Account Settings
The account configuration is captured in the account Settings. Each Everyware Cloud service can expose configuration parameters that are scoped at the account level. For example, a Device Registry Service can expose the maximum number of devices that an account can accept or a Data Service can allow to configure a data retention parameter to control for how long data should be retained in the platform.
A account can review its settings in the Settings page.
Account Description
The Description tab contains useful information regarding the account configuration.
Deployment Info
The Deployment Info section contains the MQTT endpoints that are available for the account. Devices that need to connect to the platform have to use these endpoints.
Account Settings
The Account Settings tab contains the current service plan of the account. The service plan defines:
- which services are enabled
- the configuration of their behavior
- the usage limits assigned to the account
To change the settings of a current account, you need to switch to current account in scope to the parent one and manage the account settings from the Settings Tab in the Child Account section.
For example, Everyware Cloud Administrators can review and adjust the settings of any top level account. An account administrator can review and adjust the settings of all its child accounts.
When creating a new Account, review the default settings of the Everyware Cloud services to size appropriately the required functionalities.
Account Service
Controls the settings of the Account service which manages accounts and child accounts.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildAccounts | Account Creator | false | If true, the number of child accounts that can be created for the this account is unlimited. If false, the maximum number of child accounts is limited by the maxNumberChildAccounts parameter. |
maxNumberChildAccounts | Account Creator | 0 | Defines the maximum number of child accounts that can be created under this account. Note: The number limits the overall number of child accounts in the account hierarchy descending from this account. The number of child accounts directly assigned to the account plus the number of child accounts allocated to each of the children, cannot exceed the max. |
Certificate Service
Controls the settings of the Certificate service which manages the repository if the certificates used by several Everyware Cloud functionalities like for example Device Mutual Authentication, Device Massage Signing, etc.
Parameter | Editable By | Default | Decription |
---|---|---|---|
infiniteChildCertificates | Account Creator | false | If true, the number of certificates that can be added to the repo for the account is unlimited. If false, the maximum number of certificates in the repo for the account is limited by the maxNumberChildCertificates parameter. |
maxNumberChildCertificates | Account Creator | 0 | Defines the maximum number of certificates that can added to the repo for this account. Note: The number limits the overall number of certificates in the account hierarchy descending from this account. The number of certificates directly assigned to the account plus the number of certificates allocated to each of the child accounts, cannot exceed the max. |
Relation with other services
- Provisioning Service. If you plan to use Zero Touch Provisioning (ZTP), the value for the max number of certificates should take into account one entry to store the trust certificate used by the ZTP.
- Plain device Mutual Authentication. If you plan to use plain Mutual Authentication, the value for the max number of certificates should take into account the number of server side certificates used to trust the connections from the devices.
Cluster Service
Controls the settings of the MQTT message service which manages the MQTT connections with the devices of this account.
Parameter | Editable By | Default | Description |
---|---|---|---|
portConnectionTcp | Account Creator | true | Allow connections via plain TCP port. Warning: plain TCP connection may be insecure. Consider disabling it if not needed. |
portConnectionSsl | Account Creator | true | Allow connections via the TLS port |
portConnectionMutualAuth | Account Creator | true | Allow connections via the TLS port with mutual authentication |
Credentials Service
Controls the settings of the Credential service which manages the user's lockout policy for this account. The lockout policy controls the platform behavior after repeated login failures due to wrong credentials.
Parameter | Editable By | Default | Description |
---|---|---|---|
lockoutPolicy.enabled | Account Creator, Account Manaager | true | Enable the user lockout policy |
lockoutPolicy.maxFailures | Account Creator, Account Manager | 3 | Number of consecutive login failures before the user gets locked. Valid if lockout policy is enabled. |
lockoutPolicy.resetAfter | Account Creator, Account Manager | 3600 | The amount of time in seconds required after the last login failure to automatically reset the failure counter. |
lockoutPolicy.lockDuration | Account Creator, Account Manager | 10800 | For a locked user, the amount of time in seconds required after the last login failure to automatically unlock the user. |
password.minLength | Account Creator, Account Manager | The minimum length of the passwords for this account. This value cannot be less than the system default value. If empty, system default value will be used. System default value may vary by Everyware Cloud instance. The system default length is 12. Changing this won't affect existing passwords. |
Device Connection Service
Controls the settings of the Device Connection service which manages the incoming device connection policy for this account.
Parameter | Editable By | Default | Description |
---|---|---|---|
deviceConnectionUserCouplingDefaultMode | Account Creator | LOOSE | Sets the user connection policy that will be assigned to the Device. Available values are LOOSE, STRICT. LOOSE allows the device to connect on behalf of any valid user except the reserved users currently assigned. With STRICT the platform registers the device user the first time the device connects, later the platform forces the device to always connect on behalf of the same user. Same as for the LOOSE case, the platform checks that the user of the first connection is not a reserved user. Note for the connection to succeed, device users must all have the required minimum permissions. |
Device Log Store Service
Controls the settings of the Log Store service which stores the device logs in the a back-end storage.
Parameter | Editable By | Default | Description |
---|---|---|---|
deviceLogStore.enabled | Account Creator | true | Enable the Log Store Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account. |
storageTTL | Account Creator | 30 | Device logs retention period (in days) See Logs Access for more details regarding the retention period. Note: The number limits the overall retention period in the account hierarchy descending from this account. |
storageByteLimit | Account Creator | 0 | Total storage usage per month |
logIndexBy | Account Creator | DEVICE_TIMESTAMP | Defines the timestamp used to index the log entries See Logs Access for more details regarding the indexing. |
logChannelFilter | Account Creator | Filtering regex to filter device logs by channel. The 'LOG/' initial semantic channel part is already implied so must not be specified in the filtering regex. |
Device Registry Service
Controls the settings of the Device Registry service which manages devices registered in the account.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildDevices | Account Creator | false | If true, the number of device entries that can be registered for the account is unlimited. If false, the maximum number of certificates registered for the account is limited by the maxNumberChildDevices parameter. |
maxNumberChildDevices | Account Creator | 0 | Defines the maximum number of devices that can be registered for this account. Note: The number limits the overall number of registered devices in the account hierarchy descending from this account. The number of devices directly registered to the account plus the number of devices allocated to each of the child accounts, cannot exceed the max. |
Relation with other services
When using the Provisioning Service to register new devices, the max number of provisioning requests and the max number of users should be set appropriately. Check the following sections for more details:
Group Service
Controls the settings of the Group service which allows to group Kapua entities and have them as a target for access control.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildGroups | Account Creator | false | If true, the number of device group entries that can be added for the account is unlimited. If false, the maximum number of device group entries for the account is limited by the maxNumberChildGroups parameter. |
maxNumberChildGroups | Account Creator | 0 | Defines the maximum number of device group entries that can be added to this account. Note: The number limits the overall number of device group entries in the account hierarchy descending from this account. The number of groups directly assigned to the account plus the number of groups allocated to each of the child accounts, cannot exceed the max. |
Job Service
Controls the settings of the Job service which performs batch device management operations on a set of devices.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildJobs | Account Creator | false | If true, the number of job entries that can be added for the account is unlimited. If false, the maximum number of job entries for the account is limited by the maxNumberChildJobs parameter. |
maxNumberChildJobs | Account Creator | 0 | Defines the maximum number of job entries that can be added to this account. Note: The number limits the overall number of job entries in the account hierarchy descending from this account. The number of jobs directly assigned to the account plus the number of jobs allocated to each of the child accounts, cannot exceed the max. |
Message Store Service
Controls the settings of the Message Store service which stores the device telemetry data in the a back-end storage.
Parameter | Editable By | Default | Description |
---|---|---|---|
messageStore.enabled | Account Creator | true | Enables the message store Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account. |
dataTTL | Account Creator | 30 | Data retention period (in days) See Data Access for more info regarding the retention period. Note: The number limits the overall retention period in the account hierarchy descending from this account. |
rxByteLimit | Account Creator | 0 | Total storage usage per month |
dataIndexBy | Account Creator | DEVICE_TIMESTAMP | Defines the timestamp used to index the data entries See Data Access for more details regarding the indexing. |
Provisioning Request Service
Controls the settings of the ProvisioningRequest service which manages provisioning requests.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildProvisionRequests | Account Creator | false | If true, the number of provisioning request entries that can be added for the account is unlimited. If false, the maximum number of provisioning request entries for the account is limited by the maxNumberChildProvisionRequests parameter. |
maxNumberChildProvisionRequests | Account Creator | 0 | Defines the maximum number of provisioning requests entries that can be added to this account. Note: The number limits the overall number of provisioning requests entries in the account hierarchy descending from this account. The number of requests directly assigned to the account plus the number of requests allocated to each of the child accounts, cannot exceed the max. |
provisioned.password.length.default | Account Creator, Account Manager | The default length of the password seeded to the device during the provisioning process. Changing this value won't affect already provisioned device. This value cannot be less than the system default value. If empty, system default value will be used. |
Relation with other service settings
- Device Registry Service. If you plan to use the Provisioning Service to register devices, the max number of provisioning requests should be set as well. In average, setting the max number of requests to be slightly greater than the max number of registered devices is a good practice to simplify the provisioning process and improve tracking history of the devices without wasting resources. Each time the max number of devices is changed, verify the max number of provision requests and update it consistently if needed.
Role Service
Controls the settings of the Role service which manages role definitions.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildRoles | Account Creator | true | If true, the number of role entries that can be added for the account is unlimited. If false, the maximum number of role entries for the account is limited by the maxNumberChildRoles parameter. |
maxNumberChildRoles | Account Creator | 0 | Defines the maximum number of role entries that can be added to this account. Note: The number limits the overall number of role entries in the account hierarchy descending from this account. The number of roles directly assigned to the account plus the number of roles allocated to each of the child accounts, cannot exceed the max. |
Route Service
Controls the settings of the Routes service which manages route definitions.
Parameter | Editable By | Default | Description |
---|---|---|---|
routeService.enabled | Account Creator | true | Enable the routes to external destinations. Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account. |
infiniteChildRoutes | Account Creator | false | If true, the number of route entries that can be added for the account is unlimited. If false, the maximum number of route entries for the account is limited by the maxNumberChildRoutes parameter. |
maxNumberChildRoutes | Account Creator | 0 | Defines the maximum number of route entries that can be added to this account. Note: The number limits the overall number of route entries in the account hierarchy descending from this account. The number of routes directly assigned to the account plus the number of routes allocated to each of the child accounts, cannot exceed the max. |
Tag Service
Controls the settings of the Tag service which manages tag definitions.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildTags | Account Creator | false | If true, the number of tag entries that can be added for the account is unlimited. If false, the maximum number of tag entries for the account is limited by the maxNumberChildRoutes parameter. |
maxNumberChildTags | Account Creator | 0 | Defines the maximum number of route entries that can be added to this account. Note: The number limits the overall number of tag entries in the account hierarchy descending from this account. The number of tags directly assigned to the account plus the number of tags allocated to each of the child accounts, cannot exceed the max. |
User Service
Controls the settings of the User service which manages users under an account.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildUsers | Account Creator | false | If true, the number of user entries that can be added for the account is unlimited. If false, the maximum number of user entries for the account is limited by the maxNumberChildRoutes parameter. |
maxNumberChildUsers | Account Creator | 0 | Defines the maximum number of user entries that can be added to this account. Note: The number limits the overall number of user entries in the account hierarchy descending from this account. The number of users directly assigned to the account plus the number of users allocated to each of the child accounts, cannot exceed the max. |
Relation to other services
- Provisioning Service. If you plan to use the Provisioning Service to register devices, the max number of users should be set consistently. In fact the Provisioning Service creates a dedicated user for each registered device. The max number of users should take into account one entry for each dedicated user. Each time the max number of provision request is changed, verify the max number of users and update it consistently if needed.
Remote Access Service
Controls the settings of the Vpn Connection service which manages remote access into devices.
Parameter | Editable By | Default | Description |
---|---|---|---|
infiniteChildVpnConnections | Account Creator | false | If true, the number of concurrent remote connection entries that can be accepted by the account is unlimited. If false, the maximum number of concurrent remote connection entries for the account is limited by the maxNumberVpnConnections parameter. |
maxNumberVpnConnections | Account Creator | 0 | Defines the maximum number of concurrent remote connection entries that can be accepted by the account. Note: The number limits the overall number of concurrent remote connection entries in the account hierarchy descending from this account. The number of connections directly assigned to the account plus the number of connections allocated to each of the child accounts, cannot exceed the max. |
CORS Filter
Check CORS Filter within the RESTful API guide for more details.
Updated 13 days ago