Creating an Account

Context

After an account is created, the system automatically creates a local UNIX authentication user or user group and a local Windows authentication user group for the account.

Procedure

1. Choose Resources > Access > Account.
2. Click Create.

   The Create Account page is displayed.

3. Configure basic information for the account. Table 1 describes related parameters.

   Table 1 Account parameters

   Parameter	Description
   Name	Name of the account. [Value range] The name must be unique. The name can contain only letters, digits, and special characters ! @ # $ % ^ * . _ + , - =. The name contains 1 to 128 characters.
   ID	ID of the account.

4. Set Account Access Key Creation.
   

   • Account access keys are used by the object service. If the object service is not enabled, the account access keys will not be used.
   • If the object service is enabled on both the primary and secondary storage systems of remote replication, you need to select the Manual mode when creating an account on the secondary storage system. In other scenarios, you need to select the Automatic mode.
   • Automatic: The system automatically generates a set of the account access keys. This mode applies to scenarios where an account is created on a primary device.
   • Manual: Enter account access keys manually. The account AKs on the secondary device must be the same as that on the primary device.
     1. Select Manual.
     2. Set Account CID, AK, and SK of the secondary account. You need to obtain the CID, AK, and SK of the primary account corresponding to the secondary account.

5. Determine whether to enable the quota function. After this function is enabled, set quota parameters, as shown in Table 2.

   Table 2 Quota parameters

   Parameter		Description
   Space Quota	Hard Quota	If the used file space reaches the space hard quota, the system immediately forbids writes and reports an alarm. The file space that exceeds the hard quota cannot be used. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: If the used file space reaches the hard quota, the system forbids writes. If you want the system to report an alarm before writes are forbidden, set a soft quota and an advisory quota.
   	Soft Quota	If the used file space reaches the space soft quota, the system reports an alarm but still allows writes. If the soft quota grace period elapses or hard quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
   	Advisory Quota	If the used file space reaches the space advisory quota, the system reports an alarm but still allows writes. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
   	Collect Snapshot Space Statistics	Whether to collect statistics of the snapshot space included in the used file space.
   File Quantity Quota	Hard Quota (K)	If the number of files reaches the file quantity hard quota, the system reports an alarm and new files cannot be added. However, operations on existing files are not affected. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: If the number of files reaches the hard quota, the system forbids file adding. If you want the system to report an alarm before files cannot be added, set a soft quota and an advisory quota.
   	Soft Quota (K)	If the number of files reaches the file quantity soft quota, the system reports an alarm but new files can still be added. If the soft quota grace period elapses or hard quota is reached, new files cannot be added and an alarm is reported. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than that of Advisory Quota (K) and less than that of Hard Quota (K).
   	Advisory Quota (K)	If the number of files reaches the advisory quota, the system reports an alarm but new files can still be added. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
   Grace Period	Soft Quota Grace Period (Days)	If the used file space or number of files reaches the soft quota, the system generates an alarm but still allows writes or new files can still be added within this period. If this period elapses, the system immediately forbids writes and new files cannot be added. In addition, an alarm is reported. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the used file space or number of files reaches the soft quota, the system reports an alarm but does not restrict users' writing data or adding new files. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

   

   • If you do not set any quota for the space usage or file quantity, the system does not control the space usage or file quantity.
   • To view the quota usage of an account, click the account name. On the account details page that is displayed, click the Quota tab and view Space Quota Usage and File Quantity Quota Usage.
   • If you do not enable the quota function when creating an account, you can click the account name to go to the details page after the account is created and click the Quota tab to configure a quota.

6. Click Advanced to set the advanced functions of the account.
   1. Select Advanced in the upper right corner of the page and determine whether to enable Data Encryption. This function cannot be disabled once being enabled.

      If you need to encrypt user data to ensure data security, enable data encryption for the account first. When creating a namespace, you can enable data encryption for the namespace separately.

      After data encryption is enabled for an account, the system generates an account key. After data encryption is enabled of a namespace, the system generates a data key. The account key is used to protect the data key of the namespace, and the data key is used to encrypt and decrypt user data.

      

      • To use the data encryption function, you need to import an advanced license.
      • Data encryption is not supported in DPC scenarios.
   2. After enabling Data Encryption, you need to set Key Service and select a key management service.
      • Internal key service: The built-in key management function of the system is used.
      • External key service: An external key management server is used. If you select this option, you need to configure the external key service first. For details, see Managing the External Key Service.
   3. Determine whether to enable QoS Policy to control the read/write OPS and bandwidth upper limits of the account. After this function is enabled, you need to set QoS policy parameters for the account.

      Table 3 describes related parameters.

      Table 3 Account QoS policy parameters

      Parameter	Description
      OPS Upper Limits	OPS upper limit of a single account, that is, the maximum number of operations performed by an account per second.
      Bandwidth Upper Limits	Bandwidth upper limit of a single account, that is, the maximum amount of I/O data that can be processed by a single account per second, in MB/s.

7. Click OK.

   The system generates the AK and SK of the current account. Keep the AK and SK secure and do not disclose them to others.

8. Click Copy Access Key Information.
   

   After the account is created, you can select Configure LDAP Domain, Configure NIS Domain, Configure AD Domain, Configure Kerberos Realm, or Configure DNS on the operation success page.

9. Click Close.