{{ $t('index.defaultHeader.logo') }}

Sangfor Cloud Platform (SCP)

Enterprise Cloud Computing Platform Built on Business-Centric HCI.

{{ $t('productSubHeader.tabs.document') }}

{{ $t('productSubHeader.tabs.bestPractice') }}

{{ $t('productSubHeader.tabs.case') }}

{{ $t('productSubHeader.tabs.tool') }}

{{ $t('productSubHeader.tabs.bbs') }}

{{ $t('productSubHeader.searchLabel') }}

{{ $t('productDocDetail.guideClickSwitch') }}

{{ $t('productDocDetail.know') }}

{{ $t('productDocDetail.dontRemind') }}

6.11.3

{{item.code}}

Release Notes

Overview

Agentless Backup Development Guide

Introduction

Agentless Backup Deployment

Network Deployment

Backup Account Creation

Agentless Backup Instructions

SFVDDK Installation and Development

Sample Code

Advanced Features

Backup and Recovery of VMs with TPM Enabled

Encrypted VM Backup And Recovery

Precautions

Agentless Backup API 3rd-party Integration User Guide

Connection Preparations

Connect to Agentless Backup via SCP

Feature Connection

Platform Connection

Backup and Recovery

Notes

Product Architecture

Key Functionalities

aSV

aSAN

aNET

aSecurity

Management

Application Scenarios

Private Cloud Solution

Disaster Recovery Solution

Database Management Solution

Server Virtualization Solution

GPU Scenario Solution

VDI Solution

Installation And Deployment

Networking Installation Introduction

Preparation Before Installation

Witness Node System Installation (Optional)

Service Packs

HCI Cluster Initialization

HCI Licensing

Platform License

Authorization Change Description

Virtual Machine Service

Introduction

VM Types and Specifications

Related Concepts

Migration and Scheduling

Resource and Configuration Changes

Attribute and Tag Management

Expiration Date and Group Management

VM Security and Authentication

Enable Turbo Mode

FAQ

Networking Service Manual

Topology

IP and Bandwidth

Network Insight

Traffic Mirroring

Network Deployment

Shared Service Network

Image Service

Introduction

Operation Procedures

Create Images

Public VM Images Management

Private image management

View Private VM Images

Migration

Information Collection and Analysis

Information Collection for Common Migration

Migration Design

SCMT

Resource Assessment

VM Configuration Plan

Migration Feasibility Assessment

Migration Implementation

Migration Implementation

SCMT

aHM

ISO

Migration verification

Rollback

VM Settings on HCI

Troubleshooting

SCMT

Agent Installation Issues

Issues When Creating Migration Tasks

Issues During Migration Process

Issues After Migration

Storage Service

Overview

Virtual Storage Creation and Management

Storage Area Network Settings

Virtual Storage Pool Creation

Virtual Storage Pool Management

FAQ

Local Storage Pool Creation and Management

FAQ

External Storage Integration and Management

External Storage Management

FAQ

Backup Service

Overview

Backup Terminology

Backup Types

Quick Backup

CDP

Backup Creation and Management

Backup Creation

Quick Backup

CDP

Backup Management

Quick Backup

CDP

Backup Settings

FAQ

Snapshot Service

Feature Introduce

Snapshot Write & Read processes

Snapshots Configuration

Snapshots Management

Consistency Snapshot Management

Snapshot Polices Management

Correlated Snapshotting

FAQ

Primary-Secondary Disaster Recovery

Product Introduction

Applicable Scenarios

Constraints and Restrictions

Assessment and Planning

DR Network Planning

Installation and Deployment

SP Check with aDeploy

DR Configuration Guide

Primary/Secondary DR Configuration

Recovery Configuration

Multiple-Tenant Management

Feature Description

Multiple-Tenant Configuration

MSP Management

Multiple-Tenant Management

Tenant User

Tenant User Guide

Compute

Virtual Machine

Image

Networking

Network Topology

IP And Bandwidth

Network Deployment

Application Delivery Controller (ADC)

Security

Reliability

Monitor and Management

Monitor Center

Product Introduction

Integration with Third-Party Monitoring Ecosystem

Monitor Center Configuration Guide

Monitoring Configuration Best Practices

Cluster Management

Overview

Terminology

Cluster Creation and Management

Cluster Creation

SCP Deployment

Cluster Management

HCI Cluster Management

Cluster Reliability

HA

HA Test Guide

Cluster Maintenance

Expansion

Upgrade

SCP Upgrade

Patch

FAQ

Platform Management

User Management

System management

Security Service

HCI Platform

Access Control & Identity Management

SCP Platform

Access Control & Identity Management

Virtual Machine

vNGAF

VM Disk Encryption

Proactive Maintenance & Vulnerability Management

Comprehensive Audits with the aDeploy Tool

Maintenance & Operations Guide

SCP O&M Guide

Monitoring and Alerting Module

Health Check

aDeploy

Sangfor CLI

SCP Routine O&M Guide

Daily O&M Guidelines

Weekly O&M Guidelines

Monthly O&M Guidelines

Basic Service Adjustment Guide

System Power-On and Power-Off

Upgrade and SP Installation Guidelines

Network Configuration Adjustment

Capacity Expansion

SCP O&M Risks and Precautions

aDeploy Use Guide

Overview

Introduction

Auto Upgrade

Key Features

Installation and Upgrade

Manual Upgrade

Uninstall aDeploy

Usage

Health Check

Toolkit

Pre-change Check

Pre-upgrade Check

Feedback

Troubleshooting Common Issues

Windows Compatibility Issues

Sangfor Cloud Platform (SCP)

{{ breadTitle }}

Multiple-Tenant Management

Tenant User Guide

Distributed Firewall

{{sendMatomoQuery("Sangfor Cloud Platform (SCP)","Distributed Firewall")}}

Distributed Firewall

{{ $t('productDocDetail.updateTime') }}: 2025-12-18

Feature Description:

SCP tenants can set distributed firewall policies in the network topology to which they belong to manage tenant networks.

Precautions:

The role of the tenant distributed firewall takes effect only in the area of the tenant.

Prerequisite

None.

Steps:

Log in to the SCP tenant interface, select Security Services > Distributed Firewall after successful login, enter the firewall editing page, and you can see the existing firewall policies.

Select the tenant network name from the list on the left, enter the corresponding page, and click the Create Policy button to create a firewall policy for the tenant network.

Name: The firewall policy name.

Scope: The effective domain of the firewall policy.

Priority: The policy priority created by the tenant is higher than the platform default policy, and other policy priorities can be adjusted manually.

Support group management of firewall interception rules. Add distributed firewall rules under the policy to the created policy. Click the Configure Rules button of the corresponding policy, and click New. The options here belong to the effective domain where the policy is located.

Source/destination matching conditions: Supports configuring IP Group, IP Range, Virtual Machine, and VM groups.

When the source/destination selects a virtual machine, if the virtual machine does not have vmTools installed, the system cannot automatically obtain the virtual machine IP, and the underlying firewall rules cannot perform effective IP conversion. The rules are actually ineffective for the virtual machine. Therefore, in this case, you need to configure an IP for the virtual machine before using it as the source/destination of firewall rules.

Service: Supports the selection of the platform's predefined service and supports custom service based on protocols and port numbers. Custom service in the same effective domain can be shared by multiple rules.

Go back to the Create Rule page and click the Add button to continue adding other rules.

After confirming that all rules are added correctly, click OK. On the Rule Configuration interface, select a rule record and click the Move Up or Move Down button to adjust the priority of the created rule. Click Move to to move the rule to another policy group.

It also supports the priority adjustment of distributed firewall policies. Select the policy whose priority needs to be adjusted in the list, and click More to adjust.

IP Groups: Tenants can manage IP groups in the distributed firewall policy, click the IP Groups button, click the New button, enter the name and describe the IP range, and then complete the operation of adding an IP group

Multiple rules can share a custom IP group in the same effective domain.