About CAS

This guide describes the architecture, components, webpage layout, and application scenarios of CAS CVM to help you quickly gain insights in to the product.

System quick start

Describes the procedures for installing and initializing CVM, configuring cloud resources, and backing up VMs and CVMs. It is designed to help CAS operators in efficiently managing data center infrastructure.

Dashboard

The dashboard displays the following host and VM information in graphs in real time.

Compute

Resource navigation

This module unifies the management of data center infrastructure hardware resources, including servers, networking devices, and storage systems. The CAS CVM system has a root cloud resource node named Resources. To manage physical resources from CVM, you must manually add the resources to the root node.

VM templates

A VM template contains an OS image, application software, and a configuration file. With a VM template, you can create multiple VMs with the same hardware and software specifications in bulk for large-scale VM deployment or VM request through a self-service portal.

Display the compute topology

The compute topology displays the relationship between clusters and hosts as well as hosts and VMs. You can view the alarms for the hosts and VMs as well as the CPU usage, memory usage, and storage usage of each cluster.

Manage intelligent resource scheduling

Intelligent resource scheduling (iRS) adds resources on different hosts in the same cluster to a resource group and adds VMs that provide the same service to a VM group.

A service template defines the priority of VMs that use the service template to use physical resources and the total ratio of resources that all VMs using the low-priority service template can use.

When a VM starts or restarts, CVM allocates resources to the VM based on its service template priority, resource usage of the resource group, and the total ratio of resources that all VMs using the same service template use.

Manage DRX

DRX periodically checks resource usage and dynamically adjusts the number of service VMs to provide elastic and scalable resource pools for service systems.

VM recycle bin

The VM recycle bin stores temporarily deleted VMs. VMs in the recycle bin still have their image and configuration files retained, but the HA, DRS, DPM, and affinity rules do not take effect on them. You can put both online and offline VMs into the recycle bin. If you put an online VM into the recycle bin, the system will power off the VM. VMs in the recycle bin can be restored or destroyed.

Heterogeneous virtualization

Heterogeneous virtualization enables you incorporate host clusters and VMs of VMware, UniCloud, or another CAS system into CAS. Then, you can migrate VMware VMs to CAS without installing any agents or PE tools, making VM migration simpler and faster and service interruption time shorter.

Bare metal

The bare metal service provides physical servers as a resource to users. If virtual machines do not meet the needs of a user, the bare metal service allows the user to have exclusive access to a physical server. Users can quickly deploy physical servers through the bare metal service, or add physical servers to the cloud for unified management without changing existing systems.

Container engine service

The container engine consolidates compute, network, and storage, allowing you to create a highly available, scalable Kubernetes cluster. With disaster recovery and autoscaling, the container engine can manage the lifecycle of applications, simplifying cluster management and applications O&M.

Storage

Manage storage resources

Perform this task to manage iSCSI storage resources and the hosts associated with them. This feature does not manage physical storage devices (such as block storage and LUNs) but manages the IP addresses of third-party storage that can provide storage resources and incorporates them into the current management platform. You associate storage resources with hosts within the management platform, allowing the associated hosts to use the storage devices.

Display the storage topology

The storage topology displays the connection relationships between hosts and storages as well as VMs and storages.

Manage distributed storage

Multiple interconnecting servers can form a distributed storage system and provide storage services as a whole.

Network

Manage virtual switches

A virtual switch provides software-based switching between VMs, hosts, and the external network

Manage collaboration with SDN

Collaboration with Software-Defined Networking (SDN) enables CVM to synchronize the resource information with other management systems. For example, CVM can collaborate with the VCF components and use the REST API interface to communicate with the VCF controller. The VCF controller manages and deploys the network policies to vSwitches in CVM. Before configuring resource collaboration, you need to configure the VCFC resource access mode on CVM.

Manage the network topology

The network topology displays the connection relationships between vSwitches and VMs as well as the network policy and traffic monitoring information for the ports that connect the vNICs to the virtual switch

Security

Configure the anti-virus service

Perform this task to protect hosts in CVM from potential attacks.

Manage audit logs

Audit logs include operation audit logs, physical resource audit logs, and virtual resource audit logs. The logs record the operations that all operators perform on CVM.

Data security

Manage the snapshot center

The snapshot center manages VM snapshots on CVM and synchronizes the snapshots to the database after a system upgrade.

Manage the backup center

Perform this task to manage the backup files, backup policies, and backup parameters for VMs and the management platform.

Configure the security zone

The secrecy policy restricts the operations that can be performed on VMs with the specified secret levels and the hosts to which these VMs can be migrated.

Configure the secrecy policy

The secrecy policy restricts the operations that can be performed on VMs with the specified secret levels and the hosts to which these VMs can be migrated.

Manage security service workflows

This feature allows you to manage workflow information, including editing level of classification for VMs in a security zone, adding VM disks, deleting VM disks, and deleting abnormal hosts.

Manage cryptography application security evaluation

Cryptography application security evaluation (CASE) is technology that protects sensitive data and ensures the security and privacy of applications. CASE evaluates the compliance, correctness, and effectiveness of the entire network and system

Network security

Configure network security settings

This function enables you to configure network policy templates for VMs. A network policy template defines a group of network control features, such as ACL, VLAN, and QoS.

Manage rate limit policies

A rate limit policy is a set of rules that define average bandwidth and burst buffer for specific traffic flows. A rate limit policy provides accurate bandwidth control for the traffic between a VM and a network site.

Manage ACLs

An access control list (ACL) is a set of rules for identifying traffic based on criteria such as source IP address, destination IP address, and port number. The rules are also called permit or deny statements

Manage vFirewalls

A vFirewall is a set of filtering rules. vFirewalls protect VMs from attacks to improve security and high availability of data center VMs.

Manage VLAN transparent transmission policies

Configure VLAN transparent transmission policies to enable the vNICs to identify and process VLAN tagged packets received and sent by VMs in service and forwarding VLANs. VLAN transparent transmission policies allow one vNIC to connect to multiple VLANs.

Manage private VLAN policies

PVLAN divides the Layer 2 broadcast domain of a VLAN into multiple subdomains. Each subdomain contains a pair of VLANs, a primary VLAN and a secondary VLAN. This effectively enhances the efficiency and management flexibility of VLANs.

Port profiles

A port policy allows you to control access by only opening specific ports on a host. The system provides the following default port policies, which cannot be edited or deleted.

Traffic block logs

Traffic block logs record information about packets that are blocked by the management platform. These logs can be used for traffic analysis, attack detection, and network behavior auditing. Additionally, when a communication failure occurs, you can enable traffic bypass to disable all management platform network policies and permit all service traffic to determine whether the failure is caused by network policies.

Disaster recovery center

CDP Disaster Recovery

The disaster recovery platform provides comprehensive data asset protection. When service anomalies occur, the backup data can be used for emergency takeover to ensure service continuity and achieve disaster recovery with minimal resources. When services are running correctly, the backup data can be used for simulation testing and disaster recovery testing, allowing for reuse of backup data and resources.

Manage disaster recovery

Disaster recovery management (DRM) provides service recovery across different sites. You can configure a CVM site as the protected site, configure a recovery site for the protected site, and add the protected and recovery sites to a protection group. When the protected site stops providing services, the recovery site can take over to guarantee uninterrupted services based on the configured recovery plan and policy.

Ops

Service Ops

Tags

The system provides tag management and category management for you to add tags for clusters, hosts, and VMs on CAS to enable central management.

Manage cloud rainbows

Cloud rainbow allows for CVM resource sharing and manual VM migration between data centers without service interruption.

Manage heterogeneous migration

Heterogeneous migration allows you to migrate data on x86 servers or VMs to CAS VMs. You use a physical server or VM installed with a migration client as the source device to migrate the data on the device to a CAS VM configured with a correct migration client for P2V or V2V migration.

System Ops

Manage operation logs

Operation logs record the operations that all operators perform on CVM. The logs record the operator login name, operator name, finish time, login IP address, operation type, target, operation description, operation result, and failure reason of the operations. With RBAC enabled, only security auditors can collect log files.

Collect log files

Perform this task to collect and download the log files of the system, hosts managed by the system, and the container engine.

Manage alarms

Alarm management enables you to view and manage alarms in CVM, such as host resource alarms, VM resource alarms, cluster resource alarms, fault alarms, security alarms, and ONEStor alarms.

Manage report statistics

Report statistics management enables you to view the host and VM statistics, including network traffic, performance, and disk read/write rate statistics. You can save the statistics data as reports, pictures, or PDF files.

Manage resource usage statistics

Resource usage statistics enables you to view the cluster resource usage, host resource usage, VM resource usage, IP address assignment, VLAN resource usage, and storage resource usage statistics.

Manage custom dashboards

Custom dashboard management enables you to customize a dashboard by dragging the monitoring items to the panel.

Manage stateful failover

Stateful failover enables CVM to switch services to the backup CVM host when the primary CVM host fails to avoid service interruption. The primary CVM host synchronizes database files to the backup CVM host through the management network in real time. You can create a local synchronization partition on the primary CVM host to synchronize data other than database files to the backup CVM host.

Manage components

After system installation, you must install the corresponding component to use specific functions.

Manage the upgrade

Perform this task to manage software images, including upload software images, and create and run an upgrade task.

Migrate data on the system

CVM systems use the NingOS operating system. To upgrade a CVM system to a version that uses the NingOS operating system, perform this task to migrate data to a CVM system that uses the NingOS operating system. After data migration, the CVM system that uses the NingOS operating system will connect to all the hosts managed by the source CVM system. However, the new features in the CVM system that uses the NingOS operating system are not available on those hosts. After data migration, the source CVM system is unavailable.

Storage operations center

The storage operations center provides graphical presentation of the storage links that interconnect storage pools, storage resources, hosts, and storage ports in the form of a topology, as well as storage link status statistics. This function helps you troubleshoot storage link issues.

One-key Ops

Perform this task to execute the health check, display health check results of a cloud resource, analyze resource usages, clean up storages, export resources, and restore VMs.

Scheduled tasks

Boot management policies

A boot management policy defines the rules for scheduled startup and shutdown of VMs to ensure VM service availability in the specified time period and resource release in other time periods.

Backup tasks

VM backup is a stable disaster recovery solution. The backup file for a VM will not be lost when the VM image file is damaged or deleted.

Snapshot policies

A snapshot is a replica of a VM as it was when you take the snapshot. If the image file of a VM is damaged or deleted, the snapshot data will be lost.

Automatic host discovery tasks

Automatic host discovery enables you to manage all the automatic host discovery tasks in CVM.

System

Manage operators

This task enables you to manage the operators, operator groups, and online operators in CVM.

Manage authentication

Configure the password policy

Perform this task to configure the password complexity and password validity period. The password policy takes effect on all operators. The password policy defines the minimum length, complexity requirement, and validity period of the passwords.

Manage access policies

An access policy defines access control settings for operators. An administrator can reference an access policy to allow or deny CVM login of operators. An access policy takes effect only when it is referenced.

Configure two-factor authentication

With 2FA authentication enabled, operators log in to the system with usernames, passwords, and PIN numbers, OTPs, or verification codes, ensuring a more secure login.

Configure authentication parameters

Provide a flexible and secure user identity verification mechanism, ensuring that only authorized users can access system resources. Authentication parameters include authentication server settings and SSO authentication parameters.

Configure NTP settings

Perform this task to configure the NTP server. All hosts in CVM synchronize to the NTP server to ensure that they have the same system time.

Manage parameters

System parameter management enables you to configure the system settings, email server, SMS settings, syslog server, middleware, containers, RDMA, ISLP and security hardening, network settings, and QR code login settings.

Manage licenses

License management enables you to view the license details, apply for a license, and register the license.

Ops and Other

Describes the O&M capabilities and general recommendations, system assistant, glossary, and legend. In addition, it covers frequently asked questions and their answers.