Account Settings

The account configuration is captured in the account Settings. Each Everyware Cloud service can expose configuration parameters that are scoped at the account level. For example, a Device Registry Service can expose the maximum number of devices that an account can accept or a Data Service can allow to configure a data retention parameter to control for how long data should be retained in the platform.

A account can review its settings in the Settings page.

Account Description

The Description tab contains useful information regarding the account configuration.

Deployment Info

The Deployment Info section contains the MQTT endpoints that are available for the account. Devices that need to connect to the platform have to use these endpoints.

Account Settings

The Account Settings tab contains the current service plan of the account. The service plan defines:

  • which services are enabled
  • the configuration of their behavior
  • the usage limits assigned to the account

To change the settings of a current account, you need to switch to current account in scope to the parent one and manage the account settings from the Settings Tab in the Child Account section.
For example, Everyware Cloud Administrators can review and adjust the settings of any top level account. An account administrator can review and adjust the settings of all its child accounts.

📘

When creating a new Account, review the default settings of the Everyware Cloud services to size appropriately the required functionalities.

Account Service

Controls the settings of the Account service which manages accounts and child accounts.

ParameterEditable ByDefaultDescription
infiniteChildAccountsAccount CreatorfalseIf true, the number of child accounts that can be created for the this account is unlimited.

If false, the maximum number of child accounts is limited by the maxNumberChildAccounts parameter.
maxNumberChildAccountsAccount Creator0Defines the maximum number of child accounts that can be created under this account.

Note: The number limits the overall number of child accounts in the account hierarchy descending from this account. The number of child accounts directly assigned to the account plus the number of child accounts allocated to each of the children, cannot exceed the max.

Certificate Service

Controls the settings of the Certificate service which manages the repository if the certificates used by several Everyware Cloud functionalities like for example Device Mutual Authentication, Device Massage Signing, etc.

ParameterEditable ByDefaultDecription
infiniteChildCertificatesAccount CreatorfalseIf true, the number of certificates that can be added to the repo for the account is unlimited.

If false, the maximum number of certificates in the repo for the account is limited by the maxNumberChildCertificates parameter.
maxNumberChildCertificatesAccount Creator0Defines the maximum number of certificates that can added to the repo for this account.

Note: The number limits the overall number of certificates in the account hierarchy descending from this account. The number of certificates directly assigned to the account plus the number of certificates allocated to each of the child accounts, cannot exceed the max.

Relation with other services

  • Provisioning Service. If you plan to use Zero Touch Provisioning (ZTP), the value for the max number of certificates should take into account one entry to store the trust certificate used by the ZTP.
  • Plain device Mutual Authentication. If you plan to use plain Mutual Authentication, the value for the max number of certificates should take into account the number of server side certificates used to trust the connections from the devices.

Cluster Service

Controls the settings of the MQTT message service which manages the MQTT connections with the devices of this account.

ParameterEditable ByDefaultDescription
portConnectionTcpAccount CreatortrueAllow connections via plain TCP port.

Warning: plain TCP connection may be insecure. Consider disabling it if not needed.
portConnectionSslAccount CreatortrueAllow connections via the TLS port
portConnectionMutualAuthAccount CreatortrueAllow connections via the TLS port with mutual authentication

Credentials Service

Controls the settings of the Credential service which manages the user's lockout policy for this account. The lockout policy controls the platform behavior after repeated login failures due to wrong credentials.

ParameterEditable ByDefaultDescription
lockoutPolicy.enabledAccount Creator, Account ManaagertrueEnable the user lockout policy
lockoutPolicy.maxFailuresAccount Creator, Account Manager3Number of consecutive login failures before the user gets locked. Valid if lockout policy is enabled.
lockoutPolicy.resetAfterAccount Creator, Account Manager3600The amount of time in seconds required after the last login failure to automatically reset the failure counter.
lockoutPolicy.lockDurationAccount Creator, Account Manager10800For a locked user, the amount of time in seconds required after the last login failure to automatically unlock the user.
password.minLengthAccount Creator, Account ManagerThe minimum length of the passwords for this account. This value cannot be less than the system default value. If empty, system default value will be used.

System default value may vary by Everyware Cloud instance. The system default length is 12.

Changing this won't affect existing passwords.

Device Connection Service

Controls the settings of the Device Connection service which manages the incoming device connection policy for this account.

ParameterEditable ByDefaultDescription
deviceConnectionUserCouplingDefaultModeAccount CreatorLOOSESets the user connection policy that will be assigned to the Device. Available values are LOOSE, STRICT. LOOSE allows the device to connect on behalf of any valid user except the reserved users currently assigned. With STRICT the platform registers the device user the first time the device connects, later the platform forces the device to always connect on behalf of the same user. Same as for the LOOSE case, the platform checks that the user of the first connection is not a reserved user. Note for the connection to succeed, device users must all have the required minimum permissions.

Device Log Store Service

Controls the settings of the Log Store service which stores the device logs in the a back-end storage.

ParameterEditable ByDefaultDescription
deviceLogStore.enabledAccount CreatortrueEnable the Log Store

Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account.
storageTTLAccount Creator30Device logs retention period (in days)

See Logs Access for more details regarding the retention period.

Note: The number limits the overall retention period in the account hierarchy descending from this account.
storageByteLimitAccount Creator0Total storage usage per month
logIndexByAccount CreatorDEVICE_TIMESTAMPDefines the timestamp used to index the log entries

See Logs Access for more details regarding the indexing.
logChannelFilterAccount CreatorFiltering regex to filter device logs by channel. The 'LOG/' initial semantic channel part is already implied so must not be specified in the filtering regex.

Device Registry Service

Controls the settings of the Device Registry service which manages devices registered in the account.

ParameterEditable ByDefaultDescription
infiniteChildDevicesAccount CreatorfalseIf true, the number of device entries that can be registered for the account is unlimited.

If false, the maximum number of certificates registered for the account is limited by the maxNumberChildDevices parameter.
maxNumberChildDevicesAccount Creator0Defines the maximum number of devices that can be registered for this account.

Note: The number limits the overall number of registered devices in the account hierarchy descending from this account. The number of devices directly registered to the account plus the number of devices allocated to each of the child accounts, cannot exceed the max.

Relation with other services

When using the Provisioning Service to register new devices, the max number of provisioning requests and the max number of users should be set appropriately. Check the following sections for more details:

Group Service

Controls the settings of the Group service which allows to group Kapua entities and have them as a target for access control.

ParameterEditable ByDefaultDescription
infiniteChildGroupsAccount CreatorfalseIf true, the number of device group entries that can be added for the account is unlimited.

If false, the maximum number of device group entries for the account is limited by the maxNumberChildGroups parameter.
maxNumberChildGroupsAccount Creator0Defines the maximum number of device group entries that can be added to this account.

Note: The number limits the overall number of device group entries in the account hierarchy descending from this account. The number of groups directly assigned to the account plus the number of groups allocated to each of the child accounts, cannot exceed the max.

Job Service

Controls the settings of the Job service which performs batch device management operations on a set of devices.

ParameterEditable ByDefaultDescription
infiniteChildJobsAccount CreatorfalseIf true, the number of job entries that can be added for the account is unlimited.

If false, the maximum number of job entries for the account is limited by the maxNumberChildJobs parameter.
maxNumberChildJobsAccount Creator0Defines the maximum number of job entries that can be added to this account.

Note: The number limits the overall number of job entries in the account hierarchy descending from this account. The number of jobs directly assigned to the account plus the number of jobs allocated to each of the child accounts, cannot exceed the max.

Message Store Service

Controls the settings of the Message Store service which stores the device telemetry data in the a back-end storage.

ParameterEditable ByDefaultDescription
messageStore.enabledAccount CreatortrueEnables the message store

Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account.
dataTTLAccount Creator30Data retention period (in days)

See Data Access for more info regarding the retention period.

Note: The number limits the overall retention period in the account hierarchy descending from this account.
rxByteLimitAccount Creator0Total storage usage per month
dataIndexByAccount CreatorDEVICE_TIMESTAMPDefines the timestamp used to index the data entries

See Data Access for more details regarding the indexing.

Provisioning Request Service

Controls the settings of the ProvisioningRequest service which manages provisioning requests.

ParameterEditable ByDefaultDescription
infiniteChildProvisionRequestsAccount CreatorfalseIf true, the number of provisioning request entries that can be added for the account is unlimited.

If false, the maximum number of provisioning request entries for the account is limited by the maxNumberChildProvisionRequests parameter.
maxNumberChildProvisionRequestsAccount Creator0Defines the maximum number of provisioning requests entries that can be added to this account.

Note: The number limits the overall number of provisioning requests entries in the account hierarchy descending from this account. The number of requests directly assigned to the account plus the number of requests allocated to each of the child accounts, cannot exceed the max.
provisioned.password.length.defaultAccount Creator, Account ManagerThe default length of the password seeded to the device during the provisioning process. Changing this value won't affect already provisioned device. This value cannot be less than the system default value. If empty, system default value will be used.

Relation with other service settings

  • Device Registry Service. If you plan to use the Provisioning Service to register devices, the max number of provisioning requests should be set as well. In average, setting the max number of requests to be slightly greater than the max number of registered devices is a good practice to simplify the provisioning process and improve tracking history of the devices without wasting resources. Each time the max number of devices is changed, verify the max number of provision requests and update it consistently if needed.

Role Service

Controls the settings of the Role service which manages role definitions.

ParameterEditable ByDefaultDescription
infiniteChildRolesAccount CreatortrueIf true, the number of role entries that can be added for the account is unlimited.

If false, the maximum number of role entries for the account is limited by the maxNumberChildRoles parameter.
maxNumberChildRolesAccount Creator0Defines the maximum number of role entries that can be added to this account.

Note: The number limits the overall number of role entries in the account hierarchy descending from this account. The number of roles directly assigned to the account plus the number of roles allocated to each of the child accounts, cannot exceed the max.

Route Service

Controls the settings of the Routes service which manages route definitions.

ParameterEditable ByDefaultDescription
routeService.enabledAccount CreatortrueEnable the routes to external destinations.

Note: When false the service will not be available to none of the child accounts in the account hierarchy descending from this account.
infiniteChildRoutesAccount CreatorfalseIf true, the number of route entries that can be added for the account is unlimited.

If false, the maximum number of route entries for the account is limited by the maxNumberChildRoutes parameter.
maxNumberChildRoutesAccount Creator0Defines the maximum number of route entries that can be added to this account.

Note: The number limits the overall number of route entries in the account hierarchy descending from this account. The number of routes directly assigned to the account plus the number of routes allocated to each of the child accounts, cannot exceed the max.

Tag Service

Controls the settings of the Tag service which manages tag definitions.

ParameterEditable ByDefaultDescription
infiniteChildTagsAccount CreatorfalseIf true, the number of tag entries that can be added for the account is unlimited.

If false, the maximum number of tag entries for the account is limited by the maxNumberChildRoutes parameter.
maxNumberChildTagsAccount Creator0Defines the maximum number of route entries that can be added to this account.

Note: The number limits the overall number of tag entries in the account hierarchy descending from this account. The number of tags directly assigned to the account plus the number of tags allocated to each of the child accounts, cannot exceed the max.

User Service

Controls the settings of the User service which manages users under an account.

ParameterEditable ByDefaultDescription
infiniteChildUsersAccount CreatorfalseIf true, the number of user entries that can be added for the account is unlimited.

If false, the maximum number of user entries for the account is limited by the maxNumberChildRoutes parameter.
maxNumberChildUsersAccount Creator0Defines the maximum number of user entries that can be added to this account.

Note: The number limits the overall number of user entries in the account hierarchy descending from this account. The number of users directly assigned to the account plus the number of users allocated to each of the child accounts, cannot exceed the max.

Relation to other services

  • Provisioning Service. If you plan to use the Provisioning Service to register devices, the max number of users should be set consistently. In fact the Provisioning Service creates a dedicated user for each registered device. The max number of users should take into account one entry for each dedicated user. Each time the max number of provision request is changed, verify the max number of users and update it consistently if needed.

Remote Access Service

Controls the settings of the Vpn Connection service which manages remote access into devices.

ParameterEditable ByDefaultDescription
infiniteChildVpnConnectionsAccount CreatorfalseIf true, the number of concurrent remote connection entries that can be accepted by the account is unlimited.

If false, the maximum number of concurrent remote connection entries for the account is limited by the maxNumberVpnConnections parameter.
maxNumberVpnConnectionsAccount Creator0Defines the maximum number of concurrent remote connection entries that can be accepted by the account.

Note: The number limits the overall number of concurrent remote connection entries in the account hierarchy descending from this account. The number of connections directly assigned to the account plus the number of connections allocated to each of the child accounts, cannot exceed the max.

CORS Filter

Check CORS Filter within the RESTful API guide for more details.