The account configuration is captured in the account Settings. Each Everyware Cloud service can expose configuration parameters that are scoped at the account level. For example, a Device Registry Service can expose the maximum number of devices that an account can accept or a Data Service can allow to configure a data retention parameter to control for how long data should be retained in the platform.
A account can review its settings in the Settings page.
To change the settings of a current account, you need to switch to current account in scope to the parent one and manage the account settings from the Settings Tab in the Child Account section.
For example, Everyware Cloud Administrators can review and adjust the settings of any top level account. An account administrator can review and adjust the settings of all its child accounts.
Account Quota
Account quota follow the account hierarchical model. When setting a quota on an account this is shared between the account itself and all its child accounts. So when setting a maximum number of devices on a given account, such quota is enforced between the account itself and all the child accounts.
Recommended Settings for a New Account
When creating a new Account, review the settings of the Everyware Cloud services to enable the appropriate functionality.
AccountService
Controls the settings of the Account service which manages accounts and child accounts.
Specify the maximum number of child accounts through the maxNumberChildAccounts parameter.
You must change the default setting or no child account can be created under this account or enable an unlimited number of child account.
CredentialService
Controls the settings of the Credential service which manages the user's lockout policy. The user's controls the platform behavior after repeated login failures due to wrong credentials.
It is recommend to enable the lockout policy and to properly adjust the behavior after a repeated set of long failure due to wrong credentials.
DeviceConnectionService
Controls the settings of the Device Connection service which manages the incoming device connection policy.
Through the device connection policy, a device may be uniquely bound to a user identity and can only connect to the platform under that identity. This enforces an extra level of security on the platform.
DeviceRegistryService
Controls the settings of the Device Registry service which manages devices.
Specify the maximum number of device that can be created under the account through the maxNumberChildDevices parameter.
You must change the default setting or no device can connect under this account or enable an unlimited number of devices.
GroupService
Controls the settings of the Group service which allows to group Kapua entities and have them as a target for access control.
Specify the maximum number of groups that can be created under the account through the maxNumberChildGroups parameter.
You must change the default setting or no groups can be created under this account or enable an unlimited number of groups.
JobService
Controls the settings of the Job service which performs batch device management operations on a set of devices.
Specify the maximum number of jobs that can be created under the account through the maxNumberChildJobs parameter.
You must change the default setting or no jobs can be created under this account or enable an unlimited number of jobs.
MessageStoreService
Controls the settings of the Message Store service which stores the device telemetry data in the a back-end storage.
Enable the storage of the telemetry data to have it captured and indexed in the back-end.
RoleService
Controls the settings of the Role service which manages role definitions.
Specify the maximum number of roles through the maxNumberChildRoles parameter.
You must change the default setting or no role can be created under this account or enable an unlimited number of roles.
TagService
Controls the settings of the Tag service which manages tag definitions.
Specify the maximum number of tags through the maxNumberChildTags parameter.
You must change the default setting or no tag can be created under this account or enable an unlimited number of tags.
UserService
Controls the settings of the User service which manages users under an account.
Specify the maximum number of users through the maxNumberChildUsers parameter.
You must change the default setting or no users can be created under this account or enable an unlimited number of users.
VpnConnectionService
Controls the settings of the Vpn Connection service which manages remote access into devices.
Specify the maximum number of VPN connections through the maxNumberChildVpnConnections parameter.
You must change the default setting or no VPN connections can be created under this account or enable an unlimited number of VPN connections.
Recommended Settings for a Production Account
When moving and account to production, review the following setting to tighten security around it.
CredentialService
Enable the lockout policy and set the maximum number of failure to 3 and the set the resetAfter to 1 hour. If more than 3 failed logins are attempted within 1 hour, the users will be locked out of the platform for a lockDuration period of 3 hours.
DeviceConnectionService
Set the user coupling mode of the device connection to STRICT. In that mode, each device can connect to the platform only with a specific, exclusive user.