Creating an Account

This section describes how to create an account. After that, the system can allocate independent private storage space for it, including space and file quantity quotas. An account can obtain complete storage services and be isolated from other account resources.

Context

After an account is created, the system automatically creates a local UNIX authentication user or user group and a local Windows authentication user group for the account.

Procedure

  1. Choose Resources > Access > Account.
  2. Click Create.

    The Create Account page is displayed.

  3. Configure basic information for the account. Table 1 describes related parameters.

    Table 1 Account parameters

    Parameter

    Description

    Name

    Indicates the name of the account.

    [Value range]

    • The name must be unique.
    • The name can contain only letters, digits, and special characters ! @ # $ % ^ * . _ + , - =.
    • The name contains 1 to 128 characters.

    ID

    Indicates the ID of the account.

  4. Select a mode for creating a set of account certificates.

    • Account certificates are used by the object service. If the object service is not enabled, the account certificates will not be used.
    • If the object service is enabled on both the primary and secondary storage systems of remote replication, you need to select the Manual mode when creating an account on the secondary storage system. In other scenarios, you need to select the Automatic mode.
    • Automatic: The system automatically generates a set of account certificates. This mode applies to scenarios where an account is created on a non-secondary device.
    • Manual: You need to manually enter the account certificates. The account certificates on the secondary device must be the same as that on the primary device.
      1. Select Manual.
      2. Set CID, Access Certificate, and Security Certificate for the secondary account. You need to obtain the CID, access certificate, and security certificate of the primary account corresponding to the secondary account.

  5. Click Advanced to set the advanced functions of the account.

    1. Select Advanced in the upper right corner of the page and determine whether to enable Data Encryption. This function cannot be disabled once being enabled.

      If you need to encrypt user data to ensure data security, enable data encryption for the account first. When creating a namespace, you can enable data encryption for the namespace separately.

      After data encryption is enabled for an account, the system generates an account key. After data encryption is enabled of a namespace, the system generates a data key. The account key is used to protect the data key of the namespace, and the data key is used to encrypt user data.

      To use the data encryption function, you need to import an advanced license.

    2. Determine whether to enable QoS Policy to control the read/write OPS and bandwidth upper limits of the account. After this function is enabled, you need to set QoS policy parameters for the account.

      Table 2 describes related parameters.

      Table 2 Account QoS policy parameters

      Parameter

      Description

      OPS Upper Limits

      Indicates the OPS upper limit of a single account, that is, the maximum number of operations performed by an account per second.

      Bandwidth Upper Limits

      Indicates the bandwidth upper limit of a single account, that is, the maximum amount of I/O data that can be processed by a single account per second, in MB/s.

  6. Click OK.

    The system generates the access certificate and security certificate of the current account. Keep the certificates properly. Do not disclose them to others.

  7. Click Copy Certificate Information.

    After the account is created, you can select Configure LDAP Domain, Configure NIS Domain, and Configure AD Domain on the operation success page.

  8. Click Close.
Parent topic: Configuring Accounts