ZStack Cloud Enterprise-x86-perpetual

Backup Management > CDP Service > CDP Dashboard. Then, the CDP Dashboard page is displayed. 104 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles Figure 2-35: CDP Dashboard The cards are described as follows: • CDP Task: ▬ This card displays the number and status of CDP tasks in the Cloud. ▬ Task status includes running, stopped, and other (starting, running, unknown, and failed). ▬ You can click the number on the card to enter the CDP task page to view more information. • Recovery Task: ▬ This card displays the number and status of recovery tasks in the Cloud. ▬ Task status includes succeeded, failed, and other (waiting, paused, recovering, canceling, and canceled). ▬ You can click the number on the card to enter the recovery task page to view more information. • Total CPU Utilization of All Backup Servers: This card displays the CPU utilization of all backup servers in the Cloud. • Total Memory Utilization of All Backup Servers: This card displays the memory utilization of all backup servers in the Cloud. • Top 5 Backup Server Usage: ▬ This card displays the used capacity and total size of each backup server. ▬ The usage of each backup server is displayed in descending order. Issue: V5.1.8 105Technical Whitepaper / 2 Product Profiles ▬ You can click the backup server name on the card to enter the details page of the backup server. • Total Disk I/O of All Backup Servers: This page displays the disk I/O of all backup servers in the Cloud. • Unread Alarm Statistics in Recent Seven Days: ▬ This card displays unread alarm statistics in recent 7 days, including the emergency level, number of alarms, and alarm name. ▬ You can click the More icon in the upper right corner to enter the alarm message page. ▬ You can view and handle the alarm messages and copy the alarm details. ▬ Alarm messages that you already read are not displayed here again. 2.2.2.5.2.2 CDP Task You can create a CDP task to continuously back up your VM data to a specified backup server to achieve continuous data protection and recovery. • Before you can use the CDP service, add a local backup server to the Cloud first. • You can create CDP tasks to continuously back up your VM data to a specified backup server to achieve continuous data protection. • You can create CDP tasks in bulk for multiple VM instances. The Cloud support only one VM instance per CDP task. • You can perform entire VM backup without installing an agent for your VM instances. • The Cloud performs a full backup on the VM instances immediately after you create CDP tasks. • The Cloud provides second-level fine-grained continuous data protection for VM instances. • The Cloud recommends the desired capacity required by a CDP task based on an algorithm when you create a CDP task for the first time, helping you to plan the backup space reasonably . • The CDP service applies to VM instances in different primary storage scenarios, including local , NFS, SharedBlock, and Ceph primary storages. • You can manage the lifecycle of CDP tasks, such as creating, enabling, disabling, and deleting CDP tasks. • You can modify the protection policy of a CDP task, including the recovery point interval, regular backup frequency, recovery point retention policy, and the backup rate when the CDP task is disabled. • You can modify task running policy to adjust the desired size and RPO policy for the CDP task. 106 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles • You can view the creation progress of a CDP task. • The Cloud provides CDP task resource alarms and event alarms and allows you to create these alarms. 2.2.2.5.2.3 CDP Data The backup data generated from continuous data protection on VM instances is stored in local backup servers. You can manage CDP on the CDP Data page • You can back up CDP data on a local backup server. • The Cloud displays the CDP status in charts and tables and allows you to view the details by specifying a time span. • The Cloud displays hourly data changes so that you plan the backup capacity more reasonably . • The Cloud provides a recovery point calendar, which identifies the dates with recovery points with colors and helps you to locate recovery points quickly. • You can lock recovery points. After a recovery point is locked, data of the recovery point will not be automatically cleared or deleted. • The Cloud provides recovery point list and locked recovery point list and allows you to view the details by specifying a time span. • The Cloud supports fast recovery based on selected recovery points (including locked recovery points). • The Cloud supports instant recovery with a minimum RTO in seconds. • The Cloud supports entire restoration and file-level restoration. ▬ Entire restoration allows you to restore data to the original VM instance or to a newly- created VM instance. ■ Restore data to a newly-created VM instance: ■ Allows you to create a VM instance from the selected recovery point without affecting the original VM instance. ■ The newly created VM instance will quickly start up for business recovery. ■ Restore to the original VM instance: ■ Allows you create new volumes or overwrite current volumes. ■ Create new volumes: This method allows you to retain and attach volumes before recovery to the VM instance to ensure data security. Issue: V5.1.8 107Technical Whitepaper / 2 Product Profiles ■ Overwrite current volumes: This method will overwrite the original data in the VM instance and keep the snapshots in the current volumes. ■ During data restoration, the original VM instance will quickly start up for business recovery. ▬ File-level restoration allows you to retrieve files without restoring the system. Both Windows and Linux file system formats are supported. Supported file format include picture, text, and PDF. • Allows you to clear CDP data, which will delete all the CDP data of the VM instance, including the locked recovery points. The Cloud performs full backup for the VM instance the next time the CDP task is enabled. 2.2.2.5.2.4 Recovery Task A recovery task helps you quickly restore data by specifying a CDP task and recovery point, and allows you to view the recovery progress and logs in a more friendly way. • The Cloud provides a list of recovery tasks, allowing you to view the recovery records and progress in a more friendly way. • The CDP service applies to VM instances in different primary storage scenarios, including local , NFS, SharedBlock, and Ceph primary storages. • The Cloud supports instant recovery with a minimum RTO in seconds. • The Cloud allows you to restore data to the original VM instance or to a newly-created VM instance. ▬ Restore data to a newly-created VM instance: ■ Allows you to create a VM instance from the selected recovery point without affecting the original VM instance. ■ The newly created VM instance will quickly start up for business recovery. ▬ Restore to the original VM instance: ■ Allows you create new volumes or overwrite current volumes. ■ Create new volumes: This method allows you to retain and attach volumes before recovery to the VM instance to ensure data security. ■ Overwrite current volumes: This method will overwrite the original data in the VM instance and keep the snapshots in the current volumes. 108 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles ■ During data restoration, the original VM instance will quickly start up for business recovery. • You can manage the lifecycle of recovery tasks, such as creating, enabling, disabling, and deleting recovery tasks. • You can rerun a failed or canceled recovery task. • You can cancel a task only during the recovery progress. After a task is canceled, intermediate data generated during the recovery process will not be retained. 2.2.2.5.2.5 Local Backup Server A local backup server is located at the local data center and is used to store local CDP data. • You can use the ImageStore deployed in the local data center as the local backup server. • You can also deploy a new local backup server. • You can add more than one local backup server. • You can view the CDP data backed up to the local backup server on the details page. 2.2.2.6 Scheduled O&M 2.2.2.6.1 Scheduled Job ZStack Cloud provides two types of scheduled O&M resources: scheduled jobs and schedulers. These two types of resources are independent from each other. You can create schedulers and scheduled jobs based on different rules, and associate or disassociate scheduled jobs with or from schedulers. 2.2.2.6.2 Scheduler ZStack Cloud provides two types of scheduled O&M resources: scheduled jobs and schedulers. These two types of resources are independent from each other. You can create schedulers and scheduled jobs based on different rules, and associate or disassociate scheduled jobs with or from schedulers. • A scheduled job defines that a specific action be implemented at a specified time based on a scheduler. ▬ You can associate any available scheduled job with a scheduler. ▬ You can select Disable, Enable, Attach, and Detach actions for a scheduled job based on your actual production environments. Issue: V5.1.8 109Technical Whitepaper / 2 Product Profiles ▬ If you delete a scheduler, the scheduled jobs associated with the scheduler will be disassociated. You can associate the scheduled jobs with other schedulers. ▬ Operations triggered by scheduled jobs are all recorded by the Audit feature. • A scheduler is used to schedule jobs. It is suitable for business scenarios that last for a long time. ▬ A scheduler defines the implementation rules for a scheduled job. ▬ A scheduler can be used for long-term operations, for example, creating snapshots at a specified interval for a VM instance. ▬ If you delete a scheduler, the scheduled jobs associated with the scheduler will be disassociated. You can associate the scheduled jobs with other schedulers. ▬ Operations triggered by schedulers are all recorded by the Audit feature. 2.2.2.7 Tag Management A tag is used to mark resources. You can use a tag to search for and aggregate resources. Specifically, you can quickly locate the required resources by tag type and tag name. • You can create tags with different colors, simple style, and brief description. You can also attach tags to resources and search resources by using tags. This will improve your search efficiency. • You can search for the resources without tags by clicking the option "None" when you use tags to filter resources. This is convenient for maintenance operations. • Two types of tag are available: admin tags and tenant tags. ▬ Admin tags are created and owned by the administrator, and can be attached to VM instances, volumes, hosts, baremetal instances, and elastic baremetal instances. ▬ Tenant tags are created and owned by tenants, and can be attached to VM instances and volumes. • Currently, you can attach tags to or detach tags from VM instances, volumes, hosts, baremetal instances, and elastic baremetal instances. Considerations • Admin tags are created and owned by the administrator while tenant tags are created and owned by tenants. • Tags created by tenants can only be attached to resources of the corresponding tenants, while admin tags can be attached to all of the resources on the Cloud. 110 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles • The administrator can detach or delete tenant tags. • Tags in a project are owned by the project. Therefore, everyone in the project, including the project admin, project manager, and project member, can perform operations on these tags. • Currently, tag owners cannot be changed. • When you change a resource owner, all tenant tags attached to the resource will be detached. However, the admin tags are not affected. • After the Cloud is upgraded seamlessly, the existing tags will be updated accordingly and displayed in the latest way. If an exception occurs, refresh your browser or create a new tag. 2.2.2.8 Migration Service ZStack Cloud provides the Migration Service, allowing you to migrate VM systems and data from other virtualization platforms to the current cloud. Currently, with the Migration Service, you can: • Migrate VM instances from the vCenter that you took over to the current cloud. The supported vCenter versions include 5.5, 6.0, 6.5, 6.7, and 7.0. Note that the version of the vCenter server must be consistent with that of the ESXi host. • Migrate VM instances from a KVM cloud platform to the current cloud. Note: If you took over vCenter 7.0, to ensure that the VM console can open properly, we recommend that you download the trusted root CA certificate when you log into vCenter. Figure 2-36: V2V Migration Issue: V5.1.8 111Technical Whitepaper / 2 Product Profiles The Migration Service is a separate feature module. To use this feature, you need to purchase both the Base License and the Plus License of the Migration Service. The Plus License cannot be used independently. Advantages of the Migration Service are as follows: • Allows you to perform one-click V2V migrations for VM instances in bulk. • Allows you to add a conversion host and create a V2V job and lets the Cloud do the rest. • Allows you to configure an independent migration network and a network QoS for a conversion host to control transmission bottlenecks and improve migration efficiencies. • Allows you to customize configurations for destination VM instances when you create a V2V job. • Monitors and manages the entire migration process in the visualized, well-designed UI. 2.2.2.8.1 V2V Migration Currently, you can migrate VM instances from a VMware cloud platform or a KVM cloud platform to the current cloud. Source Cloud Platform: VMware You can migrate VM instances from the vCenter you take over to the current Cloud by creating a migration task. • Before migrations, perform data synchronization to manually synchronize the latest status of resources in the vCenter that you took over. • You can perform bulk V2V migrations for VM instances, and customize configurations of the migrated VM instances. • The supported vCenter versions include 5.0, 5.1, 5.5, 6.0, 6.5, 6.7, and 7.0. Note that the version of the vCenter server must be consistent with that of the ESXi host. 112 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles • The supported VM systems of the source vCenter include RHEL/CentOS 4.x, 5.x, 6.x, 7.x, SLES 11, 12, 15, Ubuntu 12, 14, 16, 18, Windows 7, and Windows Server 2003 R2, 2008 R2, 2012 R2, 2016, 2019. • The VM instances will be forced to shut down during the V2V migration. Therefore, pay attention to the business impact. Note: The system firstly attempts to shut down the VM instances gently. If the shutdown fails, the system will perform force shutdown. • The type of the source primary storage is not enforced. The type of the destination primary storage can be LocalStorage, NFS, Ceph, or SharedBlock. • For Windows VM instances, the Windows VirtIO driver is automatically installed during the migration. This improves the NIC and disk efficiencies. • You can perform V2V migration for VM instances booted by UEFI. After the migration, these VM instances are also booted by UEFI. Source Cloud Platform: KVM You can migrate VM instances from a KVM platform to the current Cloud by creating a migration task. • You can perform bulk V2V migrations for VM instances, and customize configurations of the migrated VM instances. • You can migrate the VM instances that are running or paused. Do not power off the VM instances to be migrated. • You can perform V2V migrations for VM instances booted by UEFI. After the migration, these VM instances are also booted by UEFI. • The type of the source primary storage is not enforced. The type of the destination primary storage can be LocalStorage, NFS, Ceph, or SharedBlock. • For different types of source primary storages or destination primary storages, the libvirt version and QEMU version must meet the following requirements: ▬ If either the source primary storage or destination primary storage is Ceph, use libvirt 1.2.16 and QEMU 1.1 or their later versions. ▬ If neither the source primary storage nor destination primary storage is Ceph, use libvirt 1.2. 9 and QEMU 1.1 or their later versions. Issue: V5.1.8 113Technical Whitepaper / 2 Product Profiles 2.2.2.8.2 V2V Conversion Host Before you can perform V2V migrations, specify a host in a destination cluster as the V2V conversion host. • A V2V conversion host must have sufficient hardware resources, such as network bandwidth and disk space. The following table lists the minimum configuration requirements. Table 2-5: Minimum Configuration Requirements for V2V Conversion Host Hardware Configuration Requirements CPU Minimum 8 cores Memory Minimum 16 GB Network Minimum 1 Gigabyte NIC Minimum 50 GB for the rest of storage spaces Storage Note: You can modify the storage configuration according to the number of VM instances to be migrated. • The type of the V2V conversion host must be consistent with that of the source cloud platform. • You can set an independent migration network and a network QoS for a V2V conversion host to control transmission bottlenecks and to improve migration efficiencies. 2.2.3 Operational Management 2.2.3.1 Tenant Management Tenant Management allows users to create and manage their organization structures based on their actual business scenarios. It also provides features such as project-based resource access control, ticket management, and independent zone management. The Tenant Management feature is provided in a separate module. Before you can use this feature, you need to purchase the Plus License of Tenant Management, in addition to the Base License. Definitions Definitions related to Tenant Management: 114 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles • Personnel and Permissions: The Tenant Management system is structured on the basis of personnel and permissions. You can create departments and roles based on your business needs, and grant a variety of permissions to your users. • Organization: Organization is the basic unit in Tenant Management. You can create an organization or synchronize an organization through SSO authentication. The organizations can be categorized into the default department and the customized department. You can customize a new team and a sub-department. The new team, usually a company or subcompany (subsidiary), can be used to create multi-level departments. An organizational structure tree is displayed in cascade, and you can directly get a complete picture of the organization structure. Note: Notice that project members can only view the organization structure where their team belongs to. • User: A user is a natural person that constructs the most basic unit in Tenant Management. There are local user and the SSO user on ZStack Cloud. ▬ Local User: A user that is created on the Cloud. A local user can be added to an organizati on or a project, and attached to a role. ▬ SSO User: A user is that is synchronized to the Cloud through SSO. A SSO user can be added to an organization or a project, and attached to a role, and changed to a local user. Note: • To log in to the Cloud, tenant management users need to use the Tenant login entry. ▬ Local users log in to the Cloud via the Local User entry. ▬ AD/LDAP users log in to the Cloud via the AD/LDAP User entry. ▬ OIDC/OAuth2/CAS users log in to the Cloud from the SSO application without the password. • The admin and platform manager can view the list of all users. • If you created an organizational structure tree on the Cloud, platform members can view only the list of users belonging to the organizational structure. If you did not create any organizational structure tree, platform members can view all users. • User Group: A user group is a collection of natural persons or a collection of project members. You can use a user group to grant permissions. Issue: V5.1.8 115Technical Whitepaper / 2 Product Profiles • Role: A role is a collection of permissions that can be granted to users. A user that assumes a role can call API operations based on the permissions specified by the role. Roles are categorized into platform roles and project roles. ▬ Platform Role: After a user has a platform role attached, the user will have the management permission of the corresponding zone. Permissions of a platform role take effect only in the zone managed by the user. ▬ Project Role: After a user joins a project and have a project role attached, the user will have the permission to use the project and manage the data in the project. Note: • One user can have both platform roles and project roles attached. • One user can have more than one platform role or project role attached. • In a project, if a user has multiple project roles attached, the user will have all the permissions attached to the project roles. • Single Sign On: The Single Sign On service provided by the Cloud. It supports seamless access to SSO systems. Through the service, related users can directly log in to the Cloud and manage cloud resources. Currently, AD/LDAP/OIDC/OAuth2/CAS servers can be added. ▬ AD authentication: Active Directory (AD) is a directory service designed for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. AD provides an independent, standard login authentication system for increasingly diverse office applications. AD users or organizations can be synchronized to the user list or organization of ZStack Cloud via an AD server, while specified AD login attributes can be used to directly log in to ZStack Cloud. ▬ LDAP authentication: Lightweight Directory Access Protocol (LDAP) can provide a standard directory service that offers an independent, standard login authentication system for increasingly diverse office applications. LDAP users can be synchronized to the user list of ZStack Cloud via an LDAP server, while specified LDAP login attributes can be used to directly log in to ZStack Cloud. ▬ OIDC authentication: 116 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles OpenID Connect (OIDC) is a set of authentication protocols based on the OAuth2 protocol , and it allows the clients to verify the user identity and obtain basic user configuration information. The user information can be synchronized to the Cloud according to the mapping rules via an OIDC server, and users of the OIDC authentication system can log in to the Cloud without the password. ▬ OAuth2 authentication: Open Authorization 2.0 (OAuth2) is a set of authorization protocol standards that can authenticate and authorize users to access related resources. The Cloud currently only supports authorization through the authorization code. The user information can be synchronized to the Cloud according to the mapping rules via an OAuth2 server, and users of the OAuth2 authentication system can log in to the Cloud without the password. ▬ CAS authentication: Central Authentication Service (CAS) is a set of single sign-on protocols that allow website applications to authenticate users. The user information can be synchronized to the Cloud according to the mapping rules via a CAS server, and users of the CAS authentication system can log in to the Cloud without the password. • Project Management: Project management allows you to schedule resources based on projects. You can create an independent resource pool for a specific project. By this way, you can better manage the project lifecycle (including determining time, quotas, and permission s) to improve cloud resource utilizations at granular, automatic level and strengthen mutual collaborations between project members. • Project: A project is a task that needs to be accomplished by specific personnel at a specified time. In Tenant Management, you can plan resources at the project granularity and allocate an independent resource pool to a project. The word Tenant in Tenant Management mainly refers to projects. A project is a tenant. ▬ When you create a project, you need to specify the resource quotas and reclaim policy, and add project members. ▬ The basic resources (instance offering, image, network, and other resources) on the Cloud are suggested to shared or created in advance. Issue: V5.1.8 117Technical Whitepaper / 2 Product Profiles • Ticket Management: To better provide basic resources efficiently for each project, project members (project admins, project managers, or regular project members) can apply for tickets to obtain cloud resources. Tickets are reviewed and approved according to custom ticket review processes of each project. Finally, the admin, project admins, department managers, and the customized approvers approve the tickets. Currently, five types of ticket are available: apply for VM instances, delete VM instances, modify VM configurations, modify project cycles, and modify project quotas. • Process Management: Process management is part of ticket management that manages the processes related to the resources of projects. Processes can be categorized into default processes and custom processes. ▬ Default process: The project member submits a ticket to the admin, and then the admin approves the ticket. This process applies to the following scenarios: ■ The tickets that are not configured with a ticket process. ■ The tickets which apply for modifications on the project cycle. ■ The tickets which apply for modifications on the project quota. ■ If the custom ticket process is deleted, the tickets will be resubmitted automatically via the default ticket process. ▬ Custom process: The project member submits a ticket. The project member makes process settings via process management. Finally, the admin or project admin approves the ticket. This process applies to the following scenarios: ■ The tickets created to apply for VM instances, delete VM instances, and change VM configurations will be prioritized to be submitted via the configured, custom ticket process . ■ If you modify the valid ticket process, the tickets will be automatically resubmitted via this modified, custom ticket process. ■ If you modify the invalid ticket process, you need to resubmit the tickets manually by using this modified, custom ticket process. • My Approval: In the Cloud, only the administrator and project administrators are granted approval permissions. the administrator and project administrators can approve or reject a ticket. If a ticket is approved, resources are automatically deployed and allocated to the specified project. Note: 118 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles The platform admin and regular platform members do not have the permission for ticket management, and the menu My Approval is not supported for these two roles. SSO Rename Starting form ZStack Cloud 5.1.8, Third-party authentication is renamed to Single Sign-On (SSO). The following table describes some of the common term changes that have been updated throughout this guide as a result of the rename. Legacy Term Current Term Third-Party Authentication Single Sign On or SSO Third-Party Authentication Server SSO Server Third-Party Authentication System SSO System or SSO Authentication System Third-Party User SSO User Third-Party Sub-Account SSO Sub-Account Third-Party Attribute SSO Attribute Architecture The Tenant Management mainly includes four subfeatures, including project management, ticket management, independent zone management, and Single Sign On. • Platform Management: To effectively manage the Cloud, the platform user (platform admin/regular platform member) can cooperate with the super administrator to manage and operate the Cloud together. ZStack Cloud provides various system roles such as Platform Admin Role and Dashboard Role. You can also satisfy various usage scenarios by creating custom roles at the API level. • Project Management: The project management is project-oriented to plan for resources. Specifically, you can create an independent resource pool for a specific project. Project lifecycles can be managed ( including determining time, quotas, and permissions) to improve cloud resource utilizations at granular, automatic level and strengthen mutual collaborations between project members. • Ticket Management: To better provide basic resources efficiently for each project, project members (project admins , project managers, or regular project members) can submit tickets to obtain cloud resources . Tickets are reviewed and approved according to custom ticket review processes of each Issue: V5.1.8 119Technical Whitepaper / 2 Product Profiles project. Finally, the admin, project admins, department managers, and the customized approvers approve the tickets. Currently, five types of ticket are available, including applying for VM instances, deleting VM instances, modifying VM configurations, modifying project cycles, and modifying project quotas. • Independent Zone Management: Usually, a zone corresponds to an actual data center in a place. If you isolated resources for zones, you can specify the corresponding zone admins for each zone to achieve independent managements of various machine rooms. In addition, the admin can inspect and manage all zones. • Single Sign On: The Single Sign On is an SSO authentication service provided by ZStack Cloud. You are allowed to seamlessly access the SSO system. The corresponding account system can directly log in to the Cloud to conveniently use cloud resources. Currently, you can add an AD/LDAP/ OIDC/OAuth2/CAS server. Differences in Roles and relevant Permissions Definitions related to Tenant Management Account System: • admin: A super administrator who owns all permissions. Usually, the admin is the IT system administrator who have all the permissions. • Local User: A user that is created on the Cloud. A local user can be added to an organization, added to a project, and attached to a role. • SSO User: A user that is synchronized to the Cloud through SSO. An SSO user can be added to an organization, added to a project, and attached to a role. • Platform User: A user that is not added to a project yet, including platform admin and the regular platform member. • Platform Admin: A user that has the platform admin role attached. A platform admin who has been allocated a specified zone or all zones manages the data center of the allocated zone or zones. • Head of Department: The admin can assign a head for the department, and this role is used for identification only. When a head of department becomes a project member, the head of a department has the permission to check department bills. • Project User: A user who has joined a project, including project admin, project operator, and regular project member. 120 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles • Project Admin: A user that has the project admin role attached. A project admin is responsible for managing users in a project, and has the highest permission in a project. • Project Manager: A user that has the project manager role attached. A project manager assists project admins to manage projects. One or more project members in the same project can be specified to act as project managers. • Department Manager: The admin can assign a department manager for the new team. It is a type of platform role and is responsible for the operation management of the entire department , including project management, ticket management, checking bills, and department critical resource monitoring. • Root Role: The root role is used to limit the permission scope of the custom role. The permission of a custom role is inherited from its root role, and is a subset of the root role permission. • Quota: A measurement standard that determines the total quantity of resources for a project. A quota mainly includes the VM instance count, CPU count, memory capacity, maximum number of data volumes, and maximum capacity of all volumes. • Project Reclaim Policy: You need to specify a project reclaim policy when you create a project. There are three types of project reclaim policy, including unlimited, reclaim by specifying time, and reclaim by specifying cost. ▬ Unlimited: After you create a project, resources within the project will be in the enabled state by default. ▬ Reclaim by Specifying Time: ■ When the expiration date for a project is less than 14 days, the smart operation assistant will prompt you for The license will be expired after a project member logs in to the Cloud. ■ After the project expired, resources within the project will be collected according to the specified policy. The policy includes disabling login, preventing project members from logging in to the Cloud, stopping resources, and deleting projects. ▬ Reclaim by Specifying Cost: When the project spending reaches the maximum limit, resources within the project will be collected according to the specified policy. The policy includes disabling login, preventing project members from logging in to the Cloud, stopping resources, and deleting projects. Issue: V5.1.8 121Technical Whitepaper / 2 Product Profiles • Access Control: When you create a project, you can specify whether to allow or prohibit project members to or from logging in to the project within a specified time period. There are two types of access control policy: login allowed time and login prohibited time. ▬ Login Allowed Time: You can set the time when members in the project can log in to the project by day or week. After setting, the project members can log in to the project only during the login allowed time period. ▬ Login Prohibited Time:You can set the time when members in the project cannot log in to the project by day or week. After setting, the project members cannot log in to the project during the login prohibited time period. • Security group constraint: If you enable security group constraint, when a project member creates a VM instance, the VM instance must have one or more security groups attached. ▬ Before you can enable security group constraint for the project, make sure that the project security group quota is set to 1 or higher. ▬ If you enable the security group constraint for the project, a default security group is created when the project is created. The tenant management system grants users a variety of permissions. The permissions of different user roles are as follows: • Differences in Accounts Login in Tenant Management ▬ Admin can log in to the Cloud via Account Login. By using Chrome or Firefox, go to the Account Login page via http://management_node_ip: 5000/#/login. To log in to the Cloud, the admin must enter the corresponding user name and password. 122 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles Figure 2-37: Main Login Page ▬ For users (platform admin, platform user, project admin, project manager, regular project member, or department manager), log in to the Cloud via Project Login. By using Chrome or Firefox, go to the Project Login page via http://management_node_ip: 5000/#/ project. To log in to the Cloud, enter the corresponding user name and password. Specifically, the Cloud has two login entrances for Project Login as follows: • Local user: the user created on the Cloud. Log in to the Cloud via Local User. • AD/LDAP user: the SSO user synchronized to the Cloud via the SSO. Log in to the Cloud via AD/LDAP User, as shown in Project Login Page. After the successful login, you can select the platform or project to be managed to log in to the corresponding management interface. Issue: V5.1.8 123Technical Whitepaper / 2 Product Profiles Figure 2-38: Tenant Login Page • Feature Differences from Various Perspectives Project Regular Regular Platform Admin/ Department admin ( Platform Project Feature Admin ( Project Manager System Member ( Member ( Menu System Manager (System Role) Custom Custom Role) (System Role) Role) Role) Role) Organizati Configure Configure ○ ○ ○ ○ on as needed. as needed. Configure Configure User ○ ○ ○ ○ as needed. as needed. Configure Configure Role ○ ○ ○ ○ as needed. as needed. Project × × Configure × ○ × Member as needed. Configure Configure User Group ○ ○ ○ ○ as needed. as needed. Single Sign Configure ○ ○ × × × On as needed. 124 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles Project Regular Regular Platform Admin/ Department admin ( Platform Project Feature Admin ( Project Manager System Member ( Member ( Menu System Manager (System Role) Custom Custom Role) (System Role) Role) Role) Role) Configure Project ○ ○ × ○ × as needed. Process ○ Configure ○ × × × Management as needed. × × Configure My Tickets × ○ × as needed. My × × Configure ○ ○ ○ Approval as needed. • Differences in Permissions of Platform/Project Roles • Platform Roles: admin, platform admin, department manager, and regular platform user. The permissions corresponding to these roles are differentiated as follows: Role Difference admin A super administrator who owns all permissions. A platform admin is a type of administrator who has been allocated a specified zone or all zones, and assists the admin to jointly manage the Cloud. A platform admin has all the permissions that the admin has, except the following: • A platform admin is allocated a specified zone or all zones, and has the permissions to manage resources in the zone or zones only. Currently, a platform admin is not granted relevant Platform Admin permissions to create or delete zones. • A platform admin does not have the permissions related to ticket management, and the menu My Approval is not displayed for this role. • A platform admin does not have the permissions related to certificate management, and cannot perform actions such as uploading a certificate. Department Manager The department manager is a role who has been allocated a specified department, which can be designated by the admin for the Issue: V5.1.8 125Technical Whitepaper / 2 Product Profiles Role Difference new team and responsible for managing the whole department. A department manager has the following permissions: • View homepage: Allows you to view the summary of project resources in the department under the management only. • View the Cloud monitor: Allows you to view the monitoring information of critical resources of the department under your management. • View organizations: Allows you to view the organizational structure of the Cloud, but not to perform related operations. • View users: Allows you to view the user information on the Cloud, but not to perform related operations. • View user groups: Allows you to view the user group information , but not to perform related operations. • Viewing roles: Allows you to view the system project roles of the Cloud, the project roles whose owner is the admin, and the project roles whose owner is the management department (and sub-departments). • View projects and project-based operations: For projects under the managed department (and sub-departments), you can view, edit, and add project members. Setting a department, changing billing prices, generating project templates, and setting logon time limits for projects are not supported. • Ticket approval: Supports ticket approval, but the menu Process Management is not displayed. • View/Export bills: Allows you to view or export project bills and departmental bills of the department (and sub-departments) under your management. Platform members other than the platform admin. A Platform member has all the permission that the admin has, except the following: • A regular platform member does not have the permissions Regular Platform related to ticket approval, and the menu My Approval is not Member displayed for this role. • A regular platform member can view users who are in the same organizational structure only. • Ungranted permissions. • Project Roles: project admin, project manager, and project member. The permissions corresponding to these roles are differentiated as follows: 126 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles ▬ A project admin can specify one or more project members in the same project to act as project managers, assisting project admins to manage projects. ▬ A project manager has all the permissions that a project admin has, but Advantages The Tenant Management of ZStack Cloud has the following advantages: • Full-featured: Tenant Management provides users with a range of features such as organizati on structure managements, project-based resource access control, ticket management, and independent zone management. • User-friendly: Tenant Management allows you to manage the operation permissions of different roles in a multi-level organizational structure, making the organizational management more flexible and user-friendly. • Cost-effective: Each organization has different kinds of departments. In a traditional IT company, resources are allocated to these departments based on their actual needs, and permissions are assigned as needed as well. Against the backdrop of cloud migration, the management over the departments is achieved on the cloud to minimize the management costs. Scenarios Each organization has its own administrative departments. In a traditional IT company, resources are allocated to administrative departments based on their actual needs, and permissions are assigned as needed as well. After companies migrate their business to the cloud, they expect to enjoy the same experience in resources allocation and permissions assignment on the cloud, which is compatible with the management by administrative departments. The Tenant Management of ZStack Cloud provides users with a range of features such as organization structure managements, project-based resource access control, ticket management, and independent zone management. Through the division of the organizational structure, it provides the same management as the administrative department and minimizes the management costs. 2.2.3.1.1 Organization Tenant Management provides an organization management feature for enterprise users, where an organizational structure tree is displayed in cascade and you can directly get a complete picture Issue: V5.1.8 127Technical Whitepaper / 2 Product Profiles of the enterprise organization structure. Enterprise Management mainly includes the following concepts: The concepts of an organization is shown in Associated Concepts of Organization. Figure 2-39: Associated Concepts of Organization 2.2.3.1.2 User A user is a natural person that constructs the most basic unit in Tenant Management. Users in ZStack Cloud can be divided into different types based on where the user is created and whether the user joined a project. • User type based on where the user is created: 128 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles ▬ Local user: Users created in the Cloud. You can add a local user to an organization or project, or attach a role to a local user. ▬ 3rd-party user: Users synchronized to the Cloud through 3rd-party authentication. You can add a 3rd-party user to an organization or project, attach a role to a 3rd-party user, or change a 3rd-party user to local user. Note: • To log in to the Cloud, tenant management users need to use the project login entry. ▬ Local users log in to the Cloud via the Local User entry. ▬ AD/LDAP users log in to the Cloud via the AD/LDAP User entry. ▬ OIDC/OAuth2/CAS users log in to the Cloud from the 3rd-party application without the password. • The admin and platform administrator can view the list of all users. • If you created an organizational structure tree in the Cloud, platform members can view only the list of users belonging to the organizational structure. If you did not create any organizational structure tree, platform members can view all users. • User type based on whether the user joined a project: ▬ Platform member: A user that is not added to a project yet, including platform manager and the regular platform member. ▬ Project member: A user that has joined a project, including project admin, project manager, and regular project member. 2.2.3.1.3 Role A role is a collection of permissions used for entitling users to manage resources by calling associated APIs. A role has two types, including system role and custom • Platform role: After a user has a platform role attached, the user will have the management permission of the corresponding zone. Permissions of a platform role take effect only in the zone managed by the user. • Project role: After a user and its member group join a project and have a project role attached, the user will have the permission to use the project and manage the data in the project. Note: Issue: V5.1.8 129Technical Whitepaper / 2 Product Profiles • One user can have two types of roles attached. • One user can have more than one platform role or project role attached. • In a project, if a user and its member group have multiple project roles attached, the user and its member group will share all the permissions of the user and the member group. The same user supports binding two role types at the same time. The same user supports binding multiple platform roles or project roles. In a project, if a user and member group are bound to multiple project roles, the permissions they have are the full set of all project roles. 2.2.3.1.4 3rd Party Authentication 3rd-Party Authentication is a third-party authentication service provided by ZStack Cloud. With this service, ZStack Cloud can seamlessly connect the third-party login authentication system and the corresponding account system can directly log in to the Cloud to conveniently use cloud resources. Currently, you can add an AD/LDAP server. • AD authentication: Active Directory (AD) is a directory service designed for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. AD provides an independent, standard login authentication system for increasingly diverse enterprise office applications. AD users or organizations can be synchronized to the user list or organization of ZStack Cloud via an AD server, while specified AD login attributes can be used to directly log in to ZStack Cloud. • LDAP authentication: Lightweight Directory Access Protocol (LDAP) can provide a standard directory service that offers an independent, standard login authentication system for increasingly diverse enterprise office applications. LDAP users can be synchronized to the user list of ZStack Cloud via an LDAP server, while specified LDAP login attributes can be used to directly log in to ZStack Cloud. • OIDC authentication: OpenID Connect (OIDC) is a set of authentication protocols based on the OAuth2 protocol, and it allows the clients to verify the user identity and obtain basic user configuration information. 130 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles The user information can be synchronized to the Cloud according to the mapping rules via an OIDC server, and users of the OIDC authentication system can log in to the Cloud without the password. • OAuth2 authentication: Open Authorization 2.0 (OAuth2) is a set of authorization protocol standards that can authenticate and authorize users to access related resources. The Cloud currently only supports authorization through the authorization code. The user information can be synchronized to the Cloud according to the mapping rules via an OAuth2 server, and users of the OAuth2 authentication system can log in to the Cloud without the password. • CAS authentication: Central Authentication Service (CAS) is a set of single sign-on protocols that allow website applications to authenticate users. The user information can be synchronized to the Cloud according to the mapping rules via a CAS server, and users of the CAS authentication system can log in to the Cloud without the password. 2.2.3.1.5 Project Management Tenant Management provides the project management feature for enterprise users. Project management allows you to schedule resources based on projects. Specifically, you can create an independent resource pool for a specific project. This way, you can better manage the project lifecycle (including determining time, quotas, and permissions) to improve cloud resource utilizations at granular, automatic level and strengthen mutual collaborations between project members. Concepts of the project management is shown in Associated Concepts of Project Management. Issue: V5.1.8 131Technical Whitepaper / 2 Product Profiles Figure 2-40: Concepts of Project Management 2.2.3.1.6 Ticket Management The Tenant Management provides the ticket management feature for enterprise users. To better provide basic resources efficiently for each project, project members (project admins, project managers, or regular project members) can apply for tickets to obtain cloud resources. Tickets are reviewed and approved according to custom ticket review processes of each project. Finally, admins, project admins, or department managers approve the tickets. Currently, five types of ticket are available: apply for VM instances, delete VM instances, modify VM configurations, modify project cycles, and modify project quotas. The major workflow is shown in Major Workflow of Ticket Management. 132 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles Figure 2-41: Major Workflow of Ticket Management 2.2.3.2 Billing Management 2.2.3.2.1 Bills A bill is the expense of resources totaled at a specified time period. Billing is accurate to the second. Bills can be categorized into project bills, department bills, and account bills. 2.2.3.2.2 Pricing List ZStack Cloud provides a quasi-public cloud billing experience. You can customize the unit price for different resources by using a pricing list and obtain related bills after you associate the pricing list with a project or an account. Currently, the following resources in the Cloud can be billed: CPU, memory, root volume, data volume, GPU device, elastic baremetal instances, and public IP (VM IP), and public IP (VIP). 2.2.3.3 Access Control 2.2.3.3.1 Console Proxy Console proxy allows you to log in to a VM instance by using the IP address of a proxy. You can view the information about the proxy used to launch your VM console. • The console proxy address only needs to be modified on the management node. • The address of default proxy is the IP address of the management node. • You can launch the VM console properly only when the state and status is Enabled and Connected, respectively. 2.2.3.3.2 Access Key An AccessKey pair is a security credential that one party authorizes another party to call API operations and access its resources in the Cloud. AccessKey pairs shall be kept confidential. Issue: V5.1.8 133Technical Whitepaper / 2 Product Profiles ZStack Cloud provides two types of AccessKey: local AccessKey and third-party AccessKey. • Local AccessKey: A local AccessKey pair consists of an AccessKey ID and AccessKey secret. It is a security credential that the Cloud authorizes a third-party user to call API operations and access its cloud resources. AccessKey pairs shall be kept confidential. An AccessKey pair has the full permissions of its creator. • Third-party AccessKey: A third-party AccessKey pair consists of an AccessKey ID and AccessKey secret. It is a security credential that a third-party user authorizes the Cloud to call API operations and access its cloud resources. AccessKey pairs shall be kept confidential. Note: • AccessKey is a key factor for the Cloud to perform security authentication on API requests. We recommend that you keep your AccessKey confidential to maintain securities. • If your AccessKey is at risk of leakage, we recommend that you delete it in time and create a new one. 2.2.3.4 Application Center Application Center allows you to add third-party applications to the Cloud and then access the applications by using the Cloud. It extends the functionality of the Cloud. 2.2.4 Settings 2.2.4.1 Sub-Account Management A sub-account can be created by the admin or synced from an SSO authentication system and is managed by the admin. Resources created under a sub-account are managed by the sub- account. You can use a sub-account to create and manage resources under its management and implement fine-grained control over the permissions on resources. Concepts • admin: The admin has super privileges over resources and shall be owned by the IT system administrator. 134 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles ▬ The admin can share instance offerings, disk offerings, networks, images, and other cloud resources with sub-accounts or revoke the resources from sub-accounts. Sub-accounts can only manage resources to which they are granted access. ▬ The admin can modify resource quotas granted to a sub-account based on different business scenarios. ▬ After the admin created a VXLAN pool, sub-accounts can create VXLAN networks based on the VXLAN pool. ▬ Changing the owner of a VM instance will change the owner properties of the EIPs associated with the VM instance. • Sub-account: ▬ Sub-accounts can be categorized into local sub-accounts and SSO sub-accounts: ■ A local sub-account is created by the admin. An SSO sub-account is synced from an SSO authentication server. ■ SSO authentication: The SSO authentication service, powered by the Cloud, supports seamless access to SSO authentication systems. Through the service, related users can directly login to the Cloud and manage cloud resources. Currently, OIDC servers can be added. ■ OIDC server: An SSO authentication server that applies the OIDC protocol. It authenticates and authorizes SSO users to log into the Cloud without password and syncs user information to the Cloud based on the mapping rule. ■ A sub-account has management permissions on VM instances, images, volumes, and security groups created under the sub-account. A sub-account can perform read operations on resources shared by the admin, but cannot delete the resources. ■ Deleting a sub-account will delete all resources created by the sub-account, such as VM instances, volumes, and images. ■ The names of sub-accounts must be unique. ■ Resource quotas that the admin shares with a sub-account is displayed on the homepage of the sub-account. ■ Before a sub-account can create a VM instance, the admin must share an instance offering, disk offering, network, and other required resources with the sub-account. Otherwise, a VM instance cannot be created. Issue: V5.1.8 135Technical Whitepaper / 2 Product Profiles ■ A sub-account can use an image that it adds to the Cloud or use an image shared by the admin. • Quota: Resource quotas that the admin shares with a sub-account specify the maximum resources that the sub-account can manage, including computing resource quotas, storage resource quotas, network resource quotas, and other resource quotas. The admin uses the preceding resource quota settings to manage the maximum resources granted to sub-accounts. If a resource is deleted but not expunged, the resource still occupies storage space of primary storage and volumes. SSO Rename Starting form ZStack Cloud 5.1.8, Third-party authentication is renamed to Single Sign-On (SSO). The following table describes some of the common term changes that have been updated throughout this guide as a result of the rename. Legacy Term Current Term Third-Party Authentication Single Sign On or SSO Third-Party Authentication Server SSO Server Third-Party Authentication System SSO System or SSO Authentication System Third-Party User SSO User Third-Party Sub-Account SSO Sub-Account Third-Party Attribute SSO Attribute 2.2.4.2 Email Server If you select Email as the endpoint of an alarm, you need to set an email server. Then alarm messages are sent to the email server. 2.2.4.3 Log Server A log server is used to collect logs of the management node. You can add a log server to the cloud and use the collected logs to locate errors and exceptions. This makes your O&M more efficient. 136 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles 2.2.4.4 IP Allowlist/Blocklist An IP blocklist or allowlist identifies and filters IP addresses that access the Cloud. You can create an IP allowlist or blocklist to improve access control of the Cloud. Note: If the login requests are forwarded to the Cloud through a load balancer, correctly configure an X-Forwarded-For parameter for the load balancer. Without this parameter, the Cloud is unable to identify the actual client IP and fails to execute the access control accurately according to the allowlist/blocklist. 2.2.4.5 HA Policy HA Policy is a mechanism that ensures sustained and stable running of the business if VM instances are unexpectedly stopped or are errored because of errors occurring to compute, network, or storage resources associated with the VM instances. By enabling this feature, you can customize VM HA policies to ensure your business continuity and stability. Concepts The HA Policy feature involves the following key concepts: • HA mode: Specifies whether to enable auto restart if VM instances are unexpectedly stopped or are errored because of errors occurring to compute, network, or storage resources associated with the VM instances. None and NeverStop are supported: ▬ None: VM instances are not auto restarted no matter it is planned to be stopped or unexpectedly stopped. ▬ NeverStop: ■ Unexpectedly stopped VM instances are auto restarted on another host depending on the failover strategy you configure for them. ■ VM instances do not restart automatically after they are stopped manually or through scheduled jobs. • VM Failover Strategy: Specifies whether to migrate a VM instance to another host if errors occur to the compute resource, storage resource, or network resource associated with the VM instance. The VM failover mechanism inspects the following resource status: • Management Network Connectivity Status: Issue: V5.1.8 137Technical Whitepaper / 2 Product Profiles ▬ Management network connectivity status indicates the status of the network that connects the management node and the host where VM instances reside. ▬ This status may turn Abnormal if errors occur to the management node or to the management network. • Storage Network Connectivity Status: ▬ Detects the connectivity status of the network that VM instances use to access the primary storage where the root volumes of these VM instances reside. ▬ This status may turn Abnormal if errors occur to the primary storage or to the storage network. • Business NIC Status: ▬ Business NIC status may turn Abnormal if errors occur to the host business NIC or the switch port directly connecting to the host business NIC that is associated with the L2 network of VM instances. Based on the resource status inspection, the Cloud allows you to configure failover strategies for 4 fault scenarios: Fault Scenario Management Storage Business Fail Over Network Network NIC Status Connectivi Connectivi ty Status ty Status Scenario A: Normal Normal Abnormal Enable/Disable Business NIC Fault Scenario B: Normal Abnormal Normal Enable/Disable Storage Network Fault Scenarios C: Normal Abnormal Abnormal Set as false if both the Storage Network scenario A and B have the and Business NIC failover policy set as false Fault . Set as true if either of the scenario A or B has the failover policy set as true. Scenario D: Abnormal Normal Normal Disable. The failover cannot Management be enabled in this scenario. Network Fault 138 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles Note: The failover policies take effect on VM instances whose HA modes are set as NeverStop only. Fundamentals ZStack Cloud HA Policy has the following mechanisms： • The Cloud polls the running status of VM instances. If a VM instance is unexpectedly stopped, its HA mode is checked. If the HA mode of the VM instance is NeverStop, then the VM instance is restarted on the current host or another host. Figure 2-42: VM HA Started After Unexpectedly Stopped • The Cloud polls the status of the hosts where VM instances reside. Either of the management network connectivity status, storage network connectivity status, and business NIC status of the host turns abnormal, the corresponding VM failover strategy and VM HA mode are Issue: V5.1.8 139Technical Whitepaper / 2 Product Profiles checked. If the corresponding failover strategy is Yes and VM HA mode is NeverStop, then related VM instances are migrated to another host. Figure 2-43: VM HA Started After Host Business NIC Turns Down Characteristics HA Policy has the following characteristics: • Comprehensive & Powerful: Covers all mainstream HA scenarios, including various failures, and ensures the stability and continuity of your business. • Flexible & Visualized: Provides a simple table that allows you to configure VM failover strategies with one click. This table functions together with the HA Mode that can be configured on all and individual VM instances, thus greatly improving the flexibility of your business HA configuration. Scenarios The following describes the scenarios of the HA Policy feature. • Host Business NIC Turns Down: 140 Issue: V5.1.8Technical Whitepaper / 2 Product Profiles If a host business NIC turns down, to ensure high availability of business, all VM instances associated with this NIC are expected to migrate to other hosts. • For example, your business VM instances are running MySQL database service which is required to achieve high availability. In this case, you can set the HA mode of these VM instances to NeverStop and turn on the switch corresponding to Abnormal Business NIC Status. Then as long as host resources are sufficient, in case that a host business NIC associated with these VM instances turns down, these VM instances will be auto started on other hosts. • VM Unexpectedly Stops: If a VM instance is unexpectedly stopped, it is expected to auto HA start. • For example, your VM instances are running important business applications. To ensure business auto-recovery in case of VM stops due to reasons such as host powered-offs or business overloads, you can set the HA mode of these VM instances to NeverStop. Then if these VM instances are stopped, they are auto started. Issue: V5.1.8 141Technical Whitepaper / 3 Product Features 3 Product Features Licensing in ZStack Cloud is supplied in different functionality packages as Base and Plus. This topic describes features covered in the Enterprise Prepaid base license and add-on features provided in plus licenses. For more information about the licensing details, see License Management. For differences about features provided in different editions, contact our official sales. Features in Enterprise Prepaid Type Features Description Displays multi-dimensional data statistics on cards and allows you to customize your own dashboard by adding and Custom Dashboard dragging cards. Provides a default dashboard for users with different roles. Displays the platform resources in real time by using monitors with various themes. Allows you to switch between the KVM monitor and the Monitor Dashboard vCenter monitor as needed. Allows you to switch between zones. You can have the real- time monitoring on all zones or a specific zone. Allows you to view the details of API requests that are called by using various methods, including POST, DELETE, PUT, GET, and GET-ZQL, after you perform operations on the API Inspector UI. ZStack Cloud supports a browser-based interface using HTML5 or later version for managing and monitoring of server resources. Bulk Action Allows you to manage VM instances in bulk. Allows you to create VM instances through different entries. Create VM Instance Allows you to specify the root volume capacity and batch attach data volumes via VM creation. VM Instance Allows you to import a VM instance on a third-party platform Import VM Instance by using the OVF template and customize the configurations of the VM instance. Provides two VM display methods: List View and Directory View VM Instance View. 142 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to set a default view for the VM instance page in Global setting or switch view for the current page. Allows you to manage the lifecycle of VM instances, such as Manage VM Instance creating, importing, stopping, booting, rebooting, powering off , recovering, pausing, exporting, and deleting VM instances. Allows you to access VM instances through terminals without using remote tools. Supports three types of console mode: SPICE, VNC, and SPICE+VNC. The SPICE protocol supports SSL encrypted channel to further ensure desktop security. VM Console Allows you to paste texts into VNC consoles. Allows you to manage VM power status in VNC consoles, including stopping, rebooting, resuming, pausing, forcing stopping, and powering off VM instances. Allows you to set the console password, set the console password by force in the Global Setting, and configure the password strategy such as the password complexity and password length in the Global Setting. Copies data in the root volumes of the VM instance only. Allows you to clone running, paused, and stopped VM instances on LocalStorage, NFS, SMP, Ceph, and SharedBlock primary storage. Supports ImageStore and Ceph backup storage. Clone VM Instance Allows you to choose clone method as needed, including full without Data Volumes clone, instant full clone, and linked clone. Allows you to set a storage allocation policy, including system allocation and manual allocation. Allows you to configure network settings, including enable or disable NICs, assign IP, assign MAC address, and select security group. Clone VM Instance Copies data in the root volumes as well as data volumes of a with Data Volumes VM instance. Issue: V5.1.8 143Technical Whitepaper / 3 Product Features Type Features Description Allows you to clone running, paused, and stopped VM instances on LocalStorage, NFS, SMP, Ceph, and SharedBlock primary storage. Supports ImageStore and Ceph backup storage. Does not clone shared volumes (if any) with VM instances. Allows you to choose clone method as needed, including full clone, instant full clone, and linked clone. Allows you to set a storage allocation policy, including system allocation and manual allocation. Allows you to configure network settings, including enable or disable NICs, assign IP, assign MAC address, and select security group. Allows you to merge snapshots of a VM instance into one flat snapshot to improve resource performance and data security . Flatten Allows you to unlink the dependency between linked clone VM instances and source VM instances by flattening to achieve data independence. Allows you to customize tags for VM instances so that you Custom Tag can locate them quickly. Allows you to create groups to categorize and manage VM instances. You can create up to 4-level groups with the root directory as the first-level group. Change Group Allows you to manage the lifecycle of a group, such as creating and deleting a group. Allows you to specify a group for a VM instance or change the group it belongs to. Allows you to migrate a VM instance from a host to another without changing the primary storage. Supports hot migration and cold migration. Change Host Hot migration: Migrates a VM instance in the running state. Hot migration applies to all types of the primary storage. Allows you to hot migrate a VM instance with a vDPA NIC attached if the VM instance is on a LocalStorage or shared primary storage.Re 144 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description If the migration is blocked because the VM instance has high I/O operations for a long time, you can enable auto converge to ensure a smooth migration. Cold migration: Migrates a VM instance in the stopped state. Cold migration applies to LocalStorage primary storage only. Allows you to cold migrate a VM instance with a vDPA NIC attached if the VM instance is on a LocalStorage primary storage. Allows you to cold or hot migrate a VM instance based on the workloads of the destination host. Allows you to hot migrate a VM instance with a VF NIC attached. Allows you to migrate a VM instance from a primary storage to another without changing the host. Allows you to migrates valid data, and the migrated VM instance follows the provisioning type of the target primary storage. Supports hot migration and cold migration across SharedBloc k primary storage. Supports hot migration across SharedBlock and Ceph primary storage. Hot migration: Migrates a VM instance in the running state. Change Primary Snapshots of the VM instance to be migrated will not be Storage saved after the hot migration across SharedBlock primary storage or across SharedBlock and Ceph primary storage. If you hot migrate a VM instance from a SharedBlock primary storage to a Ceph primary storage, you can specify a root volume pool or data volume pool for the volumes to be migrated. Allows you to hot migrate a VM instance with a VF NIC attached. Cold migration: Migrates a VM instance in the stopped state. Allows you to hot or cold migrate a VM instance with all attached volumes (excluding shared volumes). Issue: V5.1.8 145Technical Whitepaper / 3 Product Features Type Features Description Allows you to migrate a VM instance from a host and primary storage to another host and primary storage. Supports hot migration and cold migration. Hot migration: Migrates a VM instance in the running state. Supports hot migration across the same type of primary storage, including Ceph↔Ceph, NFS↔NFS, and SharedBloc k↔SharedBlock. Snapshots of the VM instances to be migrated will not be saved after the hot migration across the same type of primary storage. If you hot migrate a VM instance across Ceph primary storage, you can specify a root volume pool or data volume pool for the volumes to be migrated. Allows you to hot migrate a VM instance across different types of primary storage, including Ceph↔SharedBloc k, LocalStorage↔SharedBlock, LocalStorage↔Ceph, LocalStorage↔NFS, SharedBlock↔NFS, and Ceph↔NFS. Change Host and Snapshots of the VM instances to be migrated will not be Primary Storage saved after the hot migration across different types of primary storage. If you hot migrate a VM instance from a SharedBlock, LocalStorage, or an NFS primary storage to a Ceph primary storage, you can specify a root volume pool or data volume pool for the volumes to be migrated. Supports hot migration across Ceph pools within the same Ceph primary storage and allows you to migrate only root volume or migrate data volumes with VM instances. Allows you to enable or disable auto-convergence policy during storage migration. Allows you to manually specify destination hosts. Allows you to hot migrate a VM instance with a VF NIC attached. Cold migration: Migrates a VM instance in the stopped state. Allows you to cold migrate a VM instance across the same type of primary storage, including Ceph↔Ceph and NFS↔ NFS. 146 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to cold migrate a VM instance across the same type of primary storage without data volumes. If you cold migrate a VM instance across Ceph primary storage, you can specify a root volume pool for the volumes to be migrated. Supports cold migration of VM instances (with data volumes) across Ceph pools within the same Ceph primary storage. Allows you to clean up raw data after migration to release more space after you confirm the data integrity. Modify Instance Allows you to modify the instance offering (CPU and memory Offering ) of a running or stopped VM instance. Allows you to set the GPU specification for a stopped VM Set GPU Specification instance. You can attach, modify, and detach a physical GPU specification or virtual GPU specification as needed. Allows you to expand the root volume of a running or stopped Resize Root Volume VM instance. The new size takes effect immediately. Allows you to expand the data volume of a running or Resize Data Volume stopped VM instance. The new size takes effect immediately. Allows you to change the owner of a running or stopped VM Change Owner instance. Allows you to change the operating system of a stopped VM Change System instance. Allows you to restore a VM instance to the initial state of the Reimage VM Instance VM image. All the data in the root volume will be overwritten. Allows you to set the boot order for a VM instance. Set Boot Order Supports three boot types: boot from hard disk, boot from CD ROM, and boot from network. Boot from Host Allows you to specify a host on which a VM instance boots. Allows you to set VM high availability (HA) so that the VM instance can reboot automatically in case of unexpected shutdown because of the VM errors or faults of compute, VM High Availability storage, or network that the VM instance is residing on. You can view the reboot progress on the UI. You can set Default HA Mode When Creating VM instance in Platform Setting > HA Policy > Advanced Setting to set the HA mode used for a newly created VM instance by default. You can change the Issue: V5.1.8 147Technical Whitepaper / 3 Product Features Type Features Description HA mode for a VM instance individually during or after the creation. After the change, the default value does not take effect on this VM instance. Allows you to set whether the base time of a VM instance is Time Synchronization the same as that of the host. Allows you to attach/detach SSH keys to/from VM instances SSH Key Attachment/ with the Linux or BSD operating system. Detachment Allows you to create or delete an SSH key. Allows you to change the password of a Windows or Linux Change VM Password running VM instance. Allows you to set the hostname when you create a VM Set Hostname instance. Allows you to set resource priority (Normal and High). When resource contention occurs, VM instances with High Resource Priority resource priority can compete for more resources than those with Normal resource priority. Allows you to set the cross-cluster high availability policy for a VM instance. If the policy is enabled, the VM instance can be automatically migrated across clusters. If disabled, the VM instance can only operate in the cluster where the VM instance resides when this policy takes effect. Currently, this policy applies to host migration scenarios such Cross-Cluster High as starting up a VM instance on another host to achieve HA Availability or migrating a VM instance to another host if the source host enters the maintenance mode. This policy takes effect only for VM auto-migrations. Other actions, such as manual hot migration, VM startups on specified hosts, and Dynamic Resource Scheduling (DRS) policy-based migrations are not affected. Allows you to redirect a USB device from a VDI client to a USB Redirection VDI VM instance. Allows you to schedule snapshot creation at specified time points to record the state of the root volume, data VM Snapshot volume, or memory of an instance before you perform a business-sensitive operation. This allows rollback in case of breakdowns. 148 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Supports two snapshot types: Single snapshot and snapshot group. The snapshot group allows you to restore a group of VM instances in bulk. Allows you to create snapshots for VM instances that are in the running state. Allows you to create snapshots for VM instances that are in the stopped state. Supports VM auto boot after restoring from snapshots. Allows you to delete VM snapshots in bulk. Allows you to create a VM instance from a single snapshot or create a VM instance with data volumes from a snapshot group. Allows you to create a backup for a running VM instance. Allows you to create either an incremental backup or a full backup for a VM instance. VM Backup Allows you to create a backup for a VM instance with its volumes (excluding shared volumes) when the VM instance is in the running state. This feature is provided by the Backup Service module. Allows you to create a template image based on a VM instance so that you can create VM instances in bulk in a custom way. VM Image Allows you to create a VM image when the VM instance is in the running or stopped state. Supported backup storage: ImageStore and Ceph. Creates VM instances based on an ISO disk which guides ISO-based the VM system installation. Deployment Supports multiple ISOs per VM instance, improving the business deployment efficiency. Template-based Creates VM instances based on a system template. Deployment Add/Remove VM Allows you add a running or stopped VM instance to or Scheduling Group remove a VM instance from a VM scheduling group so as to associate with/disassociate from related VM scheduling Issue: V5.1.8 149Technical Whitepaper / 3 Product Features Type Features Description policies. This way, you can manage the distribution of VM on hosts and ensure high performance and high availability. Allows you to attach/detach a data volume to/from a running Attach/Detach Volume or stopped VM instance. Allows you to optimize drive models and identify a volume by its SCSI WWN. Allows VM instances in Ceph or SharedBlock primary storage Shared Volume to share the same data volume. Allows you to create an image for root volumes or data volumes attached to a VM instance when the VM instance is in the running or stopped state. Create Volume Image Before you can create an image for shared volumes on a SharedBlock primary storage, stop all the VM instances attached by the shared volume first. Allows you to set QoS for root volumes and data volumes Set Volume QoS attached by a VM instance when the VM instance is in the running or stopped state. Enable/Disable NIC Allows you to enable or disable NICs of the vNIC type. Allows you to attach/detach a NIC to/from a running or Attach/Detach NIC stopped VM instance. You can set a default NIC. Allows you to set the NIC type when the VM instance is in the stopped state. Set NIC Type Allows you to change the NIC type from a VF NIC to a vNIC only. Allows you to set the NIC model for a running or stopped VM instance. Supported VM NIC models: virtio, rtl8139, and Set NIC Model e1000. This operation applies to Linux and Paravirtualization operating systems only. Allows you to change the L3 network for a VM NIC without Change L3 Network affecting the hardware information such as the MAC address for VM NIC and PCI address of the NIC. Allows you to set the network QoS for a running or stopped Set Network QoS VM instance. Allows you to update NIC configurations according to the Sync NIC Configurat NIC parameters you set on the Cloud, including IP address, ions netmask, gateway, DNS, and MTU. 150 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to read a NIC IP address configured in the VM Read NIC IP instance and make it displayed on and managed by the Configured in the VM Cloud. Make sure that the NIC is belong to an L3 network Instance disabled with IP address management and does not have an IP address assigned on the Cloud. Allows you to customize a MAC address when you create a Customize MAC VM instance. Address Allows you to change the MAC address when the VM instance is in the stopped state. Allows you to customize an IP address when you create a VM instance. Customize IP Address Allows you to change the IP address when the VM instance is in the stopped or running state. Allows you to attach an EIP to or detach an EIP from a VM Attach/Detach EIP NIC. Allows you to enable multi-gateway by running zstack-ctl. VM Multi-Gateway If enabled, each VM NIC has an independent gateway. Allows you to create/delete a vDrive for a stopped VM Create/Delete vDrive instance. You can attach/detach an ISO to/from a drive. Allows you to attach/detach a LUN to/from a running or stopped VM instance. Allows you to attach/detach a physical GPU device to/from a running or stopped VM instance. Attach/Detach Allows you to attach/detach a virtual GPU device to/from a Peripheral Device running or stopped VM instance. Allows you to attach/detach a USB device to/from a running or stopped VM instance. Allows you to attach/detach other peripheral devices, such as Moxa cards, to/from a running or stopped VM instance. Allows you to set the CPU model for a VM instance through three entries: Global Setting, Cluster Setting, and VM Setting CPU Model . The setting takes effect with the following priority: Global Setting < Cluster Setting < VM Setting. Assigns the virtual CPUs (vCPUs) of a VM instance to CPU Pinning specific host pCPUs, which improves VM performance. Issue: V5.1.8 151Technical Whitepaper / 3 Product Features Type Features Description Allows you to configure vNUMA for a VM instance to generate a topology of virtual NUMA nodes for the VM vNUMA Configuration instance. This topology enables a vCPU on a vNUMA node to primarily access the local memory and thus improves VM performance. Allows you to configure EmulatorPin for a VM instance so EmulatorPin that all other threads than virtual CPU (vCPU) threads and Configuration IO threads of a VM instance are assigned to physical CPUs ( pCPUs) of the host. Allows you to install performance optimization tools ( GuestTools) for the Qemu Guest Agent installation and internal monitoring of Linux VM instances. VM Performance Allows you to install performance optimization tools ( Optimization GuestTools) for Windows and Windows Virtio VM instances for Qemu Guest Agent installation and internal monitoring. You can install the Virtio driver with one click to improve the disk and NIC performances. Allows you to import user data when you create a VM instance. You can upload user-defined parameters or Import User Data scripts to customize configurations for VM instances or to accomplish specific tasks. Inherits the BIOS mode from the image you selected when you create a VM instance. The BIOS mode includes Legacy and UEFI. BIOS Mode Inherits the BIOS mode of the original VM instance when you create a VM image or clone a VM instance. Allows you to change the BIOS mode when the VM instance is in the running or stopped state. After RDP is enabled, you can launch the VM console in RDP VM RDP mode by default in VDI scenarios. Provides IP/MAC anti-spoofing and ARP anti-spoofing. If enabled, VM instances can only communicate with outside Anti-Spoofing Mode networks using the IP/MAC addresses allocated by the Cloud . External monitoring: Collects the VM data such as CPU, VM Monitoring memory, disk I/O, NIC data from hosts by using libvirt. 152 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Internal monitoring: Collects the VM data such as CPU, memory, and disk size data from VM instances by using an agent. An agent is required for internal monitoring. Allows you to enable Instance Offering Online Modification for a single VM instance so that you can online modify the instance offering (CPU and memory) for the VM instance. Allows you to enable Hyper-V for a Windows VM instance. Allows you to disable the hypervisor for a VM instance, to make certain applications skip their virtualization detection on this VM instance. Allows you to disable hypervclock for a Windows VM instance. Allows you to set the number of queues when VirtIO NIC traffics are allocated to multiple CPUs, which improves the Advanced Settings NIC performance. Allows you to enable Memory Balloon for a VM instance. It monitors in real time the memory usage of VM instances and the host. Its dynamic reclaim and allocation mechanism makes sure the efficient use of host memory Allows you to specify the reserve size of memory after you enable Memory Balloon. Allows you to enable Kernel-Same Page Merging for a VM instance. It detects VM memory pages mapped to physical memory pages with identical content and remaps these VM memory pages to the same physical memory page, allowing multiple VM instances share host memory resources and reducing resource wastes. Audits all of the actions performed on VM instances, which Audit effectively ensures the security of the Cloud environment. Allows you to customize the items to be displayed on a VM Custom Column list. Allows you to export the VM information as a CSV table, Export CSV File which helps in statistical analysis and problem diagnosis. Provides three deletion policies to lower risks caused by Resource Deletion misoperations. The policies include Direct, Delay (default), Policy and Never. Issue: V5.1.8 153Technical Whitepaper / 3 Product Features Type Features Description Displays warnings of the consequences on the UI and asks for confirmation before the deletion is completed. Bulk Action Allows you to manage volumes in bulk. Create Volume Provides multiple strategies to create volumes. Allows you to manage the lifecycle of volumes, such as Manage Volume creating, enabling, disabling, and deleting volumes. Attach/Detach Allows you to attach/detach a volume to/from an instance. Instance Allows you to migrate a volume to another host. This action applies to local primary storage only. Change Host Allows you to migrate a volume based on the workloads of the destination host. Allows you to migrate a volume to another primary storage. Allows you to migrate valid data, and the migrated volume follows the provisioning type of the target primary storage. Supports volume migration across the same type of primary Volume storage, including Ceph↔Ceph, NFS↔NFS, and SharedBloc k↔SharedBlock. Allows you to migrate volumes not attached to any instances Change Primary between Ceph↔Ceph, NFS↔NFS, and SharedBlock↔ Storage SharedBlock. Allows you to migrate volumes attached to a VM instance in the stopped state across SharedBlock primary storage. Supports volume migration across Ceph pools within the same Ceph primary storage. Allows you to clean up raw data after migration to release more space after you confirm the data integrity. Change Owner Allows you to change the owner of a volume. Allows you to expand a volume that is not attached to any instance. Resize Volume Allows you to expand the volume of a running or stopped instance. 154 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description In Ceph primary storage, allows you to expand a shared volume that is not attached to any instance or is attached to a stopped instance. Allows you to customize tags for volumes so that you can Custom Tag locate them quickly. Allows you to create a backup for a volume that is attached to a running instance. Volume Backup Allows you to create either an incremental backup or a full backup for a volume. This feature is provided by the Backup Service module. Allows you to create a template image based on a volume, and helps you to create volumes in bulk in a custom way. Allows you to create an image for a volume that is not attached to any instance. Allows you to create an image for a volume that is attached to a running or stopped instance. Volume Image In SharedBlock primary storage, allows you to create an image for a shared volume that is not attached to any instance or is attached to a stopped instance. In Ceph primary storage, allows you to create an image for a shared volume that is not attached to any instance or is attached to a running or stopped instance. Allows you to schedule snapshot creation at specified time points to record the state of a root volume or data volume before you perform a business-sensitive operation. This Volume Snapshot allows rollback in case of breakdowns. Allows you to restore a volume snapshot as needed. Allows you to delete volume snapshots in bulk. Set Volume QoS Allows you to set QoS for volumes. Allows you to merge snapshots of a volume into one flat snapshot to improve resource performance and data security. Flatten Allows you to unlink the dependency between linked clone volumes and source volumes by flattening to achieve data independence. Issue: V5.1.8 155Technical Whitepaper / 3 Product Features Type Features Description Allows you to create shared volumes in Ceph or SharedBlock Shared Volume primary storage. Audits all of the actions performed on volumes, which Audit effectively ensures the security of the Cloud environment. Allows you to export the volume information as a CSV table, which helps in statistical analysis and problem diagnosis. Allows you to specify volume information items to be Export CSV File contained in the CSV table. Allows you to export the information of the root volumes associated with selected data volumes simultaneously. Provides three deletion policies to lower risks caused by misoperations. The policies include Direct, Delay (default), Resource Deletion and Never. Policy Displays warnings of the consequences on the UI and asks for confirmation before the deletion is completed. Bulk Action Allows you to manage images in bulk. Allows you to add two types of images: system image (ISO/ Image) and volume image (Image). Allows you to set the CPU architecture of an image, including x86_64, aarch64, and mips64el. Creating VM instances, creating VM images, and cloning VM instances will inherit the CPU architecture of the original image. Allows you to set the image platform, such as Linux,Windows , and Other. Image Allows you to upload an image by using an URL or local Add Image browser. Allows you to view the image uploading speed and remaining time if you upload an image by using the local browser. Allows you to set the BIOS mode for an image, including Legacy and UEFI. Creating VM instances, creating VM images, and cloning VM instances will inherit the BIOS mode of the original image. Calculates the MD5 values of images uploaded to ImageStore for you to validate the image integrity after the uploading. 156 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of images, such as adding Manage Image , enabling, disabling, and deleting images. Allows you to migrate an image to another backup storage. Change Backup This action applies to Ceph backup storage only. Storage Allows you to clean up raw data after migration to release more space after you confirm the data integrity. Allows you to export an image from an ImageStore or Ceph backup storage. Export Image Provides the MD5 value of the downloaded image to check the image integrity. Allows you to synchronize images among different Sync Image ImageStore backup storage in the same management node. Allows you to set the sharing mode of an image, including Set Sharing Mode share globally, share to specified projects or accounts, and not share. Audits all of the actions performed on images, which Audit effectively ensures the security of the Cloud environment. Provides three deletion policies to lower risks caused by misoperations. The policies include Direct, Delay (default), Resource Deletion and Never. Policy Displays warnings of the consequences on the UI and asks for confirmation before the deletion is completed. Bulk Action Allows you to manage instance offerings in bulk. Allows you to select a host allocation policy, including host with minimum number of running VMs (default policy), host with minimum CPU utilization, host with minimum memory utilization, host with maximum number of running VMs, host where the VM is located last time, and random host allocation Instance Offering Create Instance to create VM instances. Offering When the host allocation strategy is host with minimum CPU utilization or host with minimum memory utilization, you can select the mandatory strategy mode or non-mandatory strategy mode (default mode). If the Cloud can obtain the host load information, it will create VM instances according to the host allocation strategy. If the Issue: V5.1.8 157Technical Whitepaper / 3 Product Features Type Features Description Cloud could not obtain the host load information, it will create VM instances according to the strategy mode. Allows you to set disk QoS and network QoS for an instance offering. Allows you to set advanced parameters through JSON to customize an instance offering. Manage Instance Allows you to manage the lifecycle of images, such as Offering creating, enabling, disabling, and deleting instance offerings. Allows you to set the sharing mode of an instance offering Set Sharing Mode , including share globally, share to specified projects or accounts, and not share. Audits all of the actions performed on instance offerings Audit , which effectively ensures the security of the Cloud environment. Bulk Action Allows you to manage disk offerings in bulk. Allows you to set the disk QoS for a disk offering. Create Disk Offering Allows you to set advanced parameters through JSON to customize a disk offering. Disk Allows you to manage the lifecycle of disk offerings, such as Manage Disk Offering Offering creating, enabling, disabling, and deleting disk offerings. Allows you to set the sharing mode of a disk offering, Set Sharing Mode including share globally, share to specified projects or accounts, and not share. Audits all of the actions performed on disk offerings, which Audit effectively ensures the security of the Cloud environment. Allows you to manage physical GPU specifications in bulk. Bulk Action vGPU specifications do not support bulk actions. Automatically detects available physical GPU specifications GPU Manage Physical GPU on the Cloud and lists them in the UI. Specificat Specification Allows you to enable or disable a physical GPU specification. ion Generates virtual GPU specifications from the detected Manage Virtual GPU physical GPU specifications and lists them in the UI. Specification Allows you to enable or disable a virtual GPU specification. 158 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to set ROM for physical GPU specifications for Set ROM physical GPU passthrough. Allows you to set the sharing mode of a GPU specification Set Sharing Mode , including share globally, share to specified projects or accounts, and not share. Audits all of the actions performed on GPU specificat Audit ions, which effectively ensures the security of the Cloud environment. Allows you to set a health check mechanism, including load balancer health check and VM health check to trigger elastic self-healing. Allows you to set the resource monitoring and alarm mechanism to trigger elastic scaling. The mechanism includes trigger metrics, scale-out policy, scale-in policy , and whether to enable alarm notification (if enabled, an endpoint is required). The trigger metrics include both Create Auto-Scaling external monitoring items (VM Memory Utilization Average, Group VM CPU Utilization Average) and internal monitoring items ( VM Memory Utilization Average, VM CPU Utilization Average ) of VM instances. Note that an agent is required for internal monitoring. Allows you to set a periodic policy (scale-out policy or scale Auto- -in policy) for an auto-scaling group. The scale-out/scale- Scaling in cycle can be accurate to minutes with a minimum cycle Group interval of 15 minutes. Allows you to manage the lifecycle of auto-scaling groups Manage Auto-Scaling , such as creating, enabling, disabling, and deleting auto- Group scaling groups. Allows you add an auto-scaling group to or remove an auto- scaling group from a VM scheduling group so as to associate Add/Remove VM with/disassociate from related VM scheduling policies. This Scheduling Group way, you can manage the distribution of VM instances in 他和 on hosts and ensure high performance and high availability. Changing image takes effect only on VM instances that are Change Image newly created or added to the group. The images of existing VM instances do not change. Allows you to view the scaling activities in an auto-scaling Scaling Records group. Issue: V5.1.8 159Technical Whitepaper / 3 Product Features Type Features Description Audits all of the actions performed on auto-scaling groups Audit , which effectively ensures the security of the Cloud environment. Allows you to schedule snapshot creation at specified time points to record the state of an instance before you perform a Create Snapshot business-sensitive operation. This allows rollback in case of breakdowns. Displays instances and snapshots on the snapshot management page with instances on the left and snapshots on the right. You can view the relationship between instances and snapshots dynamically. The instance panel on the left allows you to sort instances Snapshot Manage Snapshot according to their snapshot count or snapshot size. The snapshot panel on the right allows you to view the snapshots by list or by topology. Allows you to manage the lifecycle of snapshots, such as creating and deleting snapshots. Create Instance Allows you to create an instance from an instance snapshot. Revert Snapshot Allows you to restore an instance from an instance snapshot. Audits all of the actions performed on snapshots, which Audit effectively ensures the security of the Cloud environment. Allows you to create four types of VM scheduling policies: VM Exclusive from Each Other, VM Affinitive to Each Other, VMs Affinitive to Hosts, and VMs Exclusive from Hosts. The former two define the relationship between VM instances and Create VM Scheduling the latter two define the relationship between hosts and VM Policy instances. VM Every four of the VM scheduling policies can be executed Scheduling based on either of the following two mechanism: Hard and Policy Soft. Allows you to manage the lifecycle of VM scheduling policies Manage VM , such as creating, editing, enabling, disabling, and deleting Scheduling Policy scheduling policies. Associate/Disassocia Allows you to associate with/disassociate from one or more te VM Scheduling VM scheduling polices with a VM scheduling group. Group 160 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to associate/disassociate one or more VM Associate/Disassocia scheduling polices with/from a host scheduling group. te Host Scheduling You can associate/disassociate only VMs Affinitive to Hosts Group and VMs Exclusive from Hosts with/from a host scheduling group. Allows you to add one or more VM instances to or remove Manage VM one or more VM instances from a VM scheduling group. Scheduling Group Allows you to manage the lifecycle of VM scheduling groups, such as creating, editing, and deleting VM scheduling groups. Allows you to add one or more hosts to or remove one or more hosts from a VM scheduling group. Manage Host Scheduling Group Allows you to manage the lifecycle of host scheduling groups , such as creating, editing, and deleting host scheduling groups. Audits all of the actions performed on VM scheduling Audit polices, which effectively ensures the security of the Cloud environment. Allows you to generate SSH key pairs on the Cloud or import a generated SSH public key to the Cloud. Create SSH Key Supported encryption methods: ssh-rsa、ssh-dss、ecdsa- sha2-nistp256、ssh-ed25519、ssh-ecdsa. SSH Key Allows you to manage the lifecycle of SSH keys, such as Manage SSH Key creating, editing, and deleting SSH keys. Allows you to attach/detach SSH keys to VM instance. VM Attachment/ Detachment Allows you to attach one SSH key to one or more VM instance. In a data center, a zone corresponds to an equipment room . You can create one or more zones as needed, and create Create Zone clusters/network resources and primary storage to each zone . Zone Allows you to manage the lifecycle of zones, such as creating Manage Zone , enabling, disabling, and deleting zones. Allows you to manage the clusters, baremetal clusters/elastic Manage Associated baremetal clusters (licenses are required), primary storage, Resources backup storage, L2 networks and other resources in a zone. Issue: V5.1.8 161Technical Whitepaper / 3 Product Features Type Features Description Audits all of the actions performed on zones, which effectivel Audit y ensures the security of the cloud environment. Allows you to define cluster attributes (KVM and XDragon ) based on the hypervisor type of hosts. Hosts in a KVM cluster use the KVM virtualization technology, and hosts in a XDragon cluster use the X-Dragon architecture. Allows you to define cluster attributes based on the host CPU Create Cluster architecture, including x86_64, aarch64, and mips64el. Allows you to specify a VDI network and migration network for a cluster. Allows you to set the VM CPU model and host CPU model in a cluster as needed. Allows you to manage the lifecycle of clusters, such as Manage Cluster creating, enabling, disabling, and deleting clusters. Allows you to manage the VM instances, hosts, primary Manage Associated storage, iSCSI storage, NVMe storage, L2 networks, Resources peripheral devices, and other resources in a cluster. Allows you to set the CPU overcommit, memory overcommit, and host reserved memory for all VM instances in a cluster. Cluster Allows you to enable vNIC multi-queue upgrading for all VM instances in a cluster to improve the VM performance. Allows you to enable multi-queue driver support for all VM NICs in a cluster to allocate Virtio NIC traffic to multiple CPUs . Allows you to enable huge page for all hosts in a cluster, which effectively reduce the CPU performance loss of VM Advanced Settings instances. Allows you to enable Hyper-V simulation for all Windows VM instances in a cluster. Allows you to set the default graphics card type at the VM startup for all VM instances in a cluster. Allows you to enable KVM virtualization flag for all VM instances in a cluster. Allows you to enable Dynamic Resource Scheduling (DRS ) for clusters. This feature monitors the CPU or memory load of hosts on a cluster basis, and allows you to configure 162 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description manual or auto DRS strategy to balance cluster loads and improves O&M efficiencies. Manual DRS provides scheduling suggestions based on which you can schedule resources for load balancing. Auto DRS schedules resources based on the system scheduling algorithm without arousing your awareness. Allows you to enable Zero Copy for all hosts in a cluster. Enabling this feature will reduce the number of data copies between user space and kernel space, lower CPU usage, and improve vNIC performance. Audits all of the actions performed on clusters, which Audit effectively ensures the security of the cloud environment. Bulk Action Allows you to manage hosts in bulk. Allows you to add hosts manually or by importing a template. You can add up to 500 hosts at a time. Add Host Supports two hypervisor types: KVM and XDragon. KVM hosts use the KVM virtualization technology and XDragon hosts use the X-Dragon architecture. Allows you to manage the lifecycle of hosts, such as adding Manage Host , enabling, disabling, reconnecting, putting into maintenance mode, deleting, starting, shutting down, and restarting hosts. Allows you to customize tags for hosts so that you can locate Custom Tag them quickly. Host Allows you to change the SSH password of a host. The new Change Host SSH password takes effect after the host automatically reconnects Password . Allows you to modify the IPMI username and password of a Modify IPMI Info host. Allows you to enter the web terminal of a host and perform Enter Web Terminal operations on the host. Allows you to bind multiple physical NICs on the host. Add Bond Supports two bond modes: active-backup mode and LDAP mode. Manage Associated Allows you to manage the VM instances, VPC vRouters, and Resources other virtual resources on a host. Issue: V5.1.8 163Technical Whitepaper / 3 Product Features Type Features Description After you deploy SAN storage (iSCSI storage and FC storage ) on a host, you can manage the LUNs on the host and pass through them to VM instances. Allows you to manage the physical NICs detected on a host, generate VF NICs from these physical ones through SR-IOV , and pass through the VF NICs to VM instances. These VF NICs inherit the high performance of those physical ones. Allows you to manage the physical GPU devices detected on a host and pass through them with other peripheral devices (such as GPU graphics card and GPU sound cards) to VM instances. Allows you to generate virtual GPU devices from physical GPU devices (NVIDIA/AMD graphics cards) and attach these virtual GPU devices to VM instances. Allows you to manage the USB devices detected on a host and pass through them to VM instances. Allows you to manage the PCI devices detected on a host, edit the PCI allowlist, and pass through these PCI devices to VM instances. The PCI devices include Ali-NPU cards, IB cards in PCI mode, and FPGA cards. When the overall workload decreases, the Cloud is working on supporting the consolidation of workloads and the redistribution of VM instances among hosts in a cluster so that some hosts can be powered off to reduce power consumption. Intel EPT Hardware Allows you to enable Intel EPT hardware assist for Intel Assist CPUs to improve the CPU performance. Monitors and displays host metrics such as CPU, memory, disk read and write, disk size, and NIC throughput. Host Monitoring Monitors and displays the number and status of hardware devices on the host, such as CPU, memory, disk, RAID card , power supplu slot, fan, temperature sensor, physical GPU, and vGPU. Audits all of the actions performed on hosts, which effectively Audit ensures the security of the Cloud environment. Allows you to export the host information as a CSV table, Export CSV File which helps in statistical analysis and problem diagnosis. 164 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage GPU devices in bulk, such as enabling Bulk Action /disabling GPU devices. Allows you to view all physical GPUs and vGPUs in the current zone. View GPU Devices Provides a directory tree, allowing you to locate a GPU device quickly by the cluster or the node that the GPU resides on or the instance that the GPU is attached to. Allows you to manage the lifecycle of physical GPU devices, such as enabling/disabling physical GPU devices and editing the GPU name. Allows you to execute virtualization and virtualization restoration actions on physical GPU devices. Allows you to set the sharing mode of a physical GPU device Manage Physical GPU , including share globally, share to specified projects or Devices accounts, and not share. Allows you to passthrough physical GPUs to VM instances. GPU Monitors and displays physical GPU metrics such as Device GPU utilization, memory utilization, power consumption, temperature, fan speed, PCIe RX I/O (only of some NVIDIA GPU devices), and PCIe TX I/O (only of some NVIDIA GPU devices). Allows you to manage the lifecycle of vGPU devices, such as enabling/disabling vGPU devices. Allows you to set the sharing mode of vGPU device, including Manage vGPU share globally, share to specified projects or accounts, and Devices not share. Allows you to attach vGPU devices to VM instances. Monitors and displays vGPU metrics such as vGPU utilization and memory utilization. Audits all of the actions performed on GPU devices, which Audit effectively ensures the security of the Cloud environment. Allows you to export the GPU device information as a Export CSV File CSV table, which helps in statistical analysis and problem diagnosis. Primary Allows you to use the local disk directory of your host as a Local Storage Storage primary storage. Issue: V5.1.8 165Technical Whitepaper / 3 Product Features Type Features Description Supported backup storage: ImageStore. Allows you to manage the lifecycle of local primary storage , such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting local primary storage. Allows you to manage VM instances, volumes, clusters, hosts, and other resources on a local primary storage. Monitors and displays the percentage of used capacity of the local primary storage. Supports predicting physical storage usage trend for local primary storage. Supports NFS protocols. All hosts can automatically mount the same NFS shared directory as the primary storage. Supported backup storage: ImageStore. Allows you to specify a storage network for NFS primary storage. The storage network is used to check the health status of VM instances. Allows you to manage the lifecycle of NFS primary storage , such as adding, enabling, disabling, reconnecting, putting NFS into maintenance mode, and deleting NFS primary storage. Allows you to manage VM instances, volumes, clusters, and other resources on a NFS primary storage. Allows you to clean up the raw data preserved after migration across NFS primary storage. Monitors and displays the percentage of used capacity of NFS primary storage. Supports predicting physical storage usage trend for NFS primary storage. Supports network shared storage provided by commonly used distributed file systems, such as MooseFS, GlusterFS, OCFS2, and GFS2. SharedMountPoint Supported backup storage: ImageStore. Allows you to specify a storage network for SharedMoun tPoint primary storage. The storage network is used to check the health status of VM instances. 166 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of SharedMountPoint primary storage, such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting SharedMountPoint primary storage. Allows you to manage VM instances, volumes, clusters, and other resources on a SharedMountPoint primary storage. Monitors and displays the percentage of used capacity of SharedMountPoint primary storage. Supports predicting physical storage usage trend for SharedMountPoint primary storage. Supports Ceph distributed block storage. Supported editions: Ceph open source edition (J/L/N) and Ceph enterprise edition . If you add Ceph enterprise to the Cloud, you can enjoy the license validity reminder. Supported backup storage: ImageStore and Ceph. Allows you to specify Ceph pools such as root volume pool , data volume pool, and image cache pool when you add a Ceph primary storage. You can manage all the Ceph pool centrally, add more Ceph pools to expand the capacity, customize the display name of Ceph pool, and specify Ceph pools when you create VM instances, clone VM instances Ceph , and create volumes. You can also create alarms for Ceph pools. Allows you to specify a storage network for Ceph primary storage. The storage network is used to check the health status of VM instances. Allows you to add multiple Ceph monitors and manage all the monitors centrally. Allows you to manage the lifecycle of Ceph primary storage , such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting Ceph primary storage. Allows you to manage VM instances, volumes, block storage volumes, clusters, and other resources on a Ceph primary storage. Issue: V5.1.8 167Technical Whitepaper / 3 Product Features Type Features Description Allows you to clean up the original data preserved after migration across Ceph primary storage. Monitors and displays the percentage of used capacity of Ceph primary. Supports predicting physical storage usage trend for Ceph primary storage. Allows you to use a block device divided from a SAN storage as a storage pool. SharedBlock primary storage supports iSCSI and FC shared access protocols. Supported backup storage: ImageStore. Allows you to specify a provisioning method (thick provisioni ng or thin provisioning) when you add a SharedBlock primary storage. You can also specify the provisioning method when you create VM instances, clone VM instances, or create volumes by using a SharedBlock primary storage. Allows you to specify a storage network for SharedBlock primary storage. The storage network is used to check the health status of VM instances. Allows you to add multiple shared blocks and refresh the storage capacity to view its changes when you expand or SharedBlock replace a block device. Allows you to forcibly clean up the data in a block device, such as the signature in the file system, RAID, and partition table. Allows you to manage the lifecycle of SharedBlock primary storage, such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting SharedBlock primary storage. Allows you to manage VM instances, volumes, clusters , LUNs, and other resources on a SharedBlock primary storage. Allows you to clean up the original data preserved after migration across SharedBlock primary storage. Monitors and displays the percentage of used capacity of SharedBlock primary storage. 168 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Supports predicting physical storage usage trend for SharedBlock primary storage. Uses vhost-user mode to connect with high-performance SSD distributed storage. Supported backup storage: ImageStore. Allows you to manage the lifecycle of Vhost primary storage , such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting Vhost primary storage. Vhost Allows you to manage VM instances, volumes, block storage volumes, clusters, and other resources on a Vhost primary storage. Monitors and displays the percentage of used capacity of Vhost primary storage. Supports predicting physical storage usage trend for Vhost primary storage. Supports more than one local primary storage per cluster. Supports more than one NFS primary storage per cluster. Supports more than one SharedBlock primary storage per cluster. Support Multiple Supports one local primary storage and one NFS/ Primary Storage Per SharedMountPoint/SharedBlock primary storage per cluster. Cluster Supports one Ceph primary storage and multiple SharedBloc k primary storage per cluster. Supports one Ceph primary storage and up to 3 LocalStora ge primary storage per cluster. Supports one Vhost primary storage per cluster. Allow you to set the space preallocation policy for volumes on local, NFS, SharedMountPoint, and SharedBlock primary storage. Advanced Settings Allow you to set the storage preallocation policy for SharedBlock primary storage. Allow you to set storage overcommit for all types of primary storage. Issue: V5.1.8 169Technical Whitepaper / 3 Product Features Type Features Description Audits all of the actions performed on primary storage, which Audit effectively ensures the security of the cloud environment. Stores image files as image slices and supports incremental storage. Supported primary storage: LocalStorage, NFS, SharedMoun tPoint, Ceph, and SharedBlock. Allows you to obtain the existing image files under the mount path of the ImageStore backup storage. Allows you to specify a data network for an ImageStore backup storage for data communication with compute nodes. Supports image synchronization between different ImageStore backup storage on the same management node, and allows you to specify an image synchronization network ImageStore for ImageStore backup storage. Allows you to manage the lifecycle of ImageStore backup storage, such as adding, enabling, disabling, reconnecting, and deleting ImageStore backup storage. Backup Allows you to clean up invalid data stored in ImageStore Storage backup stores to releases storage space. Allows you to change the password for an ImageStore backup storage. Allows you to centrally manage images in an ImageStore backup storage. Monitors and displays the percentage of used capacity of ImageStore primary storage. Stores image files as Ceph distributed blocks. Supported primary storage: Ceph. Allows you to add multiple Ceph monitors and manage all the monitors centrally. Ceph Allows you to specify Ceph pools when you add a Ceph backup storage. Allows you to specify a data network for a Ceph backup storage for data communication with compute nodes. 170 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of Ceph backup storage , such as adding, enabling, disabling, reconnecting, putting into maintenance mode, and deleting Ceph backup storage. Allows you to centrally manage images in a Ceph backup storage. Allows you to clean up the original data preserved after migration across Ceph backup storage. Monitors and displays the percentage of used capacity of Ceph backup storage. Audits all of the actions performed on backup storage, which Audit effectively ensures the security of the cloud environment. Allows you to add an iSCSI server and directly log in to iSCSI storage after you add the server successfully. Synchronizes data on iSCSI storage and displays all block devices on iSCSI storage in real time. Allows you to add a block device divided from an iSCSI iSCSI storage as a SharedBlock primary storage and pass through it to VM instances. Allows you to manage the lifecycle of iSCSI storage, such as enabling, disabling, and deleting iSCSI storage. Allows you to attach/detach an iSCSI storage to/from a SAN cluster. Storage Synchronizes device information after you deployed an FC storage and displays the FC storage and its block devices in real time. Allows you to add a block device divided from an FC storage as a SharedBlock primary storage and pass through it to VM FC instances. Synchronizes information about a single block device on an FC storage. Checks the status of the cluster where block devices are located. Synchronizes device information after you deployed an NVMe / NVMe storage and displays the NVMe storage and its block Storage devices in real time. Issue: V5.1.8 171Technical Whitepaper / 3 Product Features Type Features Description Allows you to add a block device divided from an FC storage as a SharedBlock primary storage. Allows you to attach network-type tags to physical NIC ports to mark the actual usage of the networks they reside on. NIC ports with tags can be displayed on this page by network Physical types or by cluster. / Network Allows you to modify the network types of physical NIC ports. Allows you to view the flow monitoring based on network types. Three entries are provides: Dashboard, cluster details pages, and host details pages. Supports the following types of L2 networks: L2NoVlanNe twork, L2VlanNetwork, VxlanNetwork, and HardwareVx lanNetwork. VLAN (802 1Q) supports a maximum of 4094 logical networks, and VXLAN supports a maximum of 16 million logical networks. VxlanNetwork is a software VXLAN-based solution that effectively addresses the shortage of logical network segments in the cloud data center and MAC flooding in upper layer switches. HardwareVxlanNetwork is a solution for working with third- party hardware SDN. By adding an SDN controller, you can Network take over the SDN network of hardware switches on the L2 Network Resource Cloud, therefore reducing network latency and improving VXLAN network performance. Supports four types of network acceleration mode, including Normal, SR-IOV, and Smart NIC. The normal mode supports all types of L2 networks and the latter two support only L2VlanNetwork and L2NoVlanNetwork. Allows you to change an L2NoVlanNetwork to an L2VlanNetwork or change an L2VlanNetwork to an L2NoVlanNetwork. Allows you to modify the VLAN ID of an L2VlanNetwork. Allows you to modify the VNI of a VxlanNetwork. Allows you to manage the lifecycle of L2 networks, such as creating and deleting L2 networks. 172 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to centrally manage L3 networks and clusters on an L2 network. Supports software SDN VXLAN pools and hardware SDN VXLAN pools. A software SDN VXLAN pool is a collection of VxlanNetwork L2 networks, and a hardware SDN VXLAN pool is a collection of HardwareVxlanNetwork L2 networks. Allows you to manage the lifecycle of VXLAN pools, such as VXLAN Pool creating and deleting VXLAN pools. Allows you to manage VNI ranges in a VXLAN pool and customize the name of the VNI ranges. Allows you to centrally manage the VTEP, clusters, and VXLAN networks in a VXLAN pool. A public network is an L3 network that has direct access to the Internet. Allows you to manage the lifecycle of public networks, such as creating and deleting public networks. Allows you to add IP ranges of IPv4 and IPv6 types. Allows you to reserve network ranges of IPv4 and IPv6 addresses. IPv4 public networks allow you to add either an IP range or an address pool. An address pool can be used to create Public Network virtual IP addresses only. Allows you to customize the MTU of a public network to limit the size of network transmission packets. Monitors and displays the IP usage statistics of public networks, which helps to improve IP planning efficiency. Allows you to centrally manage the IP ranges (IPv4/IPv6) and DNS resources on a public network. Allows you to enable or disable DHCP service and modify DHCP service IP. A flat network is an L3 network connected to the network where the host is located and has direct access to the Flat Network Internet. VM instances in flat network networks can use IP resources of an actual network. Issue: V5.1.8 173Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of flat networks, such as creating and deleting flat networks. Allows you to enable or disable IP Address Management for a flat network. Allows you to add IP ranges of IPv4 and IPv6 types. Allows you to reserve network ranges of IPv4 and IPv6 addresses. IPv4 flat networks support the following network services : DHCP, User Data, elastic IP, security group, and port mirroring. IPv6 flat networks support the following network services: DHCP, DNS, elastic IP, and security group. Allows you to customize the MTU of a flat network to limit the size of network transmission packets. Monitors and displays the IP usage statistics of flat networks, which helps to improve IP planning efficiency. Allows you to centrally manage the IP ranges (IPv4/IPv6) and DNS resources on a flat network. Allows you to enable or disable DHCP service and modify DHCP service IP. A VPC network is an L3 private network where VM instances can be created. A VM instance in a VPC network can access the Internet through a VPC vRouter. Allows you to manage the lifecycle of VPC networks, such as creating and deleting VPC networks. Allows you to add IP ranges of IPv4 and IPv6 types. Allows you to reserve network ranges of IPv4 and IPv6 VPC Network addresses. IPv4 VPC networks support the following network services : DHCP, User Data, DNS, SNAT, route table, elastic IP , port forwarding, load balancing, IPsec tunnel, security group, dynamic routing, multicast routing, VPC firewall, port mirroring, and netflow. IPv6 VPC networks support the following network services: DHCP, DNS, and security group. 174 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to attach/detach a VPC vRouter to/from a VPC network. Allows you to customize the MTU of a VPC network to limit the size of network transmission packets. Monitors and displays the IP usage statistics of VPC networks, which helps to improve IP planning efficiency. Allows you to centrally manage the IP ranges (IPv4/IPv6) and DNS resources on a VPC network. A VPC vRouter is a dedicated VM instance that provides multiple network services. Allows you to specify a host on which a VPC vRouter starts. Allows you to specify a primary storage when you create a VPC vRouter. Allows you to specify a default IPv4 address or IPv6 address for a VPC vRouter. Allows you to set a DNS (IPv4/IPv6) on a VPC vRouter and centrally manage all the DNS on the VPC vRouter. Allows you to associate the virtual CPUs (vCPUs) of a VPC vRouter with host pCPUs stringently and allocate specific pCPUs for the VPC vRouter, thus improving VPC vRouter performances. VPC vRouter Allows you to manage the lifecycle of VPC vRouters, such as creating, starting, stopping, restarting, and deleting VPC vRouters. Allows you to migrate a VPC vRouter to another host without changing the primary storage. This action is supported only by VPC vRouters in the running state. We recommend that you perform this action during off-peak hours. Allows you to migrate a VPC vRouter to another primary storage and host. You can hot migrate a VPC vRouter across different types of primary storage, including LocalStorage↔ SharedBlock, LocalStorage↔NFS, and SharedBlock↔NFS; You can hot migrate a VPV vRouter across primary storage of the same type, including SharedBlock↔SharedBlock Allows you to access a VPC vRouter by using a terminal. You can also set the console password for a VPC vRouter. Issue: V5.1.8 175Technical Whitepaper / 3 Product Features Type Features Description Supports auto migration across clusters. Applicable scenarios: start up a VPC vRouter on another host to achieve HA or migrate a VPC vRouter to another host if the source host enters the maintenance mode. Allows you to set the CPU model for a VPC vRouter through three entries: Global Setting, Cluster Setting, and VPC vRouter Setting. The setting takes effect with the following priority: Global Setting < Cluster Setting < VPC vRouter Setting. Allows you to enable distributed routing for a VPC vRouter as needed to optimize east-west traffic. Allows you to enable the SNAT network service for a VPC vRouter as needed. Supports STS to improve network transmission efficiency. Supports external monitoring: Collects the VPC vRouter data such as CPU, memory, disk I/O, NIC data from hosts by using libvirt. Supports internal monitoring: Collects the VPC vRouter data such as CPU, memory, and disk size data from VM instances by using an agent of the VPC vRouter. Allows you to centrally manage the VPC networks, public networks, and DNS resources associated with a VPC vRouter. Allows you to set QoS for a VPC vRouter to limit its upstream and downstream bandwidth. Allows you to centrally manage the network services provided by a VPC vRouter, such as virtual IP addresses, elastic IP addresses, IPsec tunnels, port forwarding, and load balancing. Supports OSPF dynamic routing protocols in large-scale network environment. Supports multicast routing to forward multicast messages sent by multicast sources to VM instances. Has higher resource priority than VM instances by default. When resource contention occurs, the resource priority is as 176 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description follows: VM instances with Normal priority < VM instances with High priority < VPC vRouters. A VPC vRouter HA group consists of two VPC vRouters. Either VPC vRouter can be a primary or secondary VPC vRouter for the group. If the primary VPC vRouter does not work as expected, the VPC vRouter becomes the secondary VPC vRouter in the group to ensure high availability of business. VPC vRouter HA Allows you to manage the lifecycle of VPC vRouter HA Group groups, such as creating and deleting VPC vRouter HA groups. Allows you to add a VPC vRouter to an HA group and centrally manage all VPC vRouters in this group. Any configuration changes on a VPC vRouter will apply to its partner VPC vRouter. Supports VPC vRouter image. Allows you to set the CPU architecture of a vRouter image , including x86_64 and aarch64. Creating VPC vRouters or load balancing instances will inherit the CPU architecture of the original image. Allows you to upload a vRouter image by using a URL or local browser. vRouter Image Allows you to manage the lifecycle of vRouter images, such as creating, enabling, disabling, deleting, recover, and completely deleting vRouter images. Allows you to export a vRouter image on the UI from ImageStore or Ceph backup storage. Allows you to centrally manage exported vRouter images and provides the MD5 value of the downloaded image to check the image integrity. Allows you to manage the lifecycle of vRouter offerings, vRouter Offering such as creating, enabling, disabling, and deleting vRouter offerings. Allows you to add external SDN controllers to control network devices such as external switches. This helps to reduce SDN Controller network latency and improve the VXLAN network performanc e. Issue: V5.1.8 177Technical Whitepaper / 3 Product Features Type Features Description Currently, only H3C SDN controllers (VCFC) are supported. Allows you to manage the lifecycle of SDN controllers, such as creating and deleting SDN controllers. A management network is used to manage physical resources in the Cloud. Allows you to manage the lifecycle of management networks , such as creating and deleting management networks. Allows you to add IP ranges of the IPv4 type. Management Network Allows you to customize the MTU of a management network to limit the size of network transmission packets. Monitors and displays the IP usage statistics of management networks, which helps to improve IP planning efficiency. Allows you to centrally manage the IP ranges (IPv4) on a management network. A flow network is a dedicated network for port mirror transmission. You can use a flow network to transmit the mirrors of data packets of NIC ports to the target ports. Allows you to manage the lifecycle of flow networks, such as creating and deleting flow networks. Flow Network Allows you to add IP ranges of the IPv4 type. Monitors and displays the IP usage statistics of flow networks , which helps to improve IP planning efficiency. Allows you to centrally manage the IP ranges (IPv4) on a flow network. Audits all of the actions performed on network resources Audit , which effectively ensures the security of the cloud environment. Provides security control over VM instances on L3 networks. Allows you to manage the lifecycle of security groups, such as creating, enabling, disabling, and deleting security groups. Network Security Group Service Allows you to add/delete ingress/egress rules to/from a security group and manage these rules centrally, including modifying,enabling, disabling, importing, and exporting rules and setting rule priorities.. 178 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Supports ALL, TCP, UDP, and ICMP protocols for security group rules. Allows you to set a source security group by security group rules. Security group rules apply the allowlist and blocklist mechanism. For newly created security groups, ingress and egress rules with the ALL protocol type are configured by default. The rules allow mutual communications among VM instances in the same security group. Allows you to centrally manage VM NICs associated with a security group. Provides multiple network services by using VIPs in bridged network environments. Divides VIPs into public VIP, flat network VIP, and VPC VIP based on the network where the VIP is created. Divides VIPs into system VIP and custom VIP based on how the VIP is created. Virtual IP Address ( VIP) Allows you to manage the lifecycle of VIPs, such as adding and deleting VIPs. Allows you to set QoS for public network VIPs and flat network VIPs. You can set a QoS individually for a VIP or make it use a shared bandwidth. Monitors and displays VIP metrics such as network traffic and network packet rate. IP addresses in a private network are translated into an EIP that is in another network. This way, private networks can be accessed from other networks by using EIPs. Divides EIPs into public EIP and flat network EIP based on Elastic IP Address ( the network where the EIP is created. EIP) Allows you to manage the lifecycle of EIPs, such as adding and deleting EIPs. Allows you to associate/disassociate an EIP with/from a VM NIC. Allows you to change the owner of an EIP. Issue: V5.1.8 179Technical Whitepaper / 3 Product Features Type Features Description Works based on the layer-3 forwarding service provided by VPC vRouters and forwards traffic flows of specified IP addresses and ports in a public network to the specified ports of VM instances. If your public IP addresses are insufficient, you can configure port forwarding for multiple VM instances by using one public IP address and port. Port Forwarding Supports TCP and UDP. Allows you to manage the lifecycle of port forwarding, such as creating and deleting port forwarding. Allows you to associate/disassociate port forwarding with/ from a VM NIC. Distributes traffic flows of a VIP to backend servers. It automatically inspects the availability of backend servers and isolates unavailable servers during traffic distribution, which improves the availability and service capability of your business. Supports two types of load balancing services: shared- performance load balancing that works based on VPC vRouters and dedicated-performance load balancing that works based on load balancer instances. Allows you to specify the HA mode for dedicated-performanc e load balancers: single node and dual node (active-backup). Allows you to manage the lifecycle of load balancers, such as creating and deleting load balancers. Load Balancing Allows you to create shared-performance load balancers by using public networks or VPC networks. Allows you to create dedicated-performance load balancers by using public networks, flat networks, or VPC networks. Supports network traffic transmission between IPv4 and IPv6 protocols. Monitors and displays load balancer metrics such as inbound /outbound traffic and active/concurrent/new sessions. Allows you to centrally manage listeners, backend server groups, and other resources associated with load balancers. Allows you to manage the lifecycle of load balancers, such as creating and deleting load balancers. 180 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Listener protocols support TCP, HTTP, HTTPS, and UDP. Supports multiple load balancing algorithms, including Round Robin, Min Connections, Source IP Hash, and Weighted Round Robin. Health check protocols support TCP, HTTP, and UDP. Listeners that use the HTTPS protocol allow you to associate /disassociate certificates. You can upload certificates or certificate chains and manage these certificates centrally. Listeners that use the HTTP or HTTPS protocol allow you to configure forwarding rules for domain forwarding and manage these rules centrally. Supports two session persistence mechanisms: TCP/UDP -based 4th-layer session persistence and HTTP/HTTPS- based 7th-layer session persistence 4th-layer session persistence uses Source IP Hash algorithm to direct requests from clients of the same source IP address to a backend server. 7th-layer session persistence supports Round Robin, Weighted Round Robin, and Weighted Round Robin. When using Round Robin or Weighted Round Robin algorithm, a load balancer inserts or rewrites a cookie to direct requests to the backend server previously responded. When using Source IP Hash algorithm, a load balancer uses the Hash function to direct requests from clients of the same source IP address to a backend server. Allows you to associate/disassociate listeners with/from backend server groups. Listeners that use a weighted round-robin load-balancing algorithm allow you to set the weight value for each backend server separately. Allows you to manage the lifecycle of backend server groups , such as creating and deleting backend server groups. Allows you to add/remove backend server to/from backend server groups. Issue: V5.1.8 181Technical Whitepaper / 3 Product Features Type Features Description Allows you to add VM NICs or other servers outside of the Cloud as backend servers. Note that the later method applies to only dedicated-performance load balancers. Dedicated-performance load balancers allows you to create/ delete load balancer offerings. Monitors ingress and egress traffic of VPC vRouters and decides whether to allow or block specific traffic based on a defined set of security rules. Allows you to manage the lifecycle of VPC firewalls, such as creating and deleting VPC firewalls. Allows you to centrally manage rules and rule sets associated with VPC firewalls. Allows you to manage the lifecycle of rules, such as adding, enabling, disabling, and deleting rules. Configures ingress and egress rules by default after a VPC firewall is created and allows you to customize these rules as needed. Allows you to manually add rules to a VPC firewall by specifying a single IP address or an IP/port set. VPC Firewall Allows you to add multiple rules to a VPC firewall by importing a template. You can also modify the rule template and upload it as needed. Allows you to set priorities for VPC firewall rules. VPC firewall rules have three behaviors: Accept, Drop, and Reject. VPC firewall rules support the following packet status: new (new connection requests), established (established connections), invalid (unidentifiable connections), and related (new connection requests that are associated with existing connections). VPC firewall rules support the following protocols: ALL, TCP , UDP, ICMP, GRE, ESP, AH, IPIP, VRRP, IPENCAP, PIM, OSPF, and IGMP. Allows you to manage the lifecycle of rule sets, such as adding and deleting rule sets. 182 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to centrally manage rules and network resources in a rule set. Modifications on rules in a rule set take effect after you synchronize the modifications. Allows you to save firewall rules as a rule template (managed by the Cloud or export them as a CSV file (offline). Allows you to manage the lifecycle of rule templates, such as creating and deleting rule templates. Allows you to save IP/port sets as a generic template. Allows you to manage the lifecycle of IP/port sets, such as adding, enabling, disabling, and deleting IP/port sets. Encrypts and verifies IP packets that transmit over a virtual private network (VPN) from one site to another. IPsec negotiation mode: Supports only the Main mode due to security reasons. The Aggressive mode is not supported. IPsec IKE configurations: Support IKEv1 and IKEv2(default) IPsec security protocol: Supports only the Encapsulating Security Payload (ESP) protocol. IPsec encapsulation mode: Supports only the Tunnel mode. The Transport mode is not supported. IPsec Tunnel IPsec routing model: Supports only policy-based IPSec VPN . Route-based IPSec VPN is not supported. Therefore, the tunnel supports only unicast data, and does not support multicast and broadcast. Allows you to manage the lifecycle of IPsec tunnels, such as creating and deleting IPsec tunnels. Monitors the connection status of IPsec tunnels Allows you to centrally manage network resources associated with an IPsec tunnel. Supports Open Shortest Path First (OSPF) protocols. Allows you to manage the lifecycle of OSPF areas, such as Dynamic Routing creating and deleting OSPF areas. Supports two types of OSPF areas: Standard and Stub. Issue: V5.1.8 183Technical Whitepaper / 3 Product Features Type Features Description Provides three authentication methods for OSPF areas: None , Plaintext, and MD5. Allows you to centrally manage the routing configuration of OSPF areas. Monitors the ingress and egress traffic of the NICs of VPC vRouters. Allows you to manage the lifecycle of netflows, such as Netflow creating and deleting netflows. Supports two versions of data flows: V5 and V9. Allows you to centrally manage the routing configuration of netflows. Mirrors the traffic data of VM NICs and sends the traffic data to the target ports. This helps to analyze the data packets of ports, which simplifies the data monitoring and management and makes it easier to locate network errors and exceptions. Port Mirroring Allows you to manage the lifecycle of port mirroring, such as creating, enabling, disabling, and deleting port mirroring. Supports three types of sessions: Ingress, Egress, and Bi- direction. Allows you to centrally manage port mirroring sessions. Allows you to customize routing configurations as needed. Allows you to manage the lifecycle of route tables, such as adding, enabling, disabling, and deleting route tables. Allows you to centrally manage route entries and VPC vRouter resources in routing tables. Route Table Allows you to manage the lifecycle of route entries, such as adding and deleting route entries. Supports two types of route entries: static route entries and blackhole route entries. Allows you to set route priorities. Forwards the multicast messages sent by the multicast Multicast Route source to VM instances, which realizes point-to-multipoint connection between the sender and the receiver. 184 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to enable multicast route as needed. After enabled, the multicast route takes effect for all networks associated with VPC vRouters. Supports PIM-SM and PIM-SSM routing protocols. In the PIM -SM protocol, RP routers are the essential device in the PIM -SM domain. The RP addresses support static configuration and dynamic election through the BSR mechanism. Allows you to centrally manage the multicast configuration tables and multicast routing tables. Provides bandwidth sharing service and centralized speed control for public network VIPs. You can bind multiple VIPs to a shared bandwidth to allow instances using these VIPs to share the same bandwidth resource, thereby reducing the cost on public network communications. Allows you to customize the size of a shared bandwidth. Allows you to manage the lifecycle of a shared bandwidth, such creating, editing, and deleting a shared bandwidth. Shared Bandwidth Allows you to bind/unbind public network VIPs to/from a shared bandwidth. Allows you to centrally manage VIPs bound to a shared bandwidth. Allows you to view whether a shared bandwidth takes effect on VIPs bound to it. Provides an intuitive monitoring to display the flow data of all VIPs and each VIP bound to a shared bandwidth. Audits all of the actions performed on network resources Audit , which effectively ensures the security of the cloud environment. Allows you to manage the lifecycle of resource stacks, such as creating and deleting resource stacks. Allows you to create resource stacks by using a stack CloudForma template (system template or custom template), uploading a Resource Stack tion file (in UTF8-encoded format), or customizing a text (in the designer). Allows you to preview the template configurations before you complete the creation. Issue: V5.1.8 185Technical Whitepaper / 3 Product Features Type Features Description Allows you to centrally manage the templates, resources, and events associated with a resource stack. Allows you to manage the lifecycle of stack templates, such as creating, enabling, disabling, and deleting stack templates. Stack Template Allows you to create stack templates by customizing a text or uploading a file. Allows you to modify the template content as needed. Provides commonly used sample templates for your reference. Sample Template Allows you to manage the lifecycle of sample templates, such as enabling and disabling sample templates. Allows you to establish dependencies between resources by drag-and-drop connections on the canvas. Allows you to undo, redo, zoom in, zoom out, fit to canvas, delete, and clear the canvas. Designer Allows you to set global parameters of the following types: String, Number (integer or floating point), Comma-delimited list (equivalent to List in Java), and Boolean. Allows you to preview templates, generate resource stacks, and save as stack templates. Audits all of the actions performed on CloudFormation, which Audit effectively ensures the security of the cloud environment. Displays the network topology in the Cloud, helping you to manage and maintain your networks more efficiently. Allows you to refresh the topology to view latest information. Allows you to export the global topology in PNG format. Allows you to hide or unhide VM instances, highlight the Network Global Topology selected resources, view the resource information in hover, Topology and view the VM/VPC vRouter status. Allows you to fit to window and zoom in, zoom our the canvas . Allows you to search for resources by resource category and attribute within the current global topology. Custom Topology Allows you to generate a custom topology. 186 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to refresh the topology to view latest information. Allows you to export the custom topology in PNG format. Allows you to highlight the selected resources, view the resource information in hover, and view the VM/VPC vRouter status. Allows you to fit to window and zoom in, zoom our the canvas . Allows you to search for resources by resource category and attribute within the current global topology. Displays the performance metrics of key resources. Allows you to view the monitoring data by resources, including VM instance, VPC vRouter, host, backup storage, L3 network, and virtual IP. Supports two monitoring methods: external monitoring and internal monitoring. Allows you to view the monitoring data by selecting a time span. Available time spans: 15 minutes, 1 hour, 1 week, and custom. View Performance Analysis Supports advanced filtering, including filter by monitoring Performanc items (metrics and thresholds), resource scope (all resources e /specified resources), and owner scope (all owners/specified Analysis owners). Allows you to sort the items by resource name or monitoring metric. Allows you to view the monitoring data details of a single resource. Allows you to customize the number of items to be displayed on each page. By default, 10 items are displayed per page. Allows you to export all the report information or export the Export Performance information on the current page in CSV format. Analysis Report Allows you to export the average, maximum, or minimum values of the metrics for VM instances and VPC vRouters. Capacity Resource Capacity Displays the capacities and usages of key resources as Card cards in the Cloud. Management Issue: V5.1.8 187Technical Whitepaper / 3 Product Features Type Features Description Supports the following resources: primary storage, backup storage, management node, VM instance, volume, image, snapshot, and compute node. Allows you to jump to the corresponding resource list from the current card. Allows you to view top 10 resources based on the capacity usage. Supports the following resources: host, primary storage, backup storage, VM instance, volume, image, and snapshot. Resource Capacity Top 10 Allows you to sort resources by capacity utilization, used physical capacity, available physical capacity, total physical capacity. Allows you to view the disk usage details of a single resource . Allows you to view the health status of each management node in a multi-management node environment. Management Allows you to view the management IP and node status. Mode / Allows you to view the management service status, including Monitoring whether the monitor IP is reachable, whether the peer management node is reachable, whether the virtual IP is reachable, and the database status. Monitors time-series data and events and sends alarm messages to specified endpoints. Supports default alarms and custom alarms. Supports resource alarms, event alarms, and extended alarms. Allows you to manage the lifecycle of default resource alarms Monitoring , such as enabling and disabling default resource alarms. and Alarm Alarm Allows you to manage the lifecycle of custom resource alarms, such as enabling and disabling custom resource alarms. Allows you to create resource alarms for two types of time- series data: resource utilization and resource capacity. Provides three emergency levels for resource alarms: emergent, major, and info. 188 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to enable alarm recovery notification for resource alarms as needed. If enabled, when a resource monitored by a resource alarm recovers from the alarmed status, the system receives a notification. Allows you to centrally manage the endpoints and alarm records of a resource alarm. Allows you to manage the lifecycle of custom event alarms , such as creating, deleting, enabling and disabling custom event alarms. Provides three emergency levels for event alarms: emergent , major, and info. Allows you to centrally manage the endpoints and alarm records of an event alarm. Allows you to manage the lifecycle of extended alarms, such as enabling and disabling extended alarms. Allows you to centrally manage the endpoints and alarm records of an extended alarm. Provides a set of alarm rules for critical resources, which can be used to quickly establish monitoring and alarm services for these resources. Applies to resources such as hosts, VM instances, and VPC One-click Alarm vRouters. Allows you to enable or disable one-click alarms. Allows you to enable, disable, and modify a single alarm rule for a one-click alarm. Encapsulates alarm rules as a template and works with resource groups. You can configure alarm rules for resources in bulk, which helps to improve the O&M efficiency. Allows you to manage the lifecycle of alarm templates, such as creating and deleting alarm templates. Alarm Template Allows you to add/remove alarm rules to/from alarm templates and centrally manage these rules in an alarm template. Allows you to attach/detach tags to/from an alarm template. Allows you to clone an alarm template. Issue: V5.1.8 189Technical Whitepaper / 3 Product Features Type Features Description Allows you to associate/disassociate resource groups with/ from an alarm template and centrally manage these resource groups of an alarm template. Groups resources based on business requirements and works with alarm templates. You can configure alarm rules for resources in bulk, which helps to improve the O&M efficiency. Allows you to manage the lifecycle of resource groups, such as creating and deleting resource groups. Allows you to add/remove resources to/from a resource Resource Group group and centrally manage these resources in a resource group. Allows you to attach/detach tags to/from a resource group. Allows you to associate/disassociate alarm templates with/ from a resource group. Allows you to centrally manage the alarms, endpoints, and alarm records of a resource group. Sends messages to endpoints by using a text template. Allows you to manage the lifecycle of message templates, such as creating and deleting message templates. Supports the following endpoints: email, DingTalk, Microsoft Teams, Alibaba Cloud SMS, Universal SMS, WeCom, Lark, and Webhook. Message Template Supports the following alarm types: resource alarm and event alarm. Supports the following types of message texts: alarm message text and recovery message text. Allows you to make a template default or cancel the default setting. Only one default template is allowed. Allows you to modify the content in a message template. Allows you to connect to extended message sources. Allows you to manage the lifecycle of message sources, Message Source such as creating, enabling, disabling, and deleting message sources. Supports Ceph Enterprise. 190 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Provides preconfigured alarm message conversion template and allows you to customize parameters in the template. Allows you to obtain your subscribed information by using an endpoint. Supports default endpoints and custom endpoints (email, short message, Webhook, DingTalk, Microsoft Teams, SNMP trap receiver, WeCom, and Lark). Short message endpoints support two SMS gateway service provider: Alibaba Cloud and Emay Softcom. Default endpoints receive messages sent from the Cloud. Allows you to manage the lifecycle of custom endpoints, such as creating, enabling, disabling, and deleting custom endpoints. Endpoint Allows you to send test messages to custom endpoints to check whether the endpoints can receive Cloud alarm messages properly. Allows you to modify endpoints configurations flexibly, such as the message languages, addresses, mention members, and security settings. Allows you to add/remove alarms to/from an endpoint and centrally manage these alarms, including resource alarms and event alarms. Allows you to centrally manage messages (alarm messages and extended messages) received by an endpoint. Audits all of the monitoring and alarm actions, which Audit effectively ensures the security of the cloud environment. Allows you to view and centrally manage alarm messages sent from the Cloud . Displays alarm messages of different emergency levels in the last seven days on a bar chart. Alarm Cloud Platform Alarm Displays alarm messages of different resources in the last Message Message seven days on a pie chart. Allows you to view up to 1,000 alarm messages in the message list. Allows you to filter messages by resource. Issue: V5.1.8 191Technical Whitepaper / 3 Product Features Type Features Description Allows you to filter messages by specifying a time span. Allows you to mark alarm messages as read and filter read or unread messages as needed. Allows you to filter messages by emergency levels (emergent , major, and info). Allows you to filter messages by alarm type (resource alarm and event alarms). Allows you to converge and sort alarm messages based on the alarm times. Allows you to set a silence period for alarm messages . During the silence period, no alarm messages will be generated. You can process the alarm information when you are convenient. Allows you to cancel the silence period for alarm messages. Allows you to view the details about an alarm. Allows you to export the alarm messages as a CSV table, which helps in statistical analysis and problem diagnosis, and allows you to export the filtered alarm messages. Allows you to take over third-party alarm messages and push , manage them centrally. Extended Alarm Allows you to mark alarm messages as read and filter read or Message unread messages as needed. Allows you to filter messages by specifying a time span. Provides five inspection categories, including platform Five Inspection , compute, network, storage, and global setting. These Categories categories cover all key resources and services of the Cloud. Provides an in-built three-layer healthiness scoring Multi-layer Healthiness mechanism that scores resources and services, inspection One- Scoring Mechanism items, and the overall Cloud. It also displays the score of click healthiness for the overall Cloud. Inspection Provides O&M suggestions on resources in warning or fault O&M Suggestion status. Provides inspection introduction, summary, and results, Inspection Report and details of abnormal inspection items as well as O&M suggestions. 192 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to select inspection items for one-click inspection. Inspection Allows you to pause, resume, and cancel inspection, Management implement re-inspection, and export PDF-formatted inspection reports. Allows you to view and manage operations that are being performed. Displays the task progress and remaining time in real time. Current Task Allows you to cancel, suspend, and continue a current task as needed. Allows you to view the details about a current task. Displays the historic operations performed in the Cloud. Allows you to view all the operations that were performed. Allows you to filter operation logs by specifying a time span. Allows you to filter operation logs by task results, including succeeded, failed, canceled, canceling, exception, timeout, Historic Operation suspended, and unknown. Allows you to filter operation logs by operators. Operation Allows you to export operation logs in CSV format. Log Allows you to view the details about an operation log. Allows you to set the operation log retention period in the Global Setting. Displays the VM auto-scheduling logs triggered by the management node, such as VM recovery from HA and host maintenance. Allows you to view all the auto-scheduling logs that were triggered. Auto-Scheduling Logs Allows you to filter auto-scheduling logs by specifying a time span. Allows you to filter auto-scheduling logs by task results, including succeeded and failed. Allows you to export auto-scheduling logs in CSV format. Allows you to view the details about an auto-scheduling log. Issue: V5.1.8 193Technical Whitepaper / 3 Product Features Type Features Description Allows you to set the auto-scheduling log retention period in the Global Setting. Monitors and records all activities in the Cloud, which effectively ensures the security of the cloud environment. Allows you to filter audit records by resource actions and login actions. Audit / Allows you to filter audit records by specifying a time span. Allows you to filter audit records by task results, including succeeded and failed. Allows you export audit records in CSV format. Allows you to view the details about an audit record. Allows you to collect the logs of the Cloud and of various Collect Log nodes on the Cloud that are generated in the specified time Log range. Collection Manage Log Allows you to collect, recollect, download, delete, and cancel the collection of logs. Allows you to manage the lifecycle of scheduled jobs, such as creating, enabling, disabling, and deleting scheduled jobs. Supports VM instances and volumes. Scheduled Job Allows you to view job records centrally. Allows you to attach/detach schedulers to/from a scheduled job. Scheduled Allows you to manage the lifecycle of schedulers, such as O&M creating and deleting schedulers. Allows you to centrally manage the scheduled jobs of a Scheduler scheduler. Allows you to centrally manage schedulers that were completed. Audits all of the scheduled O&M actions, which effectively Audit ensures the security of the cloud environment. Allows you to customize tags for resources and quickly locate Tag / resources by tag type and tag name. Supports admin tags and tenant tags. 194 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of tags, such as creating and deleting tags. Allows admins to attach/detach tags to/from all resources on the Cloud and tenants to attach/detach tags to/from resources of tenants. Allows you to centrally manage resources with a tag attached . Audits tag actions, which effectively ensures the security of the cloud environment. A bill is the expense of resources totaled at a specified time period. Billing is accurate to the second. Supported bill types; project bills, department bills, and sub- account bills. Allows you to filter bills by specifying a time span. Allows you to view project bills in a list, export all of the project bills in CSV format, view the billing details of a single project, and export the bills of a single project in CSV format. Allows you to view department bills in a list, view the bills of the current department or its sub-departments, view the bills of directly affiliated projects in a list, export total bills of all directly affiliated projects in CSV format, view the billing Billing details of a single project, and export the bills of a single Bills Management project in CSV format. Allows you to view sub-account bills in a list, export all of the sub-account bills in CSV format, view the billing details of a single sub-account, and export the bills of a single sub- account in CSV format. Allows you to disable the billing feature in Global Setting. Then, the system stops billing resources and bills are no longer generated. By default, bills are generated every day at 00:00. You can change the bill generation time in the Global Setting. Allows you to set the currency symbol displayed on the UI in the Global Setting. Default value: ¥. Valid values: ¥, $, €, £, A $, HK$, ¥, CHF, and C$. Issue: V5.1.8 195Technical Whitepaper / 3 Product Features Type Features Description A pricing list is a list of unit prices of different resources. The unit price of a resource is set based on the specification and usage time of the resource. Allows you to manage the lifecycle of pricing lists, such as creating and deleting pricing lists. Allows you to set the unit price for the following resources : CPU/memory, volume (root volume/data volume), GPU device (desktop GPU and compute GPU), network (VM Pricing List public IP and virtual IP), and elastic baremetal instance ( elastic baremetal offering). Allows you to generate bills based on disk performances. You can set the billing unit price for root volumes and data volumes with different performances by setting advanced parameters. Allows you to modify the billing unit price as needed. Allows you to centrally manage the price history and related resources. Allows you to set a console proxy to log in to a VM instance. Console Proxy Allows you to reconnect a console proxy. An AccessKey pair is a security credential that one party authorizes another party to call API operations and access its resources in the Cloud. Supports two types of AccessKey: local AccessKey and third -party AccessKey. AccessKey Allows you to manage the lifecycle of local AccessKeys, Access Management such as generating, enabling, disabling, and deleting local Control AccessKeys. Allows you to manage the lifecycle of third-party AccessKeys , such as generating and deleting third-party AccessKeys. Audits all of the AccessKey actions, which effectively ensures the security of the cloud environment. An IP blocklist or allowlist identifies and filters IP addresses that access the Cloud. IP Allowlist/Blocklist Allows you to enable the IP allowlist/blocklist feature in the Global Setting as needed. 196 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of IP allowlists/blocklists, such as adding and deleting IP allowlists/blocklists. Audits all of the IP allowlist/blocklist actions, which effectively ensures the security of the cloud environment. Allows you to add URLs of third-party applications. This allows you to manage the applications in a centralized way and quickly open the applications. Supports the following types of applications: storage, Applicatio database, security, IaaS, PaaS, and SaaS applications. / n Center Allows you to set the sharing mode of a resource, including share globally, share to specified projects or accounts, and not share. Allows you to manage the lifecycle of applications, such as adding and deleting applications. A sub-account is created by the admin or synced from an SSO authentication system and is managed by the admin. Resources created under a sub-account are managed by the sub-account. Allows you to manage the lifecycle of local sub-accounts, such as creating and deleting local sub-accounts. Allows you to add an SSO server to the Cloud so as to integrate the SSO system and enable password-free login of related accounts in the system. Sub- The supported SSO server type includes OIDC. Account / Allows you to configure user mapping rules for the OIDC Management server. Allows you to manage the lifecycle of the SSO server, such as adding and deleting the SSO server. Allows you to manage the lifecycle of SSO sub-accounts, such as synchronizing and deleting SSO sub-accounts. Allows you to set the initial password or change the password of a sub-account. Allows you to bill for resources used by sub-accounts, attach pricing lists to a sub-account, and change pricing lists for the sub-account. Issue: V5.1.8 197Technical Whitepaper / 3 Product Features Type Features Description Allows you to set two-factor authentication for sub-account login, view the two-factor QR codes of the sub-account, and download the two-factor QR codes. Allows you to set and manage resource quota for sub- accounts, including compute resources, storage resources, and network resources. Allows you to centrally manage the associated or shared resources of a sub-account. Audits all of the sub-account actions, which effectively ensures the security of the cloud environment. Allows you to customize the theme and appearance of the Cloud. Theme and Allows you to set the global appearance (theme), titles ( Appearance browser/login interface/platform interface), and monitor (title and appearance/data monitoring method). Allows you to reset to default settings with one click. Allows you to configure NTP time servers for the Cloud to sync the clock of the time servers with all nodes of the Cloud . Three time protocol modes are supported: Internal, Internal Time Management and External, and External. Allows you manually sync time by force to save your time. System Displays the latest system UTC date, time, and time zone. Setting If you select Email as the endpoint of an alarm, you need to set an email server. Then alarm messages are sent to the email server. Allows you to manage the lifecycle of email servers, such as adding, enabling, disabling, and deleting email servers. Supported email server type: SMTP. Email Server Supported encryption type: STARTTLS, SSL/TLS, and NONE. Allows you to test the email server connectivity. Allows you to change the owner of email servers. Audits all of the email server actions, which effectively ensures the security of the cloud environment. 198 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description A log server is used to collect logs of the management node . You can add a log server to the cloud and use the collected logs to locate errors and exceptions. This improves your O& M efficiency. Allows you to manage the lifecycle of log servers, such as adding and deleting log servers. Allows you to set the log facility from LOCAL0 to LOCAL7. Log Server This value is used to match the log server. Allows you to select a log severity to make the log server only receive logs of this level or higher levels. Valid values: ALL, TRACE, DEBUG, INFO, WARN, ERROR, and FATAL. Allows you to test the log server connectivity. Audits all of the log server actions, which effectively ensures the security of the cloud environment. Connects 3rd-party platform and Cloud through SNMP, enabling the 3rd-part platform to get monitoring data from Cloud or receive alarms pushed from Cloud. Allows you to enable/disable SNMP Management. Allows you to configure SNMP parameters in a visual method SNMP Management . Allows you to add SNMP trap receivers to receive alarms from Cloud. Allows you to add SNMP trap receivers as endpoints and attach them to specified alarms. HA Policy is a mechanism that ensures sustained and stable running of the business if VM instances are unexpected ly stopped or are errored because of errors occurred to compute, network, or storage resources associated with the Platform VM instances. HA Policy Setting Provides None and NeverStop VM HA modes, which specify whether to enable auto restart if VM instances are stopped. Allows you to configure VM Failover Strategy in a table based on the management network connectivity status, storage network connectivity status, and business NIC status. Issue: V5.1.8 199Technical Whitepaper / 3 Product Features Type Features Description Allows you to modify host error detection settings and advanced HA-related settings. These settings take effect on the Cloud. Allows you to view and filter VM HA logs. Provides multiple templates that encapsulate scenario-based global settings. You can apply a template globally with one click based on your business needs. This improves your O& M efficiency. Applies to VM performance optimization, restoration from Scenario Template high availability, cloud security setting, and production environment setting. Allows you to apply a scenario template with one click. Allows you to reset to default settings with one click. Allows you to modify settings of a single item in a scenario template. Allows you to configure settings that take effect on the whole platform. Support basic settings and advanced settings. Allows you to reset to default settings with one click. Global Setting Supports quick search and directory navigation to help you quickly locate target items. Allows you to modify settings of a single item in the Global Setting. Allows you to enable version detection which periodically detects the latest version including production environment recommended versions or technical preview versions Allows you to specify the auto detection duration by day, System Version Detection week, month, or year. and Security Allows you to implement manual detection or use the auto detection. It provides information about the version number and the highlights if the latest version is available. Experience Allows you to join in or opt out the Experience Improvement Improvement Program Program. 200 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to configure and manage a SSL certificate, Certificate including third-party certificate and system self-signed Management certificate. Licensing in the Cloud is supplied in different functionality packages as Base and Plus. You can purchase a package as needed. The Base license provides the basic and essential features of the Cloud, which can meet the mainstream business requirements. Functionalities covered in the Base license include Standard, Enterprise Trial, and Enterprise Prepaid. The Plus license provides add-on features or feature enhancements to meet the specific business requirements. Functionalities covered in the Plus license include VMware Management, Tenant Management, ARM64 Management , Backup Service, Continuous Data Protection (CDP) Service, Migration Service, Baremetal Management, Elastic Baremetal Management, Alibaba Cloud Hybrid Cloud License Management, Cryptography Security Compliance, 5x8 (7x24 / Management ) After-Sales Service, SR-IOV NIC Service, GPU Service, Billing Management, CloudFormation, Auto-Scaling Service, Smart NIC Service, Container Service-CPU, and Container Service-vCPU. A Base license is required to install the Plus license. Supports two licensing methods: USB key and request key. The USB key licensing method allows you to obtain the authorization by inserting only one USB key into the management node. The request key method allows you to obtain the authorizat ion by uploading the license file to the management node. Allows you to view the current license status and licensing records. Allows you to delete a Plus license as needed. Provides license expiration reminders when your license is about to expire, expired, or license quota exceeds. Issue: V5.1.8 201Technical Whitepaper / 3 Product Features Type Features Description Allows you to access the UI via HTTP or HTTPS. Supports account login and tenant login. Login Method Allows you to access the Cloud and experience all of the features by using command lines. Allows you to set the maximum number of continuous login failures that trigger verification by verification code. Default: 6 . Supports two-factor authentication, which further enhances the account security. Allows you to set the login password complexity by set the password length and characters combined of digits, uppercase/lowercase letters, and special characters. Cloud Login Allows you to set the password validity period by customizing the password update cycle. We recommend that you change Login Security the login password regularly to ensure the login security. Supports historical password check and allows you to customize the number of recent passwords that cannot be reused. Allows you to specify whether to lock the login account if the logins continuously fail, the number of allowed failed attempts , and how long the account will be locked. Allows you to specify whether to disallow simultaneous connection sessions established by one user. If yes, one user can establish only one connection session with the platform. Allows you to set the login interface with the default link. Supports SPICE, RDP, and VNC protocols. Allows you to specify a VDI network. Supports USB redirection, which means multiple USB devices are compatible. VDI Solution Allows you to set an independent VDI network. Supports multi-screen display. Supports microphones. Supports SPICE to optimize traffics. 202 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Provides a quick navigation entry, which is convenient for Quick Navigation users to quickly locate and enter the required features and UI services. Highlights Provides one-stop global search, allowing you to search for Global Search features, resources, and documents. Embedded Document Provides embedded documents in the help center. Allows you to complete installing and deploying the Cloud from scratch within just 30 minutes with one simple command . Supports the following installation modes: Tenant Installati / Management Mode, Community Management Mode, on Compute Node Mode, Expert Mode, and Simplified Expert Mode. Supports ISO: h84r ISO. Allows you to burn ISO images to U drives by using Rufus. Allows you to seamlessly upgrade the Cloud from an earlier Seamless Upgrade version to a later version. Upgrade Deployment Allows you to specify the deployment environment from the Environment Upgrade Expert Mode. Features in VMware Management Type Features Description Allows you to take over vCenter 5.5, 6.0, 6.5, 6.7, and 7.0. Supported protocols: HTTPS (default) and HTTP. Supports automatic and manual data synchronization. Automatic data synchronization occurs when a vCenter is added to the Cloud for the first time. You can also enable vCenter Data Auto Sync in the Global Setting and set vCenter Basic Resource an automatic synchronization interval to realize a regular automatic data synchronization. Allows you to centrally manage resources associated with a vCenter, including clusters, primary storage, backup storage , hosts, and resource pools. Allows you to delete a taken over vCenter from the Cloud . This deletes only the local record of the vCenter and Issue: V5.1.8 203Technical Whitepaper / 3 Product Features Type Features Description associated resources but does not affect the real resources in the remote vCenter. Allows you to manage the lifecycle of vCenter VM instances , such as creating, booting, stopping, rebooting, resuming, pausing, powering off, deleting, and recovering vCenter VM instances. Allows you to launch the console of a vCenter VM instance and set the console password as needed. Allows you to clone a vCenter VM instance online or offline without data volumes. Allows you to hot migrate a vCenter VM instance across shared primary storage with data volumes attached. Allows you to modify the instance offering (CPU/memory) of VM Instance a stopped vCenter VM instance. Allows you to change the owner of a running or stopped vCenter VM instance. Allows you to set the HA level (None/NeverStop) for a vCenter VM instance. You can enable VM HA in the Global Setting as needed. Allows you to attach custom tags to vCenter VM instances for an efficient resource location. Supports an external monitoring on the CPU, memory, disk, virtual disk, and NIC of a vCenter VM instance. Allows you to centrally manage resources associated with a vCenter VM instance, such as volumes and NICs. Supported L2 networks: L2NoVlanNetworks and L2VlanNetw orks. Supported L3 networks: public networks, flat networks, and VPC networks. Network Supported switch types: dvSwitch and vSwitch. Supported VPC network services: SNAT, DHCP, elastic IP, port forwarding, load balancing, and IPsec tunnel. Allows you to manage the lifecycle of networks, such as creating L2/L3 networks and deleting L3 networks. 204 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to set the sharing mode for an L3 network. Valid values: share globally, share to specified projects or accounts, and not share. Provides a list displaying the IP usage of an L3 network to improve IP planning efficiency. Allows you to attach a cluster to the L2 network an L3 network belongs to. Allows you to centrally manage IPv4 network ranges of an L3 network. Allows you to manage the lifecycle of vCenter volumes, such as creating, enabling, disabling, deleting, recovering, and Volume expunging vCenter volumes. Allows you to attach/detach a volume to/from an instance. Allows you to change the owner of a vCenter volume. Supported vCenter image types: system images in the VMDK format and volume images in VMDK format. Allows you to select the image platform. Supported platforms : Linux, Windows, and Other. Allows you to upload a vCenter image by using a URL. Image Allows you to manage the lifecycle of vCenter images, such as adding, enabling, disabling, deleting, recovering, and expunging vCenter images. Allows you to set the sharing mode for a vCenter image. Valid values: share globally, share to specified projects or accounts, and not share. Allows you to change the owner of a vCenter image. Provides a list to centrally display event alarm messages of the vCenter, helping you locate problems quickly. Event Message Allows you to view event messages in a specified time period . Allows a tenant/sub-account to manage the lifecycle of resources such as VM instances and volumes of a vCenter it Multi-account belongs to. Management Allows a tenant/sub-account to use vCenter resources such as networks and images shared by the admin. Issue: V5.1.8 205Technical Whitepaper / 3 Product Features Type Features Description Allows a tenant/sub-account to view the usage of KVM VM instances and vCenter VM instances on the dashboard. Allows a tenant/sub-account to view the billing information of KVM and vCenter resources. Allows a tenant to apply for vCenter VM instances by submitting tickets. Audits all of the vCenter actions, which effectively ensures Audit the security of the cloud environment. Features in Tenant Management Type Feature Description The basic element constructing organization structures. An organization structure consists of organizations of various levels. Provides a tree diagram to show the organizations in an organization structure. The admin or platform managers see all structure trees on the Cloud, while a normal platform or project member see only the tree its organization belongs to. Divides organizations into the default department and custom departments according to the users they organize. A custom department is used to organize personnel assigned to this department, and the default department is used to Personnel organize personnel has not been assigned to any custom and department. Once a personnel is assigned to a custom Organization Permission department, it is removed from the default department. s The default department is generated automatically by the system. You cannot delete the default department or add a sub-department to it. Allows you to centrally manage immediate members of the default department. Divides custom departments into two types according their addition methods: creating on local and synchronizing from an SSO platform. The first method creates a custom department to organize local users and the second method provides a custom department to organize SSO users. Divides custom departments into new teams and sub- departments according to their structural levels. A new 206 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Feature Description team is a top-level department that allows you to add sub- departments of various level to it. Allows you to manage the lifecycle of a custom department, such as creating and deleting a custom department. Allows you to add sub-departments to a custom department or change the superior department for a sub-department. Allows you to set a department manager for a top-level department and department admins for custom departments. Allows you to centrally manage the immediate members and associated project resources of a custom department. Allows you to set quotas on custom department resources, such as the compute resource quota, storage resource quota , network resource quota, and other resource quota. Natural persons performing as the most basic units in Tenant Management. Divides users into local users and SSO users according to their origins. Local users are created on the Cloud while SSO users are synchronized from SSO platforms. Allows you to manage the lifecycle of a local user, such as creating and deleting a local user. Supports two methods to create local users: custom creation and template import. Allows you to change the login password for a local user. User Allows you to enable the certificate login feature for a local user to authenticate its identity when it logs in to the Cloud. Allows you to change a deleted AD/LDAP user from an SSO user to a local user. Allows you to delete an SSO user. Allows you to add/remove a user to/from a department, user group, or project. Allows you to set a platform or project role for a user. Allows you to specify a zone for a user to manage. Allows you to export the user information as a CSV table, which helps in statistical analysis and problem diagnosis. Issue: V5.1.8 207Technical Whitepaper / 3 Product Features Type Feature Description A collection of natural persons as well as a collection of project members. Allows you to manage the lifecycle of a user group, such as creating and deleting a user group. User Group Allows you to add users to a user group and centrally manage the users in the user group. Allows you to add a user group to a project and assign unified project roles to the users in the user group. A collection of permissions, granting users and user groups with permissions to perform actions on resources with APIs. Divides roles into platform roles and project roles according to the scenarios in which their permissions take effect. A platform role has permissions to manage the zone assigned to it while a project member has permissions to manage the project it belongs to. Divides roles into system roles and custom roles according to their generation mechanisms. System roles including admin, platform manager, department Role manager, monitor role, project admin, and project manager. Roles other than these are all custom roles. System roles are generated by the system automatically. You can view the UI permissions and API permissions of a system role. Allows you to manage the lifecycle of a custom role, such as creating and deleting a custom role. Allows you to modify the UI permissions and UI permissions of a custom role. Allows you to view the users and user groups bond with a role. Supports seamlessly access to SSO systems to enable SSO users to log in to the Cloud. Supports SSO server types: AD, LDAP, OIDC, OAuth2, and SSO CAS. Allows you to enable the SSL/TSL encryption for AD and LDAP servers. 208 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Feature Description Allows you to enable SSL Certificate Check Skipping for LDAP servers configured with SSL certificates in Global Setting to skip all SSL certificate checks when the Cloud accesses these servers. Allows you to configure allowlist or blocklist filter mechanism and filter rules for an AD or LDAP server to filter the users that does not need or need to be synchronized from the base DN. Allows you to configure synchronize mapping rules for an SSO server. Allows you to manage the lifecycle of an SSO server, including adding and deleting an SSO server. Allows you to manually synchronize the latest user informatio n from a AD or LDAP server. Allows you to manually test the connectivity of a AD or LDAP server. Audits all personnel and permissions actions, which effectivel Audit y ensures the security of the cloud environment. A project is a tenant. You can plan resources based on projects and create a separate resource pool for a project. Supports two project configuration methods: manual configuration and configuration with a project template. Supports project reclaim policies: unlimited, reclaim by specifying time, and reclaim by specifying cost. A project set as reclaimed by specifying time or reclaimed Project by specifying cost allows you to specify one of the following Project Management reclaim actions: disable project member login, disable project login and stop project resource, and delete project. Allows you to set an access control for a project as needed , allowing project members to log in to the Cloud during a specified time period, or prohibiting project member from logging in to the Cloud during a specified time period. Allows you to enable security group constraint for a project to associate a security group by force to each VM instance created by the project members. Issue: V5.1.8 209Technical Whitepaper / 3 Product Features Type Feature Description Allows you to manage the lifecycle of a project, such as creating, enabling, disabling, deleting, recovering, and expunging a project. Allows you to restore an expired project. The project member can log in to the project and the project resources work normally after the restoration. Allows you to generate a project template from an existing project for the fast creation of later projects. Allows you to set a project admin who can set project managers to help the project management. Allows you to set a department for a project. The project bill is merged into the department bill. Allows you to stop project resources, including VM instances and VPC vRouters. This action does not disable the project members from logging in to the project. Allows you to set quotas on project resources, such as compute resource quota, storage resource quota, network resource quota, and other resource quota. Allows you to centrally manage the members, user groups, associated resources, and shared resources of a project. A template that identifies various resource quotas. You can use a project template to create a template quickly. Allows you to manage the lifecycle of a project template, Project Template such as creating and deleting a project template. Allows you to set quotas for a project template, such as compute resource quota, storage resource quota, network resource quota, and other resource quota. Audits all project management actions, which effectively Audit ensures the security of the cloud environment. Helps you provide basic resources to project more efficiently. Divides processes into the default process and custom Ticket Process Management processes according to their generation mechanisms. Management The default process is generated by the system and consists of two flows: the submitting ticket flow and the final approval and execution flow. The default process allows project 210 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Feature Description admins, project managers, and normal project members to submit tickets, and the admin to approve and execute tickets. The default process applies to following tickets: tickets to modify project cycle, tickets to modify project quota, and tickets that are not specified with a custom process. Allows the admin, platform managers and normal platform members with corresponding permissions to create custom processes. A custom process consists of following flows: the submitting ticket flow, intermediate approval flows, and the final approval and execution flow. A custom process allows project admins, project managers, and normal project members to submit tickets; project admins, project mangers , normal project members, and department managers joining the projects to be responsible for intermediate approval flows , and the admin and project admins to be responsible for the final approval and execution flow. A custom process applies to following tickets: tickets to apply for VM instance, tickets to delete VM instance, and tickets to modify VM configuration. Supports the process lifecycle management, such as creating, enabling, disabling, and deleting a custom process. Supports ticket flow modifications. Allows project admins, project managers, and normal project members to submit tickets. Supports following ticket types: apply for VM instance (KVM/ ESX), delete VM instance, modify VM configuration, modify project quota, and modify project cycle. Ticket Application Supports ticket lifecycle management, such as creating and deleting a ticket. Allows project members to recall a pending ticket, or resubmit a recalled or rejected ticket. Provides intuitive ticket processing records. Allows project admins, project managers, normal project members, and department managers joining the projects to Ticket Approval be responsible for intermediate approval flows. Allows the admin and project admins to be responsible for the final approval and execution flow. Issue: V5.1.8 211Technical Whitepaper / 3 Product Features Type Feature Description Allows you to view pending and resolved tickets. Allows you to approve or reject a pending ticket. Provides intuitive ticket processing records. Allows the admin to view archived tickets, including resolved tickets that are deleted. Audits all ticket management actions, which effectively Audit ensures the security of the cloud environment. Features in Backup Service Type Features Description Supports intuitive viewing and unified management of backup jobs on the Cloud to improve O&M efficiency. Displays backup job overview on different cards, including the number, state, and status of backup jobs. Backup Job Displays backup job statistics in line chart and list format. Dashboard Allows you to set a time filter to view the execution of backup jobs within the selected time period. The time filter applies to both the line chart and list. Allows you to view backup job execution details. Allows you to create a backup job to back up local VM Backup instances, volumes, or databases to a specified storage Service server. Local backup, remote backup, and Public Cloud backup are currently supported. Allows you to manage the lifecycle of backup jobs, such as creating, enabling, disabling, and deleting backup jobs. Allows you to specify a local backup server for a backup Backup Job job. If two local backup servers are specified, the failover mechanism is supported. Allows you to specify a remote backup server for a backup job. Only one remote backup server is supported. Supported types: Remote Backup and Alibaba Cloud Backup. Allows you to set a network QoS and disk QoS for VM/ volume backup jobs. 212 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to back up a VM instance with its attached volumes. Allows you to set a backup mode for a VM instance/volume backup job (incremental backup + default full backup, incremental backup + custom full backup, full backup policy). Allows you to specify a backup mode for a backup job of management node database (full backup mode). Supports backup immediately after the job creation (VM instances/volumes backup jobs only). Allows you to manually perform a backup job, providing convenience for backing up important operations at any time. Allows you to set a data retention policy for a backup job, including local retention policy (by count/by time) and remote retention policy (permanently/by count/by time). Allows you to manage the backup resource of a backup job, including associating, disassociating, and viewing monitoring data in real time. Allows you to set a time filter to view backup job records within the selected time period. Significantly improves large file backup performance by optimizing the large file backup mechanism, supporting both physical and virtual tape libraries (requires tape library to provide file system mounting software, such as LTFS). Allows you to view the local backup data of VM instances, volumes, and databases in a list format. Allows you to view the backup data usage statistics of VM instances and volumes, including dependent incremental, incremental, and full. Allows you to recover the local backup data of VM instances/ Local Backup Data volumes to local. Supported recovery policy: New Resource and Overwrite Original Resource. Allows you to recover a VM instance with its attached volumes. (The local backup data of the VM instance needs to contain volume backup data.) Allows you to recover local backup data from management node database to local. Issue: V5.1.8 213Technical Whitepaper / 3 Product Features Type Features Description Allows you to change the owner of the local backup data of a VM instance. Allows you to scan a local backup server, and displays local backup data of the management node database on the cloud platform. Allows you to export the local backup data of the management node database to the specified path of the local backup server, which is available for download. Allows you to delete the local backup data. Allows you to view the details of the VM/volume local backup data. Supports two types of addition: Existing Backup Storage ( ImageStore only) and Add Server. Allows you to specify the backup network. In local backup scenarios, both data backup and recovery are implemented by using the backup network. Allows you to manage the lifecycle of local backup servers , such as creating, enabling, disabling, reconnecting, and deleting local backup servers. Allows you to scan a local backup server and display the local backup data record on the cloud platform. Local Backup Server Allows you to clean up the invalid backup data and expired temporary data that have been completely deleted from the local backup server to free up the storage space. Allows you to update the password of the local backup server. Allows you to manage the backup data on local backup server, including VM instances, volumes, and the local backup data on database. Displays local backup server resource in a real time by using monitors, including capacity percent used, NIC, CPU, memory, and disk. Remote Backup Allows you to add only one remote backup server. Supported Server types: Remote Backup and Alibaba Cloud Backup. 214 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of remote backup servers , such as adding, enabling, disabling, reconnecting, and deleting remote backup servers. Allows you to update the password of a remote backup server. Allows you to clean up the invalid backup data and expired temporary data that have been completely deleted from a remote backup server to free up the storage space. Allows you to manage the resources on a remote backup server, including backup data (VM instances, volumes, and the remote backup data on database) and zone. Allows you to view the remote backup data of VM instances, volumes and management node database in a list format. Allows you to synchronize the remote backup data of VM instances and volumes to a local backup server. Allows you to recover the remote backup data of VM instances/volumes to local. Note that the remote backup data needs to synchronize to local backup server first before recovering to local. Remote Backup Data Allows you to recover the remote backup data of management node database to local. Allows you to scan the remote backup server, and display remote backup data of the management node database on the cloud platform. Allows you to export the remote backup data of the management node database to the specified path of the remote backup server, which is available for download. Allows you to delete the remote backup data. Audits all of the backup service actions, which effectively Audit ensures the security of the cloud environment. Features in Continuous Data Protection (CDP) Service Type Features Description Displays the critical CDP information on different cards, ContinuousCDP Dashboard including the number and status of CDP tasks and recovery Data tasks, the CPU and memory utilization of backup servers, top Issue: V5.1.8 215Technical Whitepaper / 3 Product Features Type Features Description 5 backup server usage, the total disk I/O of backup servers, and unread alarm statistics in recent 7 days. Allows you to create CDP tasks to continuously back up your VM data to a specified backup server to achieve continuous data protection. Allows you to create CDP tasks in bulk for multiple VM instances. One CDP task corresponds to one VM instance. Allows you to perform a full backup for VM instances without installing any third-party agent. Performs a full backup for VM instances immediately after you create CDP tasks. Supports second/minute-level RPO settings Recommends the desired capacity required by a CDP task based on an algorithm when you create a CDP task for the first time, helping you to plan the backup space reasonably. CDP Task Supports multiple primary storage: The CDP service applies to VM instances in different primary storage scenarios Protection , including LocalStorage, NFS, SharedBlock, and Ceph (CDP) primary storage. Allows you to manage the lifecycle of CDP tasks, such as creating, enabling, disabling, and deleting CDP tasks. Allows you to modify the protection policy of a disabled CDP task, including the recovery point interval, backup aggregatio n frequency, recovery point retention policy, and the backup rate. Allows you to modify the task running policy to adjust the desired size and RPO policy for a CDP task. Allows you to view the creation progress of a CDP task. Provides CDP task resource alarms and event alarms and allows you to create these alarms. Allows you to back up CDP data on a local backup server. Displays the CDP running status in charts and tables and CDP Data allows you to view the details by specifying a time span. Displays hourly data changes so that you plan the backup capacity more reasonably. 216 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Provides a recovery point calendar, which identifies the dates with recovery points with colors and helps you to locate recovery points quickly. Allows you to lock recovery points. After a recovery point is locked, data of the recovery point will not be automatically cleared or deleted. Provides recovery point list and locked recovery point list and allows you to view the details by specifying a time span. Supports fast recovery based on selected recovery points ( including locked recovery points). Supports instant recovery with a minimum RTO in seconds. Supports entire restoration and file-level restoration. Entire restoration allows you to restore data to the original VM instance or to a newly-created VM instance. Restore data to a newly-created VM instance: Allows you to create a VM instance from the selected recovery point without affecting the original VM instance. The newly created VM instance will quickly start up for business recovery. Restore data to the original VM instance: Allows you to create new volumes or overwrite current volumes. Create new volumes: Allows you to retain and attach volumes before the recovery to the original VM instance to ensure data security. Overwrite current volumes: Overwrites the original data in the VM instance and retain the snapshots in the current volumes. After the data restoration, the original VM instance will quickly start up for business recovery. File-level restoration allows you to retrieve files without restoring the system. Supported file format include picture, text, and PDF. Allows you to clear CDP data, which will delete all the CDP data of the VM instance, including the locked recovery points . The Cloud performs full backup for the VM instance the next time the CDP task is enabled. Issue: V5.1.8 217Technical Whitepaper / 3 Product Features Type Features Description Provides a list of recovery tasks, allowing you to view the recovery records and progress for later audits and traceback. Allows you to restore data through a wizard-style process. Supports multiple primary storage: The CDP service applies to VM instances in different primary storage scenarios , including LocalStorage, NFS, SharedBlock, and Ceph primary storage. Supports instant recovery with a minimum RTO in seconds. Allows you to restore data to the original VM instance or to a newly-created VM instance. Restore data to a newly-created VM instance: Allows you to create a VM instance from the selected recovery point without affecting the original VM instance. The newly created VM instance will quickly start up for business recovery. Recovery Task Restore to the original VM instance: Allows you to create new volumes or overwrite current volumes. Create new volumes: Allows you to retain and attach volumes before the recovery to the original VM instance to ensure data security Overwrite current volumes: Overwrites the original data in the VM instance and retain the snapshots in the current volumes. After the data restoration, the original VM instance will quickly start up for business recovery. Allows you to manage the lifecycle of recovery tasks, such as creating, enabling, disabling, and deleting recovery tasks. Allows you to redo a failed or canceled recovery task. Allows you to cancel a recovery task during the recovery progress. After a recovery task is canceled, intermediate data generated during the recovery process will not be retained. Local Backup Server Allows you to back up CDP data on a local backup server. 218 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to use the ImageStore deployed in your local data center as the local backup server, or deploy a new local backup server. Allows you to add multiple local backup servers. Allows you to view the CDP data saved to a local backup server on a local backup server details page. Audits all of the CDP actions, which effectively ensures the Audit security of the cloud environment. Features in Migration Service Type Features Description Allows you to migrate VM instances from a taken-over vCenter to the Cloud. Supported vCenter versions: 5.5, 6.0, 6.5, 6.7, and 7.0. Supported vCenter VM operating systems: RHEL 4.x/5.x/6 .x/7.x, CentOS 4.x/5.x/6.x/7.x, SLES 11/12/15, Ubuntu 12/ 14/16/18, and Windows 7/Server 2003 R2/Server 2008 R2/ Server 2012 R2/Server 2016/Server 2019. Supported source primary storage: Unlimited. Supported destination primary storage: LocalStorage, NFS, Ceph, and Shared Block. Allows you to manage the lifecycle of V2V jobs, including Migration V2V Migration ( creating, rebooting, and deleting V2V jobs. Service VMware → the Cloud) Allows you to create V2V jobs for VM instances in bulk. The Cloud supports one V2V job per source VM instance. Allows you to enable the compression mode as needed, which effectively compresses the migration data cache and improves the cache space utilization of the V2V conversion host. Allows you to customize the configurations of destination VM instances. Allows you to view progress bars of V2V jobs. Automatically installs Windows VirtIO drivers for Windows VM instances during the migration process, which improves the NIC and disk operating efficiency. Issue: V5.1.8 219Technical Whitepaper / 3 Product Features Type Features Description Allows you to migrate VM instances from a KVM platform to the Cloud. Allows you to migrate running or paused VM instances. Supported source primary storage: Unlimited. Supported destination primary storage: LocalStorage, NFS, Ceph, and Shared Block. If the source primary storage or the destination primary storage is a Ceph storage, make sure that the libvirt is of 1.2 .16 or above version, and QEMU version is of 1.1 or above version before you perform the V2V migration. If neither the source primary storage nor the destination primary storage is a Ceph storage, make sure that the libvirt is of 1.2.9 or V2V Migration (KVM above version, and QEMU is of 1.1 or above version before → the Cloud) you perform the V2V migration. Allows you to manage the lifecycle of V2V jobs, including creating, rebooting, and deleting V2V jobs. Allows you to create V2V jobs for VM instances in bulk. The Cloud supports one V2V job per source VM instance. Allows you to enable the compression mode as needed, which effectively compresses the migration data cache and improves the cache space utilization of the V2V conversion host. Allows you to customize the configurations of destination VM instances. Allows you to view progress bars of V2V jobs. Allows you to specify a host in the destination cluster as a V2V conversion host. The migration data is firstly cached in the V2V conversion host and then migrated to the destination primary storage. Allows you to attach data volumes to a V2V conversion host, V2V Conversion Host so that you can cache data to your local disk or data volume as needed. Allows you to manage the lifecycle of V2V conversion hosts , such as adding, enabling, disabling, and deleting V2V conversion hosts. 220 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Make sure that the type of the V2V conversion host is consistent with that of the source platform. The state of a V2V conversion host is decoupled from that of the host added as the V2V conversion host. When the V2V conversion host is enabled but the host is disabled, the V2V conversion host is used exclusively for V2V migrations, and other VM instances will not be dispatched to this host. This improves the migration efficiency. Allows you to set an independent migration network and network QoS to control transmission bottleneck and improve the migration efficiency. Monitors and displays the capacity usage of V2V conversion hosts. Audits all of the V2V actions, which effectively ensures the Audit security of the cloud environment. Features in Baremetal Management Type Features Description Provides independent cluster management for baremetal chassis. Allows you to manage the lifecycle of baremetal clusters, such as creating, enabling, disabling, and deleting baremetal clusters. Allows you to attach/detach a deployment server to/from a Baremetal Cluster baremetal cluster. Allows you to attach/detach L2 networks to/from a baremetal Baremetal cluster. Management Allows you to centrally manage the resources associated with a baremetal cluster, such as the deployment server, baremetal chassis, and L2 networks. Allows you to specify an independent server as the deployment server to provide PXE services and console proxies for baremetal chassis. Deployment Server Allows you to manage the lifecycle of deployment servers , such as creating, enabling, disabling, reconnecting, and deleting deployment servers. Issue: V5.1.8 221Technical Whitepaper / 3 Product Features Type Features Description Allows you to attach/detach baremetal clusters to/from a deployment server. Allows you to create baremetal instances based on baremetal chassis, which can be uniquely identified by their BMC interfaces and IPMI configurations. Supports two types of addition: manual addition and template import. You can add up to 500 baremetal chassis at a time. Allows you to manage the lifecycle of baremetal chassis, such as adding, enabling, disabling, powering on, powering Baremetal Chassis off, rebooting, and deleting baremetal chassis. Allows you to automatically or manually obtain the hardware information of a baremetal chassis. Allows you to launch the console of a baremetal chassis and jump to its IPMI management page. Allows you to view the hardware configuration of a baremetal chassis in a list format. Quickly generates preconfigured files to achieve unattended bulk installation of baremetal instance operating systems. Divides preconfigured templates into system templates and custom templates based on how the preconfigured template is created. System templates are provided by the Cloud, which include the basic system variables and can be applied to simple unattended deployment scenarios. Custom templates are generated from the uploaded custom Preconfigured template files (in the UTF8 format), which include custom Template variables in addition to the basic system variables, and can be applied to complex unattended deployment scenarios. Supports the following operating systems: the custom OSs of the Cloud, mainstream Linux OSs (RHEL/CentOS series , Debian/Ubuntu series, and SUSE/openSUSE series), and other OSs. Supports the following types of template: kickstart (applies to the custom OSs of the Cloud, and RHEL/CentOS OSs ), preseed (applies to Debian/Ubuntu OSs), and autoyast ( applies to SUSE/openSUSE OSs). 222 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to manage the lifecycle of custom templates, such as adding, enabling, disabling, and deleting custom templates. Allows you to download a preconfigured template. Allows you to view the details of a preconfigured template. Created based on baremetal chassis as virtual instances of the baremetal chassis. You can add up to 50 baremetal instances at a time. Allows you to select images (in ISO format and are not live CDs) to deploy operating systems for baremetal instances. Allows you to achieve unattended bulk installation of baremetal instance operating systems with preconfigured files generated from the preconfigured templates. Allows you to configure business networks for a baremetal instance. Supports the following networks: flat network and public network. Supports the following network devices: NICs Baremetal Instance and NIC bonds. Allows you to manage the lifecycle of baremetal instances , such as creating, starting, stopping, rebooting, deleting, recovering, and expunging baremetal instances. Allows you to launch the console of a baremetal instance. Allows you to customize tags for baremetal instances so that you can locate them quickly. Supports internal monitoring: displays the baremetal instance data such as CPU, memory, disk I/O, disk size, and NIC I/O . An agent is required for internal monitoring. Allows you to centrally view the resources associated with a baremetal instance, such as NICs and disks. Audits all of the baremetal management actions, which Audit effectively ensure the security of the cloud environment. Issue: V5.1.8 223Technical Whitepaper / 3 Product Features Features in Elastic Baremetal Management Type Resource Description Visualizes and displays the logical architecture of elastic baremetal management feature, guiding you to quickly use the elastic baremetal management. Provides five quick start steps, including Preparation Quick Start → Provision Network → Elastic Baremetal Cluster → Wizard Gateway Node → Baremetal Node. After finishing the quick start wizard, you can create elastic baremetal instances. For ZStack Ceph Enterprise, you need to make sure that the configuration is correct before creating elastic baremetal instances. Specifies a dedicated network for PXE processes and image downloading when elastic baremetal instances are created. Provision Supported network type: IPv4. Network Allows you to manage the lifecycle of provision networks , such as creating and deleting provision networks. Elastic Baremetal Allows you to view the associated elastic baremetal Management clusters. Provides independent cluster managements for baremetal nodes. Allows you to set the CPU architecture of an elastic baremetal cluster, including x86_64 and aarch64. Allows you to manage the lifecycle of elastic baremetal clusters, such as creating, enabling, disabling, and deleting elastic baremetal clusters. Elastic Baremetal Allows you to attach/detach an L2 network of the Cluster NoVLAN/VLAN type to/from an elastic baremetal cluster. Allows you to change provision network for an elastic baremetal cluster. Allows you to attach/detach primary storage of the Ceph /Shared Block/Vhost type to/from an elastic baremetal cluster. Allows you to centrally manage resources associated with an elastic baremetal cluster, including gateway node 224 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Resource Description , baremetal node, primary storage, iSCSI storage, and L2 network. Forwards traffics of the Cloud and elastic baremetal instances. Allows you to manage the lifecycle of gateway nodes, such as adding, enabling, reconnecting, and deleting gateway nodes. Allows you to change the password of a gateway node. Gateway Node Allows you to change elastic baremetal cluster of a gateway node. Monitors and displays gateway node metrics such as NIC , CPU, and memory. Allows you to centrally manage elastic baremetal instances associated with a gateway node. A baremetal node is used to create elastic baremetal instances and is universally identified by its BMC interface and IPMI configurations. Supports two types of addition: custom and template import. You can add up to 500 baremetal nodes at a time . (You can modify the maximum number of bulk addition in global setting.) Allows you to set the CPU architecture of a baremetal node, including x86_64 and aarch64. Allows you to set the start method of a baremetal node, Baremetal Node including volume and local disk (non take-over/take-over ). Allows you to manage the lifecycle of baremetal nodes , such as adding, enabling, disabling, powering on, powering off, rebooting, and deleting baremetal nodes. Allows you to automatically or manually obtain the hardware information of a baremetal node. Allows you to modify the IPMI info when the power supply of the baremetal node is in Unknown state. Allows you to launch the console of a baremetal node and jump to its IPMI management page. Issue: V5.1.8 225Technical Whitepaper / 3 Product Features Type Resource Description Allows you to view the hardware information of baremetal nodes in a list format. An elastic baremetal offering defines the number of vCPU cores, memory size, CPU architecture, CPU model , and other configuration settings of elastic baremetal instances. You can use an elastic baremetal offering to create an elastic baremetal instance. Allows you to obtain an elastic baremetal offering by obtaining the hardware information of baremetal nodes. Elastic Baremetal Allows you manage the lifecycle of elastic baremetal Offering offerings, such as enabling and disabling elastic baremetal offerings. Allows you to set the sharing mode of an elastic baremetal offering, including share globally, share to specified projects or accounts, and not share. Allows you to centrally manage the baremetal nodes associated with an elastic baremetal offering. Comparable to instances virtualized through physical servers in performance, leverages resource scalability in the Cloud to achieve flexible applications and on-demand usages. Supports two types of creation: add by baremetal node and add by baremetal offering. Allows you to power off to release baremetal node. When elastic baremetal instances are stopped, baremetal nodes will be automatically released to avoid idle Elastic Baremetal resources (only elastic baremetal instances added by Instance elastic baremetal offerings and baremetal nodes that start on volume). Allows you to specify the storage allocation policy of an elastic baremetal instance, including system allocation and custom (only elastic baremetal instances added by elastic baremetal offerings and baremetal nodes that start on volume). Allows you to select an image to install the operating system for an elastic baremetal instance. Supported operating systems: x86 Windows (2012/2016/2019/10 ), x86 Linux (CentOS 7/8, Ubuntu 18 LTS/20 LTS), and 226 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Resource Description ARM Linux (CentOS 7/Kylin V10) (only elastic baremetal instances added by elastic baremetal offerings and baremetal nodes that start on volume/non take-over local disk). Allows you to specify the gateway node allocation policy , including LeastBmPreferredGatewayAllocationStrateg y, Last Gateway Node, and Random. You can select a gateway node as the first assigned gateway node for an elastic baremetal instance. Allows you to manage the lifecycle of elastic baremetal instances, such as creating, starting, stopping, rebooting , powering off, deleting, recovering, and expunging elastic baremetal instances. Allows you to automatically or manually obtain the status of an elastic baremetal instance. Allows you to launch the console of a running elastic baremetal instance (agent required). Allows you to customize tags for elastic baremetal instances so that you can locate them quickly. Allows you to attach/detach a volume to/from an elastic baremetal instance (agent required). Allows you to attach/detach a block storage volume to/ from an elastic baremetal instance (agent required). Allows you to change system of an elastic baremetal instance. Allows you to change the password of an elastic baremetal instance (agent required). Allows you to create an image for an elastic baremetal instance (only elastic baremetal instances that start on volume). Allows you to create a single snapshot for an elastic baremetal instance (only elastic baremetal instances that start on volume). Monitors and displays elastic baremetal instance metrics such as CPU, memory, disk, disk capacity, and NIC ( agent required). Issue: V5.1.8 227Technical Whitepaper / 3 Product Features Type Resource Description Allows you to configure business networks for elastic baremetal instances. Supported business network: flat network, public network, and VPC network. Supported network device: NIC and NIC Bond. Allows you to centrally manage resources associated with elastic baremetal instance, including volume, NIC ( provision NIC and business NIC), and local disk. Audits all of the elastic baremetal management actions Audit , which effectively ensure the security of the cloud environment. Features in Hybrid Cloud Management Type Features Description Allows you to synchronize Alibaba Cloud resources from added regions and zones to local, such as ECS instances , disks, VPCs, vSwitches, security groups, images, EIPs, Sync Data VPNs, virtual border routers, and router interfaces. Supports automatic and manual data synchronizations. Automatic synchronizations occur when regions or zones are newly added to local. Visualizes the logical architecture of Hybrid Cloud Management, guiding you to use Hybrid Cloud Management quickly. Hybrid Quick Start Wizard Provides three quick start steps: Create ECS Instance, Cloud Establish VPN Connection, and Create Alibaba Cloud Management Express Connect. ECS is Elastic Compute Service provided by Alibaba Cloud. Allows you to manage the lifcycle of an ECS instance, such as creating, starting, stopping, rebooting, and deleting an ECS instance. ECS Instance Allows you to launch the console of an ECS instance and modify the console password as needed. Allows you to modify the system user password of an ECS instance. The new password takes effect after you reboot the ECS instance. 228 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to centrally manage disks attached to an ECS instance. Alibaba Cloud disks that provide extended storage spaces for ECS instances. Supports two types of disks: ultra cloud disks and SSD disks. Allows you to manage the lifecycle of a disk, such as Disk creating and deleting a disk. Allows you to attach/detach disks to/from ECS instances. Allows you to set whether to delete a disk simultaneously when you delete the ECS instance it attached to. Alibaba Cloud images that provide template files to create ECS instances. Divides images into two types according to their origins: Alibaba Cloud images and custom images. Alibaba Cloud images are synchronized from Alibaba Cloud to local. Image Custom images are created locally and uploaded to Alibaba Cloud through buckets in corresponding regions. Allows you to choose the format of uploaded local images in Hybrid Cloud Settings. Valid values: .qcow2 and .raw. Displays the upload progress of local images. Allows you to delete images. Provides 3 CIDRs for you to create VPCs (Alibaba virtual private clouds) dedicated for ECS instances: 192.168.0.0/16 , 172.160.0.0/12, and 10.0.0.0/8 Allows you to manage the lifecycle of a VPC, such as creating and deleting a VPC. Allows you to create VPN connections and express connects based on VPCs. VPC Allows you to centrally manage associated resources of a VPC, such as vSwitches, vRouters, security groups, and VPN gateways. Allows you to manage the lifecycle of a vSwitch, such as creating and deleting a vSwitch. Allows you centrally manage the ECS instances associated with a vSwitch. Issue: V5.1.8 229Technical Whitepaper / 3 Product Features Type Features Description Allows you to add/delete route entries to/from vRouters. Provides three next hop options for route entries: hop to route interface, hop to ECS instance, and hop to VPN gateway. An IPsec tunnel created between a VPN gateway and a VPN customer gateway that enables communications between local private networks and VPC networks on Alibaba Cloud. A VPN gateway is a network connection service provided by Alibaba Cloud. You need to purchase it on Alibaba Cloud Console before you can use it. Allows you to delete a VPN gateway from local without influencing the corresponding actual resource on Alibaba Cloud. Allows you to centrally manage the VPN connections based on a VPN gateway. A VPN customer gateway provides services for the local data center. Allows you to manage the lifecycle of a VPN customer gateway, such as creating and deleting a VPN customer VPN gateway. Allows you to centrally manage the VPN connections based on a VPN customer gateway. Allows you to establish a VPN connection between a VPN gateway and a VPN customer gateway to enable encrypted communications between the local data center and Alibaba Cloud. Provides three entries for you to create VPN connections: from Quick Start Wizard, from a VPC action list, and on the VPN Connection page. Allows you attach multiple local VPC networks to a VPN connection. Supports NAT Traversal that ensures normal data transmissi ons even though a NAT device exists between the local data center and Alibaba Cloud. Express Connect A physical circuit to connect the local data center and the access point of Alibaba Cloud that ensures fast, stable and 230 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description secure communications between local private networks and Alibaba Cloud VPCs. Provides 2 creation entries for express connect: from Quick Start Wizard and on a VPC action list. Allows you to centrally manage resources used for express connects, such as router interfaces and virtual border routers . Allows you to add router interfaces to virtual border routers and VPC vRouters for message forwards. Allows you to specify regions to synchronize virtual border routers to local. Allows you to add/delete route entries to/from a virtual border router. Provides four next hop options for route entries: hop to ECS instance, hop to router interface, hop to VPN gateway, and hop to physical connection interface. Allows you to modify the interconnection address of a virtual border router. Alibaba Cloud security groups that provide security control services for ECS instances on the L3 network layer. Provides four initial rule options for security groups: Prohibit All (Default), Allow All, Disable Some Vulnerable Ports, and Allow Commonly Used Ports. Allows you to manage the lifecycle of a security group, such as creating and deleting a security group. Allows you to add/delete ingress or egress rules to/from a Security Group security group. Provides two authorization policy options for ingress/egress rules: Accept and Reject. Provides five protocol options for ingress/egress rules: ALL, TCP, UDP, ICMP, and GRE. Allows you to set priorities for ingress/egress rules. The rule with the highest priority takes effect when you set multiple rules on a same object. Issue: V5.1.8 231Technical Whitepaper / 3 Product Features Type Features Description Elastic IP addresses (EIP) in Alibaba Cloud public networks that enable ECS instances to access public networks. EIP Allows you manage the lifecycle of an EIP, such as creating and deleting an EIP. Allows you to attach/detach EIPs to/from ECS instances. Integrates Alibaba Cloud NAS to provide file systems as backend storage systems for AliyunNAS primary storage. Supports two methods to add NAS file systems: add an existing file system deployed on Alibaba Cloud, or create a new file system. NAS files systems supports two storage types: Performance and Capacity. NAS file systems supports two protocol types: NFS and SMB . Allows you to manage the lifecycle of an NAS file system, such as creating and deleting a file system. Allows you to create permission groups to limit accesses to a file systems. Permission groups support allowlist mechanisms, allowing Alibaba Cloud NAS you to add rules to allow specified IP addresses and CIDRs to access the file system. Supports two methods to create permission groups: add an existing permission group on Alibaba Cloud, or create a new permission group. Allows you to add/delete rules to/from a permission group. Allows you to set the permission range when you create a permission group rule, enabling an authentication objects to only read from the file system (RDONLY), or read from as well as write in the file system (RDWR). Allows you to set priorities for permission group rules. The rule with the highest priority takes effect when you set multiple rules on a same authentication object. Allows you to create an AliyunNAS primary storage based on a file system and permission groups. 232 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description AliyunNAS primary storage supports backup storage: ImageStorage backup storage. Allows you to manage the lifecycle of an AliyunNAS primary storage, such as adding, enabling, disabling, reconnecting, deleting an AliyunNAS primary storage or making it enter the maintenance mode. Allows you to centrally manage the resources associated with an AliyunNAS primary storage, such as VM instance, volumes, and clusters. Allows you to clean up garbage data of an AliyunNAS at a specified interval. You can modify the interval in Hybrid Cloud Settings. Monitors and displays the percentage of used capacity of an AliyunNAS primary storage. Integrates Alibaba Cloud EBS to serve as a local primary storage type, AliyunEBS. AliyunEBS primary storage supports backup storage: AliyunEBS backup storage. Allows you to manage the lifecycle of an AliyunEBS primary storage, such as adding, enabling, disabling, reconnecting, and deleting an AliyunEBS primary storage or making it enter the maintenance mode. Allows you to centrally manage the resources associated with an AliyunEBS primary storage, such as VM instances, Alibaba Cloud EBS volumes, and clusters. Monitors and displays the percentage of used capacity of an AliyunEBS primary storage. Allows you to clean up garbage data of an AliyunEBS at a specified interval. You can modify the interval in Hybrid Cloud Settings. Integrates Alibaba Cloud Object Storage Service (OSS) to serve as a local backup storage type, AliyunEBS. AliyunEBS backup storage supports primary storage: AliyunEBS primary storage. Issue: V5.1.8 233Technical Whitepaper / 3 Product Features Type Features Description Allows you to set a dedicated data network for an AliyunEBS backup storage to improve the data transmission efficiency between compute nodes and the backup storage. Allows you to manage the lifecycle of an AliyunEBS backup storage, such as adding, enabling, disabling, reconnecting, and deleting an AliyunEBS backup storage. Allows you to centrally manage the images in an AliyunEBS backup storage. Monitors and displays the percentage of used capacity of an AliyunEBS backup storage. Allows you to add Alibaba Cloud regions can be accessed by your AccessKey. The zones and resources in the regions can be synchronized to local. Supports two types of regions: Alibaba Cloud regions and Private Alibaba Cloud regions. Divides Private Alibaba Cloud regions into two types: AliyunNAS region and AliyunEBS region. Allows you to centrally manage the zones and buckets in a region. Allows you to use a bucket to transfer a local image to Region Alibaba Cloud. Supports two methods to add buckets: add an available bucket existing in the region, or create a new bucket. Allows you to manage the lifecycle of a bucket, such as adding and deleting a bucket. Allows you to set a bucket as the default bucket for the image upload. Allows you to cancel the default state of a bucket. Allows you to delete a region from local without influencing the corresponding actual resource on Alibaba Cloud. Allows you to synchronize zones in a region you added , or manually add zones that can be accessed by your AccessKey. Resources in an added zone can be synchroniz Zone ed to local. Allows you to centrally manage the resources associated with a zone, such as vSwithes and ECS instances. 234 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description Allows you to delete a zone from local without influencing the corresponding actual resource on Alibaba Cloud. An identity credential that has access to APIs of Alibaba Cloud or Private Alibaba Cloud, thus enabling you to use relevant Cloud services. Supports two types of AccessKeys: Alibaba Cloud AccessKeys and Private Alibaba Cloud AccessKeys. Divides Private Alibaba Cloud AccessKeys into two types: AccessKey AliyunNAS AccessKey and AliyunEBS AccessKey. Management Allows you to manage the lifecycle of an AccessKey, such as adding and deleting an AccessKey. Allows you to set an AccessKey as default to call APIs of Alibaba Cloud or Private Alibaba Cloud. Allows you to cancel the default state of an AccessKey. Displays the basic information of an AccessKey, which helps in the user management. Allows you to configure settings that take effect on the whole platform. Supports quick search and directory navigation to help you Hybrid Cloud Settings quickly locate target items. Allows you to modify settings of a single item in Hybrid Cloud Settings. Audits all of the Hybrid Cloud Management actions, which Audit effectively ensure the security of the cloud environment. Features in Cryptography Security Compliance Service Type Features Description Allows you to add a 3rd-party cryptographic platform to Cryptograp provide external cryptographic services, such as signature hy 3rd-Party Cryptograp and encryption. Security hic Service Allows you to manage the lifecycle of 3rd-party cryptographic Compliance services, such as adding and deleting 3rd-party cryptograp hic services. Issue: V5.1.8 235Technical Whitepaper / 3 Product Features Type Features Description Supports following 3rd-party cryptographic service platforms : Haitai Service Platform, Aisino Service Platform, and China Telecom Quantum Technology Service Platform. Provides event alarms for status metrics of the 3rd-party cryptographic service. An HSM pool is a logical group of hardware security modules (HSMs) and is used to provide unified cryptography services such as signature validation and encryption. Allows you to manage the lifecycle of HSM pools, such as creating and deleting HSM pools. HSM Pool Supports two HSM Type: Cryptographic Server and Signature Verification Server. Supports one Cryptographic server model: FLKSEC Supports 5 signature verification server model: FLKSEC, Netsign, Jit, Fisec, and Sansec. Allows you to manage the lifecycle of HSMs, such as adding , enabling, disabling, and deleting HSMs. HSM Provides event alarms for state and status metrics of the HSM. Provides certificate login and data protection by using hardware security modules (HSMs) that are tested and certified by the State Cryptography Administration. The Cloud manages these HSMs by using HSM pools and Platform Cryptography therefore can provide the certificate login and data protection Security Compliance services in a unified way. Allows you to enable both Certificate Login and Data Protection for the Cloud or enable either one separately. Allows you to view the enabling progress in a visualized way. The certificate login feature is implemented based on the SM2 algorithm. After this feature is enabled, UKey authentica tion is required during login, which helps to ensure the Certificate Login identity authenticity. Allows you to enable certificate login for admin or tenants ( Tenant Management Plus License is required). Data Protection The data protection feature is implemented based on the SM3, HMAC-SM3 and SM4 algorithms. After this feature 236 Issue: V5.1.8Technical Whitepaper / 3 Product Features Type Features Description is enabled, important data such as logs, passwords, and images can be encrypted and protected. This helps to ensure the data confidentiality and integrity. Allows you to customize a protection scope for log data. You can choose to protect logs produced in the last 30, 60, 90, or 180 days, or protect all log data. Audits all of the Cryptography Security Compliance Audit actions, which effectively ensures the security of the cloud environment. Issue: V5.1.8 237Technical Whitepaper / 4 Product Highlights 4 Product Highlights ZStack Cloud is the next-generation IaaS software featuring Simple, Strong, Scalable and Smart (4S). 1. Simple • Easy installation and deployment: Provides installation packages on our official website. You can install and deploy the Cloud from scratch within just 30 minutes. • Easy to set up: Supports bulk VM operations, such as creating or deleting VM instances in bulk. • Simple, practical operations: Provides a thorough User Guide with ample help information, productive community, and standard APIs. • Friendly UI: Provides a well-designed user interface with powerful features at your fingertip. 2. Strong • Stable, efficient system architecture design: Provides an asynchronous architecture, in -process microservices architecture, lock-free architecture, stateless service architectu re, and consistent hashing ring to ensure the system efficiency and stability. A single management node can manage tens of thousands hosts, and hundreds of thousands of VM instances. A cluster that contains multiple management nodes can use a database and a set of message buses to manage hundreds of thousands of hosts and millions of VM instances, and handle tens of thousands of concurrent APIs. • High concurrent API requests: A single ZStack Cloud management node can easily handle tens of thousands of concurrent API call requests per second. • Stringent HA requirements: When a network or management node is unavailable, VM instances can be automatically switched to another management node that is detected as healthy. The management node virtualization helps to achieve the high availability for a single management node. That is, standby management nodes will be dynamically applied within seconds if any management node is disconnected, thus ensuring your business continuity. 3. Scalable • Large scale: A single management node can manage one to tens of thousands of hosts and hundreds of thousands of VM instances. 238 Issue: V5.1.8Technical Whitepaper / 4 Product Highlights • Comprehensive API: ZStack Cloud provides a whole set of IaaS APIs. Hence, you can create brand-new, available zones across multiple geographical locations, modify network configurations, and upgrade physical servers. • Resource allocation based on your needs: Resizes important resources such as VM instances and cloud storages according to your demands. ZStack Cloud not only allows you to modify online the CPU, memory, and other resources for a VM instance, but also allows you to dynamically adjust its network bandwidth, disk bandwidth, and other resources for a VM instance. 4. Smart • Automatic O&M: Everything in ZStack Cloud is managed APIs. By using the Ansible inventory, ZStack Cloud can realize full-automatic deployment and upgrade as well as automatic detection and reconnection. If network jitters happen or hosts restart, each management node can be automatically reconnected to the networks or the hosts. Note that a ZStack Cloud scheduler allows you to start or stop VM instances on schedule, and allows you to take VM snapshots on schedule with the round-robin policy. • Online seamless upgrade: Provides one-click seamless upgrade within 5 minutes. Hence, you only need to upgrade and manipulate management nodes. After the Cloud is upgraded successfully and started, the compute node, storage node, and network node will be automatically upgraded as well. • Real-time global monitoring: Manages and controls the current resource consumption of the entire cloud. With the real-time monitoring, you can adjust your resources intelligently to save IT software and hardware resources. Issue: V5.1.8 239Technical Whitepaper / Glossary Glossary Instance An instance is a virtual machine or server that runs the images of operating systems in Cloud, such as VM instance and elastic baremetal instance. VM Instance A VM instance is a virtual machine instance running on a host. A VM instance has its own IP address and can access public networks and run application services. Volume A volume provides storage space for a VM instance. Volumes are categorized into root volumes and data volumes. Root Volume A root volume provides support for the system operations of a VM instance. Data Volume A data volume provides extended storage space for a VM instance. Image An image is a template file used to create a VM instance or volume. Images are categorized into system images and volume images. Instance Offering An instance offering defines the number of vCPU cores, memory size, network bandwidth, and other configuration settings of VM instances. Disk Offering A disk offering defines the capacity and other configuration settings of volumes. GPU Specification A GPU specification defines the frame per second (FPS), video memory, resolution, and other configuration settings of a physical or virtual GPU. GPU specifications are categorized into physical GPU specifications and virtual GPU specifications. 240 Issue: V5.1.8Technical Whitepaper / Glossary vNUMA Configuration vNUMA uses CPU pinning to passthrough the topology of associated host physical NUMA ( pNUMA) nodes to a VM instance, generating a topology of virtual NUMA (vNUMA) nodes for the VM instance. This topology enables a vCPU on a vNUMA node to primarily access the local memory and thus improves VM performance. NUMA (Non-Uniform Memory Access) Non-uniform memory access (NUMA) is a computer memory design where the memory access time depends on the memory location relative to the CPU. Under NUMA, a processor can access its own local memory faster than non-local memory and thus improves VM performance. pNUMA Node (physical NUMA Node) A pNUMA node (physical NUMA node) is a host NUMA node predefined based on the host NUMA architecture. It is used to manage the CPUs and memory of the host. pNUMA Topology (physical NUMA Topology) A pNUMA topology (physical NUMA topology) is the topology of the host NUMA nodes predefined by the CPU vendor based on the host NUMA architecture. vNUMA Node (virtual NUMA Node) A vNUMA node (virtual NUMA node) is generated by passing-through associated pNUMA nodes via CPU pinning. It is used to manage the CPUs and memory of a VM instance. vNUMA Topology (virtual NUMA Topology) A vNUMA topology (virtual NUMA topology) is the topology of VM NUMA nodes generated by passing-through associated pNUMA nodes via CPU pinning. Local Memory Local memory is the memory that a CPU (pCPU or vCPU) accesses through the Uncore iMC ( Integrated Memory Controller) of the same NUMA (pNUMA or vNUMA) node. Compared with accessing non-local memory, accessing local memory has lower latencies. CPU Pinning CPU pinning assigns the virtual CPUs (vCPUs) of a VM instance to specific physical CPUs ( pCPUs) of the host, which improves VM performance. Issue: V5.1.8 241Technical Whitepaper / Glossary EmulatorPin Configuration EmulatorPin assigns all other threads than virtual CPU (vCPU) threads and IO threads of a VM instance to physical CPUs (pCPUs) of the host so that these threads run on assigned pCPUs. Auto-Scaling Group An auto-scaling group is a group of VM instances that are used for the same scenarios. An auto- scaling group can automatically scale out or in based on application workloads or health status of VM instances in the group. Snapshot A snapshot is a point-in-time capture of data status in a volume. Affinity Group A VM scheduling policy is a resource orchestration policy based on which VM instances are assigned hosts to achieve the high performance and high availability of businesses. Zone A zone is a logical group of resources such as clusters, L2 networks, and primary storage. Zone is the largest resource scope defined in the Cloud. Cluster A cluster is a logical group of hosts (compute nodes). Host A host provides compute, network, and storage resources for VM instances. Primary Storage A primary storage is one or more servers that store volume files of VM instances. These files include root volume snapshots, data volume snapshots, image caches, root volumes, and data volumes. Backup Storage A backup storage is a storage server that stores VM image templates, including ISO image files. 242 Issue: V5.1.8Technical Whitepaper / Glossary iSCSI Storage iSCSI storage is an SAN storage that uses the iSCSI protocol for data transmission. You can add an iSCSI SAN block as a Shared Block primary storage or pass through the block to a VM instance. FC Storage FC storage is an SAN storage that uses the FC technology for data transmission. You can add an FC SAN block as a Shared Block primary storage or pass through the block to a VM instance. NVMe Storage A type of storage implemented via the NVMe-oF (NVMe over fabrics) protocol. You can add a block device configured from an NVMe storage as SharedBlock primary storage. L2 Network An L2 network is a layer 2 broadcast domain used for layer 2 isolation. Generally, L2 networks are identified by names of devices on the physical network. VXLAN Pool A VXLAN pool is a collection of VXLAN networks established based on VXLAN Tunnel Endpoints (VTEPs). The VNI of each VXLAN network in a VXLAN pool must be unique. L3 Network An L3 network includes IP ranges, gateway, DNS, and other network configurations that are used by VM instances. Public Network Generally, a public network is a logical network that is connected to the Internet. However, in an environment that has no access to the Internet, you can also create a public network. Flat Network A flat network is connected to the network where the host is located and has direct access to the Internet. VM instances in a flat network can access public networks by using elastic IP addresses. VPC Network A VPC network is a private network where VM instances can be created. A VM instance in a VPC network can access the Internet through a VPC vRouter. Issue: V5.1.8 243Technical Whitepaper / Glossary Management Network A management network is used to manage physical resources in the Cloud. For example, you can create a management network to manage access to hosts, primary storages, backup storages, and VPC vRouters. Flow Network A flow network is a dedicated network for port mirror transmission. You can use a flow network to transmit the mirrors of data packets of NIC ports to the target ports. VPC vRouter A VPC vRouter is a dedicated VM instance that provides multiple network services. VPC vRouter HA Group A VPC vRouter HA group consists of two VPC vRouters. Either VPC vRouter can be a primary or secondary VPC vRouter for the group. If the primary VPC vRouter does not work as expected, the VPC vRouter becomes the secondary VPC vRouter in the group to ensure high availability of business. vRouter Image A vRouter image encapsulates network services and can be used to create VPC vRouters. Dedicated-Performance LB Image A dedicated-performance load balancer (LB) image encapsulates dedicated-performance load -balancing services and can be used to create load balancer instances. However, a dedicated- performance load balancer image cannot be used to create VM instances. vRouter Offering A vRouter offering defines the number of vCPU cores, memory size, image, management network , and public network configuration settings of VPC vRouters. You can use a vRouter offering to create VPC vRouters that can provide network services for public networks and VPC networks. LB Instance Offering A load balancer (LB) instance offering defines the CPU, memory, image, and management network configuration settings used to create LB instances. LB instances provide load balancing services for the public network, flat network, and VPC network. 244 Issue: V5.1.8Technical Whitepaper / Glossary SDN Controller An SDN controller is used to control network devices such as switches. You can add an external SDN controller to the Cloud and use the controller to control external switches and other network devices. Security Group A security group provides security control services for VM NICs. It filters the ingress or egress TCP, UDP, and ICMP packets of VM NICs based on the specified security rules. VIP In bridged network environments, a virtual IP address (VIP) provides network services such as serving as an elastic IP address (EIP), port forwarding, load balancing, IPsec tunneling. When a VIP provides the preceding network services, packets are sent to the VIP and then routed to the destination network where VM instances are located. EIP An elastic IP address (EIP) functions based on the NAT technology. IP addresses in a private network are translated into an EIP that is in another network. This way, private networks can be accessed from other networks by using EIPs. Port Forwarding Port forwarding functions based on the layer-3 forwarding service of VPC vRouters. This service forwards traffic flows of the specified IP addresses and ports in a public network to specified ports of VM instances by using the specified protocol. If your public IP addresses are insufficient, you can configure port forwarding for multiple VM instances by using one public IP address and port. Load Balancer A load balancer distributes traffic flows of a virtual IP address to backend servers. It automatically inspects the availability of backend servers and isolates unavailable servers during traffic distributi on. This way, the load balancer improves the availability and service capability of your business. Listener A listener monitors the frontend requests of a load balancer and distributes the requests to a backend server based on the specified policy. In addition, the listener performs health checks on backend servers. Issue: V5.1.8 245Technical Whitepaper / Glossary Forwarding Rule A forwarding rule forwards the requests from different domain names or URLs to different backend server groups. Backend Server Group A backend server group is a group of backend servers that handles requests distributed by load balancers. It is the basic unit for traffic distribution by load balancer instances. Backend Server A backend server handles requests distributed by a load balancer. You can add a VM instance on the Cloud or a server on a third-party cloud as a backend server. Frontend Network A frontend network is a type of network that is associated with a load balancer. Requests from the network are distributed by the load balancer to backend servers based on a specified policy. Backend Network A backend network is a type of network that is associated with a load balancer. Requests from frontend networks are distributed by the load balancer to servers in the backend network. Load Balancer Instance A load balancer instance is a custom VM instance used to provide load balancing services. Certificate If you select HTTPS for a listener, associate it with a certificate to make the listener take effect. You can upload either a certificate or certificate chain. Firewall A firewall is an access control policy that monitors ingress and egress traffic of VPC vRouters and decides whether to allow or block specific traffic based on the associated rule sets and rules. Firewall Rule Set A firewall rule set is a set of rules that a firewall uses to defend against network attacks. You need to associate a rule set with the egress or ingress flow direction of VPC vRouter NICs to make the rule set take effect. 246 Issue: V5.1.8Technical Whitepaper / Glossary Firewall Rule A firewall rule is an access control entry associated with the egress or ingress flow direction of VPC vRouter NICs to defend against network attacks. A firewall rule includes rule priority, match condition, and behavior. Rule Template A rule template is a template that you can select when you add rules to a rule set or a firewall. IP/Port Set An IP or port set is a set of IP addresses or ports that you can select when you add rules to a rule set or a firewall. IPsec Tunnel An IPSec tunnel encrypts and verifies IP packets that transmit over a virtual private network (VPN ) from one site to another. OSPF Area An Open Shortest Path First (OSPF) area is divided from an autonomous system based on the OSPF protocol. This simplifies the hierarchical management of vRouters. NetFlow A NetFlow monitors the ingress and egress traffic of the NICs of VPC vRouters. The supported versions of data flows are V5 and V9. Port Mirroring Port mirroring mirrors the traffic data of VM NICs and sends the traffic data to the target ports. This allows for the analysis of data packets of ports and simplifies the monitoring and management of data traffic and makes it easier to locate network errors and exceptions. Route Table A route table contains information about various routes that you configure. Route entries in a route table must include the destination network, next hop, and route priority. CloudFormation CloudFormation is a service that simplifies the management of cloud resources and automates deployment and O&S. You can create a stack template to configure cloud resources and their Issue: V5.1.8 247Technical Whitepaper / Glossary dependencies. This way, resources can be automatically configured and deployed in batches. CloudFormation provides easy management of the lifecycle of cloud resources and integrates automatic O&S into API and SDK. Resource Stack A resource stack is a stack of resources that are configured by using a stack template. The resources in the stack have dependencies with each other. You can manage resources in the stack by managing the resource stack. Stack Template A stack template is a UTF8-encoded file based on which you can create resource stacks. The stack template defines the resources that you want, the dependencies between the resources , and the configuration settings of the resources. When you use a stack template to create a resource stack, CloudFormation parses the template and the resources are automatically created and configured. Sample Template A sample template is a commonly used resource stack. You can use a sample template provide by the Cloud to create resource stacks. Designer A designer is a CloudFormation tool that allows you to orchestrate cloud resources. You can drag and drop resources on a canvas and use lines to establish dependencies between the resources. Baremetal Cluster A baremetal cluster consists of baremetal chassis. You can manage baremetal chassis by managing a baremetal cluster where the chassis reside. Deployment Server A deployment server is a server that provides PXE service and console proxy service for baremetal chassis. Baremetal Chassis A baremetal chassis is used to create a baremetal instance and is identified based on the BMC interface and IPMI configuration setting. 248 Issue: V5.1.8Technical Whitepaper / Glossary Preconfigured Template A preconfigured template is used to create a preconfigured file that allows for unattended batch installation of an operating system for baremetal instances. Baremetal Instance A baremetal instance is an instantiated baremetal chassis. Elastic Baremetal Management Elastic Baremetal Management provides dedicated physical servers for your applications to ensure high performance and stability. In addition, this feature allows elastic scaling. You can apply for and scale resources based on your needs. Provision Network A provision network is a dedicated network for PXE boot and image downloads while creating elastic baremetal instances. Elastic Baremetal Cluster An elastic baremetal cluster consists of elastic baremetal instances. You can manage elastic baremetal instances by managing an elastic baremetal cluster where the instances reside. Gateway Node A gateway node is a node where the ingress and egress traffic of the Cloud and elastic baremetal instances is forwarded. Baremetal Node A baremetal node is used to create a baremetal instance and is identified based on the BMC interface and IPMI configuration setting. Elastic Baremetal Instance An elastic baremetal instance has the same performance as physical servers and allows elastic scaling. You can apply for and scale resources based on your needs. Elastic Baremetal Offering An elastic baremetal offering defines the number of vCPU cores, memory size, CPU architecture, CPU model, and other configuration settings of elastic baremetal instances. Issue: V5.1.8 249Technical Whitepaper / Glossary vCenter The Cloud allows you to take over vCenter and manage resources on the vCenter. VM Instance A VM instance is an ESXi virtual machine instance running on a host. A VM instance has its own IP address to access public networks and can run application services. Network A vCenter network defines the network settings of VM instances on vCenter, such as IP range, gateway, DNS, and network services. Volume A volume provides storage space for a VM instance on vCenter. A volume attached to a VM instance can be used as a root volume or data volume. A root volume provides support for the system operations of a VM instance. A data volume provides extended storage space for a VM instance. Image An image is a template file used to create a VM instance or volume on vCenter. Images are categorized into system images and volume images. Event Message Event Message displays event alarm messages of vCenter that is took over by the Cloud. This feature allows you to locate errors and exceptions efficiently. Network Topology A network topology visualizes the network architecture of the Cloud. It allows for efficient planning , management, and improvement of network architecture. Network topologies can be categorized into global topologies and custom topologies. Performance Analysis Performance Analysis displays the performance metrics of key resources monitored externally or internally in the Cloud. You can view the performance analysis or export the analysis report as needed to improve the O&M efficiency. 250 Issue: V5.1.8Technical Whitepaper / Glossary Capacity Management Capacity Management visualizes the capacities and usages of key resources in the Cloud. You can use this feature to improve O&S efficiency. MN Monitoring Management Node (MN) monitoring allows you to view the health status of each management node when you use multiple management nodes to achieve high availability. Alarm An alarm is used to monitor the status of time-series data and events and respond to the status change. Alarms can be categorized into resource alarm, event alarm, and extended alarm. One-Click Alarm A one-click alarm integrates multiple metrics of a resource. You can create one-click alarms for multiple resources to monitor these resources. Alarm Template An alarm template is a template of alarm rules. If you associate an alarm template with a resource group, an alarm is created to monitor the resources in the group. Resource Group A resource group consists of resources grouped based on your business needs. If you associate an alarm template with a resource group, the alarm rules specified by the template take effect on all the resources in the group. Message Template A message template specifies the text template of a resource alarm message or event alarm message sent to an SNS system. Message Source A message source is used to take over extended alarm messages. If you configure alarms for message sources, extended alarm messages can be sent to various endpoints. Issue: V5.1.8 251Technical Whitepaper / Glossary Endpoint An endpoint is a method that users obtain subscribed messages. Endpoints are categorized into system endpoints, email, DingTalk, HTTP application, short message service, and Microsoft Teams. Alarm Message An alarm message is a message sent the time when an alarm is triggered. Current Task A current task is an ongoing operation performed in the Cloud. You can perform centralized management over ongoing operations. Operation Log An operation log is a chronological record of operations on the specified objects and their operation results. Audit Audit monitors and records all activities on the Cloud. You can use this feature to implement operation tracking, cybersecurity classified protection compliance, security analysis, troublesho oting, and automatic O&M. Log Collection Allows you to collect with one click the log data from the Cloud and various nodes on the Cloud generated in the specified time period and download the log data. One-Click Inspection Comprehensively inspects the health status of key resources and services of the Cloud and scores their healthiness based on the inspection results. In addition, the one-click inspection service provides O&M suggestions and inspection reports. Backup Management Backup management integrates multiple disaster recovery technologies such as incremental backup and full backup that are suitable for multiple business scenarios. You can implement local backup and remote backup based on your business needs. 252 Issue: V5.1.8Technical Whitepaper / Glossary Backup Job You can create a backup job to back up local VM instances, volumes, or databases to a specified storage server on a regular basis. Local Backup Data Local backup data of VM instances, volumes, and databases is stored in the local backup storage. Local Backup Server A local backup server is located at the local data center and is used to store local backup data. Remote Backup Server A remote backup server is located at a remote data center or a public cloud and is used to store remote backup data. Continuous Data Protection (CDP) Continuous Data Protection (CDP) provides second-level and fine-grained continuous backups for important business systems in VM instances, allowing users to restore VM data to a specific time state, and retrieve files without restoring the system. CDP Task You can create a CDP task to continuously back up your VM data to a specified backup server to achieve continuous data protection and recovery. CDP Data The backup data generated from continuous data protection on VM instances is stored in local backup servers. Recovery Point A recovery point is a data point generated during continuous data protection. A recovery point corresponds to a data record within the recovery point interval specified by the user. Locked Recovery Point You can lock or unlock a recovery point as needed. After a recovery point is locked, data of the recovery point will not be automatically cleared or deleted. Issue: V5.1.8 253Technical Whitepaper / Glossary Recovery Task A recovery task helps you quickly restore data by specifying a CDP task and recovery point, and allows you to view the recovery progress and logs in a more friendly way. Cryptography Security Compliance The Cryptography Security Compliance service provides applications with cloud security capabiliti es based on commercial cryptography, meeting the requirements of commercial cryptography application security assessments. HSM Pool An HSM pool is a logical group of hardware security modules (HSMs) and is used to provide unified cryptography services such as signature validation and encryption. HSM A hardware security module (HSM) is a dedicated device that encrypts, decrypts, and authentica tes information by using the cryptographic technology. Platform Cryptography Security Compliance Enables the Cloud to meet the requirements of Cryptography Security Compliance through the cryptography capabilities provided by HSM pools. Certificate Login Authenticates the identity of a user by using a UKey device. Data Protection Protects important data on the Cloud to ensure the data confidentiality and integrity. Scheduled Job A scheduled job defines that a specific action be implemented at a specified time based on a scheduler. Scheduler A scheduler is used to schedule jobs. It is suitable for business scenarios that last for a long time. Tag A tag is used to mark resources. You can use a tag to search for and aggregate resources. 254 Issue: V5.1.8Technical Whitepaper / Glossary Migration Service The Cloud provides V2V migration service that allows you to migrate VM instances and data from other virtualized platform to the current cloud platform. V2V Migration V2V Migration allows you to migrate VM instances from the VMware or KVM platform to the current cloud platform. V2V Conversion Host A V2V conversion host is a host in the destination cluster that you need to specify during V2V migration to cache VM instances and data when you implement V2V migration. After the VM instances and data are cached in the V2Vconversion host, they are migrated to the destination primary storage. User A user is a natural person that constructs the most basic unit in Tenant Management. User Group A user group is a collection of natural persons or a collection of project members. You can use a user group to grant permissions. Role A role is a collection of permissions that can be granted to users. A user that assumes a role can call API operations based on the permissions specified by the role. Roles are categorized into platform roles and project roles. Single Sign On The Single Sign On service provided by the Cloud. It supports seamless access to SSO systems . Through the service, related users can directly log in to the Cloud and manage cloud resources. Currently, AD/LDAP/OIDC/OAuth2/CAS servers can be added. Project A project is a task that needs to be accomplished by specific personnel at a specified time. In Tenant Management, you can plan resources at the project granularity and allocate an independent resource pool to a project. The word Tenant in Tenant Management mainly refers to projects. A project is a tenant. Issue: V5.1.8 255Technical Whitepaper / Glossary Project Member A project member is a member in a project who is granted permissions on specific project resources and can use the resources to accomplish tasks. Project members include the project admin, project managers, and normal project members. Process Management Process management is part of ticket management that manages the processes related to the resources of projects. Processes can be categorized into default processes and custom processes . My Approvals In the Cloud, only the administrator and project administrators are granted approval permissions. the administrator and project administrators can approve or reject a ticket. If a ticket is approved, resources are automatically deployed and allocated to the specified project. Bills A bill is the expense of resources totaled at a specified time period. Billing is accurate to the second. Bills can be categorized into project bills, department bills, and account bills. Pricing List A pricing list is a list of unit prices of different resources. The unit price of a resource is set based on the specification and usage time of the resource. Console Proxy Console proxy allows you to log in to a VM instance by using the IP address of a proxy. AccessKey Management An AccessKey pair is a security credential that one party authorizes another party to call API operations and access its resources in the Cloud. AccessKey pairs shall be kept confidential. IP Blocklist/Allowlist An IP blocklist or allowlist identifies and filters IP addresses that access the Cloud. You can create an IP allowlist or blocklist to improve access control of the Cloud. 256 Issue: V5.1.8Technical Whitepaper / Glossary Application Center Application Center allows you to add third-party applications to the Cloud and then access the applications by using the Cloud. It extends the functionality of the Cloud. Sub-Account Management A sub-account can be created by the admin or synced from an SSO authentication system and is managed by the admin. Resources created under a sub-account are managed by the sub-account . Theme and Appearance You can customize the theme and appearance of the Cloud. Email Server If you select Email as the endpoint of an alarm, you need to set an email server. Then alarm messages are sent to the email server. Log Server A log server is used to collect logs of the management node. You can add a log server to the cloud and use the collected logs to locate errors and exceptions. This makes your O&M more efficient. Global Setting Global Setting allows you to configure settings that take effect on the whole platform. Scenario Template Scenario Template provides multiple templates that encapsulate scenario-based global settings . You can apply a template globally with one click based on your business needs. This improves your O&M efficiency. HA Policy HA Policy is a mechanism that ensures sustained and stable running of the business if VM instances are unexpectedly stopped or are errored because of errors occurring to compute, network, or storage resources associated with the VM instances. By enabling this feature, you can customize VM HA policies to ensure your business continuity and stability. Issue: V5.1.8 257Technical Whitepaper / Glossary Time Management Manages the Cloud system time and allows you to configure time servers for the Cloud. After you configure NTP time servers for the Cloud, the clock of the time servers is synced with all nodes of the Cloud. GPU Device A GPU device is a powerful microprocessor with high computational capabilities. You can use a GPU device to handle intricate graphics rendering and parallel computing jobs, thus improving the efficiency of businesses such as graphic production, video processing, and machine learning. 258 Issue: V5.1.8">