Unified Multi-account Management
Unified multi-account management covers security, compliance audit, O&M, and finance. It helps enterprises significantly improve management efficiency and consistency, reducing management costs. The more the accounts, the greater the benefits from unified management.
Unified Security Management
SecMaster, Data Security Center (DSC), Database Security Service (DBSS), Data Encryption Workshop (DEW), and Cloud Certificate Manager (CCM) are centrally deployed in the security operations account. This account is used to manage the security of other member accounts.
SecMaster in the security operations account can collaborate with the SecMaster and HSS deployed in other accounts. You can use the security operations account to perform unified security operations on other accounts without logging in to these accounts, including managing cloud assets, security posture, security information and events, and security orchestration and response. DSC in the security operations account can centrally protect the data of all member accounts, including identifying data security risks and protecting data (data watermarking and data masking). DBSS in the security operations account can perform cross-account database audit and centrally display audit information collected by agents when the network is reachable. CCM in the security operations account can centrally apply for SSL certificates and share them with other accounts via RAM. DEW in the security operations account can centrally create Key Management Service (KMS) keys and share them with other accounts via RAM.

Network security protection services, such as WAF, Anti-DDoS, and CFW, are centrally deployed in the network operations account following the principle of proximity to protect network connection resources such as NAT gateways and EIPs.
Unified Compliance Audit
Auditors use the logging account to audit the operations, including configuring trackers and key operation notifications, of all member accounts. They do not need to log in to member accounts one by one.
- You can create an organization tracker in CTS of the logging account to aggregate audit logs collected by CTS of all member accounts and transfer the audit records to LTS of the logging account.
- You can centrally view the audit records of all member accounts in LTS.
- You can also configure alarm notifications for key operations, such as creating and deleting resources, in LTS.

Auditors can audit member accounts' resource configurations based on the organization rules and organization conformance packages provided by Config, and centrally view non-conforming resource configurations.
Unified O&M Management
Cloud Operations Center (COC) and Application Operations Management (AOM) are centrally deployed in the O&M monitoring account to monitor and maintain other member accounts in a unified manner, as shown in the following figure.
AOM in the O&M monitoring account can collaborate with AOM in other accounts. You can access the monitoring metrics of each cloud service in other accounts, view these metrics with the O&M monitoring account, and configure alarm rules in a unified manner.
For details, see Unified Metric Monitoring.
COC in the O&M monitoring account can centrally manage cloud resources of other accounts and deliver O&M instructions to other accounts.

Unified Financial Management
You are advised to choose unified accounting when creating member accounts in the Enterprise Center. After this function is enabled, the financial administrator can centrally manage the funds, bills, and invoices of the member accounts with the master account. The master account pays for the cloud resources used by the member accounts. Huawei Cloud only issues invoices for the master account because the master account acts as the transaction entity for Huawei Cloud. The following figure shows the relationships between the master account and member accounts.

In the unified accounting mode, the master account can perform the following financial management operations for member accounts:
- Shared discounts: The master and member accounts share discounts by default. This eliminates the need for customers to repeatedly apply for discounts for each member account and significantly reduces customer costs.
- Unified payment: The master account does not need to manually allocate cash, credit, or cash coupons to member accounts for resource usage. Instead, the master account pays the expenditures of all member accounts. This significantly eases the financial workload.
- One-stop bill management: The master account can query bills of all member accounts, and check all these bills in one place.
- Unified invoicing: The master account can issue invoices for the expenditures of a single member account or all member accounts together.
- Unified cost management: The master account can manage the costs of all member accounts in a unified manner, including unified budget management and cost monitoring, analysis, forecasting, and optimization. This greatly improves the cost management efficiency for enterprise customers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot