{{ secondMenu.name }}
Sangfor Cloud's hybrid cloud with the same architecture based on the hyper-converged architecture supports the docking of private cloud data centers with managed cloud accounts to build a unified management cloud federation environment. Take the private cloud as the main body, trust the hosted cloud account through the IdP identity authentication mechanism, associate the platform administrator or tenant of the private cloud with the hosted cloud tenant account, trust and jump with one click so that the private cloud users can easily go to the cloud and experience Host the rich service catalog of the cloud and build a new blueprint for IT governance.
SCP unifies the management of resources such as infrastructure, Resource Pools, cloud services, and tenant applications. The deployment mode of SCP includes single data center and multi-cluster deployment, which is used to conduct heterogeneous management over multiple different clusters in the same data center. The logical topology of the deployment is shown in the figure below:
At the same time, SCP supports the cross-regional heterogeneous management of multiple clusters from multiple data centers. Its deployment logic topology is shown below:
To meet the operational management requirements of the platform for the Tenant, SCP can set up a maximum of three user management levels, namely platform management, Tenant management, and end-user. The relationship between management responsibilities and levels is shown in the figure below.
Work orders will be automatically generated after users apply for or manage cloud services, such as application for and deletion of work orders. The work order is submitted to the corresponding personnel for examination and approval. After approval, the system automatically executes the work order tasks. The application workflow is shown below.
The SCP cloud computing platform provides tenants with a VPC. The logical isolation between tenants ensures the security of user information and data. It also innovatively integrates Sangfor NFV equipment (vAD, vAF, SSL VPN) into the VPC network to provide security, reliability, and functionality. Comprehensive network environment.
Provide unified image management functions to achieve unified creation and management of images on all HCI Resource Pools.
• In the multi-tenant mode, the administrators can customize the Tenant administrator. In the Tenant, the public image provided by the platform administrator can be used, or the customized private VM image can be used.
• By reducing the operation and maintenance pressure of platform administrators through a unified image management function
The process of image uploading and distribution is shown below:
SANGFOR SCP will provide industry-wide standard interfaces to the outside, and third parties will be able to customize docking according to their needs. Simple heterogeneous management logic is shown below:
The simple management logic is shown in the following figure. 
• Transparency and visualization of the usage of multi-tenant computing resources.
• Realize the conversion from data center billing center to profit center by charging the tenants and tenant sub-accounts based on the number of resources used.
• It is convenient for the industry cloud to charge for the resources used by each tenant, and it is convenient for them to realize resource settlement with the tenants.
• Provide exportable resource usage report
Sangfor Disaster Recovery(DR) plans provide a local backup - aDR (Cross-Site Disaster Recovery)plan. The primary site configures a remote backup repository for a local backup repository, and the secondary site configures an HCI cluster as the disaster recovery center.
Sangfor SCP introduces public service regions, designates public service outlets for each resource pool, and builds a public service network as a dedicated channel between public service regions and resource pool tenants. NTP servers, licensing servers, NAS, security centers, application centers, etc., can be deployed in public service regions to meet tenants' access requirements for public services.
• Sangfor SCP joins the security center, supports the access of security devices on the cloud, realizes log reporting, single sign-on, security monitoring, and other functions, provides one-stop security solutions, and meets the security requirements of cloud platforms.
• The security center supports IAG, AF, ADC, and SSLVPN connected to the classic network and tenant VPC, allowing unified management, log collection, and risk reporting to meet the security requirements of tenants.
• Sangfor SCP cloud computing platform introduces the application center function, supports one-click deployment of Mysql database, big data CDH/aBDI/SmartBI applications, Redis stand-alone version/Sentinel version/cluster version, Kafka stand-alone version/Sentinel version\cluster version, MongoDB stand-alone version/Sharded cluster version, RabbitMQ stand-alone version/cluster version of application middleware and other applications, realize the rapid launch of applications in development and test scenarios. The platform integrates application operation and maintenance methods, including monitoring, backup, alarms, configuration changes, custom deployment, and other management capabilities.
• Sangfor SCP cloud computing platform supports OTP authentication and meets the security requirements of platform login.
• Support the active disabling and enabling of tenants, which is convenient for platform administrators to manage platform operations.
• Support binding new or existing key pairs to Linux virtual machines to avoid brute-force cracking of account passwords and have higher security.
• Automatic deployment of MySQL stand-alone/master-slave, Oracle stand-alone/RAC.
• Cluster nodes can automatically switch between master and slave under failure conditions and combine cloud platform resource linkage to perform bottom-level repairs to achieve self-healing of failures and restore the cluster relationship.
• Provide database-level transaction-consistent backup capabilities, support full backup, incremental backup, and automatic cleanup. Support for restoring to a new database from any backup point.
• Monitor database resources, performance, and cluster master-slave relationships from multiple levels to support manual and automatic database inspections and realize daily operation, maintenance, and inspection automation.
• Multi-site smooth connection, unified arrangement: It is not restricted by the physical environment level and software level of a single site and supports a total of 1024 nodes for multi-site Layer 2 connectivity at most.
• Isolated network fault domain: physical network level isolation between sites, a single site network failure (such as broadcast storm, loop) will not extend to other sites.
• Reliable SDN centralized management and control: The physical network equipment only forwards data, the aNET-SDN controller maintains the related configuration of the business network, the controller is deployed in clusters, and the high-reliability mechanism guarantees the robustness of the business network.
• SCP supports cluster mode to meet large-scale cluster management scenarios. It supports up to 128 clusters and scales horizontally to 1024 nodes.
• Support cluster load balancing. Tenants can access each node of the SCP cluster through the AD load function.
• Realize cluster high availability and real-time synchronous database backup to ensure data consistency.
• Supports automatic failover and automatic return of offline nodes.
Network visualization (aNI, Advanced Network Insight) realizes automatic collection and sorting of virtual machine access relationships, automatic addition and display of new assets, and timely synchronization of asset status. From a business perspective, it provides an intuitive and clear access relationship topology diagram and access details between virtual machines. It is convenient for optimizing policy configuration, discovering business access risks, and reducing risk port exposure.
Sangfor HCI supports copying and forwarding the network card traffic of virtual machines/network devices to the hyper-converged egress. In the operation and maintenance scenario, the network traffic of business virtual machines can be mirrored to the security auditing device to realize traffic filtering and monitoring.
{{ $t('index.defaultHeader.chromeBrowserTip') }}