Sangfor Cloud Platform (SCP)

Enterprise Cloud Computing Platform Built on Business-Centric HCI.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.11.3
Sangfor Cloud Platform (SCP) {{ breadTitle }} Networking Service Manual Network Deployment Tenant Network Management
{{sendMatomoQuery("Sangfor Cloud Platform (SCP)","Tenant Network Management")}}

Tenant Network Management

{{ $t('productDocDetail.updateTime') }}: 2025-12-26

Tenant Network Creation

Introduction

Refers to the operation of allocating VPC network or classic network to a tenant. The VPC network is applicable for scenarios where an isolated network environment is required for advanced security, while the classic network is applicable for scenarios demanding direct communication across tenants or physical environments. This meets the diverse networking requirements of tenants.

Prerequisites

The tenant must be successfully created by the administrator on SCP (For details on creating a tenant account, see section 2 of the Tenant Management Manual). The VPC gateway or classic network gateway configuration must be complete.

Constraints and Restrictions

In SCP 6.7.0 and later, a tenant can create up to 10 VPCs within the same network domain. In versions earlier than SCP 6.7.0, only one VPC can be created for each resource pool associated with a tenant.

The network type must be selected based on the specific business scenario to prevent service interruption caused by mismatched network isolation or communication requirements.

Precautions

When a VPC is created, an ACL policy will be added by default for denying traffic from the internet. To access the internet, the tenant must create a corresponding ACL policy to allow traffic. (For configuration method, see section 5 of the Network Security Management Manual).

The connectivity between devices such as physical switches and routers and classic network gateway must be verified in advance to prevent communication error after creation.

Steps

Step 1.Log in to SCP and go to the Network Deployment > Tenant Network page.

Step 2.Click New to go to the Create Tenant Network pop-up window.

Step 3.Select the target tenant in the Tenant drop-down list. (For details on creating a tenant account, see section 2 of the Tenant Management Manual).

Step 4.Select the resource pool, and select VPC or Classic Network for Network Type according to the business scenario, and configure the fields as described in the following table:

Network Type

Scenario

Core Components

Configuration Description and Operation Suggestion

VPC

An isolated network environment is required for advanced security (Example: Financial core systems, government confidential services).

Virtual Switch, Router

- Name: A custom network name (Example: Tenant A Business VPC - Production), which must contain the attributes of tenant, business, and environment.
- VPC Gateway: Select an available VPC Gateway (Example: Select the default edge). Creation is not allowed if no default edge exists.
- Shared Service - Storage Service Gateway: Select a public gateway providing the storage service for VPCs (For details on creating shared service, see section 3 of the Public Service Management Manual). If the storage service is not required, do not select the storage service gateway.
- Shared Service - Non-storage Service Gateway: Select the public gateway providing services such as NTP and Application Center (For details on creating shared services, see section 3 of the Public Service Management Manual). For example, select the default edge with east-west tunnel.

Classic Network

Direct communication between tenants or with physical environments is required (Example: Multi-tenant collaboration networks for enterprises, physical device management networks)

Virtual Switch, Switch

- Gateway Name: Custom or keep the default (Example: Tenant A Classic Network Gateway - O&M), which must be associated with the edge.
- Connect To: Select an edge or port group. Make sure network connectivity between the edge or port group and devices such as physical switches.

Step 5.After the configuration is complete, click OK to finish the tenant network creation.

Tenant Network Editing

Introduction

You can modify configurations such as the gateway, name, and shared service gateway for VPC or classic network, which meets the business requirements (Example: Network gateway migration, shared service capacity expansion).

Prerequisites

The tenant network must already be created.

Constraints and Restrictions

If a VPC gateway is changed, the new gateway must be compatible with the resource pool's architecture (Example: x86, c86) to prevent network disconnection due to architecture mismatch.

After a classic network gateway is changed, the connectivity between the new gateway and physical network devices must be verified to prevent tenant communication interruption.

Precautions

If the shared service gateway for a VPC is changed, the service availability of the new gateway must be verified (For details on creating shared service, see section 3 of the Public Service Management Manual) to prevent affecting tenant service access.

If the Connect To field for the classic network gateway is changed, it is recommended to test the network connectivity (Example: Ping the IP address of a physical device).

Steps

Step 1.Log in to SCP and go to the Network Deployment > Tenant Network page.

Step 2.Locate the tenant network you want to edit and click Edit in the Operation column. If the tenant network is a classic network, you can modify the following fields in the Edit Classic Network Gateway pop-up window. Gateway Name. You can update the name to a more descriptive name (Example: Tenant A Classic Network Gateway - Production Update).

  1. Connected To: You can select another edge or port group. Make sure the network connectivity between the edge or port group and physical network devices.
  2. If the tenant network is a VPC, you can follow the instructions on the screen to modify fields such as the network name, VPC gateway, and shared service gateway (The operation logic is consistent with the creation operation. Please note the field constraints). Step 3. Click OK to finish the tenant network edition.

Tenant Network Deletion

Introduction

You can clean up network resources that are no longer in use to release network quotas. This operation applies to scenarios like tenant business decommissioning or network architecture reconstruction.

Prerequisites

The tenant network cannot have associated resources, such as VMs, subnets, or security groups (All associated resources must be deleted first).

Constraints and Restrictions

After a VPC is deleted, all resources within the network, including VMs, subnets, security groups, and corresponding resources in the recycle bin, will be deleted. In addition, shared bandwidths, direct connections, and elastic IP addresses will be removed. Make sure no services depend on these resources before deletion.

After a classic network is deleted, the direct communication between the tenant and external physical environments or other tenants will be interrupted. An alternative network must be prepared in advance.

Precautions

It is recommended to export the network configuration information (Example: screenshots, configuration documents) before deletion for future reference when reconstruction.

Please operate with caution. It is recommended to perform the operation during off-peak hours to prevent any disruption to online services.

Steps

Step 1.Log in to SCP and go to the Network Deployment > Tenant Network page.

Step 2.Locate the tenant network you want to delete and click Delete in the Operation column.

Step 3.In the confirmation pop-up window (Example: The Delete VPC pop-up window), read the impact description, and click OK to finish the tenant network deletion.