Overview

Features

New Features

1. Support deploying aSecurity (aSEC) for VM protection, covering the automatic installation of security components for node protection, antivirus isolation, ransomware recovery, vulnerability management, and quick responses to security events.
2. Support configuring traffic mirroring policies for traffic mirroring within a virtual network, from the virtual network to the physical network, and between physical interfaces to meet requirements for user security review, traffic monitoring, etc.
3. Support managing VMware vSphere7.0/7.0.1/7.0.2 to meet user requirements for managing VMware7.0.
4. Support aDesk VDI services. Users can manage aDesk VDI services on SCP with new features for managing resources, users, VMs, policies, etc., facilitating O&M for aDesk VDI services and simplifying operations.
5. Support deploying Advanced Network Insight (aNI) to provide a visual representation of access between VMs and display unauthorized access and access failures between applications.
6. Support changing the licensing method. Both the licensing method with a USB key and the offline licensing(virtual key) method is supported, so that cluster services will not be affected by a USB key missing or failing. There is no need to send back and re-apply for a USB key in licensing change scenarios, achieving higher efficiency.
7. Support configuring the following graphics card models: NVIDIA A10, A16, A30, A40, A100/40 GB, and A100/80 GB to satisfy requirements for mapping, AI, and other GPU-related business scenarios. Support configuring driver versions (10.2 and 13.2) and power-on automation levels for GPU-enabled VMs to enhance the related capabilities of SCP6.8.0.
8. Support switching between Chinese and English languages to make the platform easy for O&M personnel using different languages.
9. Optimized live migration of VMs within and between different resource pools. Users can select interfaces for migration and configure the migration rate, migration compression, forced dynamic migration, and dynamic speed limit. Bulk migration of VMs is also supported.

Others

1. If HCI has been managed by SCP (earlier than SCP6.7.30) before upgrading to HCI6.8.0, please upgrade SCP to SCP6.7.30 and above (including SCP6.8.0) before upgrading HCI.
2. After upgrading SCP6.7.0 to SCP6.7.30 and above (including SCP6.8.0), please contact Sangfor Support for further inspection.
3. Since SCP6.8.0 has been containerized, to upgrade an earlier version to SCP6.8.0, please add a disk (400 GB) to the platform for container image storage so that databases will not be affected by disk IO from container images.

Warning:

1. The offline licensing(virtual key) method is supported only when SCP6.8.0 is deployed on HCI6.8.0 or later.
2. When using a virtual key to upgrade to SCP6.8.0, the original license key file will become invalid, and required to renew the license key with the new device info. This licensing method is supported only when SCP6.8.0 is deployed on HCI6.8.0 or later. Therefore, resource pools of earlier versions may cause SCP licensing to fail.
3. It is required to use the licensing method with a USB key if aSecurity needs to be licensed.

Upgrade Impacts

• Upgrade Limitations

None.

• Immediate Upgrade of Configurations, Logs, and Data

Yes.

• Impacts on Functions After Upgrade

None.

• Reboot Required After Upgrade

Yes. A manual reboot is required.

• Time Taken

About 30 minutes.

• Upgrade Recommendation

Take a snapshot of SCP before upgrading.

Impacts on Services

None.

Impacts on O&M

After the SCP upgrade is complete, the Self-Service Portal of SCP is unavailable during the restart of SCP.

Impacts on Customer Network

SCP upgrade has no impact on network communications outside the platform.

Other Impacts

None.

Upgrade Instructions for Customers

Upgrade Preparations

None.

Notes

During the upgrade, O&M personnel should not log in to the platform for operation and maintenance.

Implementation Procedure

Refer to Upgrade Steps.

Upgrade Tools

1. When the license key for a version before SCP6.2.0 is free of charge and the feature of managing nodes is in use, to upgrade to a new version, Enterprise Edition or Enterprise Plus Edition license is required. Otherwise, the feature of managing nodes cannot be used.

2. To upgrade a version before SCP6.2.0 to SCP6.2.0 and above, you have to replace the aOC license with the SCP license key. There are three license types: Advanced Edition, Enterprise Edition, and Enterprise Plus Edition.

3. aHCM license for SCP6.3.0 and above will specify the maximum number of nodes. If an aHCM license is activated before the upgrade, a license for a maximum of 500 nodes will be given by default after the upgrade.

4. In versions earlier than SCP6.3.0, Application Center and Hybrid Cloud features are available only when the Enterprise Plus Edition license is activated. For SCP6.3.0 and above, independent licensing through Application Center and aHCM can be done when the Advanced Edition or Enterprise Edition license is activated.

5. In versions earlier than SCP6.3.0, nodes can be managed when the Enterprise Edition or Enterprise Plus Edition license is activated. In SCP6.3.0, the Advanced Edition license can also be used with the node license in aHCM.

6. In versions earlier than SCP6.3.0, the license for managing Hybrid Cloud VMs has an expiration date. In SCP6.3.0, the license does not have an expiration date but specifies the maximum number of nodes that can be managed. For Enterprise Plus Edition, the maximum number of Hybrid Cloud VMs that SCP can manage depends on the number of licensed host CPUs.

Note:

The number of independently licensed Hybrid Cloud VMs or the VM quantity in a free license, whichever is greater, shall prevail. The specific rules are as follows:

• Enterprise Plus Edition: For the SCP license of 20 CPU cores and below, a free license for managing 50 Hybrid Cloud VMs will be granted.
• Enterprise Plus Edition: For the SCP license of 20 CPU cores (excluded) to 40 CPU cores (included), a free license for managing 100 Hybrid Cloud VMs will be granted.
• Enterprise Plus Edition: For the SCP license of more than 40 CPU cores, a free license for managing 999,999 Hybrid Cloud VMs will be granted.
• For customers who have purchased Enterprise Edition with 10 CPU cores and a license for managing fewer than 50 Hybrid Cloud VMs, a free license for managing 50 Hybrid Cloud VMs will be granted after SCP is upgraded to Enterprise Plus Edition.
• For customers who have purchased Enterprise Edition with 10 CPU cores and a license for managing more than 50 Hybrid Cloud VMs, the number of Hybrid Cloud VMs that can be managed will remain unchanged after SCP is upgraded to Enterprise Plus Edition.

7. Before upgrading versions earlier than SCP6.3.0_EN, please enable UUID for SCP VMs on the HCI cluster where SCP resides to ensure that the security optimization feature takes effect.

8. When SCP6.7.0_EN manages an earlier version of HCI, after the HCI platform is upgraded to 6.7.0_EN, data sync may fail for Distributed Firewall while upgrading SCP6.7.0 to SCP6.7.30. Please contact a Sangfor technical support representative.

9. Before upgrading an earlier version of SCP to SCP6.8.0, please check and make sure there are four disks for SCP VMs and the capacity of disk 4 is 400 GB or more.

Post Upgrade Check

After the upgrade is completed, start and verify the SCP services.

Rollback

SCP supports snapshot-based rollback. Before upgrading SCP, take a snapshot of the platform. Then, if the upgrade fails, rollback can be performed based on the snapshot.

Note:

Snapshot-based rollback can be performed in the event of an upgrade failure rather than a configuration change failure.

Upgrade Guide

Note:

Please upgrade following the sequence below.

SCP > NFV > HCI

Upgrade Preparations

Upgrade Packages, Documents, and Tools

Packages:

Node Scheduling	Description	Obtain Through
SCP6.8.0_EN update package	Used for upgrading from an earlier version to SCP6.8.0_EN.	Sangfor Community https://community.sangfor.com/plugin.php?id=service:download&action=view&fid=47#/12/all
Active and standby pre-upgrade package (optional)	After the active and standby pre-upgrade package is upgraded, the active and standby nodes can be upgraded at the same time.	https://download.sangfor.com/Download/Product/HCI/HCI6.2.0_EN/SCP6.2.0_EN/SP-SCP_JG_PRE_UPGRADE_EN_01.pkg

Documents:

Node Scheduling	Description	Obtain Through
SCP 6.8.0 user manual	Describes basic O&M and configuration in SCP.	Sangfor Knowledge Base https://knowledgebase.sangfor.com/indexPage?module=645
aDeploy User Guide	Provides instructions for using aDeploy.	Sangfor Knowledge Base https://knowledgebase.sangfor.com/indexPage?module=645

Tools:

Node Scheduling	Description	Obtain Through
Chrome/Edge	The browser software used for accessing HCI and SCP web console.	Obtain from the internet.
PuTTY/MobaXterm	An SSH client for troubleshooting if needed.	Obtain from the internet.
MD5	Used for verifying the integrity of the upgrade package.	Check it when downloading the package file.
aDeploy	Used for pre-upgrade checks and other checks with aDeploy.	Sangfor Community https://community.sangfor.com/plugin.php?id=service:download&action=tool
License Key	For a version earlier than HCI5.8.2, please apply for a new HCI license key. If the NFV devices need to be upgraded according to Chapter 2.3.1 Upgrade Path, please apply for a new NFV license key. Before upgrading, please confirm that the customer’s license is not expired. Otherwise, the environment needs to be renewed. Before upgrading, please check that the original NFV license key has not expired. Otherwise, the license needs to be renewed.	Contact corresponding personnel to obtain or confirm.

Environment Information

None.

Customer Resources

During the upgrade, O&M personnel should not log in to the platform for operation and maintenance.

Please coordinate resources in advance according to the following requirements to ensure a smooth upgrade:

1. Determine when to upgrade and fully prepare for service interruption during the upgrade to reduce impact.

2. Obtain contact information of the responsible persons.

3. Ensure a computer (with Internet access and a stable connection to the device) is ready and can be installed with and run the upgrade client software.

Type	Node Scheduling	Contact	Responsible For
Sangfor Technologies Inc.			Upgrading HCI and SCP
Customers			Coordinating resources and upgrade time. (Upgrade time: )
Customers			Ensure O&M personnel will not log in to the platform for operation and maintenance.
Customers			Arrange persons responsible for application systems to handle service opening and verification issues.

Pre-upgrade Check

Check with aDeploy

Apart from health check features, aDeploy supports checking common problems of customers. It optimizes the platform-based check mechanism and can check the environment before upgrading. If faults or alerts are reported, please handle the faults and alerts for the cluster before upgrading.

Refer to Chapter 2.1.1 Upgrade Packages, Documents, and Tools for the download link.

Check Before Upgrade

1. Check the current version

Go to Resources > Management > System Maintenance and Upgrade > Upgrade to view the current SCP version.

2. Check with aDeploy

• Platform Type: Select SCP.

• Username: Enter sysadm for SCP6.3.0 and above or root for other versions.

• SSH Port: Enter 22345. For versions earlier than SCP6.1.0, enter 22.

If an error message indicates that the SSH service port needs to be enabled, go to Resources > Management > System Maintenance and Upgrade > Remote Maintenance and click Enable.

3. Check active/standby SCP

Before upgrading, check whether SCP is in active/standby mode. Then, log in to the management portal of SCP, and go to Reliability > SCP Status Check > SCP Failover to check whether there is a standby node. If yes, upgrade the active and standby pre-upgrade package first so that the active and standby nodes can be upgraded simultaneously. For details, see chapter Upgrade Active and Standby Pre-upgrade Package.

4. Check before upgrading for disaster recovery scenarios.

In disaster recovery scenarios, there is no particular upgrade sequence for primary and secondary sites (they can be upgraded simultaneously). Before upgrading, check the current tasks of primary and secondary sites to ensure that no disaster recovery-related task is in progress. It is recommended to manually stop ongoing disaster recovery tasks (if any) before upgrading. After the upgrade, check that the platform runs properly and start disaster recovery tasks.

5. Check if there is any ongoing task.

If there is an ongoing task in Tasks, please wait for the task to finish before upgrading, or manually cancel the task and start the task after the upgrade is completed.

6. Check the number and capacity of disks of SCP VMs.

Check whether SCP has four disks and whether the capacity of disk 4 is 400 GB or more. If disk four does not exist or its capacity is less than 400 GB, add a disk or expand the capacity for an existing disk before upgrading.

Upgrade Steps

Upgrade Path

Versions Can Be Upgraded to SCP6.8.0_EN

Series
aCMP5.8.6 Series	aCMP5.8.6_EN	aCMP5.8.6R1_EN
aCMP5.8.8 Series	aCMP5.8.8_EN
aCMP6.0.10 Series	6.0.10R2_EN
SCP6.1.0 Series	SCP6.1.0_EN
SCP6.2.0 Series	SCP6.2.0_EN	SCP6.2.70_EN
SCP6.3.0 Series	6.3.0_EN	6.3.70_EN	6.3.80_EN
SCP6.7.0 Series	6.7.0_EN	6.7.30_EN

NFV Device Versions Supported by HCI&SCP

1. For NFV devices with versions earlier than their earliest versions listed in the table below, please upgrade them first before upgrading HCI.
2. For versions earlier than SCP6.1.0_EN, after being upgraded to SCP6.1.0_EN and above, please import the NFV device images of versions corresponding to SCP6.1.0_EN if using VPC. You can obtain the NFV device images by contacting Sangfor Technical Support or via community live chat.
3. The following is the list of NFV device versions supported by HCI&SCP:

Device	Version	SCP Classic Network	SCP VPC	Notes
vAD	vAD 6.6_EN	√
vAD	vAD 7.0.9R1_EN	√	√
vNGAF	vNGAF7.1_R3	√
vNGAF	vNGAF8.0.8	√
vNGAF	vNGAF8.0.17	√	√	Once deployed in VPC, an upgrade is not supported, else the integration with SCP will fail.
vIAG	vIAM11.9	√
vIAG	vIAG12.0.14	√
vIAG	vIAG13.0.47	√
vSSL	vSSL7.6.0	√
vSSL	vSSL7.6.8_R2 (20200928)	√	√	Version patched supports both being installed using SSL service packs and being deployed.
EDR	EDR3.6.35_EN			Only support deployment with aSEC.

Note:

The NFV device licensing standards of versions earlier than HCI5.3.0 is based on CPU and memory usage. HCI5.8.3 and above are based on traffic usage. Please prepare the upgrade packages of NFV devices accordingly.

Upgrade Steps

Upgrade Active and Standby Pre-upgrade Package (Optional)

1. Go to Management > Upgrade of the active node, click Enable Maintenance Mode, and click Upgrade to upload an active and standby pre-upgrade package.

Get the download link from Chapter 2.1.1 Upgrade Packages, Documents, and Tools.

2. Click Start and wait for the upgrade to complete.

Notice:

1. This operation is required only for upgrades from versions earlier than SCP6.2.0 with active/standby SCP nodes to SCP6.8.0. Please directly upgrade the active SCP node for an environment without the standby SCP node. SCP6.2.0 and above versions can be directly upgraded to SCP6.8.0.
2. This operation does not require restarting SCP and has no impact on business services.

Upgrade SCP

1. Go to Management > System Maintenance and Upgrade > Upgrade and click Enable Maintenance Mode.

2. Click Upgrade and confirm that the new version of SCP is consistent with HCI, then upload the update package and click OK.

3. Wait for the upgrade to complete, and then restart the platform.

4. After the restart, check whether the current version is SCP6.8.0 in System > System Maintenance and Upgrade > Upgrade.

5. For upgrades from SCP6.7.0 to versions later than SCP6.8.0, you need to contact Sangfor Technical Support for further assistance.

Post-upgrade Check

Platform

Check whether the current version is SCP6.7.30_EN in System > System Maintenance and Upgrade > Upgrade.

Service Status

1. Check whether the SCP platform can be logged in successfully.

2. Check whether all services, including backup and disaster recovery, are working normally.

Abnormalities Troubleshooting

Scenario	Upgrades	Solutions	Notes
While upgrading SCP to SCP6.8.0 in case that the disk 4 (/dev/vdd) is in use, the following messages will be displayed: a. The disk (/dev/vdd) has been partitioned but its datastore does not meet the requirements. Please contact a Sangfor technical support representative. b. The file system of the disk 4 (/dev/vdd) does not meet the requirements. Please contact a Sangfor technical support representative.	Upgrade from earlier versions to SCP6.8.0.	Confirm whether the added disks can be removed or migrate the disk data. Exit the upgrade process. Delete disks added on the HCI platform. Add a new disk with a capacity of 400 GB to the SCP VM on the HCI platform. Upgrade again.
While upgrading SCP to SCP6.8.0, the following message popped up: a. The disk (/dev/vdd) does not exist. Please add a new disk with a capacity of 400 GB or more.	Upgrade from earlier versions to SCP6.8.0.	Exit the upgrade process. Add a disk with a capacity of 400 GB to the SCP VM on the HCI platform. Upgrade again.
While upgrading SCP to SCP6.8.0, the following message popped up: a. Error occurred while partitioning the disk (/dev/vdd). Please delete the disk and add the disk again and upgrade again.	Upgrade from earlier versions to SCP6.8.0.	Exit the upgrade process and go to the HCI platform to power off the SCP VM. Delete disks newly added for the SCP VM on the HCI platform. Add a new disk with a capacity of 400 GB to the SCP VM on the HCI platform. Power on the SCP VM and upgrade again.
While upgrading SCP to SCP6.8.0, the following message popped up: a. GRUB upgrade failed. Please do not restart the SCP VM. If the problem persists, please contact a Sangfor technical support representative.	Upgrade from earlier versions to SCP6.8.0.	Upgrade again. No impact if the upgrade is successful. If the upgrade fails again, do not power off or restart the SCP VM. Contact a Sangfor technical support representative.