Overview of Organization Management
What Is Organizations?
Huawei Cloud Organizations is an account management service for consolidating multiple Huawei Cloud accounts into a single organization so you can manage them all in one place. An organization is composed of one management account, multiple member accounts, one root organizational unit (OU), and other OUs. The root OU and other OUs are organized in a hierarchical, tree-like structure. You can group your accounts into the root OU or any of the other OUs. For details about Organizations, see What Is Organization?.
After you set up a landing zone using a management account, the managed organizational structure, OUs, and accounts are displayed on the organization management page.
Basic Concepts
- Organization
An entity that you create to manage multiple accounts. Each organization is composed of a management account, member accounts, a root OU, and various other OUs. An organization has exactly one management account along with several member accounts. You can organize the accounts in a hierarchical, tree-like structure with the root OU at the top and nested OUs under it. Each member account can be directly under the root OU or placed under one of the other OUs. The organization management page displays the organization structure.
- Root OU
The top of the organization tree in a landing zone.
- Core OU (Security OU)
This OU contains the log archive account and audit account, which are also called core accounts. The log archive account is used to store logs of operations and resource configurations of all accounts. The audit account, a security management account, is responsible for the security of the entire organization and can perform security audits on other accounts. When setting up a landing zone, you can create custom OUs and account names. You can also use an existing account in the organization that the management account belongs to as the log archive account or audit account.
For an existing account invited to join the organization, you need to select an agency to use as a core account. For an account created in the organization, such agency is not required. For details about how to set an agency, see Prerequisites. If an existing account is already using the Config service and a resource recorder, the system will overwrite the resource recorder settings of this account, and all options will be selected by default.
- OUs
A container or grouping unit for member accounts. It can be understood as a department, a subsidiary, a project family, or the like, of your enterprise. An OU can also contain other OUs. Each OU can have exactly one parent OU, but a parent OU can have multiple child OUs or nested member accounts.
- Registered OUs
If you create OUs in RGC, they will be registered automatically. If you create OUs in Organizations, you need to manually register them so that they can be governed in the landing zone.
- Additional OU
An additional OU (sandbox OU) created by default to associate with test environment accounts. You can rename this OU for other purposes if needed.
- Management account
The account used to set up a landing zone. You can use the management account to register OUs and enroll accounts and also manage both in the landing zone.
- Member accounts
An account directly in the root OU or placed in one of the other OUs.
- Enrolled accounts
If you create accounts in RGC, they will be automatically enrolled. If you create accounts in Organizations, you need to manually enroll them so that they can be governed in the landing zone.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot