Creating an Account

This section describes how to create an account. After that, the system can allocate independent private storage space for it, including space and file quantity quotas. An account can obtain complete storage services and be isolated from other account resources.

Context

After an account is created, the system automatically creates a local UNIX authentication user or user group and a local Windows authentication user group for the account.

Procedure

Choose Resources > Access > Account.
Click Create.
The Create Account page is displayed.

Configure basic information for the account. Table 1 describes related parameters.

**Table 1** Account parameters
Parameter	Description
Name	Indicates the name of an account. [Value range] The name must be unique. The name can contain only letters, digits, and special characters ! @ # $ % ^ * . _ + , - =. The name contains 1 to 128 characters.
ID	Indicates the ID of an account.

Set Account Access Key Creation.
- Account access keys are used by the object service. If the object service is not enabled, the account access keys will not be used.
- If the object service is enabled on both the primary and secondary storage systems of remote replication, you need to select the Manual mode when creating an account on the secondary storage system. In other scenarios, you need to select the Automatic mode.
- Automatic: The system automatically generates a set of the account access keys. This mode applies to scenarios where an account is created on a primary device.
- Manual: Enter account access keys manually. The account AKs on the secondary device must be the same as that on the primary device.
  1. Select Manual.
  2. Set Account CID, AK, and SK of the secondary account. You need to obtain the CID, AK, and SK of the primary account corresponding to the secondary account.

Click Advanced to set the advanced functions of the account.

Select Advanced in the upper right corner of the page and determine whether to enable Data Encryption. This function cannot be disabled once being enabled.
If you need to encrypt user data to ensure data security, enable data encryption for the account first. When creating a namespace, you can enable data encryption for the namespace separately.

After data encryption is enabled for an account, the system generates an account key. After data encryption is enabled of a namespace, the system generates a data key. The account key is used to protect the data key of the namespace, and the data key is used to encrypt and decrypt user data.
- To use the data encryption function, you need to import an advanced license.
- Data encryption is not supported in DPC scenarios.
After enabling Data Encryption, you need to set Key Service and select a key management service.
- Internal key service: The built-in key management function of the system is used.
- External key service: An external key management server is used. If you select this option, you need to configure the external key service first. For details, see Managing the External Key Service.

Determine whether to enable QoS Policy to control the read/write OPS and bandwidth upper limits of the account. After this function is enabled, you need to set QoS policy parameters for the account.

Table 2 describes related parameters.

**Table 2** Account QoS policy parameters
Parameter	Description
OPS Upper Limits	Indicates the OPS upper limit of a single account, that is, the maximum number of operations performed by an account per second.
Bandwidth Upper Limits	Indicates the bandwidth upper limit of a single account, that is, the maximum amount of I/O data that can be processed by a single account per second, in MB/s.

Click OK.
The system generates the AK and SK of the current account. Keep the AK and SK secure and do not disclose them to others.
Click Copy Access Key Information.

After the account is created, you can select Configure LDAP Domain, Configure NIS Domain, Configure AD Domain, and Configure Kerberos Realm on the operation success page.
Click Close.