Sangfor Cloud Platform (SCP)

Enterprise Cloud Computing Platform Built on Business-Centric HCI.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.11.3
Sangfor Cloud Platform (SCP) {{ breadTitle }} Multiple-Tenant Management Multiple-Tenant Configuration Operation Steps Tenant Creation
{{sendMatomoQuery("Sangfor Cloud Platform (SCP)","Tenant Creation")}}

Tenant Creation

{{ $t('productDocDetail.updateTime') }}: 2025-12-18

Function Description:

Guide the platform administrator to create a tenant.

Precautions:

None.

Prerequisite

Sangfor SCP has managed the cluster and created the resource pool.

When creating a tenant VPC network, you need to plan the VPC network egress of the resource pool associated with the tenant in advance.

Steps:

Step 1.Log in to the SCP platform and select User and Access Management > User > Tenants. Then, click the New button to create a tenant.

Step 2.Enter the tenant's name, login username, email address, mobile phone number, and password, and click Next.

Name

Name

Can contain only letters, digits, Chinese characters, spaces and the following special characters: ()()【】@._-+

MSP Administrator:

When the SCP platform is in operation mode, tenants must be associated with a specific MSP role.

A tenant can only be associated with one MSP role.

Username

Tenant Name: The account name used by users to log in to the tenant account.

Can contain only letters, digits, and underscores (_).

Email Address

Enter a valid email address for login and retrieving password if necessary.

Must be a valid email address.

Mobile Number

You can log in to the tenant account via SMS verification, or receive platform alert notifications through SMS.

Must be a valid mobile phone number.

Password

Set the password for this tenant account, which is used to log in to the tenant platform. You can either configure the password manually or select the platform to generate it automatically. Additionally, you can check the box labeled "Require password change at first login" to force the tenant to reset their password after logging into the tenant account for the first time.

1. Must contain 8-64 characters.
2. Must contain 4 of the following: uppercase letters, lowercase letters, digits and special characters.
3. Can contain the following special characters (~`@#%&<>"',;_-^$.*+?=!:|{}()[]/\)
4. Cannot contain username.
5. Can contain up to 1 consecutive identical characters.
6. Cannot contain any of the following words: sangfor, sinfor, dlanrecover (case-insensitive).
7. Cannot contain any individual product names (case-insensitive), such as acmp and scp, but strings such as acmpt or xscp are allowed.

Step 3.Allocate resource pools and select the resource pool resources that the tenant can use. The resource pool attributes are divided into Shared Resource Pools and Dedicated Pools. A shared resource pool can be assigned to multiple tenants, and one tenant can be associated with multiple shared resource pools. However, a dedicated pool can only be assigned to one tenant, and a tenant can only be associated with one dedicated resource pool. (VMware resource pools can only be used as shared resource pools, not dedicated pools).

Shared Resource Pools 

Resource Pools from HCI, you can select all HCI resource pools or specific ones.

VMware Resource Pools 

Resource Pools from VMware, you can select all VMware resource pools or specific ones.

Step 4.Configure the network type of the tenant. VPC is selected by default. You can select the Classic network if you want to, fill in the Gateway Name, and select the Connected To device.

Network Type:

VPCUsed for the scenarios where an isolated network environment is required for high security. A router will be created by default to connect to the virtual switch.
VPCs block inbound traffic from the Internet by default. To allow the traffic, please configure ACL on the router in the corresponding VPC on the Topology page.

Name

1. Must contain 1-60 characters.
2. Can contain letters, digits, and Chinese characters.
3. Can contain spaces and any of the following special characters: . _ -
4. Cannot begin with a dot (.)

VPC Gateway

Select the physical ports that have been created in SCP.

Shared Service - Storage Service Gateway

Configure shared service exits for storage types (e.g., connect to the iSCSI service of HCI) and enable storage shared services for tenants to use

Shared Service - Non-storage Service Gateway

Configure shared service exits for non-storage types (e.g., connect to SKE) and enable non-storage shared services for tenants to use.

Used for the scenarios where a tenant communicates directly with other tenants or physical network. A switch will be created by default to connect to the virtual switch.

Gateway Name

1. Must contain 1-60 characters.
2. Can contain letters, digits, and Chinese characters.
3. Can contain spaces and any of the following special characters: . _ -
4. Cannot begin with a dot (.)

VPC Gateway

Select the target device that have been created in SCP.

Step 5.Set quotas for tenants based on actual needs.

On this page, you can click Export Quota Report to export the quota report. You can also click Set All to 0 or Set All to Default to set all quotas to 0 or Default respectively, which allows you to reset all quotas from scratch.

Tenants can click Public Resource to select the global resource pool, or click the name of a specific HCI resource pool to set the quota for that HCI resource pool.

Step 6.Confirm the information. Click OK to create the static route