Maintenance ...............................................................................................................................66
3.1.3 Business Maintenance.............................................................................................................................67
3.1.4 Login Policies ............................................................................................................................................68

3.2 Resource Management.....................................................................................................................................71

3.2.1 Image Management.................................................................................................................................71
3.2.2 Virtual machine........................................................................................................................................79
3.2.3 Network Administration..........................................................................................................................93
3.2.4 Business Reliability................................................................................................................................ 105
3.2.5 Monitoring & Tasks............................................................................................................................... 105
3.2.6 Management......................................................................................................................................... 105

3.3 Operations Center .......................................................................................................................................... 110

3.3.1 Users ...................................................................................................................................................... 111
3.3.1.2 Roles ......................................................................................................................................................... 112
3.3.1.3 Tenant Management............................................................................................................................... 114
3.3.1.4 Tenant User Management...................................................................................................................... 121
3.3.2 Quota ..................................................................................................................................................... 124
 3.3.3 Work Oder ............................................................................................................................................. 127
3.3.3 Billing Center ......................................................................................................................................... 136

3.4 Monitoring Center.......................................................................................................................................... 138

Chapter4 FAQ............................................................................................................................................................ 144

Chapter 1 Overview
SANGFOR Cloud Platform SCP can manage cross-region clusters and provide
heterogeneous management support for VMware data centers, which can divide the
managed pool of resources into multiple logically Resource Pools, realizes the customized
approval process and billing functions through the setting of classified administrator
authority. It also enhances the network management and security among tenants, and
tenants can configure their own firewall, and the flexible image management can effectively
reduce the workload of platform management personnel in operation and maintenance. On
the other hand, in terms of business reliability, through remote disaster recovery services, it
provides users with a complete virtual machine-level remote disaster recovery plan.
This chapter mainly introduces and explains the SANGFOR SCP products in detail,
including product introduction, architecture and key features.

1.1 Brief Introduction of SCP Products

SANGFOR cloud platform(SCP) can provide abundant management capabilities. First of

all, in the resource creation phase, it can put multiple data centers under heterogeneous
management. These data centers may be either cross-regional clusters or VMware data
centers. In terms of authorization, it supports uniform authorization; in other words, In case
of heterogeneous management of multiple HCI clusters, only one SCP authorized import is
need, while all the authorizations of other clusters under heterogeneous management may
be distributed as needed through the SCP authorization. On the tenant side, it has abundant
tenant management functions. On the one hand, the administrator may customize the
approval process, and on the other hand, the tenant may submit the independent service
work order application resources, which should be used and charged reasonably through
multiple levels of resources charging functions. In terms of security, in multi-tenant scenarios,
it supports tenants to configure their own distributed firewall policies without conflicting
with platform administrators' policies; in terms of management, a single cluster can support
up to 64 hosts, support the tenants' subnet topology display, and can provide API interfaces
conforming to the openstack specification for third parties; in terms of hardware, it provides
support for INTEL's latest V5 CPU.
On the other hand, SANGFOR cloud platform SCP integrates three centers: Reliability
Center, Operations Center and Monitoring Center. Among them, Reliability Center can
provide users with a complete virtual machine-level remote disaster preparedness plan,
including disaster recovery plan, disaster recovery drill, virtual machine recovery and
relocation, visual operation and maintenance, etc. "Operations Center" can provide users
with a wide range of management options, including multi-tenant, autonomous work order,
flow billing, authority management and VMware heterogeneous management capabilities;
and "Monitoring Center" can provide users with a multi-dimensional monitoring perspective,
which supports the monitoring from both the platform and business levels to ensure the
business runs normally in all respects.
 The list of SANGFOR SCP product features is shown in the following table:

: This table only lists the basic functions supported by SANGFOR SCP. Please
consult the after-sales technical service engineer of the local office for specific configuration
implementation and other functions.

Table 1-1 SCP Product Function List

Affiliated
Function Items Descriptions of Functions
Components

SCP cloud
Multi-tenant Support multi-tenant access
platform

SCP cloud Self-service work Support tenant work order self-service

platform order application

SCP cloud Customization of Support the layout approval process and

platform approval process support multi-level examination and approval.

SCP cloud Billing and Charging for tenants' CPU, memory and
platform measurement storage

Support the editing of VMware virtual

SCP cloud Support VMware machine configuration on cloud platform
platform VDC functions (supporting CPU editing, memory, hard disk,
network).

Multi-tenant scenario:
it supports tenants to configure their own
SCP cloud Multi-tenant
distributed firewall policies without conflicting
platform distributed firewall
with the policies configured by super
administrators.

Multi-tenant scenario:
SCP cloud Tenant topology support the administrator zooming method to
platform display display the tenant virtual network topology,
supports the tenant sub-topology rendering.

Multi cluster & Support cross-regional cluster management

SCP cloud
multi-data center and support the heterogeneous management
platform
management of VMware
 SCP cloud Authority Set different administrative authorities for
platform management different administrators.

SCP cloud Support image distribution and management

Image management
platform of different partitions

SCP cloud Unified Authorization for managing single or multiple

platform authorization HCI clusters on the cloud platform

SCP cloud Integration Cloud management provides API to third

platform capability party in line with openstack specification.

SCP cloud General Drawing of Provision of Reliability

Reliable Center
platform Services

SCP cloud Disaster recovery Provide a complete VR remote disaster

platform management recovery plan

HCI Data striping Further optimize virtual storage performance

HCI Big cluster A single cluster supports up to 64 hosts

Support INTEL
HCI Provide the latest INTEL CPU support
V5CPU

The recommended deployment modes are as follows:

1. The SCP is deployed on the HCI cluster in the form of virtual machine.

2. HCI cluster IP and user password are added voluntarily to SCP to conduct
heterogeneous management over HCI cluster.
3. vcenter cluster user IP and password are added voluntarily to SCP to conduct
heterogeneous management over VMware.

Note: SCP does not currently support deployment on VMware and physical
machines.

1.2 SCP Architecture

From the perspective of business stratification, the architecture of SANGFOR SCP cloud
platform is as follows:

Fig. 1-1 SCP System Architecture Diagram

In view of the above Fig. 1-1, it is briefly explained as follows:

The micro-service architecture is adopted at the overall back-end, which supports
horizontal scaling, low coupling, building block-type, stateless and inter-module REST API
communication and maintains decoupling;
 With the separation of SCP and HCI architectures, cloud management
architectures can provide rapid evolution and upgrade based on the actual
needs;
 SCP is decoupled from HCI architecture to ensure HCI architecture is stable
with high performance;
 With the front-end display and back-end separation, back-end configuration
customization, it can quickly integrate and display data;
 Standardized API interface can facilitate the integrated development by a third
party;
 Internal RPM management shall be used to support module decoupling and
upgrade;
 The MongoDB's front-end reading/writing separation architecture supports
large concurrency;
  The three-level role system based on keystone extension (admin, tenant and
user) has more flexible management dimensions than the two-level role of
Openstack (admin and tenant);
 Based on the self-developed Phoenix framework on Openstack, it solves the
problem that Openstack service architecture is too redundant while
maintaining the advantages of Openstack architecture;
 The Gnocchi module redeveloped based on Openstack has been greatly
improved compared with the performance of official Gnocchi;

1.3 SCP Key Characteristics

  Multi-cluster Management
SCP unifies the management of resources such as infrastructure, Resource Pools, cloud
services and tenant applications.
The deployment mode of SCP includes single data center and multi-cluster deployment,
which is used to conduct heterogeneous management over multiple different clusters in the
same data center. The logical topology of the deployment is shown in Fig. 1-2:

Fig. 1-2 Multi-cluster Deployment of Single Data Center

At the same time, SCP supports the cross-regional heterogeneous management of multiple
clusters from multiple data centers. Its deployment logic topology is shown in Fig. 1-3:
 Fig. 1-3 Multi-cluster Deployment of Multi-Data Center

  Multi-tenant management
In order to meet the operational management requirements of the platform for the
Tenant, SANGFOR SCP can set up a maximum of three user management levels, namely
platform management, Tenant management and end users. The relationship between
management responsibilities and levels is shown in Figure 1-4.

Figure 1-4 SCP User Management Level

  Self-service function
 Orders will be automatically generated after users applying for or managing cloud
services, such as application for and deletion of work orders. The work order is submitted to
the corresponding personnel for examination and approval. After approval, the system
automatically executes the work order tasks. The application process is shown in Fig. 1-5.

Fig. 1-5 Application Process of Self-service Work Order

 Multi-tenant Distributed Firewall

SANGFOR SCP can provide tenants with space isolation, support tenants to configure
their own distributed firewall policies, without conflicting with platform administrators'
configuration policies. The logical diagram of the failure domain is shown in Fig. 1-6.
 Fig. 1-6 Multi-tenant Distributed Firewall

Distributed firewall rules within each tenant will only be issued to its own switch to take effect,
to achieve the firewall rule isolation between tenants and between tenants and platforms.

  Image unified management

 Provide unified image management functions to achieve unified creation and

management of images on all HCI Resource Pools.
 In the multi-tenant mode, the administrators can customize the Tenant administrator.
In the Tenant, the public image provided by the platform administrator can be used
in the Tenant, or the customized private image can be used.
 By reducing the operation and maintenance pressure of platform administrators
through a unified image management function
The process of image uploading and distribution is shown in Fig. 1-7:
 Fig. 1-7 Image Management

  Unified Licensing

The whole cloud platform only needs one authorization to satisfy the authorization of all
hosts under the cloud platform, realizes the unified management and flexible control of
authorization, and solves the problems that authorization cannot drift between clusters and
the change of extended authorization. The mode of authorization is shown in Fig. 1-8:
 Fig. 1-8 Authorized Management

  Standard API Interface

SANGFOR SCP will provide industry-wide standard interfaces to the outside and third parties
will be able to customize docking according to their needs.
Simple heterogeneous management logic is shown in Figs. 1-9 and 1-10:
 Fig. 1-9 Unified Interface

Fig. 1-10 Third Party Integration

  Big Cluster Deployment

SANGFOR SCP cloud platform can support the deployment of a maximum of 64 servers in
the single cluster.

 Customized Approval Process

Flexible work order approval process to meet different customer management requirements.

  Management of Measurement and Billing

 Transparency and visualization of multi-tenant computing resource usage
 Transform the cost center of the data center into the profit center by charging for
resources used by the secondary units and subsidiaries by the quantity
 Convenience for the industry cloud to charge for resources used by each tenant and
facilitate the resource settlement with the tenant
 Provide resource availability report which can be exported.

  Put VMware VDC under heterogeneous management

It can unify the heterogeneous management of VMware data center and provide a unified
management mode of HCI and VMware.

  Hardware Support
It supports HCI platform to support INTEL v5 CPU server.

  Disaster recovery services

 Figure 1-11

SANGFOR disaster recovery plans provide a "local backup - remote disaster recovery" plan,
where the primary site configures storage (external storage or VS) for the purpose of local
backup storage, and the secondary site configures an HCI cluster as the disaster recovery
center.

 Reliability Center

Figure 1-12

 Provide a complete business protection service, integrated in a unified platform,

which is reusable and reliable.
 Simplest operation and maintenance mode of visualization with reliable resources
and one-key availability of services
Chapter 2 Installation and Upgrading

2.1 New deployment

[Function description]

Deploy a new SANGFOR cloud platform(SCP).

[Prerequisitess]

1. The SANGFOR enterprise-level cloud HCI platform has been correctly deployed.

2. The SCP image installation package is prepared.

[Operating steps]

Log onto HCI platform console:

1. Click 【Compute】>【New】>【import Virtual Machine】：

2. Select the corresponding VM Image File, Group, Datastore and Run on Node.

After that,click "Import" to display the upload interface;

3. After the upload is successful, it is necessary to transfer the virtual machine to further
configure the network. For details, please refer to Section 2.3 Network Configuration.
2.2 Deployment of Operating and Standby Units (If
Necessary)

[Function Description]
SANGFOR SCP 6.1.0 supports operating and standby deployment. When the SCP master
node is unavailable, the SCP standby node can be switched to the master node to ensure the
high availability of the management platform.

[Note]
Make sure that the IP of the configured SCP does not conflict with IP addresses of other hosts,
and the network between the operating and standby SCP is well connected.

[Prerequisitess]
HCI Platform and SCP Virtual Machine have been accurately deployed

[Operating steps]
 1. Select the newly imported standby SCP virtual machine (See 2.1 for the detail steps),
click 【More】 >【Edit】 to edit the network card and connect the wires with the
second/third-level HCI platform management network and then click OK;

2. Start the imported SCP virtual machine, log in the console of SCP virtual machine to
modify SCP password. The steps to modify are detailed in “Network Configuration”
in Section 2.3 of this Chapter;
Immediately after the starting, the following will be displayed on the console interface:

The following configuration interface will appear after shutdown:

Later, one IP is also configured for the standby SCP in reference to Section 2.3.

3. Log in the home page of main SCP and click 【Reliability Center】>【SCP Failover】

4. Click Add SCP Node, input IP address and password of standby SaCP and click OK;
After the adding, one SCP in a standby state can be seen on the configuration page.

2.3 Network Configuration

[Function Description]
After SCP cloud platform is imported successfully, its network setting shall be conducted. So
that SCP can get access to HCI cluster network and only in this way SCP can enable the
heterogeneous management of other clusters where the network is accessible.

[Note]
Please guarantee no conflict between the IP of SCP and the IP address of other hosts.

[Prerequisitess]
HCI Platform and SCP Virtual Machine have been accurately deployed
[Operating Steps]

1. Select the imported SCP virtual machine, click 【More】 >【Edit】 to edit the
network card and connect the wires with the second/third-level HCI platform
management network and then click the OK;

2. Start the imported SCP virtual machine and log in the console of SCP virtual machine;
 3. Have a random click on the console of virtual machine, press the key “enter” in the
keyboard to enter into the maintenance mode and then enter password (the initial
password is admin); after the password is entered, select the option OK and then
press the key “enter” in the keyboard to enter a configuration interface.

Click OK to enter the following interface:

4. Click the key “↑ ↓ ” in the keyboard to select 【Configure Network】 and press the
key “enter” in the keyboard;
5. Set the IP address, mask and gateway and click OK;
6. Open the browser, enter IP:4430 set in https:// and press the key “enter”;

7. The default account and password are admin/admin. For the safety of your account,
please do the modification.
2.4 SCP Activation

[Function Description]
Activate SCP and give authorization to the cluster for networking.

[Prerequisitess]
1. HCI Platform and SCP virtual machine have been accurately deployed

2. Prepare the key id and key for activation

[Operating Steps]

1. Click SCP virtual machine >【Edit】> add USB hardware > map key to the virtual
machine;
2. After successful mapping, log in the home page of SCP, click 【 System 】 >
【Licensing】>【General】 to enter the authorization page of SCP, click 【Edit
License Key】 and select the ready authorization document (with a .lic suffix),
After successful import, the information of the corresponding serial number can be viewed;
 3. Click 【Cluster Licensing】 to license the newly added clusters and also license,
revoke or modify the existing clusters;

Click Edit to display the following configuration and you can configure the licensing related
to aSV, aNET, aSAN, CDP and aHM of the corresponding clusters on this interface.
 4. Click 【Security Resources License】 and you can license, view, and edit (only in
shutdown mode) the NFV licnesing of the clusters.

Only the NFV in shutdown mode can be edited with authorization and you can just click Edit
to conduct the licensed editing;
Click Shut Down and you can continue to shut down the corresponding NFV:

Click Power On and you can start the corresponding NFV:

Click View and you can view the authorization details of the corresponding NFV:
2.5 Add Physical Resources

[Function Description]
SANGFOR SCP supports the heterogeneous management of many HCI clusters and also the
heterogeneous management of VMware data centers. When the unified management of
many data centers or many clusters is required, SCP shall be deployed to conduct the
heterogeneous management of all the clusters.
[Prerequisitess]
SANGFOR SCP can get access to the network of HCI platforms or VMware platform.

[Operating Steps]

1. Log in the home page of SCP platform, select 【Resources】>【Get Started】 and
click Add Cluster, as given in the following diagram:
Or, select 【Resources】>【Clusters】 on the navigation bar of SCP platform and click Add
on the popped page.

2. Enter the IP, username, password, name, description and type of cluster according to
the requirement; keep the default values if the port is unchanged.
For the Licensing mode, select whether it will be centralized or standalone mode.
Centralized Mode: The cluster will be licensed by the SCP.
Standablone Mode: The cluster ill be licensed individually at HCI instead of centralize
licensing on SCP.
3. You can set the different tags for the different storage volumes according to the
actual situations of the clusters; the default tags include: “high performance”, “good
performance” and “large capacity”. These tags can be changed according to the
actual situation. You can do the editing on the page 【Cluster 】>【Tags】. After the
setting, click Next

4. Finally, Check that the information is correct and then click OK

 5. If the cluster is added to this SCP cloud platform for the first time, licensing message
will be given. Conduct the licensing in reference to “Section 2.5 Licensing”.

2.6 HCI Cluster Licensing

[Function Description]
After HCI cluster is successfully added on SANGFOR SCP platform, it shall be authorized to
guarantee the availability of HCI cluster service, or the authorization of HCI cluster shall be
cancelled and HCI cluster shall be edited. All these operations are carried out on this page.
Virtual key function has been added to HCI version 6.1.0. It allows HCI to be authorized
without the physical USB key which might be damaged during the delivery progress.
[Prerequisitess]
SANGFOR SCP has been imported, licensed and activated and the authorization is sufficient
for HCI clusters under the heterogeneous management.

[Operating Steps]
Physical Key

1. Log in the home page of SCP platform, select 【System 】>【Cluster Licensing】,
check the licensed clusters and click Licensing to license the clusters.

2. Click 【Licensing】 on the right side of the clusters in an abnormal state;

Click OK to complete the licensing;

3. After licensing success, you can revoke and edit the licensing of clusters on the licensing
interface.

Virtual Key
1. Log in the home page of SCP platform, select 【System 】>【Cluster Licensing】,
click <Update> for the device info.
2. Click on the <Export Device Info File> and you will be prompt to download the device
info file.

3. After that, provide this file to the corresponding Sangfor personnel for them to apply
for the license file.
 4. Once the application has been approved or processed, the license file will be
generated.
5. Import the license file for the licensing.

2.7 Security Resource Licensing

After the HCI clusteris managed by SCP, the virutal network device can only be deployed on
the SCP. NFV device require to authorize through SCP so that the advance funstion in NFV
can be used normally.

【Steps】

1. Select【System】>【Licensing】>【Security Resource License】 to check which

device is not authorize. Then select unauthorized device and click Licensing button.

2. Select unauthorize NFV device and click licensing which locate on the right side. After
assigning corresponding authorization, click OK button.
 3. The licensing of the authorized NFV can be view and edit.

2.8 Division of Resource Pool

[Function Description]
After the heterogeneous management of clusters, the existing different clusters shall be
divided into the different Resource Pools. The concept of Resource Pool is oriented based on
data center. Generally, Resource Pools can include many clusters. The division of the logical
conception of Resource Pool can effectively help the administrator to manage the platform.

: Only one cluster can be added in the Resource Pool of this version.

[Prerequisitess]
SANGFOR SCP has added the cluster successfully.

[Operating Steps]

1. Log in the home page of SCP and click 【Resources】>【Get Started】, as given in
the following diagram:

Click Create Resource Pool in Step 2, as given in the following figure:

Or, click 【Resources】>【Resource Pool】 and click ⊕Create on the popped page to
enter the of Resource Pool configuration:
2. Fill in the relevant information and click Next

Resource Type: Select the type whether it is for HCI or VMware.

Pool Type:
There are 2 types of Pool type:
a. Shared: For Shared Pool, it can be assigned to multiple tenants.
b. Dedicated: For Dedicated Pool, it can only be assigned to single tenant.

3. Select the cluster to be added to this Resource Pool. If there is no suitable cluster, you
can click Add Cluster. See “Section 3.2.1” for the operation details. After
configuration completion, click Next;
 4. Check that the information is correct and then click OK.

5. After completion, you can see the added Resource Pool and then you can edit and
delete this Resource Pool.

2.9 Upgrade
[Function Description]
SANGFOR SCP6.1.0 has executed the perfection of the cloud platform in many aspects; in
case of using demands, Upgrade Package can be loaded to upgrade SCP so that the versions
of SCP and HCI can be consistent.

[Prerequisitess]
1. SCP of other earlier versions have been deployed in the platform.
2. Upgrade Package of SCP cloud platform image has been prepared.

[Operating Steps]

1. Log in the home page of SCP platform console and click 【System】>【Upgrade】
to enter the device upgrade page;

2. In order to upgrade the firmware version of SCP, it is required to enable maintenance

mode first by clicking on the【Enable Maintenance Mode】. After maintenance
mode is enabled, you can now proced to 【Upgrade】;
Notes: Before entering maintenance mode, make sure currently there is no task
executing else it will be preventing the SCP to enter maintenance mode.
3. Select Upload file to server;
 4. After uploading successfully, click Start; after upgrading success, restart SCP virtual
machine;

: During the upgrading process, the clusters in running will not be influenced;
however, SCP disables any other operations.

2.10 Delete Cluster

[Function Description]
If any cluster under the heterogeneous management of SCP is required no more due to some
demands, SCP cluster can be deleted.
[Prerequisitess]
If the cluster shall be deleted, the corresponding Resource Pool shall also be deleted.
If the Resource Pool shall be deleted, the Tenants and users created in the Resource Pool shall
also be deleted.

[Operating Steps]

1. Log in the home page of SCP platform console and click 【Operations Center】>
【Tenants】 to enter the Tenant management interface:

2. Check the 【Resource Pool】 to find all the associated users to be deleted, remove
the corresponding user and click OK;
3. After all the associated Tenants of the Resource Pool to be deleted are removed, click
【 Resources 】 > 【 Resource Pool 】 and you can find that Delete of the
corresponding Resource Pool changes to be clickable; Click Delete and then click OK
on the popped window;
4. Click 【Resources】>【Clusters】 to find the cluster to be deleted, click “More”-
“Delete” and then click OK on the popped window to delete the cluster, as shown in
the following diagram:
Chapter3 Operation Maintenance and
Management

3.1 System
3.1.1 General Configuration
3.1.1.1 Services
[Function Description]
SCP platform supports custom opening and closing of "API" and "Billing Center".
API: SCP external interface service, which can be used for secondary development and
docking with third-party cloud computing platforms.
Billing Center: User resource billing and metering service, supporting consumption overview,
tenant consumption details query and unit price setting.

[Precautions]
If you need to open the API and the billing center at the same time, it is recommended that
you configure the SCP platform in HCI with 16-core CPU, 24G memory or higher to ensure
stability.

[Operating Steps]
1. Log in to the SCP platform and select [System] > [Services].

2. Click <Start Service> or <Stop Service> to activate and deactivate the service.
3.1.1.2 Date and Time
[Function Description]
As for time setting of SCP platform, SANGFOR SCP supports both the time customization
and the automatic acquisition of NTP time.

[Prerequisitess]
HCI platform and SCP virtual machine of SANGFOR Enterprise-level Cloud have been
correctly deployed. If NTP time shall be acquired, it shall be guaranteed that SCP can get
access to NTP server network.

[Operating Steps]
1. Log in the home page of SCP platform and select 【System】>【Date and Time】;

2. Click 【Change】 to enter the time setting; you can customize the time or get the local
time;
3. SANGFOR SCP supports the synchronization of NTP server; please do the setting as
required.

3.1.1.3 Network Settings

[Function Description]
SANGFOR SCP supports the change of IP as required and the DNS and route configuration
of SCP via the network satisfying the different scenarios.

[Prerequisitess]
IP and gateway have been correctly planned.

[Operating Steps]
1. Log in the home page of SCP platform and select 【System】>【Network Settings】;
2. Configure IP according to the actual situation of network and configure the route and the
platform DNS according to the requirement.

3.1.1.4 SMTP Server

[Function Description]
SANGFOR SCP is configured with Mailbox and you can send the alarm by Mailbox. The
customer can master the running state of clusters at any time.

[Operating Steps]
1. Log in the home page of SCP platform and select 【System】>【SMTP Server】;

2. Fill in Mailbox address and smtp server address according to the actual situation; if the
sending server requires authentication of the username and password, the
corresponding username and password shall be entered and the testing shall be carried
out.

3.1.1.5 Authentication
[Function Description]
LDAP is a lightweight directory access protocol, generally used as an authentication server.
SCP supports importing users from the LDAP server into SCP and assigning corresponding
roles.
[Precautions]
1. If the LDAP server is disconnected from the SCP and the LDAP server is down, users will
not be able to log in on the SCP.
2. When changing user information on the LDAP side, it is not recommended to change the
login name and email at the same time. If it is changed at the same time, a new user will be
created in SCP when importing.
3. The imported user name cannot be admin or SCP.
4. For users who have no email or mobile phone number on the LDAP server, the user's
mobile phone number and email information will be randomly generated on the SCP after
being imported into the SCP.

[Prerequisitess]
1. When the LDAP server operating system is windows, it must be the windows server2012
version.
2. When the LDAP server operating system is Linux, OpenLDAP must be supported.

[Operating Steps]
1. Log in to the SCP platform, select [System] – [Authentication], enter the LDAP user
interface, and click the <LDAP Server Configuration> button to configure the LDAP
server.
2. Configure the server name, IP address, port, administrator's full path, and administrator's
password.
3. After the configuration is complete, click <Test Connectivity>. If the test is normal, proceed
to the next step.
4. After clicking <Import> on the interface, select the user to be imported, and configure user
conflict handling, and click <OK> after the configuration is complete.

5. After the import is complete, add roles to the imported users, click <Add Role> on the
interface, and configure the corresponding roles. The imported users can be configured
as tenants or tenant sub-account roles.

3.1.1.6 SSO Settings

[Function Description]
Single sign-on (SingleSignOn, SSO) is a one-time authentication login of the user. After the
user login once on the identity authentication server, he can gain access to other related
systems and application software in the single sign-on system.
Sangfor SCP supports the docking of the customer's existing CAS system. When logging in
to the SCP, the customer's existing account information is used to log in. After the role is
assigned, single sign-on can be realized, which reduces the customer's operation and
maintenance burden.

[Prerequisitess]
1. The customer's existing CAS authentication system is operating normally, and the
communication between the CAS server and the SCP platform is normal.
2. The supported CAS versions are: CAS_V2, CAS_V3.
3. The platform administrator does not support the use of CAS for single sign-on, only
supports tenants and tenant users to log in through CAS.

[Precautions]
After the user login with SSO, if it conflicts with an existing user on the cloud platform (the
login user name is the same), the new user information will be imported and the existing
information will be overwritten; otherwise, the user will be automatically registered and
displayed in the [Other users] list which will be available after adding roles.

[Operating Steps]
1. Use "admin" to log in to SCP's platform and enter [System] > [SSO Settings].

2. Basic settings
⚫ SSO: Check the [Enable].
⚫ Entry & Text: can be self-defined, for example: CAS login entry.
⚫ Version: consistent with the customer’s existing CAS version.
⚫ Login URL: https://CASIP/cas/login?service=https://SCPIP/sso/cas/callback.
For example, the client's CAS server address is 192.200.200.100, the SCP platform address is
192.200.244.124, and the network is reachable between CAS server and SCP.
In this case the login URL will be:
https://192.200.200.100/cas/login?service=https: //192.200.244.124/sso/cas/callback
⚫Ticket verification URL:
https://CASIP/cas/p3/serviceValidate?ticket={ticket}&service=https://SCPIP/sso/cas/callbac
k
As in the above example:
https://192.200.200.100/cas/p3/serviceValidate?ticket={ticket}&service=https://192.200.24
4.124/sso/cas/callback
3. Advanced Settings
⚫ Username: Obtain from the client.
⚫ Name: Obtained from the client.
⚫ Email Address: Obtained from the client.
⚫ Mobile Numnber: Obtained from client.
⚫ Auto registration: To enable Auto Registration, you can change the uppercase letters in
the user name of the CAS server to lowercase letters to create a platform administrator
associated with it.
4. Click <Save > to save the configuration.
5. Open the self-service portal through https://SCP IP and log in.
6. At this time, it will prompt "The account has no access rights, please contact the
administrator". Use "admin" to log in to the SCP platform, enter [Operation Center/Other
Users], and add the role of "tenant" to the imported user casuser.
7. After that, log in through the "CAS Login Portal" of the self-service portal, enter the user
name and password, and log in to the tenant interface.
8. When there are multiple users on the client CAS server, you can also manually import users
in batches.

3.1.1.7 Customization
[Function Description]
Customization is supported on SANGFOR SCP. The customization include: platform name,
platform profile, logo, links and other information.
It can meet the personalized customization requirement from different industries and
different customers.

[Precautions]
1. Platform name format requirements:
⚫ The length is 1~48 characters or 1~16 Chinese
⚫ Support Chinese, English letters and numbers
⚫ Support special characters ()[]{}()【】{}@|._-+ and spaces
2. Picture format requirements:
⚫ Brand LOGO: Support .png/.ico, the maximum size is 1M, size: 205px * 60px
⚫ Product LOGO: Support .png/.ico, the maximum size is 1M, size: 80px * 80px
⚫ Website icon: Support .png/.ico, the maximum size is 1M, size: 32px * 32px
⚫ Promotional illustration: Support .jpg, maximum size is 1M, size: 1920px * 1080px

[Prerequisitess]
Prepare the images and other materials that need to be replaced.

[Operating Steps]
1. Use "admin" to log in to the SCP platform and enter "System"-"Customization" to
customize basic information, logo, links, functions and other content.

2. Click <Save> to complete the setting.

3. Click <Restore Defaults> to clear the customized content and restore the default display.

3.1.2 System Maintenance

3.1.2.1 View of Tasks Logs
[Function Description]
SANGFOR SCP will record all the operation logs and synchronously the operation results. For
example, the administrator can examine the historical operation records on this page to
orientate the fault causes.

[Operating Steps]
1. Log in the home page of SCP platform and select 【System】>【Tasks】;

3.1.3 Business Maintenance

3.1.3.1 Recycle Bin
[Function Description]

SANGFOR SCP strongly protects the data safety of the platform. When the administrator
deletes the virtual machine and network devices of the platform, these devices will be moved
into recycle bin to keep for a while. They are recoverable during this period but not
recoverable once timeout or manually and completely deleted.

[Note]
Virtual machine cannot be recovered once deleted from recycle bin; please do the operation
carefully.
[Operating Steps]
1. Log in the home page of SCP platform and select 【System】>【Recycle Bin】 to enter
the recycle bin interface;

2. Tick the virtual machine or network device to be deleted and click Restore or Delete to
restore or delete the virtual machine in the recycle bin.

Note: This deletion operation will completely delete the data of virtual machine
or network device; please do the operation carefully.

3.1.4 Login Policies

3.1.4.1 Account and Password
[Function Description]
Increased the security concerns for the SCP login account and password. Few configuration
can be change to have better security level on the account and password.
[Operating Steps]
1. Select [System] > [Login Policies], you will be redirect to Account and Password
tab.

2. Under Account and Password tab, you can configure the following options:
 3. Apply the changes after the configuration has been done. Restore to default
configuration by clicking the Restore Defaults.

3.1.4.2 Session Timeout Options

[Function Description]
SANGFOR SCP allow to logout user which hit the threshold preventing information
exposure for the idle user.
[Operating Steps]
1. Login to SANGFOR SCP platform and select [System] > [Login Policies].

2. Select Session Timeout Options and configure the threshold accordingly.

3. Click the Apply Changes to save the changes or Restore Defaults to restore
threshold to default value.

3.2 Resource Management

3.2.1 Image Management
3.2.1.1 Public Image Management
[Function Description]

The administrator can upload the images to all Resource Pools or Tenants for use. Image is
divided into public image and private image and the relevant explanation is given as follows:

Public Image: it is created by platform administrator and can be used by both platform
administrator and tenants.
Private Images: created by tenant administrator and used only among tenants
Network Device Images: template images of NFV, uploaded by platform administrator

[Prerequisitess]

SANGFOR SCP has sufficient image storage space

[Operating Steps]
1. Log in the home page of SCP platform, select 【Resources】>【Get Started】, click
Public Images to enter the Public Images Management Interface as shown in the following
figure:

Or select 【Resources】>【Public VM Images】 to enter the VM Images Management

Interface;

2. On the current page, you can see all existing images on SCP, including public images,
private images and network device images. The Public Images page is selected by default.
Click the Upload Image;

3. Select local images to be uploaded; fill in the corresponding information; select the
corresponding operating system and Resource Pool, and click Upload;
4. Upon the completion of uploading, click Completed to continue to upload or click
Close.
3.2.1.2 Management of Private Images
[Function description]
If the platform administrator does not assign the required image to the Tenant administrator,
the latter can also upload private images according to his own needs. Private images can only
be used within the Tenant.

[Prerequisitess]
Prepare the ISO file to be uploaded

[Operating Steps]
1. Log in to the home page of SCP Tenant administrator (https://IP:4430); select
【Resources】>【Private VM Images】; click Upload Image

The following configuration page will be displayed after login:

2. Select the images to be uploaded, configure accordingly; click Upload
a. Upload To: Select whether this image will be upload to the SCP or specific tenant.
b. Tenant: Select the tenant wish to upload the image to.
c. For the other attributes, it will be the same with the public vm images.
3. Upon the completion of uploading, click Completed to continue to upload or click
Close. See the following figure:

3.2.1.3 Management of Network Device Images

[Function Description]
If the networking requirements of virtual network include network security components,
such as vAD and vAC (please download security components from the official website of
SANGFOR), you need to upload the corresponding network device images via which the
corresponding security component instance can be created. The platform administrator can
manage virtual network images through the management function of network device
images.
[Prerequisitess]
1. SANGFOR SCP has sufficient images storage
2. Prepare network device images and authorization

[Operating Steps]

1. Log in to the home page of SCP platform, select 【Resources】>【Get Started】,

click Upload Network Device Template; or directly select 【Resources】>【Network Device
Images】 to enter network device images management page;

2. On the current page, you can see all existing images on SCP, including public images,
private images and network device images. Select 【Network Device Images】 tab and Click
Upload Image.

3. Select the local images to be uploaded; select the Resource Pool; and click Upload.
4. Upon the completion of uploading, click Completed to continue to upload or click
Close.
3.2.2 Virtual machine
Virtual machine is the basic unit of SANGFOR SCP for providing services; and the
administrator can create, export, delete and perform various operations on the virtual
machine at his own discretion. Users can manage the virtual machine by creating a virtual
machine or making a template.

3.2.2.1 Creation of full virtual machine

[Function description]
This function is used for creating new virtual machine resources

[Prerequisitess]
The ISO file required for creating a virtual machine has been uploaded

[Operating steps]

1. Log in to the hope page of SCP platform, select 【Resources】>【Get Started】, click
Create Virtual Machine; or click 【Resources】>【Virtual Machine】; see the following
figure:
2. Click New, select Create New Virtual Machine in the 【Create Virtual Machine】.
3. Configure virtual machine images and Resource Pool, configure memory property,
select the corresponding images, click Next;

4. Configure the parameters and network of virtual machine according to the actual
demand and click Next;
Configure advanced options;

5. Fill in the basic information of virtual machine, click Next;

6. Click OK to finally confirm the information.

7. It should be noted that the virtual machine created by ISO needs to manually perform
the installation steps of the operating system after powering on and entering the console for
the first time.

Click Console to enter the operating system installation interface after powering on:
3.2.2.2 Export of Virtual Machine
[Function Description]

This function is applicable to the virtual machine.

[Operating Steps]
1. Log in to the home page of SCP platform, click 【Resources】>【Virtual Machine】
option; select the virtual machine to be exported; click More on the right; click Export
option;

Note: the virtual machine in operation can be exported.

2. Select the desired export format; OVA and VMA formats are available; click Start
Export;

: VMA, OVA formats; the corresponding export selections are different. To export VMA
format, directly click Start Export. To export OVA format, however, you need to select the
version number in the Virtual Machine Version. The version of the virtual machine is the
version number of VMware Station.
3. Wait for the virtual machine to produce an export file and download the export file;

3.2.2.3 Import of virtual machine

[Function Description]
This function is applicable to import the virtual machine to HCI cluster via SCP.

[Prerequisitess]

Prepare the VMA file or OVA file corresponding to the virtual machine.

[Operating Steps]
1. Log in to the home page of SCP platform, click 【Resources】>【Virtual Machine】
option; click New; select Import Virtual Machine in 【Create Virtual Machine】 window;
2. Select the virtual machine to be imported and the corresponding virtual machine
parameters; click Import;
3. After import, click Close or Switching to VM to edit the virtual machine.

: When importing the virtual machine, its network card is not connected to the
switch. You can click Switching to VM to configure the virtual machine.

3.2.3.4 Migration of Virtual Machine

[Function Description]
This function is used for migrating the virtual machine and supports the migration of virtual
machines across Resource Pool.

[Operating Steps]
1. Log in to the home page of SCP platform, select 【Resources】>【Virtual Machine】;
select the virtual machine to be migrated; click 【More】>【Migrate】;

2. Select the Resource Pool, cluster, running position and storage of migration; click OK;
 : When migrating the virtual machine, the target location may be the Resource
Pool where the virtual machine is located, or other Resource Pool; in case of migration upon
powering on, migrate to the HCI cluster and the machine is kept on and to VMware cluster
and the machine is off; you may also check “Start HCI Virtual Machine Automatically after
Migration” and you need to check “Automatically Turn off HCI Virtual Machine to Complete
Migration”, or you have to manually turn off the machine to complete the migration; in case
of migration in off state, the machine will be always in off state after migration, but you may
check “Automatically Start HCI Virtual Machine after Migration”.

3. You can see the progress of migration in the task bar.

3.2.3.5 Allocation of Virtual Machine

[Function Description]
This function is applicable to the allocation of virtual machine, which can be allocated to the
Tenant or Tenant members.

[Operating Steps]
1. Log in to the home page of SCP platform, select 【Resources】>【Virtual Machine】;
select the virtual machine to be allocated; click 【More】>【Allocate】;

: 1. allocating HCI virtual machine to the Tenant will disconnect the network of the
virtual machine; after allocation, the virtual machine can be found in the default group or
Tenant member of the corresponding Tenant. The network of the virtual machine should be
configured manually.
2. Select the Tenant and Tenant member (can be null) to be allocated; click OK;
 : Do not allocate the virtual machine across Resource Pool.

3.2.3.6 Deallocation of Virtual Machine

[Function Description]
This function is applicable to the de-allocation of virtual machine.

[Operating Steps]
1. Log in to the home page of SCP platform, select 【Resources】>【Virtual Machine】;
select the Tenant or Tenant member of the virtual machine to be de-allocated;
 ：

1) The virtual machine allocated with no Tenant or Tenant member cannot be de-
allocated.

2) Select the virtual machine to be de-allocated; click 【More】>【De-allocate】;

2 In case of a virtual machine owned by an Tenant member, the virtual machine may be
de-allocated to the Tenant or cloud platform, or can only de-allocated to cloud
platform;

3. You can see the progress of de-allocation in the task bar.

3.2.3 Network Administration

 It can perform unified network management on the managed clusters. Based on different
Resource Pools and Tenants, the super administrator can view the corresponding network
topology, and the Tenant administrator can also view the network structure of relevant
Tenants. Meanwhile, tenants are supported to configure their own distributed firewall
policies. The firewall policy of each tenant only takes effect in the tenant's domain and does
not conflict with the super administrator's configuration policy.

3.2.3.1 Topology
[Function Description]
The super administrator can view the network status of the SCP platform, and can view and
adjust the corresponding network structure in the Resource Pool or Tenant as a dimension.

[Operating Steps]
1．Log in to the SCP administrator interface, and click 【Resources】 > 【Topology】 to
enter the topology interface;
2. Select the corresponding Resource Pools or Tenants. You can view the corresponding
network topology;

3. Click 【Subnets】 to enter the list showing all subnets, and click New to distribute new
network for the Tenant.

4. The Tenant administrator can view the network that it manages, and can do some
network operations, such as adding switches and routers. The Tenant administrator can
also login with the its account password and click 【Resources】> 【Topology】 to view
the corresponding information;
3.2.3.2 Network
[Function Description]
The admin administrator can manage the tenant's network in the Network module. Two
types of network can be created under Network module which are VPC network and a classic
network for the tenant.
VPC networks are suitable for scenarios that require high network security isolation. Tenants
can freely use subnets in the VPC network without worrying about network conflicts.
The classic network is suitable for direct communication scenarios such as tenant-to-tenant
or physical environments. When a classic network is newly created, an egress switch will be
created by default, and this switch can be connected to the physical edge, routers, NFV and
other virtual devices.

[Precautious]
Only 1 VPC network can be created per each resource pools associated to the tenant.

[Prerequisitess]
Tenant has been successfully created.

[Operating Steps]
1. Log in to the SCP administrator interface, and click 【Resources】> 【Network】 to
enter the tenant network.
2. Click New to create a new network for the tenant.

3. Select the corresponding tenant, and choose to create which type of network. Click
OK to create the network for selected tenant.
 4. After created, it will appear in the network. Only classic network allowed delete as
VPC usually will be auto created after created the Tenant.

3.2.3.3 Elastic IP Pools

[Function Description]
Elastic IP is an independent "public IP" resource, which can be associate to virtual machines,
routers, AD, SSL VPN and other devices of the VPC network. Besides, Elastic IP can also be
dynamically disassociate to meet the requirements of flexible management and dynamic
allocation.

[Precautious]
1. Elastic IP needs to create an elastic IP pool and associate the elastic IP pool with a
resource pool before the IP pool can be used by tenants.
2. An elastic IP pool can be bound to multiple resource pools, and a resource pool can also
be bound to multiple elastic IP pools. The elastic IP pool bound to the resource pool can be
seen by all VPCs under it.
3. Line types can be customized, but the built-in line types in the system are uneditable.
4. The Elastic IP quota for tenants are supported to be allocate by line type.
5. Elastic IP pools that have allocated quotas do not support modifying the elastic IP line
type or deleting the elastic IP.

[Operating Steps]
1. Log in to the SCP platform, select 【Resources】> 【Elastic IP Pools】, and click 【Create
Elastic IP Pool】.

2. Fill in the name and description of the elastic IP pool, select the resource pool and line type
to be associated, set the total bandwidth, configure the corresponding vlan ID, add the
elastic IP range, and click <OK> to complete the creation.

3. After the elastic IP pool is created, the platform administrator can edit and delete it.

3.2.3.4 Corporate Leased Line

[Function Description]
The VPC network of SCP tenants can be configured with enterprise leased lines through the
web UI to communicate with the second and third layers of the environment outside the
VPC. Gateway must be specified for each resource pool in order to use the corporate leased
line function.

[Precautious]
In order to avoid IP address conflicts, it is recommended that the enterprise leased line of
each subnet to be configured with a different VLAN ID.

[Prerequisitess]
1. The SCP platform has configured the gateway for the lease line.
2. SCP platform has created tenants and VPC network.

[Operating Steps]
1. Select 【Resources】> 【Corporate Leased Line 】 and click Gateway to specify the
gateway.

2. Click Create Corporate Leased Line to create a new leased line.

3. Configure the name and description, select the VPC network, Subnet, Gateway, and
configure the VLAN ID.

3.2.3.5 Distributed Firewalls

[Function Description]
The Tenant administrator can set firewall rules for the networks in the effective domain, and
the super administrator can set firewall rules for the entire platform network, which do not
conflict with each other.

[Operating Steps]
1． Log in to the SCP administrator interface, and click 【Resources】> 【Distributed
Firewalls】 to enter the firewall edit page and to view the existing firewall rules;
2． Click ⊕ New, select Resource Pool and applicable scope, set match clauses, select the
services and policy actions to be valid, and click OK after all is confirmed;
3． Similarly, you can set the firewall policies in the Tenant subnet by logging in with the
Tenant administrator's account.

3.2.3.6 Shared Bandwidth

[Function Description]
Sharing bandwidth allows multiple elastic IPs to share the same bandwidth. Virtual
machines, routers, NFVs and other devices that have bound elastic IPs under the same
resource pool shared the same bandwidth resources. It can improve the utilization of
bandwidth and facilitate the management of administrators.

[Precautious]
1. The admin administrator can only edit and delete the shared bandwidth but not adding a
new shared bandwidth. Tenants can create shared bandwidth at the tenant portal and bind
it to an elastic IP.
2. If the elastic IP associated in the shared bandwidth is bound to a virtual machine or NFV
device, the shared bandwidth cannot be deleted directly at this time. You need to unbind
the elastic IP from the device before deleting it.

[Operating Steps]
1. Log in to the SCP platform and select 【Resources】> 【Shared Bandwidth】 to enter
the list of shared bandwidth.

2. Select a shared bandwidth and click [Edit] to set the name and bandwidth of the shared
bandwidth.
3. Click [Delete] to delete the shared bandwidth.

3.2.4 Business Reliability

Refer to the section 3.3.2.1 and 3.3.3.

3.2.5 Monitoring & Tasks

Can refer to section 3.1.2, 3.1.3, and 3.4.

3.2.6 Management
3.2.6.1 Cloud Environment
[Function Description]
Sangfor SCP supports the management of AWS and can add the resources on Alibaba Cloud
to SCP in the form of a cloud environment. After adding a cloud environment, you can
directly use the AWS cloud server (EC2) on the SCP. Besides, it is supported to assign to
tenant.
[Precautions]
1. When an AWS account has multiple Access Keys, different Access Keys cannot be used to
manage the same cloud environment.
2. Since AWS has a monthly limit on the number of free API queries, when using the same
AWS account to add a cloud environment, it is not recommended that the number of cloud
environments exceed 10. If it exceeds 10, the user needs to pay.
3. If the AWS account is in arrears, it will report service unavailable when collecting cloud
environment data, and you can recharge it in the Alibaba Cloud console.
[Prerequisitess]
1. SCP configuration which enable the SCP to have internet connection.
2. 2. The Access Key ID and Access Key Secret of the AWS account have been obtained.
AWS Access Key ID and Access Key Secret are your only credentials for accessing
Alibaba Cloud API. Access Key ID is similar to the identification of identity, and Access
key secret is similar to your login password, which is used to sign your access
parameters to prevent tampering.

[Operating Steps]
1. Use "admin" to log in to SCP's platform and enter [Resources] > Cloud Environment].

2. Click <Add> to add a new cloud environment:

⚫ Type: AWS
⚫ Add Account: select whether Create One or Use existing one(for user who previously
added the account).
⚫ Account Name: custom cloud account
⚫ Access Key ID: Obtained from the client
⚫ Access Key Secret: Obtain from the client side
⚫ Sync Interval: 60 minutes (the new resources added by the cloud account on the AWS
platform will be automatically updated within the specified cycle. It is recommended to
use the default cycle. The shorter the cycle, the higher the SCP platform resources will be
occupied)
 3. Click <Next> and select a region to create the corresponding cloud environment. For
example, if a customer has an virtual machine in Tokyo AWS, he can select Asia
Pacific(Tokyo) and add it as a cloud environment.

3.2.6.2 AWS
[Function Description]
After AWS account is added to SCP, you can directly create and use AWS virtual machine on
SCP to achieve centralized operation and maintenance.
[Prerequisites]
When creating an virtual machine, the AWSaccount needs to have enough balance.

[Operating Steps]
1. Use "admin" account to log in to SCP platform and enter [Resources] > [AWS].

2. Click <New> to start creating virtual machine.

⚫ Choose a suitable cloud environment and resources pool.
⚫ Customize the payment type, number of virtual machine, specifications and other
information.

3. After confirming the information, you can complete the creation of the virtual machine.
4. Click [Remote Connection], you can enter the VNC password to enter the virtual machine
console. If you forget the password, you can click [More] to modify the remote connection
password.

3.2.6.3 Physical Machine

[Function description]
Some applications with extremely high performance requirements are generally
deployed on physical servers, such as core databases and high-performance computing
applications. SCP provides the function of hosting physical machines and provides
dedicated physical servers for applications to ensure the high performance of core
applications and stability. By setting the IPMI port of the physical server, SCP can
implement operations such as managing, monitoring, and alarming of the physical
server.
[Prerequisites]
SCP platform needs to communicate with the IPMI port of the physical server.
[Operating Steps]
1. Log in to the SCP as the admin administrator, select [Resources] > [Physical Machine]
to enter the physical machine management interface.

2. Click <Add>, you can add a physical machine, support single add and batch add.
 3. After adding, you can view the added physical machine in the physical machine list.
4. Click [Console] to jump to the server BMC login page.
5. Click [More] to start and shut down the physical machine, and assign the physical
machine to tenants

3.3 Operations Center

Sangfor SCP user management has multi-level management authority control, including
platform administrators, organization administrators and organization members by default.
Sangfor SCP can manage specific resources by creating roles according to users’ resource
management requirements of different scenarios, thus greatly improving the management
accuracy.
 For example, if a company has an R&D department and a sales department that share a
hyper-converged environment, then the platform administrator can create two organization
administrators to respectively help manage the two departments. This is not only beneficial
to inter-department management, but also greatly reduces the O&M strength for platform
administrators.

3.3.1 Users
3.3.1.1 Platform Administrator
[Function description]
Sangfor SCP cloud platform requires an administrator to manage the platform, and the
platform has built-in super administrator.
The super administrator can create a custom platform administrator to assist the super
administrator in the management of the SCP platform.

[Prerequisitess]
The platform super administrator admin has created a corresponding admin role.

[Operating Steps]

1. Log in to the home page of the SCP cloud platform and select 【 Operations
Center】> 【Platform Administrator】. Click ⊕New to create new administrator.

2. Enter the name of the platform administrator, select the appropriate role, and enter
the user name, email address, mobile phone number, and password to create a new
platform administrator.
 3. After the new platform administrator is created, the super administrator can edit,
reset, and delete the existing platform administrator.

3.3.1.2 Roles
[Function description]
The platform super administrator admin can customize the role type, and the platform has
built-in three role types: Platform administrator, Tenant, and Tenant user.

Super administrator: the role type is "Platform Administrator", it is the default platform
management role with the highest permission to manage the entire platform.

Tenant Administrator: The role type is "Tenant". It is the default tenant management role
that able to manage all the tenant users. Super administrator of a tenant user.

Tenant User: The role type is "Member". The default common user role is the end user of the
cloud virtual machine.

[Prerequisitess]

Sangfor SCP resources are ready and the roles are planned.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operations Center】>
【Roles】 to enter the role management interface. By default, the system will create
three roles, namely, super administrator, tenant and tenant user which can be viewed
only instead of being edited, and then click ⊕New ;

2. Enter the role name and description.

3. Here you can assign specific resources to the role. It should be noted that the
assignation is made by default according to the function module. After selecting the
corresponding resources, click Next.

4. Finally confirm the information and click the OK.

 5. On the "Roles" tab, you can view, edit and delete the roles created, and you can also
tick multiple roles for batch deletion.

3.3.1.3 Tenant Management

1. Create Tenant

[Function description]
The platform administrator can create one or more tenant. Tenant is the unit used by the
SCP to allocate resources. As the secondary administrator of the platform, the tenant
administrator is responsible for user management tasks in each area and is an essential part
of the SCP platform O&M management. Sangfor can realize fine-grained resource
management by associating tenant administrators with roles.

[Operating Steps]

1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant】 and click “Create Tenant”.
2. Enter the required information and click “’Next”.

3. Allocate resource pools and select the resource pool resources that this tenant can
use. Resource poolare divided into shared and dedicated resource pools. Shared
resource pools can be assigned to multiple tenants, and one tenant can be associated
with multiple shared resource pools; dedicated resource pools can only be assigned
to one tenant, and tenants can only be associated with one dedicated resource pool.

4. By default, the VPC network type is selected. To use the classic network, it is required
to connect the network to either switch or edge.
5. Ensure the information is correct and click “Confirm & Set Quota”.

6. The tenant is created successfully.

2. Edit Tenant

[Function description]
The platform administrator are able to edit the existing tenant.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant】 and click “Edit”.

2. It allow to edit the tenant name, email, and mobile number. Also able to limit the
login IP address.
3. Set Quota

[Function description]
The platform administrator can set quotas for tenants. Quotas are subdivided into public
resources and resource pool resource quotas. Resource pool quotas refer to quotas related
to virtual devices running on resource pools such as computing, storage, and security devices;
public resource quotas refer to resource quotas that are not related to resource pools, such
as elastic IP and disaster recovery authorization.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant】 and click “Set Quota”.

2. Assign the appropriate resources such as storage, disaster recovery authorization,

and VPC elastic IP to the tenant.
4. Reset Tenant Password

[Function description]
The platform administrator can reset the tenant password.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant】 and click “Reset password”.

2. Enter the new password for the tenant.

5. Delete Tenant

[Function description]
The platform administrator can delete the existing tenant.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant】 and click “Delete”.

2. Enter the admin password and click “Ok”. Tenant will be deleted.
3.3.1.4 Tenant User Management
1. Create Tenant User

[Function description]
The platform administrator can create a tenant user account and associate the tenant user
to a tenant.

[Operating Steps]

1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant User】 and click “Create Tenant User”.

2. Enter the required information such as name, username, email, and password.
Select the related tenant and role.

3. The new tenant user is created successfully.

2. Edit Tenant User

[Function description]
The platform administrator are able to edit the existing tenant user.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant User】 and click “Edit”.

2. It allow to edit the tenant user name, email, and mobile number. Also able to limit
the login IP address.
3. Reset Tenant Password

[Function description]
The platform administrator can reset the tenant user password.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant User】 and click “Reset password”.

2. Enter the new password for the tenant user.

4. Delete Tenant User

[Function description]
The platform administrator can delete the existing tenant user.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant User】 and click “Delete”.

2. Enter the admin password and click “Ok”. Tenant user will be deleted.
3.3.2 Quota
3.3.2.1 Quota Overview
[Function description]
The platform administrator can view the quota overview and understand the allocation of
platform basic resources and NFV resources.

[Operating Steps]

1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Quota Overview】.

2. You can view the current allocation of all resources include public resources and
resources pool.
3.3.2.2 Tenant Quota
[Function description]
The platform administrator can edit and manage the existing tenant resources quota.

[Operating Steps]

1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Tenant Quota】.

2. You can view all the tenant resources and assign the appropriate resources quota to
every tenant.
3.3.3 Work Oder
3.3.3.1 Workflow Templates

[Function description]
When tenants or tenant users apply requests for more quota, virtual machines, or
configuration changes of the virtual machines, they need to apply through a work order, and
the corresponding approval administrator can approve the work order. The admin
administrator can set the template of the work order according to the actual situation.

[Prerequisitess]
When a custom workflow template is not created, the platform default workflow templates
will be used. After the custom workflow template, the custom workflow template will be
used, which has a higher priority than the default workflow templates.

[Operating Steps]

1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Workflow Teamplate】.

2. Click “New” to create new workflow templates.

3. Enter the template name. Select the request type and associate it to the tenant,
then click Next;
4. Select the approver. If you need multi-level approval, click <⊕> to add an approver.
You can use "↓↑" to adjust the position of each level of the approver. Up to 5
approvers can be selected at the same time. After any approver approve the request,
the work order is approved.

5. Ensure the flow is correct and click OK;

 6. The new workflow has been created and associated with the specific tenant.

3.3.3.2 Create Work Order

1.Request for VM

[Function description]
When a tenant user

[Operating Steps]

1. Log in to the SCP platform tenant portal by using https://SCP IP address without port
4430.

2. Go to “Compute” and click “Request” to send a request to obtain a VM.

3. Select the resource pool to which the cloud virtual machine belongs and the
appropriate image, configure the computing, storage, and networking information.
Enter the basic information of the cloud virtual machine, the reason for the
application, and click <OK> to complete the application.

4. Click “Ok” and the request application will be created.

2.Request for Quota

[Function description]
When a tenant admin requests to have more quota for resources, it is required to send a work
order.

[Operating Steps]

1. Log in to the SCP platform tenant portal by using https://SCP IP address without port
4430 using tenant admin account.

2. Go to “Work Order – My Request”, select “+ New Work Order”.

3. Select the request type, and the detail requested resources information.
 4. Click “Ok” and the request application will be created.

3. Changes of VM configuration

[Function description]
When a tenant userwant to make changes of the existing VM configuration, it required to
send a request work order.

[Operating Steps]

1. Log in to the SCP platform tenant portal by using https://SCP IP address without port
4430 using tenant user account.

2. Select the VM, and click on “Change configuration”.

3. Select the new specification for the VM and click “Ok”.

 4. New work order request for VM configuration changes will be created.

3.3.3.3 Approve/Reject Work Order

1. Platform administrator

[Function description]
If the platform administrator are added to the workflow process as the approver, they can
review the application to approve and reject the work order, and modify the cloud virtual
machine configuration applied by the tenant user.

[Operating Steps]

1. Log in to the home page of the SCP and click on the top right corner “ ”.

2. It will show all pending work order, click “Edit”;

 3. You can view the resources requested by the tenant admin. Able to modify their
requested resources based on the actual need. Then click either Reject or Approve.

2.Tenant administrator
[Function description]
If the tenant admin account are added to the workflow process as the approver, they can
review the application to approve and reject the work order, and modify the cloud virtual
machine configuration applied by the tenant user.

[Operating Steps]

1. Log in to the SCP platform tenant portal by using https://SCP IP address without port
4430. Then, select the top right corner “Work order” and “Pending”.

2. All the work order application send by tenant user will be showed. Click “Edit”;
3. Verify tenant user request application for VM resources and make changes based on
actual needs. Then, click “Approve”;

4. New virtual machine will be created successfully.

3.3.3 Billing Center
[Function Description]
Administrators can independently control and set the unit prices of platform resources. The
SCP counts the tenant resource usage every 10 minutes, calculates the billing based on usage
and price, and updates the resource usage billing every 1 hour on the interface. The IT
department's services are quantified through statistics on resource usage.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Operation Center】>
【Pricing】.

2. Fill in the unit price and amount you need to set, and click Save.

3. Select 【Operations Center】> 【Billing】 to set the time period for statistics. You
can view the cost summary of different organizations in the selected period;
4. Select 【Operations Center】> 【All Bills】 to set the query time period. You can
view all bills of different organizations in the current period, and report export (as
excel files) is supported.
3.4 Monitoring Center
Sangfor SCP cloud platform has a complete monitoring function and alarm mechanism: the
monitoring overview can comprehensively monitor three types of objects: virtual machines,
physical machines, and elastic IP. Sangfor monitoring center aMC can perform monitoring on
virtual machines, services, databases, etc.While monitoring, you can view platform alarm
information through the alarm log and customize alarm settings

3.4.1.1 Monitor Overview

[Function Description]
Sangfor SCP cloud platform can monitor cloud virtual machines, physical hosts and elastic
IP. By adding monitoring panel, the monitoring information can be displayed in the form of
charts.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【 Monitoring 】 >
【Overview】.

2. Click “+ New panel”

3. Select the virtual machines and related item that you wish to show in dashboard.
4. After the creation, the VM info panel will be displayed.
3.4.1.2 Monitor Report
[Function Description]
Sangfor SCP cloud platform can generate the report for statistic purpose based on resource
overview, resource pools, clusters, and virtual machine

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Monitoring】> 【Report】.

2. Select the required information for the report and click “Download”;

3. Now, the report has been generated.

3.4.2 Alarms
3.4.2.1 Alarms

[Function Description]
Sangfor SCP cloud platform will monitor the platform and cloud virtual machine in real time
according to the alarm option, and all generated alarms will be recorded. Administrators can
view the latest alarms or historical alarms according to their needs.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Monitoring】> 【Alarms】.

2. All the alarm and historical alarm will be displayed.

3. It supports to filter the alarm based on date, object type, resources pool and tenant.
3.4.2.2 Alarm options
[Function Description]
Sangfor SCP cloud platform can detect and alarm on cloud virtual machine, physical
hardware, network and serial number information, support email notification, and support
custom setting of alarm conditions.

[Operating Steps]
1. Log in to the home page of the SCP platform and select 【Monitoring】> 【Alarm
Options】.

2. Configure the alarm condition based on the need.

3. The alarm also supports to configure alarm notification, and it will send the
notification to the user email.
4. Click on the “Setting” to configure SMTP server.

5. After the SMTP is configure, you are able to add the alarm recipient.
Chapter4 FAQ

1. Cluster is managed by multiple SCPs simultaneously: When a cluster is managed by

multiple SCPs simultaneously, only one SCP can be authorized successfully.

Solution: Cancel the management from the excess SCP, and it will return to normal after a
few minutes, or turn off the excess SCPs, and it will return to normal in 30 minutes.

2. IP address conflict in cluster: Because authorization information may be rejected on the

wrong cluster, this problem may occur when multiple HCI clusters are configured with
the same IP address.

Solution: It will recover immediately after IP address conflicts are resolved.

3. HCI is forcibly removed from the management: Log in to the HCI front-end, click
"Manage" and view the "License" icon status. If HCI has been removed from the
management, and SCP shows that it is in the state of the management, then this is the
cause.

Solution: Delete the cluster on SCP and re-manage it.