{{ secondMenu.name }}
Function Description:
Sangfor SCP platform supports online patch upgrades and can obtain the latest patch information regularly to ensure the stability and security of the equipment.
Precautions:
Prerequisites:
The customer network needs to allow the address update1.sangfor.net of Sangfor's patch server to ensure that the platform can access the patch server.
Steps:
Step 1.Navigate to Resources > Management > System Maintenance and Upgrade > Service Packs > Settings, and check the Enable online SP service checkbox.
When the Online SP Service is not turned on or the patch platform is not connected, the Patch Alert icon will appear in the upper right corner of the platform, click to view the reminder, and you can scan the SCP or the QR
code of each cluster to obtain the corresponding patch information, according to the provided download link, completes the patch download.
Step 2.Click SP Central Addresses to obtain the access address of the online patch platform.
Users need to allow the address shown in the table below in the corresponding gateway device to ensure that the SCP or proxy can access it.
| Server IP Address |
Description |
Requirement |
| https://cloudbgcop.sangfor.com |
Cloud Server IP Address. |
Must be allowed. |
| http://update1.sangfor.net |
Online SP center IP Address. |
Allow at least one of the IPs. It is recommended to allow multiple. |
| http://update2.sangfor.net |
||
| http://update3.sangfor.net |
||
| http://121.46.26.221 |
Step 3.Configure the communication method with the online SP center.
Scenario 1: Directly access to an online SP center.
Scenario 2: Use a third-party proxy server to access the SP server.
Click Download Deployment Guide. Refer to the Deployment Guide for Third-Party Proxy Server document to install and configure the third-party agent program and confirm that the agent server can access the online patch server address in Step 2. Deploy two incoming interfaces as shown in the figure below, one can access the Internet to connect to the Sangfor patch server, and the other can access the HCI platform of the intranet.
• Fill in the proxy address (IP + port, example: 10.250.0.20:3128) set above on the SCP platform. And the proxy authentication username and password are set during the deployment of the proxy server.
• The IP address is the IP of the internal incoming interface of the proxy server.
• The port is the publishing port of the proxy service, and the default is 3128.
• Click the Test Connectivity button to confirm that the network is connected.
Scenario 3: The SCP platform cannot be connected to the Internet, and the SP server has been set up in the local data center.
• Select Access Online SP Center via On-Premises Sangfor SP Server.
• Contact Sangfor Technical Support to obtain the vma template of the offline patch server.
• Import the virtual machine of the offline patch server under Virtual Machine > New > Import Virtual Machine.
• After importing, click More >Edit on the specified virtual machine. Edit the network card and connect to the planned network.
Open the VM console and enter the default username and password: admin/Sangforupdater. After successful login, the system will ask to change the default password. Please configure a new password.
• Use the initsrv command to modify the IP address, netmask, gateway, and DNS. Pressing Y to save the configuration will automatically restart the olu server to complete the configuration.
• Confirm the network card configuration and check the connectivity of the network.
• Confirm the network card configuration and check the connectivity of the network.
• Enter the command moashell. The QR code pop up. The QR code pop up. Scan it with Sangfor Pocket Assistant (MOA), get the password from the Pocket Assistant Little Assistant, and enter it into the command line. (Need Sangfor technical support processing).
• Create a user used by the olu server, set a password, and change the group of the olu user to root.
• Use the newly added olu account to log in to the patch server, upload the patch package of the SCP and NFV device to the /var/wwwroot directory through the sftp tool, and view it in the SCP patch list after decompression.
• After configuring the Olu server, test the connectivity of the SP patch server on the SCP interface, fill in the address of the SP patch server, and click Test Connectivity.
Step 4.NFV patch upgrade settings need to log in to a single cluster and go to System Maintenance and Upgrade > Upgrade to edit. For details, please refer to Sangfor Hyper-Converged HCI Version 6.7.0 User Manual.
Step 5.Set emergency contacts (Optional) and click Save after confirming the correct information.
Step 6.Navigate to the System Maintenance and Upgrade > Service Packs > SCP Service Packs. You can make patch upgrade-related settings.
• Click Check for SPs, and the platform will immediately initiate a patch request.
• Click Update Settings. Auto has been selected by default under SP installation. After the patch is obtained online, it will be automatically downloaded and upgraded from 1:00 to 6:00 in the morning. It is recommended to keep the default selection of automatic upgrade, and also support manual upgrade. If you choose to download manually, click OK for the un-upgraded patch in the patch list to start downloading and upgrading.
• SP patches only support manual upgrade, which requires the user to display the pre-conditions and upgrade impact according to the patch list. When the impact is acceptable, the user clicks to execute Upgrade.
{{ $t('index.defaultHeader.chromeBrowserTip') }}