Isolation Solution Based on CAM Sub-accounts
Applicable Scenarios
Suitable for enterprises seeking rapid implementation with no specific requirements for Tencent Cloud branding. Employees log in via Tencent Cloud accounts, each with an independent TCB environment and AI assistant, ready for out-of-the-box use.
Solution Overview
Providing enterprises with a self-service AI development resource management platform that centrally allocates resources through a unified management environment, creating independent TCB environments and AI assistant servers for each employee, enabling:
- ✅ One-click application, fully automated delivery: After employees submit requests, the system automatically creates accounts, environments, and servers
- 🔒 Complete Resource Isolation: Each employee has an independent TCB environment and server without mutual interference
- 💻 Out-of-the-box AI capabilities: Each server comes pre-installed with the OpenClaw AI assistant, with TCB integration automatically configured.
- 🎯 Fine-grained Permission Control: Employees can only access their own resources, preventing accidental operations on others' environments.
- 📊 Unified Management View: Enterprises can monitor all resource usage with controllable costs.
- 👁️ Manual Oversight and Auditability: Employees can log in to the Tencent Cloud console via CAM sub-accounts to manually manage/inspect cloud resources. This allows not only AI operations but also human auditing of AI operation results.
Overall Architecture
Core Process
Business Value
Lower Development Barriers
- Employees do not need to master complex cloud service configurations
- Completing development tasks by conversing with AI in natural language
- Rapidly validate ideas and reduce the time from idea to prototype
Enhancing Collaboration Efficiency
- Each employee has an independent sandbox environment
- Avoid conflicts and misoperations caused by multi-user shared environments
Cost Controllability and Predictability
- Create resources on demand without pre-purchasing a large number of servers
- TCB environment is billed based on package, with cost transparency.
Security and Compliance
- Sub-account permission isolation conforms to enterprise security standards
- All resources are under the enterprise master account, enabling centralized control
- Operation logs are complete and traceable
- Employees can log in to the Tencent Cloud console via CAM sub-accounts to manually inspect and manage cloud resources, and audit AI operation results.
Cost Estimation
| Item | Unit Price | Quantity | Subtotal |
|---|---|---|---|
| Management Environment (TCB Personal Edition) | ¥39.9/month | 1 | ¥39.9 |
| Employee Environment (TCB Personal Edition, including OpenClaw server) | ¥39.9/month | N | ¥39.9 × N |
Example:
- 10 employees: ¥39.9 × (1 + 10) = ¥439/month
- 50 employees: ¥39.9 × (1 + 50) = ¥2,035/month
Responsibilities of All Parties
| Role | Responsibilities |
|---|---|
| Enterprise Internal System | Employee Identity Authentication, automatically create CAM sub-accounts and TCB environments, create lightweight servers and install TCB Skill/MCP via TAT, configure CAM access policies |
| OpenClaw | Serves as the employee interface, provides AI assistant capabilities, and operates cloud resources via TCB Skill/MCP |
| Tencent Cloud CAM | Provides capabilities such as sub-account creation, API key generation, and permission policy management |
| Tencent Cloud TCB | Provides cloud resource capabilities including environment creation, database, SCF, storage, and more |
Getting Started
Enable every employee to be equipped with their own AI development assistant, beginning with TCB.