Sangfor Cloud Platform (SCP)

Enterprise Cloud Computing Platform Built on Business-Centric HCI.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.11.3
Sangfor Cloud Platform (SCP) {{ breadTitle }} Product Overview Key Functionalities Management Operations Management
{{sendMatomoQuery("Sangfor Cloud Platform (SCP)","Operations Management")}}

Operations Management

{{ $t('productDocDetail.updateTime') }}: 2025-12-17

Multi-Level Roles

SCP defines three distinct user roles to facilitate hierarchical management and delegated administration. The Platform Administrator holds supreme authority over the entire platform, managing infrastructure, user roles, and global policies. Tenants act as resource owners within their allocated quotas, managing their own virtual resources and sub-users. Tenant Users are the end-consumers of resources, able to utilize and manage the VMs and services assigned to them by their tenant. This role-based model is essential for enterprises and service providers needing clear segregation of duties and delegated management.

Multi-Tenant Management: SCP's multi-tenant model logically isolates resources and permissions across different user groups. The platform supports a three-tier structure: Platform, Tenants, and Tenant Users, mirroring organizational hierarchies like a company, its departments, and employees. Tenants operate within their assigned resource quotas, and their networks and data are isolated from one another for security. This model is fundamental for service providers or large enterprises that need to deliver secure, customized cloud environments to multiple internal teams or external customers.

Quota Management: The quota management system enables controlled and efficient resource utilization. Platform administrators can allocate precise quotas for compute (vCPU, memory), storage (by performance tier), and security resources (e.g., number of vNGAF instances) to tenants. When a tenant creates a resource, the system checks and reserves the required quota, committing it upon successful creation or rolling it back on failure. This mechanism prevents resource over-subscription, ensures fair allocation, and streamlines operational governance in multi-tenant scenarios.

Work Orders: SCP's work order system introduces a service catalog model for infrastructure delivery, transforming IT into a self-service provider. Tenant users can submit requests for new VMs or resource upgrades, which are routed to their Tenant for approval. Similarly, Tenants can request quota increases from the Platform Administrator. This automated workflow replaces manual request processes, significantly accelerating resource provisioning, enforcing approval policies, and providing a clear audit trail for all resource changes, thereby enhancing business agility.

Billing: The billing module provides granular cost tracking and chargeback capabilities. Platform administrators can define unit prices for vCPU, memory, and different storage types. The system, leveraging a metrics collector like Ceilometer, calculates costs based on real-time resource consumption. Tenants can view their itemized bills and the cost breakdown per VM, while administrators have a global view of all tenant expenditures. This transparency helps organizations optimize resource usage, control costs, and implement showback or chargeback models for different business units.

Tasks

SCP maintains a comprehensive audit trail of all platform operations through its task logging system. Every action, from VM creation to policy changes, is recorded with its status and outcome. Administrators can filter and review these historical tasks to troubleshoot issues, track user activity, and ensure compliance. This centralized visibility is crucial for operational troubleshooting, security auditing, and understanding the sequence of events leading to a system state.

Recycle Bin

The Recycle Bin acts as a safety net for resource management, enhancing data protection and operational flexibility. When VMs, network devices, or backup files are deleted, they are moved to the Recycle Bin and retained for a configurable period (e.g., 30 days). During this time, administrators can restore them, mitigating the impact of accidental deletions. This feature adds a layer of data security and simplifies resource lifecycle management.

Federal Identity Authentication

SCP supports federated identity using the SAML 2.0 standard, enabling seamless Single Sign-On (SSO) integration with enterprise identity providers (IdPs). This allows users to log into SCP using their existing corporate credentials, streamlining the access process and strengthening security through centralized identity management. It also allows the platform to extend its user system to third-party service providers, broadening the ecosystem of integrated services.

Custom Attributes

To manage assets effectively in complex environments, SCP allows users to define custom tags and attributes for resources like VMs, hosts, and networks. These tags can reflect business context such as department, project code, or application owner. By categorizing assets with custom attributes, administrators can filter, search, and report on resources more effectively, enabling unified operations management based on business logic rather than just technical parameters.

Portal Customization

SCP offers branding customization for the user login portal, allowing organizations to tailor the platform's appearance to their corporate identity. Administrators can modify the platform name, upload a custom logo, and set a dedicated login URL. This feature is particularly valuable for Managed Service Providers (MSPs) and enterprises that wish to present a white-labeled cloud experience to their users, reinforcing their own brand.

The Management module, primarily delivered through SCP, transforms the raw technical capabilities of HCI into manageable, service-oriented IT capabilities.

Multi-Cluster & Heterogeneous Management
SCP acts as a "Manager of Managers." It can aggregate multiple HCI clusters, allowing centralized monitoring, image management, and policy enforcement across different sites.

Heterogeneous Virtualization: Crucially, SCP supports the management of VMware vCenter. It connects to vCenter APIs, allowing administrators to view VMware clusters, manage VM power states, and access consoles directly from the SCP interface.

Physical Server Management: It also supports the lifecycle management of bare-metal servers, providing a unified view of the entire IT estate—virtual and physical—in one dashboard.

Multi-Tenancy & Quota Management
SCP introduces a hierarchical tenant model suitable for large enterprises or service providers.

Tenant Isolation: Resources can be logically partitioned and assigned to different departments, projects, or external customers (Tenants). Each tenant sees only their own resources.

Quota Enforcement: Administrators can set strict quotas for CPU, memory, and storage for each tenant to prevent resource hogging ("Noisy Neighbor" effect).

Self-Service Portal: Tenants can access a simplified self-service portal to request resources, create VMs, and manage their own networks within their assigned quotas. This shifts IT from a gatekeeper role to a service enabler role, accelerating business agility.

Reliability Center (Backup & CDP)
SCP integrates comprehensive data protection strategies directly into the platform:

Scheduled Backup: Supports agentless, incremental backup of VMs. It utilizes CBT (Changed Block Tracking) to identify and back up only the data blocks that have changed since the last backup, significantly reducing backup windows and storage consumption.

Continuous Data Protection (CDP): For mission-critical workloads, CDP captures I/O operations in real-time via an I/O journal. It allows the VM to be rolled back to any specific second in the past, offering a near-zero RPO (Recovery Point Objective). This is the ultimate defense against ransomware attacks or accidental data corruption.

Disaster Recovery (DR): Supports active-passive DR setups. SCP orchestrates the asynchronous replication of data to a remote site. It automates the failover process (SRM-like functionality), including VM startup orders and IP re-mapping, drastically reducing the Recovery Time Objective (RTO).

Monitoring & Alerting
The platform provides a unified monitoring center that visualizes the health status of the entire stack.

Full-Stack Visibility: Monitors physical hardware (disks, fans, power supplies, temperature), virtual resources (VM CPU/Mem usage), and business services.

Intelligent Alerting: Administrators can configure static or dynamic thresholds. Alerts are delivered via email, SMS, or webhook. The system includes automated inspection tools that periodically scan the cluster for potential risks and best-practice deviations, enabling proactive maintenance.