Creating an Account

Context

• Account system is the built-in account of the system by default. You need to manually create the local root authentication user or user group of UNIX by referring to Configuring and Managing UNIX Users.
• After an account is created, the system automatically creates a local UNIX authentication user or user group and a local Windows authentication user group for the account.

Procedure

1. Choose Resources > Access > Account.
2. Click Create.

   The Create Account page is displayed.

3. Configure basic information for the account. Table 1 describes related parameters.

   Table 1 Account parameters

   Parameter	Description
   Name	Name of the account. [Value range] The name must be unique. The name can contain only letters, digits, and special characters ! @ # $ % ^ * . _ + , - =. The name contains 1 to 128 characters.
   ID	ID of the account.

4. Set Account Access Key Creation.
   

   • Account access keys are used by the object service. If the object service is not enabled, the account access keys will not be used.
   • If the object service is enabled on both the primary and secondary storage systems of remote replication, you need to select the Manual mode when creating an account on the secondary storage system. In other scenarios, you need to select the Automatic mode.
   • If you select the Manual mode and you want to enable the Data Encryption function, you need to manually enable it by referring to Modifying Account Information after creating an account.
   • Automatic: The system automatically generates a set of the account access keys. This mode applies to scenarios where an account is created on a primary device.
   • Manual: Enter account access keys manually. The account AKs on the secondary device must be the same as that on the primary device.
     1. Select Manual.
     2. Set Account CID, AK, and SK of the secondary account. You need to obtain the CID, AK, and SK of the primary account corresponding to the secondary account.

5. Determine whether to enable the quota function. After this function is enabled, set quota parameters, as shown in Table 2.

   Table 2 Quota parameters

   Parameter		Description
   Space Quota	Hard Quota	Once the space used by files reaches the hard quota, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: After the space used by files reaches the hard quota, the system will forbid data writing. If you want the system to report an alarm before forbidding data writing, set a soft quota or an advisory quota.
   	Soft Quota	If the space used by files reaches the soft quota, the system will report an alarm but still allow data writing. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
   	Advisory Quota	Once the space used by files reaches the advisory quota, the system will report an alarm but still allow data writing. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
   	Collect Snapshot Space Statistics	Whether to collect statistics of the snapshot space included in the used file space.
   File Quantity Quota	Hard Quota (K)	Once the file quantity reaches the hard quota, the system will immediately forbid file adding and report an alarm. However, operations on existing files are not affected. The unit of the hard quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: After the file quantity reaches the hard quota, the system will forbid file adding. If you want the system to report an alarm before forbidding file adding, set a soft quota or an advisory quota.
   	Soft Quota (K)	If the file quantity reaches the soft quota, the system will report an alarm but still allow file adding. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid file adding and report an alarm. The unit of the soft quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than that of Advisory Quota (K) and less than that of Hard Quota (K).
   	Advisory Quota (K)	If the file quantity reaches the advisory quota, the system will report an alarm but still allow file adding. The unit of the advisory quota has been set to K. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
   Grace Period	Soft Quota Grace Period (Days)	If the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing or file adding within the grace period. After the grace period elapses, the system will immediately forbid data writing or file adding and report an alarm. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing data or file adding. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

   

   • If you do not set any quota for the space usage or file quantity, the system does not control the space usage or file quantity.
   • To view the quota usage of an account, click the account name. On the account details page that is displayed, click the Quota tab and view Space Quota Usage and File Quantity Quota Usage.
   • If you do not enable the quota function when creating an account, you can click the account name to go to the details page after the account is created and click the Quota tab to configure a quota.

6. Determine whether to enable QoS Policy to control the read/write OPS and bandwidth upper limits of the account. After this function is enabled, you need to set QoS policy parameters for the account.

   Table 3 describes related parameters.

   Table 3 Account QoS policy parameters

   Parameter	Description
   OPS Upper Limits	OPS upper limit of a single account, that is, the maximum number of operations performed by an account per second.
   Bandwidth Upper Limits	Bandwidth upper limit of a single account, that is, the maximum amount of I/O data that can be processed by a single account per second, in MB/s.

7. Click Advanced to set the advanced functions of the account.
   1. Select Advanced in the upper right corner of the page and determine whether to enable Data Encryption. This function cannot be disabled once being enabled.

      If you need to encrypt user data to ensure data security, enable data encryption for the account first. When creating a namespace, you can enable data encryption for the namespace separately.

      After data encryption is enabled for an account, the system generates an account key. After data encryption is enabled of a namespace, the system generates a data key. The account key is used to protect the data key of the namespace, and the data key is used to encrypt and decrypt user data.

      

      • To use the data encryption function, you need to import an advanced license.
      • Data encryption is not supported in DPC scenarios.
   2. After enabling Data Encryption, you need to set Key Service and select a key management service.
      • Internal key service: The built-in key management function of the system is used.
      • External key service: An external key management server is used. If you select this option, you need to configure the external key service first. For details, see Managing the External Key Service.

8. Click OK.

   The system generates the AK and SK of the current account. Keep the AK and SK secure and do not disclose them to others.

9. Click Copy Access Key Information.
   

   After the account is created, you can select Configure LDAP Domain, Configure NIS Domain, Configure AD Domain, Configure Kerberos Realm, or Configure DNS on the operation success page.

10. Click Close.