Connection Profiles

Connection profiles are used to define access methods and security credentials for a specific application. They can be referenced by multiple jobs. To do this, you must deploy the connection profile definition before running the relevant jobs. 

Note: For most types of connection profiles (except for File Transfer connection profiles), the name of the connection profile can contain only the following types of characters: uppercase letters, numbers, hyphens, and underscores. The connection profile name can contain up to 30 characters.

ConnectionProfile:Hadoop

These examples show how to use connection profiles for the various types of Hadoop jobs.

Hadoop (all types)

These are the required parameters for all Hadoop job types.

{
  "HADOOP_CONNECTION_PROFILE":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost"
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

 These are the optional parameters for defining the user running the Hadoop job types and choosing between a local or centralized connection profile.

{
  "HADOOP_CONNECTION_PROFILE":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
	"TargetCTM" : "CTMHost",
    "RunAs": "",
    "KeyTabPath":"",
    "Centralized":true
  }
}
RunAs

Defines the user of the account on which to run Hadoop jobs.

Leave this field empty to run Hadoop jobs using the user account where the agent was installed.

The Control-M/Agent must run as root, if you define a specific RunAs user.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

In the case of Kerberos security, the following parameters control security:

RunAs

Principal name of the user

KeyTabPathKeytab file path for the target user

Apache Spark

The following example shows a connection profile that defines access to a Spark server.

{
 "SPARK_CONNECTION_PROFILE" :
 {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "docker-hadoop5",
    "Spark" :
    {
      "CustomPath" : "/home"
    }
  }
}

The CustomPath parameter is optional.

Apache Oozie

 The following example shows a connection profile that defines access to an Oozie server.

{
 "OOZIE_CONNECTION_PROFILE" :
 {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "hdp-ubuntu",
    "Centralized" : false,
    "Oozie" :
    {
      "SslEnabled"     : false,
      "Host" : "hdp-centos",
      "Port" : "11000",
      "ExtractionRules": [
      {
        "RuleName" : "rule_name1",
        "WorkFlowName" : "work_flow_name1",
        "WorkFlowUserName" : "work_flow_user_name1",
        "FolderName" : "folder_name1",
        "JobName" : "job_name1"
       },
      {
        "RuleName" : "rule_name2",
        "WorkFlowName" : "work_flow_name2",
        "WorkFlowUserName" : "work_flow_user_name2",
        "FolderName" : "folder_name2",
        "JobName" : "job_name2"
       }
      ]
   }
 }
}
ParameterDescription
HostOozie server host
Port

Oozie server port

Default: 11000

SslEnabled

true | false

Default: false

ExtractionRules

9.0.20.010(Optional) Definitions of rules for filtering Oozie workflows. Each rule has the following definitions:

   RuleNameName of the rule
   WorkFlowNameName of the Oozie workflow to get from the Oozie server
   WorkFlowUserNameName of the user that runs the workflows from the Oozie server
   FolderNameName of the folder that contains the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template
   JobNameName of the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template

Apache Sqoop

The following example shows a connection profile that defines a Sqoop data source and access credentials.

{
  "SQOOP_CONNECTION_PROFILE" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Centralized" : false,
    "Sqoop" :
    {
      "User"     : "username",
      "Password" : "userpassword",
      "ConnectionString" : "jdbc:mysql://mysql.server/database",
      "DriverClass" : "com.mysql.jdbc.Driver"
    }
  }
}

The following table describes the parameters in the example above, as well as several additional optional parameters:

ParameterDescription
UserThe database user connected to the Sqoop server
Password

A password for the specified user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionStringJDBC-compliant database: The connection string used to connect to the database
DriverClassJDBC-compliant database: The driver class for the driver .jar file, which indicates the entry-point to the driver

PasswordFile

(Optional) The full path to a file located on the HDFS that contains the password to the database

Note: To use a JCEKS file, include the .jceks file extension.

DatabaseVendor

(Optional) The database vendor of an automatically supported database used with Sqoop, one of the following:

  • MySQL
  • Oracle (SID)
  • Oracle (Service Name)
  • PostgreSQL
DatabaseName(Optional) Name of an automatically supported database used with Sqoop
DatabaseHost(Optional) The host server of an automatically supported database used with Sqoop
DatabasePort(Optional) The port number for an automatically supported database used with Sqoop

Apache Tajo

The following example shows a connection profile that defines access to a Tajo server. Tajo is an advanced data warehousing system on top of HDFS.

{
  "TAJO_CP" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "Tajo":
    {
      "BinaryPath": "$TAJO_HOME/bin/",
      "DatabaseName": "myTajoDB",
      "MasterServerName" : "myTajoServer",
      "MasterServerPort": "26001"
    }
  }
}
ParameterDescription
BinaryPathPath to the bin directory where tsql utility is located
DatabaseNameName of the Tajo database
MasterServerNameHost name of the server where the Tajo master is running
MasterServerPortTajo master port number

Apache Hive

The following example shows a connection profile that defines a Hive beeline endpoint and access credentials. The parameters in the example translate to this beeline command: 

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>

{
  "HIVE_CONNECTION_PROFILE" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Hive" :
    {
       "Host" : "hive_host_name",
       "Port" : "10000",
       "DatabaseName" : "hive_database",
    }
  }
}

The following shows how to use optional parameters for a Hadoop Hive job type connection profile. 

The parameters in the example translate to this beeline command:  

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>;principal=<Principal> -n <User> -p <Password> 

{
  "HIVE_CONNECTION_PROFILE1":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Centralized" : true,
    "Hive" :
    {
       "Host" : "hive_host_name",
       "Port" : "10000",
       "DatabaseName" : "hive_database",
       "User" : "user_name",
       "Password" : "user_password",
       "Principal" : "Server_Principal_of_HiveServer2@Realm"
    }
  }
}

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Back to top

ConnectionProfile:FileTransfer 

Connection profiles for File Transfers are available for the following types of target servers and communication protocols:

For FTP, SFTP, FTPS, and Local filesystem transfers, you can choose between the following types of connection profiles, depending on the number of hosts for which the connection profile contains connection details:

  • Single endpoint: Each connection profile contains the connection details of a single host. Such a connection profile can be used for either the source host or the destination host in a file transfer.
  • Dual endpoint: The connection profile contains connection details of two hosts, both the source host and the destination host, in a file transfer.

You can also create group connection profiles for file transfers, which enable you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

ConnectionProfile:FileTransfer:FTP

The following examples show a connection profile for a file transfer to a single endpoint using the FTP communication protocol.

Simple ConnectionProfile:FileTransfer:FTP

{
 "FTPConn" : {
   "Type" : "ConnectionProfile:FileTransfer:FTP",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "FTPServer",
   "User" : "FTPUser",
   "Password" : "ftp password",
 }
}

ConnectionProfile:FileTransfer:FTP with optional parameters

{
 "FTPConn" : {
   "Type" : "ConnectionProfile:FileTransfer:FTP",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "WorkloadAutomationUsers":["john","bob"],
   "HostName": "FTPServer",
   "Port": "21",
   "User" : "FTPUser",
   "Password" : "ftp password",
   "HomeDirectory": "/home/FTPUser",
   "OsType": "Unix",
   "Centralized" : false,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTP server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTP server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
ConnectionMode

(Optional) Set the FTP client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:SFTP

The following examples show a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol. 

Simple ConnectionProfile:FileTransfer:SFTP

{
 "sFTPconn": {
   "Type": "ConnectionProfile:FileTransfer:SFTP",
   "TargetAgent": "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "SFTPServer",
   "Port": "22",
   "User" : "SFTPUser",
   "Password" : "sftp password"
 }
}

ConnectionProfile:FileTransfer:SFTP with optional parameters

{
 "sFTPconn": {
   "Type": "ConnectionProfile:FileTransfer:SFTP",
   "TargetAgent": "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "SFTPServer",
   "Port": "22",
   "User" : "SFTPUser",
   "HomeDirectory": "/home/SFTPUser",  
   "PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
   "Passphrase": "passphrase",
   "SSHCompression": true,
   "Centralized" : true,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}
TargetAgentWhich agent computer to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

PrivateKeyName

(Optional) Private key full file path

Passphrase

(Optional) Password for the private key. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Password

(Optional) Password for SFTP Server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
SSHCompression

(Optional) Whether to compress the file before the transfer.

true | false

Default: false

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:FTPS

The following example shows a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.

{
 "FTPSConn": {
    "Type": "ConnectionProfile:FileTransfer:FTPS",
    "HomeDirectory": "/var/home",
    "TargetAgent": "sqa",
    "TargetCTM": "LocalControlM",
    "HostName" : "localhost",
    "User" : "controlm",
    "Password": "ftps_pass",
    "Port": "10021",
    "SSLImplicit": false,
    "ClearDataChannel": true,
    "SSLLevel": "ClientServerAuthentication",
    "ClearCommandChannel": true,
    "Centralized" : true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTPS server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTPS server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
ConnectionMode

(Optional) Set the FTPS client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

SSLImplicit

Whether to automatically create an SSL connection to the FTPS server (Default port 990).

In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS).

true (implicit connection) | false (explicit connection)

Default: false

ClearDataChannel

Whether to encrypt the connection process while files are transferred without encryption.

This option is useful if you want your login information encrypted and your files transferred without encryption.

true | false

Default: true

SSLLevel

The SSL security level, one of the following:

  • NoAuthentication — low security level; client certificate not sent (the default)
  • ServerAuthentication — moderate security level; client certificate not sent
  • ClientServerAuthentication — high security level; client certificate sent
ClearCommandChannel

Whether to set the transmission mode from encrypted mode to clear text mode.

You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:Local

The following example shows a connection profile for a file transfer to a single endpoint on a Local File System. 

{
 "LocalConn" : {
   "Type" : "ConnectionProfile:FileTransfer:Local",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "User" : "controlm",
   "Password" : "local password",
   "Centralized" : true,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. 
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) Local server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for local account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Amazon

The following example shows a connection profile for file transfers between a local filesystem and an Amazon S3 storage service.

{
  "testAmazon": {
    "Type": "ConnectionProfile:FileTransfer:S3:Amazon",
    "Region": "us-west-2",
    "AccessKey": "mykey",
    "SecretAccessKey": "mysecret", 
    "VerifyDestination": true,
    "TargetAgent": "sqa",
    "Centralized": true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
Region

The region in which the Amazon S3 storage bucket is located.

Specify one of the following regions:

  • us-gov-west-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • cn-north-1
  • cn-northeast-1
AccessKeyThe access key to the Amazon S3 storage.
SecretAccessKey

The secret access key to the Amazon S3 storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Compatible

The following example shows a connection profile for file transfers between a local filesystem and an S3-compatible storage service.

{
  "testCompatible": {
    "Type": "ConnectionProfile:FileTransfer:S3:Compatible",
    "RestEndPoint": "api.com",
    "AccessKey": "mykey",
    "SecretAccessKey": "mysecret",
    "VerifyDestination": true,            
    "TargetAgent": "sqa",
    "Centralized": true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
RestEndPointThe network address where the S3 Compatible Storage is located.
AccessKeyThe access key to the S3 Compatible storage.
SecretAccessKey

The secret access key to the S3 Compatible storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:AS2

The following examples show connection profiles for file transfers from a local filesystem to an AS2 server using the AS2 protocol.

Note: File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.

Simple ConnectionProfile:FileTransfer:AS2

{
  "AS2_Conn_1": {
    "Type": "ConnectionProfile:FileTransfer:AS2",
    "TargetCTM": "LocalControlM",
    "TargetAgent": "sqa",
    "WorkloadAutomationUsers": [
      "noAi"
    ],
    "PartnerAS2Id": "partner-as2-id",
    "PartnerDestinationUrl": "sqa",
    "PartnerCertificateAlias": "partnerCertAlias",
    "HostName": "sqa",
    "Password": "*****"
  }
}

ConnectionProfile:FileTransfer:AS2 with optional parameters

{
  "AS2_Conn_2": {
    "Type": "ConnectionProfile:FileTransfer:AS2",
    "TargetCTM": "LocalControlM",
    "TargetAgent": "sqa",
    "Centralized": true,
    "WorkloadAutomationUsers": [
      "em_user1"
    ],
    "PartnerAS2Id": "partner-as2-id",
    "PartnerDestinationUrl": "sqa",
    "PartnerCertificateAlias": "partnerCertAlias",
    "HostName": "sqa",
    "Password": "*****",
    "AsyncMdnTimeout": "18120000",
    "User": "basicUser",
    "SendMessageTimeout": "301000",
    "CompressMessage": true,
    "SignMessageParameters": {
      "SignMessage": false,
      "SignatureAlgorithm": "RSA with SHA-384"
    },
    "EncryptMessageParameters": {
      "EncryptMessage": false,
      "EncryptionAlgorithm": "tripleDES (DES EDE3)"
    },
    "RequestReceiptParameters": {
      "RequestReceipt": false,
      "Mode": "Asynchronous",
      "Sign": "Unsigned"
    },
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
} 

This connection profile has the following parameters:

TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
PartnerAS2IdThe logical name of the remote AS2 server
PartnerDestinationUrlThe URL of the AS2 server
PartnerCertificateAliasThe alias of the partner certificate that is stored in the AS2 keystore
Password

(Optional) The password of the HTTP request for the AS2 message. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

AsyncMdnTimeout

(Optional) The number of minutes to wait for the AS2 server to send the receipt before a timeout occurs

The default is 18000000 minutes.

UserThe username of the HTTP request for the AS2 message
SendMessageTimeout

(Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs

The default is 300000 seconds (5000 hours).

CompressMessage

Whether to compress the AS2 message when sent, either true or false

The default is false.

SignMessageParameters
    SignMessage

Whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm, either true or false

The default is true.

    SignatureAlgorithm

The algorithm to use for signing the AS2 message, one of the following options:

  • RSA with SHA-1
  • RSA with SHA-224
  • RSA with SHA-256
  • RSA with SHA-384
  • RSA with SHA-512
  • RSA with MD5

The default is RSA with SHA-1.

EncryptMessageParameters
    EncryptMessage

Whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm, either true or false

The default is true.

    EncryptionAlgorithm

The algorithm to use for encryption of the AS2 message, one of the following options:

  • CAST5_CBC
  • IDEA_CBC
  • RC2_CBC
  • tripleDES (DES EDE3)
  • AES128_CBC
  • AES192_CBC
  • AES256_CBC

The default is CAST5_CBC.

RequestReceiptParameters
    RequestReceipt

Whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed, either true or false

The default is true.

    Mode

The mode for receiving the MDN receipt, either Asynchronous or Synchronous

The default is Synchronous.

    Sign

The type of MDN receipt to receive, either Signed or Unsigned

The default is Signed.

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: false

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:DualEndPoint

In a dual-endpoint connection profile, you specify connection details for the source host and for the destaination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.

The following example shows a dual-endpoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol.

{
 "DualEpConn" : {
	"Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
	"WorkloadAutomationUsers" : [ "em_user1" ],
	"TargetAgent" : "AgentHost",
    "Centralized" : false,
	"src_endpoint" : {
		"Type" : "Endpoint:Src:FTP",
		"User" : "controlm",
 		"Port" : "10023",
		"HostName" : "localhost",
		"Password" : "password",
		"HomeDirectory" : "/home/controlm/"
	},
	"dest_endpoint" : {
		"Type" : "Endpoint:Dest:SFTP",
		"User" : "controlm",
		"Port" : "10023",
		"HostName" : "host2",
		"Password" : "password",
		"HomeDirectory" : "/home/controlm/"
	}
  }
}

The dual-endpoint connection profile can have the following parameters:

TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

Endpoint

Two endpoint objects, one for the source host and one for the destaination host. Each endpoint can be based on FTP, SFTP, FTPS or local file system.

Here are all the possible types of Endpoint objects:

  • Endpoint:Src:FTP
  • Endpoint:Src:SFTP
  • Endpoint:Src:FTPS

  • Endpoint:Src:Local
  • Endpoint:Dest:FTP
  • Endpoint:Dest:SFTP
  • Endpoint:Dest:FTPS
  • Endpoint:Dest:Local

Parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection:

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Group

9.0.20.015The following example shows a group connection profile, which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

{
  "GROUP_CP": {
    "Type": "ConnectionProfile:FileTransfer:Group",
    "TargetAgent": "docker_aft_app_centos1",
    "GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"],
    "WorkloadAutomationUsers":["john","bob"] 
  }

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to deploy the connection profile.
GroupAccountsA list of file transfer connection profiles included in the group
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

Back to top

ConnectionProfile:Database

The connection profile for database allows you to connect to the following database types:

ConnectionProfile:Database:DB2

The following example shows how to define a connection profile for DB2:

{
  "DB2_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:DB2",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "DB2Host",
    "Port":"50000",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "db2"
  }
} 

The following table describes the parameters in the example above, as well as several additional optional parameters:

ParameterDescription
Port

The database port number.

If the port is not specified, the following default values are used for each database type:

  • MSSQL - 1433
  • Oracle - 1521
  • DB2 - 50000
  • Sybase - 4100
  • PostgreSQL - 5432
Password

Password to the database account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DatabaseNameThe name of the database
DatabaseVersion

The version of the database.

For a list of databases and versions supported by your version of Control-M for Databases, open the Product Availability & Compatibility page at https://customerapps.bmc.com/spac/o/welcome.html. In the Product Name field enter Control-M for Databases, and in the Product Version field select the relevant version.

The default version for each database is the earliest version that is supported.

MaxConcurrentConnections

The maximum number of connections that the database can process at the same time.

Allowed values: 1–512
Default value: 100

ConnectionRetryTimeOut

The number of seconds to wait before attempting to connect again.

Allowed values: 1–300
Default value: 5 seconds

ConnectionIdleTime

The number of seconds that the database connection profile can remain idle before disconnecting.

Default value: 300 seconds

ConnectionRetryNum

The number of times to attempt to reconnect after a connection failure.

Allowed values: 1–24
Default value: 5

ConnectionProfile:Database:JDBC

The following example shows how to define a connection profile using a custom defined database type created using JDBC. Parameters are described in the table above.

{
	"JDBC_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:JDBC",
		"User":"db user",
		"TargetCTM":"CTMHost",
		"Host": "PGSQLHost",
		"Driver":"PGDRV",
		"Port":"5432",
		"TargetAgent": "AgentHost",
		"Password": "db password",
		"DatabaseName":"dbname"
	}
}

The following parameter is unique to JDBC connection profiles:

ParmeterDescription
Driver

JDBC driver name as defined in Control-M or as defined using the Driver object

Driver:JDBC:Database

You can define a driver to be used by a connection profile. The following example shows the parameters that you use to define a driver:

{
  "MyDriver": {
    "Type": "Driver:Jdbc:Database",
    "TargetAgent":"app-redhat",
    "StringTemplate":"jdbc:sqlserver://<HOST>:<PORT>/<DATABASE>",
    "DriverJarsFolder":"/home/controlm/ctm/cm/DB/JDBCDrivers/PostgreSQL/9.4/",
    "ClassName":"org.postgresql.Driver",
    "LineComment" : "--",
    "StatementSeparator" : ";"
 }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the driver.
StringTemplateThe structure according to which a connection profile string is created.
DriversJarsFolderThe path to the folder where the database driver jars are located.
ClassNameName of driver class
LineComment The syntax used for line comments in the scripts that run on the database.
StatementSeparatorThe syntax used for statement separator in the scripts that run on the database.

ConnectionProfile:Database:MSSQL

The following example shows how to define an MSSQL database connection profile. Parameters are described in the table above.

 {
	"MSSQL_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:MSSQL",
		"TargetCTM":"CTMHost",
		"TargetAgent": "AgentHost",
		"Host": "MSSQLHost",
		"User": "db user",
		"Port":"1433",
		"Password": "db password",
		"DatabaseName": "master",
		"DatabaseVersion": "2005",
		"MaxConcurrentConnections": "9",
		"ConnectionRetryTimeOut": "34",
		"ConnectionIdleTime": "45"
	}
}

The following parameter is unique to MSSQL connection profiles:

ParameterDescription
AuthenticationType

SQL Server Authentication

Possible values are:

  • NTLM2 Windows Authentication
  • Windows Authentication
  • SQL Server Authentication

ConnectionProfile:Database:MSSQL:SSIS

9.0.19.220 The following example shows how to define a connection profile for SQL Server Integration Services (SSIS) packages:

{
    "SSIS_CONNECTION_PROFILE": {
        "Type": "ConnectionProfile:Database:MSSQL:SSIS",
        "TargetAgent": "AgentHost",
        "TargetCTM": "LocalControlM",
        "Host": "localhost",
        "User": "administrator",
        "Port": "1433",
        "Password": "db password",
        "DatabaseName": "testdb",
        "DatabaseVersion": "2016",
        "AuthenticationType": "Windows Authentication",
        "SkipPackagesTest" : false,
        "SSIS": [
            {
                "Source": "File System",
                "Name": "file_system_package",
                "Password": "password"
            },
            {
                "Source": "SSIS Package Store",
                "Name": "ssis_package",
                "Password": "password"
            },
            {
                "Source": "SQL Server",
                "Name": "sql_server_package",
                "Password": "password"
            }
        ]
    }
}

Most of the parameters are the same as for the basic MSSQL connection profile (including those described in the table above). The following parameters are unique to the MSSQL SSIS connection profile:

ParameterDescription
SkipPackageTestWhether to skip validation of SSIS packages when testing the connection profile, either true or false
SSISConnection details for all associated SSIS Packages
     SourceSource location of the SSIS Package — SQL Server, File System, or SSIS Package Store
     NameName of the SSIS Package
     Password

Password required for accessing the SSIS Package

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionProfile:Database:Oracle

Oracle connection profiles are available for three types of database definitions:

ConnectionProfile:Database:Oracle:SID

The following example shows how to define a connection profile for an Oracle database using the SID identifier. Additional available parameters are described in the table above.

{
  "ORACLE_CONNECTION_PROFILE": {   
	"Type": "ConnectionProfile:Database:Oracle:SID",   
	"TargetCTM": "controlm",   
	"Port": "1521",   
	"TargetAgent": "AgentHost",
	"Host": "OracleHost",
	"User": "db user",   
	"Password": "db password",
	"SID": "ORCL" 
  }
}

ConnectionProfile:Database:Oracle:ServiceName

The following example shows how to define a connection profile for an Oracle database using a single service name. Additional available parameters are described in the table above.

{
  "ORACLE_CONNECTION_PROFILE": {   
	"Type": "ConnectionProfile:Database:Oracle:ServiceName",   
	"TargetCTM": "controlm",   
	"Port": "1521",   
	"TargetAgent": "AgentHost",
	"Host": "OracleHost",
	"User": "db user",   
	"Password": "db password",
	"ServiceName": "ORCL" 
  }
}

ConnectionProfile:Database:Oracle:ConnectionString

The following example shows how to define a connection profile for an Oracle database using a connection string that contains text from your tnsname.ora file. Additional available parameters are described in the table above.

{
	"ORACLE_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:Oracle:ConnectionString",
		"TargetCTM":"CTMHost",
		"ConnectionString":"OracleHost:1521:ORCL",
		"TargetAgent": "AgentHost",
		"User": "db user",
		"Password": "db password"
	}
}

ConnectionProfile:Database:PostgreSQL

The following example shows how to define a connection profile for PostgreSQL. Parameters are described in the table above.

{
  "POSTGRESQL_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:PostgreSQL",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "PostgreSQLHost",
    "Port":"5432",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "postgres"
  }
} 

ConnectionProfile:Database:Sybase

The following example shows how to define a connection profile for Sybase. Parameters are described in the table above.

{
  "SYBASE_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:Sybase",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "SybaseHost",
    "Port":"4100",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "Master"
  }
} 


Back to top

ConnectionProfile:SAP

SAP connection profiles that you create for use by your SAP jobs can be defined for logon to a specific SAP Application Server or for an SAP logon group.

The following example is for a connection profile for a specific SAP Application Server:

{
  "SAP-SERVER-CONN" : {
    "Type" : "ConnectionProfile:SAP",
            "User" : "my-user",
            "Password" : "123456",
            "SapClient" : "100",
            "Language" : "",
            "XBPVersion": "XBP3.0",
            "AppVersion": "R3",
            "ApplicationServerLogon" : {
                "Host" : "localhost",
                "SystemNumber" : "12"
            },
            "SecuredNetworkConnection": {
                "SncLib": " " ,
                "SncPartnerName": "",
                "QualityOfProtection": "2",
                "SncMyName":""
            },
            "SapResponseTimeOut" : "180",
            "UseExtended": true,
            "SolutionManagerConnectionProfile" : "IP4-GROUP",
            "IsSolutionManagerConnectionProfile": true
  }
}

The following example is for a connection profile for an SAP logon group:

{
  "SAP-GROUP-CONN" : {
    "Type" : "ConnectionProfile:SAP",
            "User" : "my-user",
            "Password" : "123456",
            "SapClient" : "100",
            "Language" : "",
            "XBPVersion": "XBP3.0",
            "AppVersion": "R3",
            "GroupLogon": {
                "SystemID": "123",
                "MessageServerHostName": "msgsv",
                "GroupName": "group1"
            },
            "SecuredNetworkConnection": {
                "SncLib": " " ,
                "SncPartnerName": "",
                "QualityOfProtection": "2",
                "SncMyName":""
            },
            "SapResponseTimeOut" : "180",
            "UseExtended": true,
            "SolutionManagerConnectionProfile" : "IP4-GROUP",
            "IsSolutionManagerConnectionProfile": true
  }
}
ParameterDescription
UserSAP user name
Password

Password for the SAP user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

SapClientSAP client number, a three-digit number
LanguageThe SAP language. The default is English.
XBPVersion

SAP XBP interface version installed on the SAP server

Valid values are:

  • XBP 1.0
  • XBP 2.0
  • XBP 3.0 (Default)
AppVersion

Version of the SAP application, one of the following:

  • R3
  • BW 2.<X>
  • BW 3.<X> or later
GroupLogonParameters for defining an SAP logon group
     SystemIDSAP system ID, three alpha-numeric characters
     MessageServerHostNameHost name of the computer on which the SAP System Message Server is running
     GroupName

SAP logon group name

The Group name is defined in the SAP SMLG transaction.

ApplicationServerLogonParameters for defining a specific SAP Application Server
      Host

The host name of the computer that runs the SAP Application Server

      SystemNumberSAP instance number, a two-digit number
SecuredNetworkConnectionParameters that you can use to activate a secured network connection
      SncLib

Client full path and file name to SAP crypto lib

For example: /home1/agsapfp/SNC/libsapcrypto.sl

      SncPartnerName

SNC name of the application server

For example: p:CN=LE1, OU=BPM, O=BMC, C=US

      QualityOfProtection

Quality of the protection

Valid values: 1, 2, 3, 8 (default), 9

      SncMyName

SNC name of the user sending the RFC

Default: The name provided by the security product for the user who is logged on.

SapResponseTimeOut

Number of seconds that the program waits for an RFC request to be handled by the SAP system before returning a timeout error

Default: 180

UseExtended

Whether the extended functionality of Control-M for SAP should be used, either false (default) or true

NOTE: If you select this option, the Control-M Function Modules must be installed on your SAP server, as described in Control-M for SAP XBP Interface and Control-M Function Modules in the Control-M for SAP online help.

SolutionManagerConnectionProfile

Solution Manager connection profile for retrieval of SAP job Documentation

This parameter is relevant only if the current connection profile is not a Solution Manager connection profile, as discussed in the next parameter.

IsSolutionManagerConnectionProfileWhether the current connection profile is a Solution Manager connection profile, either true or false (the default)

Back to top

ConnectionProfile:ApplicationIntegrator

The following example shows how to define a connection profile for a job type defined in the Control-M Application Integrator. For information about the Control-M Application Integrator, see Application Integrator.

Properties defined for the connection profile in Control-M Application Integrator are all prefixed with "AI-" in the .json code, as shown in the following example.

{
    "AI_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:ApplicationIntegrator:<JobType>",
		"TargetAgent": "AgentHost",
		"TargetCTM":"CTMHost",
		"AI-Param03": "45",
		"AI-Param04": "group",
        "Centralized": true
    }
} 

Back to top

ConnectionProfile:Informatica

The following example shows how to define a connection profile for an Informatica job:

{
  "INFORMATICA_CONNECTION": {
    "Type": "ConnectionProfile:Informatica",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "Host": "InformaticaHost",
    "Port": "7333",
    "User": "UserName",
    "Password": "Password",
    "PowerCenterDomain": "DomainName",
    "Repository": "RepositoryName",
    "IntegrationService": "ServiceName",
    "SecurityDomain": "Native",
    "ConnectionType": "HTTP",
    "MaxConcurrentConnections": "100",
    "Centralized": false
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
HostName of the Informatica web services server
Port

(Optional) Port number of the Informatica web services server

Values range from 1 to 65535. The default is 7333.

UserName of a user to log into the Repository
Password

A password to log into the Repository.

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PowerCenterDomainName of the Informatica server that contains the Repository service
RepositoryName of the repository where the repository folders and workflows are located
IntegrationServiceThe Integration Service to use to run the workflows
SecurityDomain

The name of a Security Domain, a collection of user accounts and groups in a Power Center Domain.

If the user name belongs to the native security domain, this parameter is optional, and the default is an empty value.

If the user name belongs to an LDAP security domain, this parameter is required.

ConnectionType(Optional) Protocol for the connection to the Informatica server, either HTTP (the default) or HTTPS.
MaxConcurrentConnections

(Optional) The maximum number of allowed concurrent workflows in the connection profile

Values range from 1 to 512, with a default value of 100.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:Informatica CS

The following example shows how to define a connection profile for an Informatica Cloud Services job:

 {
  "INFORMATICA_CS_CONNECTION": {
     "Type": "ConnectionProfile:Informatica CS",
     "Login URL": "https://usw5.dm-us.informaticacloud.com/ma/api/v2/user/login", 
     "Base URL": "https://usw5.dm-us.informaticacloud.com",
     "Username": "UserName",  
     "Password": "Password", 
     "Request Timeout": "3", 
     "Description": "", 
     "Centralized": true 
	} 
 }
ParameterDescription
Login URLThe URL for login calls to Informatica Cloud 
Base URL

The instance name of the Informatica Cloud server

Username Username for the account to connect to Informatica Cloud  
Password

A password for the login to Informatica Cloud

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Request Timeout

A timeout value, in seconds, for the requests sent to Informatica Cloud

The default is 3 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Informatica Cloud Services job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS

Note: This feature requires Control-M/Enterprise Manager version 9.0.21

The following examples show how to define a connection profile for an AWS job.

The following example is based on authentication with an access key and a secret key:

{
  "AWS_CONNECTION_ACCESSKEY": {
    "Type": "ConnectionProfile:AWS",
    "Centralized": true,
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "AuthenticationMethod": "AccessKey", 
    "AccessKey": "1234",
    "SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
    "Region": "ap-northeast-1",
  }
}

The following example is based on authentication with an IAM role:

{
  "AWS_CONNECTION_IAMROLE": {
    "Type": "ConnectionProfile:AWS",
    "Centralized": true,
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "AuthenticationMethod": "IAMRole", 
    "IAMRole": "myRole",
    "Region": "ap-northeast-1",
    "ProxySettings": {
      "Host": "host",
      "Port": "12345",
      "Username": "username",
      "Password": "password"
    }
  }
}

ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AuthenticationMethod

One of the following authentication methods for the connection to AWS:

  • AccessKey
  • IAMRole
AccessKey(For AccessKey authentication) AWS account Access Key
SecretAccessKey

(For AccessKey authentication) AWS account Secret Access Key

Use Secrets in code to not expose this secret access key in the code.

IAMRole(For IAMRole authentication) The name of an IAM role for authentication of the connection to AWS
RegionLocation of the AWS user
ProxySettings

Settings of an installed proxy server:

  • Host
  • Port - a number between 1024 and 65535
  • Username
  • Password 

Back to top

ConnectionProfile:AWS Glue

The following examples show how to define a connection profile for an AWS Glue job, which executes Amazon Web Services (AWS) Glue, a serverless data integration service.

The following example is based on authentication using an AWS access key and secret.

{
  "GLUECONNECTION": {
    "Type": "ConnectionProfile:AWS Glue",
    "AWS Access key ID": "MYAWSACCESSKEY1234",
    "AWS Secret": "myAwsSecret12345",
    "Authentication": "SECRET",
    "AWS Region": "eu-west-2",
    "Glue url": "glue.eu-west-2.amazonaws.com",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }  
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
  "GLUECONNECTIONIAM": {
    "Type": "ConnectionProfile:AWS Glue",
    "IAM Role": "GLUEEC2IAMROLE",
    "Authentication": "NOSECRET",
    "AWS Region": "eu-west-2",
    "Glue url": "glue.eu-west-2.amazonaws.com",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Authentication

Type of authentication to use for the connection with AWS Glue, one of the following:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance
AWS Access key ID
(For SECRET authentication) Access key ID for connection to AWS
AWS Secret
(For SECRET authentication) Secret access key for connection to AWS
IAM Role

(For NOSECRET authentication) Identity and Access Management (IAM) role for connection to AWS

AWS Region

AWS Glue service region

Glue url

URL of an AWS Glue service regional endpoint

For more information about regional endpoints available for the AWS Glue service, refer to the AWS documentation.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to AWS Glue

The default is 40 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Glue job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Glue DataBrew

The following examples show how to define a connection profile for an AWS DataBrew job, which executes Amazon Web Services (AWS) Glue DataBrew, a cloud-based ETL service that enables you to visualize your data and publish it to the Amazon S3 Data Lake. 

The following example is based on authentication using an AWS access key and secret.

{
	"AWSDATABREW": {
		"Type": "ConnectionProfile:AWS Glue DataBrew",
 		"Authentication": "SECRET", 
		"AWS Access Key": "MYAWSACCESSKEY1234",
		"AWS Secret": "myAwsSecret12345",
		"AWS Region": "us-east-1",
		"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
  		"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
	"AWSDATABREW": {
		"Type": "ConnectionProfile:AWS Glue DataBrew",
		"Authentication": "NOSECRET", 
		"IAM Role": "IAMROLE", 
		"AWS Region": "us-east-1",
		"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
		"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}


ParameterDescription
Authentication

Determines one of the following authentication methods for the connection with AWS Glue DataBrew:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance
AWS Access Key(For SECRET authentication) Defines the AWS Glue DataBrew account access key.
AWS Secret(For SECRET authentication) Defines the AWS Glue DataBrew account secret access key.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS.

AWS Region

Determines the region that the AWS Glue DataBrew jobs are located in.

AWS API Base URL

Defines the REST API URL for the AWS Glue DataBrew regional endpoint:
https://databrew.{{AWSRegion}}.amazonaws.com

For more information about regional endpoints available for the AWS Glue DataBrew service, refer to the AWS documentation.

AWS Logs URL

Defines the AWS Logs URL:

https://logs.{{AWSRegion}}.amazonaws.com

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to AWS Glue DataBrew.

Default: 30 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS DataBrew job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS EMR

The following examples show how to define a connection profile for an AWS EMR job, which executes Amazon Web Services (AWS) EMR to run big data frameworks.

{
  "AWS_EMR": {
     "Type": "ConnectionProfile:AWS EMR",
     "AWSRegion": "us-east-1",
     "EMRAccessKey": “ABCDEF",
     "EMRSecretKey": "****",
     "Description": "",
     "Centralized": true
  }
}


ParameterDescription
AWSRegionDetermines the AWS region.
EMRAccessKeyDefines the token for the connection to AWS.
EMRSecretKeyDefines an additional security token for AWS.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS EMR job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWSEC2

The following examples show how to define a connection profile for an AWS EC2 job for the integration of AWS EC2 operations into Control-M .

The following example is based on authentication using an AWS access key and secret.

{
  "AWSEC2": {
    "Type": "ConnectionProfile:AWSEC2",
    "Authentication": "SECRET", 
    "AWS Access key ID": "AK***************************",
    "AWS Secret": "nw*****************************",
    "EC2 Region": "us-west-2",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
  "AWSEC2": {
    "Type": "ConnectionProfile:AWSEC2",
    "Authentication": "NOSECRET",
    "IAM Role": "GLUEEC2IAMROLE", 
    "EC2 Region": "us-west-2",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Authentication

Determines one of the following types of authentication for the connection with AWS EC2:

  • SECRET —  Authenticates using an access key and secret.
  • NOSECRET — Authenticates based on an IAM role, which removes the need to provide additional credentials.
AWS Access key ID (For SECRET authentication) Defines the Access key ID for connection to AWS.
AWS Secret (For SECRET authentication) Defines the secret access key for connection to AWS.
IAM Role

(For NOSECRET authentication) Defines the IAM Role for connection to AWS.

EC2 Region

Determines the location of the AWS user.

Example: us-east-1

Connection Timeout

Determines the number of seconds to wait for the trigger call made by Control-M to AWS EC2 before timing out.

Default: 20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS EC2 job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure

9.0.19.220 The following example shows how to define a connection profile for an Azure job:

{
  "AZURE_CONNECTION": {
    "Type": "ConnectionProfile:Azure",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
    "SubscriptionID": "bcde-fgh-ijk-lmnopq",
    "ApplicationID": "abcd-efg-hij-klmnop",
    "User": "user1@bmc.onmicrosoft.com",
    "Password": "*****"
    "Batch": {
      "BatchAccountName": "myFirstBatch",
      "BatchAccountKey": "aaaaaabbbbbbbccccccc",
      "Location": "centralus"
    }
  }    
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
ActiveDirectoryDomainName

(Optional) Azure Active Directory

Format: <company name>.onmicrosoft.com

SubscriptionID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

ApplicationIDAzure application ID
UserName of user to connect to the Azure server
Password

Password of the username that connects to the Azure server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Batch

(Optional) Enables the use of a batch account service

By default, a batch account is not used. If you want to use a batch account, you must define the following parameters:

    BatchAccountNameName of the batch account
    BatchAccountKey

Primary access key for the batch account

This key can be retrieved from the Azure portal.

    Location

Batch account location, as defined in the batch account properties

The batch account name and batch account location are used to define the batch URI.

Back to top

ConnectionProfile:ADF

The following examples show how to define a connection profile for an ADF job, which executes an Azure Data Factory (ADF) service and allows you to automate the movement and transformation of data.

The following example is based on authentication using an Azure service principal.

{
  "ADF_SERVPRINC": {
    "Type": "ConnectionProfile:ADF",
    "Tenant ID": "tenantId",
    "Identity Type": "PRINCIPAL",
    "Client Secret": "*****",
    "Application ID": "applicationId",
    "Subscription ID": "subscriptionId",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using a managed identity.

{
"ADF_MANID": {
    "Type": "ConnectionProfile:ADF",
    "Identity Type": "MANAGEDID",
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",  
    "Subscription ID": "subscriptionId",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Identity Type

Type of authentication to use for the connection with the Azure Data Factory, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) The Azure Tenant ID where the Azure Data Factory was created
Client Secret
(For service principal authentication) The client secret associated with the service principal
Application ID

(For service principal authentication) ID of the Azure-registered application that is used to interact with the Azure Data Factory

Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to the Azure Data Factory

The default is 40 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The ADF job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Databricks

The following example shows how to define a connection profile for an Azure Databricks job, which performs big data analytics .

{
  "ADF_SERVPRINC": {
    "Type": "ConnectionProfile:Azure Databricks",
    "Tenant ID": "tenantId",
    "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
    "Client Secret": "*****", 
    "Databricks url": "https://adb-1111211144444680.0.azuredatabricks.net",
    "Azure Login url": "https://login.microsoftonline.com",
    "Connection Timeout": "50",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Tenant IDThe Azure Tenant ID in Azure AD
Application ID

The application (service principal) ID of the registered application.

The service principal must meet the following requirements:

  • The service principal must be an Azure Databricks workspace user and an admin. In the Databricks Admin Console, it must appear under users and also under admins.
  • The service principal must be associated with a Contributor or Owner role.
Client SecretThe client secret (password) associated with the Azure user and the application
Databricks url

The URL of your Databricks workspace

Azure Login urlThe Azure AD authentication endpoint base URL
Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to Azure Databricks

The default is 50 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AzureFunctions

The following examples show how to define a connection profile for an Azure Functions job, which executes an Azure cloud service for serverless application development.

The following example is based on authentication using an Azure service principal.

{ 
  "AZUREFUNCTIONS": { 
    "Type": "ConnectionProfile:AzureFunctions", 
    "Subscription ID": "bcde-fgh-ijk-lmnopq", 
    "Identity Type": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1", 
    "Client Secret": "*********", 
    "Azure Login url": "https://login.microsoftonline.com", 
    "Resource Group": "resourceGroup",  
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZUREFUNCTIONS": { 
    "Type": "ConnectionProfile:AzureFunctions", 
    "Subscription ID": "bcde-fgh-ijk-lmnopq", 
    "Identity Type": "MANAGEDID", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Resource Group": "resourceGroup",  
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Identity Type

Type of authentication to use for the connection with Azure Functions, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) The Azure Tenant ID in Azure AD
Application ID

The application (service principal) ID of the registered application.

The service principal must be an Azure Functions workspace user with  a Contributor or Owner role associated.

Client Secret
(For service principal authentication) The client secret (password) associated with the Azure user and the application
Azure Login url

(For service principal authentication) The Azure AD authentication endpoint base URL

Resource Group

The name of the resource group that holds your application

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Functions job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Batch Accounts

The following examples show how to define a connection profile for execution of an Azure Batch Accounts service, which runs large-scale parallel and batch compute jobs.

The following example is based on authentication using an Azure service principal.

{ 
  "AZURE_BATCH": { 
    "Type": "ConnectionProfile:Azure Batch Accounts",
    "Authentication Method": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Azure AD url": "https://login.microsoftonline.com",
    "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",  
    "Batch Account Name": "abc_batch",
    "Batch Region ID": "uksouth",
    "Batch Resource url": "https://batch.core.windows.net/", 
    "Client Secret": "*********",   
    "Connection Timeout": "50", 
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZURE_BATCH": { 
    "Type": "ConnectionProfile:Azure Batch Accounts",
    "Authentication Method": "MANAGEDID",  
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Batch Account Name": "abc_batch",
    "Batch Region ID": "uksouth",
    "Batch Resource url": "https://batch.core.windows.net/", 
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Batch:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Tenant ID(For service principal authentication) Defines the Azure Tenant ID in Azure AD
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Azure AD url

(For service principal authentication) Defines the Azure AD authentication endpoint base URL

App ID

Defines the application (service principal) ID of the registered application for the Azure Batch service.

The service principal must be for an Azure Batch account with  a Contributor role.

Batch Account NameDefines the name of the Batch account created in Azure Portal.
Batch Region ID

Defines the region ID associated with the Batch account in Azure Portal.

Batch Resource url

Defines the identifier for the Azure Batch account for login via Azure AD.

This identifier is a constant value set to https://batch.core.windows.net/

Client Secret
(For service principal authentication) Defines the client secret (password) associated with the Azure user and the application.
Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Batch job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Logic Apps

The following examples show how to define a connection profile for execution of an Azure Logic Apps service, which enables you to design and automate cloud-based workflows and integrations.

The following example is based on authentication using an Azure service principal.

{
	"AZURE_LOGIC_APPS": {
		"Type": "ConnectionProfile:Azure Logic Apps",
		"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
		"Authentication Method": "PRINCIPAL",
 		"Resource Group": "tb-resourcegroup", 
		"Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c69b", 
		"Azure Login url": "https://login.microsoftonline.com", 
		"Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b5", 
		"Client Secret": "*****", 
		"Connection timeout": "20", 
 		"Description": "",
		"Centralized": true
	}
} 

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
	"AZURE_LOGIC_APPS": {
		"Type": "ConnectionProfile:Azure Logic Apps",
		"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
		"Authentication Method": "MANAGEDID",
 		"Resource Group": "tb-resourcegroup", 
		"Specify Managed Identity Client ID": "&client_id=",
		"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",  
		"Connection timeout": "20", 
 		"Description": "",
		"Centralized": true
	}
} 


ParameterDescription
Subscription ID

Defines the Azure account subscription ID, which is located in the Azure portal.

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Logic Apps:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Resource GroupDetermines the resource group where your logic app is located.
Tenant ID(Service Principal) Defines the Azure Tenant ID in Azure AD.
Azure Login url

(Service Principal) Defines the Azure AD authentication endpoint base URL.

Application ID

(Service Principal) Defines the application ID of the registered application.

The service principal must be an Azure Logic Apps workspace user with a Contributor or Owner role.

Client Secret
(Service Principal)  Defines the password associated with the Azure user and the application.
Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Azure Logic Apps.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Logic Apps job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Synapse

The following examples show how to define a connection profile for an Azure Synapse job, which performs data integration and big data analytics.

The following example is based on authentication using an Azure service principal.

{ 
  "AZURE_SYNAPSE_1": { 
    "Type": "ConnectionProfile:Azure Synapse", 
    "Authentication Method": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Azure AD url": "https://login.microsoftonline.com",
    "Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
    "Synapse Resource": "https://dev.azuresynapse.net/",
    "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1", 
    "Client Secret": "*****", 
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZURE_SYNAPSE_2": { 
    "Type": "ConnectionProfile:Azure Synapse", 
    "Authentication Method": "MANAGEDID", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
    "Synapse Resource": "https://dev.azuresynapse.net/",
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Synapse Analytics:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity

To prepare for authentication using each of these methods:

  • Grant your Managed Identity or service principal access to your Synapse workspace through the Synapse Studio (Manage > Access Control).
  • Assign a Contributor role to the Synapse workspace accessed by the Managed Identity or service principal.
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) Defines the Azure Tenant ID in Azure AD
Azure AD url

(For service principal authentication) Defines the Azure AD authentication endpoint base URL

Synapse url

Defines the workspace development endpoint.

Example: https://myworkspace.dev.azuresynapse.net

Synapse Resource

Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD:

https://dev.azuresynapse.net/

App ID

Defines the application (service principal) ID of the registered application for the Azure Synapse service.

Client Secret
(For service principal authentication) Defines the client secret (password) associated with the Azure user and the application.
Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Synapse Analytics.

The default is 50 seconds.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Synapse job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure HDInsight

The following example shows how to define a connection profile for Azure HDInsight jobs.

{
  "AZUREHDINSIGHT": {
    "Type": "ConnectionProfile:Azure HDInsight",     
    "Cluster Name": "hdcluster", 
    "Cluster Username": "admin",  
    "Cluster Password": "*****", 
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription

Cluster Name

Defines the name of the HDInsight cluster to connect to.

Cluster Username

Defines the name of the Administrator to use to connect to Azure HDInsight.
Cluster PasswordDefines the password for the Administrator, as configured in Azure HDInsight.
CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure HDInsight job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure VM

The following examples show how to define a connection profile for an Azure Virtual Machine (VM) job for the integration of Azure VM operations into Control-M.

The following example is based on authentication using an Azure service principal.

{
  "AZUREVM": {
    "Type": "ConnectionProfile:Azure VM",
    "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
    "Auth_Method": "service_account", 
    "Resource Group": "tb-resourcegroup",
    "Tenant ID": "81b796g5-5839-40a6-8dd9-c1fam320c69b",
    "Client Secret": "*****",
    "Application ID": "7f499fc3-1a1f-4847-ba80-f39bb563f1b5",
    "Azure Login url": "https://login.microsoftonline.com",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
  "AZUREVM": {
    "Type": "ConnectionProfile:Azure VM",
    "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
    "Auth_Method": "managed_id", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
    "Resource Group": "tb-resourcegroup", 
    "Connection timeout": "20",
    "Description": "Azure VM connection profile",
    "Centralized": true
  }
}


ParameterDescription
Subscription ID

Determines the Azure account subscription ID.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Auth_Method

Determines one of the following authentication types:

  • managed_id: Authenticates using an Azure Active Directory token, which removes the need to provide additional credentials.
  • service_account: Authenticates using an application ID (service account) and client secret.
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID

(For service principal) Defines the Azure Tenant ID in the Azure Virtual Machine. 

Resource GroupDefines the name of the resource group where the function app is located.
Application ID

(For service principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated.

Client Secret

(For service principal) Defines the client secret (password) associated with the Azure user and the application.

Azure Login URL

(For service principal) Defines the Azure VM authentication endpoint base URL.

Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to the Azure VM.

Default: 20 seconds.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure VM job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Power BI

The following example shows how to define a connection profile for a Power BI job, which enables integration of Power BI workflows with your existing Control-M workflows.

{ 
  "POWERBI": { 
    "Type": "ConnectionProfile:Power BI", 
    "Application ID": "77538c66-d7fp-4ca4-8cwa-120ed404fe8c",  
    "Client Secret": "*****", 
    "User Name": "user1@Elearningace.onmicrosoft.com", 
    "Password": "*****",  
    "Resource Group": "https://analysis.windows.net/powerbi/api", 
    "API URL": "https://api.powerbi.com/v1.0/myorg/",  
    "Description": "Power BI connection profile", 
    "Centralized": true 
  } 
}


ParameterDescription
Application IDDefines the application ID of the registered application.
Client SecretDefines the client secret (password) associated with the user and the application.
User NameDefines the name of a user for logging on to the Power BI platform, typically an email address.
PasswordDefines the password for the specified Power BI user.
Resource Group

Defines the URL of the resource group that holds your application:

https://analysis.windows.net/powerbi/api

API URL

Defines the Azure AD authentication endpoint base URL for Power BI:

https://api.powerbi.com/v1.0/myorg/ 

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Power BI job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Qlik Cloud

The following example shows how to define a connection profile for a Qlik Cloud job, which enables integration with Qlik Cloud Data Services for data visualization through Qlik Sense.

{
  "QLIK_connection": {
    "Type": "ConnectionProfile:Qlik Cloud",
    "Tenant ID": "******",
    "Qlik API URL": "qlikcloud.com/api/v1",
    "Region": "sg",
    "Connection Timeout": "10",
    "API Key": "******",
    "Description": "Qlik Cloud connection profile",
    "Centralized": true
  }
}


ParameterDescription
Tenant IDDefines the tenant ID, which is a unit in Qlik Sense that can hold users, apps, and spaces.
Qlik API URL

Defines the REST API authentication endpoint base URL for Qlik Cloud.

Example: qlikcloud.com/api/v1 

RegionDetermines the region where the Qlik tenant is located, such as sg for Singapore. 
Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Qlik Cloud.

Default: 10 seconds

API KeyDefines a Qlik Cloud API key that authenticates connections to Qlik Cloud, which is generated through the Qlik Cloud profile.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Qlik Cloud job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:PeopleSoft

The following example shows how to define a connection profile for a PeopleSoft job:

{
  "PS_CONNECT": {
      "Type": "ConnectionProfile:PeopleSoft",
      "TargetAgent": "AgentHost",
      "TargetCTM": "CTMHost",
      "Centralized": true,
      "User": "User_Name",
      "Password": "Password",
      "DomainPassword": "****",
      "PeopleToolsVersion": "8.52",
      "ApplicationServers": [
        {
          "ApplicationServer": "ApplicationServer1",
          "JoltPort": "1024"
        },
        {
          "ApplicationServer": "ApplicationServer2",
          "JoltPort": "65535"
        }

      ]
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
User

A valid PeopleSoft user, as defined on PSOPRDEFN

This user must have the role(s) to submit and execute processes.

Password

Password to connect the specified user to the PeopleSoft server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DomainPassword

Password for the PeopleSoft domain (for PeopleTools version 8.51 or later)

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PeopleToolsVersion

Version of PeopleTools

Valid Values are in the format of <major.minor>, such as 8.48, or 8.52. To determine the exact version, consult with your PeopleSoft administrator.

ApplicationServersDetails of the associated PeopleSoft application servers
   ApplicationServerName of a PeopleSoft application server
   JoltPort

Number of the jolt port on the PeopleSoft application server.

Values range from 1024 to 65535.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:WebServices

The following example shows how to define a connection profile for a job to a web service:

{
  "WSDL_CONNECT": {
    "Type": "ConnectionProfile:WebServices",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ServiceType": "WebServices",
    "Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    "HttpAuthentication": "user1:password@realm1;"
  }
}

The following example shows how to define a connection profile for a job to a RESTful web service:

{
  "WSDL_CONNECT": {
    "Type": "ConnectionProfile:WebServices",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ServiceType": "Rest",
    "Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    "HttpAuthentication": "user1:password@realm1;user2:password@realm2",
    "LoginUrl": "http://abc.xyz.com/login",
    "LoginHeader": "Accept:*/*",
    "LoginBody": "{}",
    "JobPreset": "@SessionId:@Token"
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
ServiceType

The type of service to connect with, one of the following:

  • File — Local File System, for jobs that execute web services based on the WSDL source file located on the Agent machine.
  • WebServices — Web Service URL, for jobs that execute web services based on the WSDL source that is managed from a web server.
  • Rest — For jobs that execute REST services
Location

The location of the Web Service, according to the service type:

  • File (Local File System): The path to the directory containing the WSDL files
  • WebServices (Web Service URL): A URL that points to the location of one specific WSDL file
  • Rest: The base URL location to the RESTful services, excluding the specific resource context path
HttpAuthentication

Specification for simple text authentication (user password per realm). Optional.

Enter a value of the following format:

user1:password@realm1;user2:password@realm2

One user per realm only. Separate multiple sets with semicolons. End a single set with a semicolon.

LoginUrlFor REST services only: The URL for the login request
LoginHeader

(Optional, for REST services only) Any additional HTTP headers that are required in the login request.

For each header, use a value of the following format:

<name>=<value>

For multiple headers, separate name/value pairs with colons.

LoginBody(Optional, for REST services only ) Any text required in the login request body
JobPreset

For REST services only: An HTTP header or a parameter to add to each job request, in the HTTP query URL, based on the login returned data.

Job Preset is defined in the following format. Use semicolons to separate multiple sets.

<name>:<value>;<name>:<value>

  • <name>: Type one of the following:

    • HTTP header: Start with the character ‘@’ for the job and then the header name

    • HTTP parameter name: Start with the character ‘#’ for the job and then the parameter name.

  • <value>: Type one of the following:

    • Start with ‘/’ for the Xpath from the login response data and then the Xpath

    • ‘$’ for Jsonpath from the login response data and then the Jsonpath

    • ‘@’ for the header from the login response HTTP headers and followed by the header name:
     <’@’ | ‘#’><job HTTP header or parameter name>:<’/’ | ‘$’ | ‘@’><Xpath, Jsonpath, or header name of the login response>

Back to top

ConnectionProfile:UI Path

The following examples show how to define a connection profile for a UiPath job, which performs robotic process automation (RPA) .

{
  "UIPATH_Connect": {
    "Type": "ConnectionProfile:UI Path",
    "Tenant Url": "devabcdexample/DevDefault",
    "Tenant Name": "DevDefaultexample",
    "App ID": "caaabc57-v8ad-30e5-ah3b0-25am5jf361c3",
    "App Secret": "L!Mh4o#0nv1odf#f",
    "Connection Timeout": "30",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Tenant Url

UiPath Account Logical Name, a unique URL for your site

Tenant Name

The display name of the UiPath tenant

App ID

ID of an external application registered in UiPath

The specified external application must be assigned the following required Application Scope rights (through the UiPath Orchestrator, Admin > External Applications > Application Scopes):

  • OR.Folders 
  • OR.Robots
  • OR.Jobs 
  • OR.Execution
App Secret

Application secret generated in UiPath for the external application

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to UiPath

The default is 30 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The UI Path job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Google Dataflow

The following example shows how to define a connection profile for a Google Dataflow job, which performs cloud-based data processing for batch and real-time data streaming applications .

{ 
  "GCPDATAFLOW": { 
    "Type": "ConnectionProfile:Google Dataflow", 
    "Identity Type": "service_account", 
    "Dataflow URL": "https://dataflow.googleapis.com", 
    "Service Account Key (JSON Format)": "*****", 
    "Description": "", 
    "Centralized": true 
  } 
}


ParameterDescription
Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only
Dataflow URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataflow.googleapis.com  

Service Account Key (JSON Format)

Defines a service account that is associated with an RSA key pair.

Required only for Service Account authentication.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Google Dataflow job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Google Dataproc

The following example shows how to define a connection profile for a Google Dataproc job, which performs cloud-based big data processing and machine learning.

{ 
  "GCPDATAPROC": { 
    "Type": "ConnectionProfile:Google Dataproc", 
    "Identity Type": "service_account", 
    "Dataproc URL": "https://dataproc.googleapis.com", 
    "Service Account Key (JSON Format)": "*****", 
    "Connection timeout": "20",
    "Description": "", 
    "Centralized": true 
  } 
} 


ParameterDescription
Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only
Dataproc URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataproc.googleapis.com  

Service Account Key (JSON Format)

Defines a service account that is associated with an RSA key pair.

Required only for Service Account authentication.

Connection timeout

Defines a timeout value, in seconds, for the trigger call to the Google Cloud Platform.

Default:  20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Google Dataproc job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP BigQuery

The following example shows how to define a connection profile for a GCP BigQuery job for data storage, processing, and analysis.

In this example, authentication is based on a service account.

{
	"BIGQSA": {
		"Type": "ConnectionProfile:GCP BigQuery",
		"Identity Type": "service_account",
		"Service Account Key": "*****",
		"BigQuery URL": "https://bigquery.googleapis.com",
		"Description": "",
		"Centralized": true
	}
}


ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
Service Account Key

(For Service Account) Defines a service account that is associated with an RSA key pair.

BigQuery URL

Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery.

Default: https://bigquery.googleapis.com

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP BigQuery job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP VM

The following example shows how to define a connection profile for a Google Virtual Machine (VM) job for the integration of Google VM operations into Control-M.

In this example, authentication is based on a service account.

{
  "GCPVM": {
    "Type": "ConnectionProfile:GCP VM",
    "Identity Type": "service_account",
    "GCP API URL": "https://compute.googleapis.com/compute", 
    "Service Account Key": "*****",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
GCP API URL

(For Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint.

Default: https://compute.googleapis.com/compute

Service Account Key

(For Service Account) Defines a service account that is associated with an RSA key pair.

Connection timeout

Determines the number of seconds to wait for the trigger call made by Control-M to GCP before timing out.

Default:  20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP VM job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Boomi

The following example shows how to define a connection profile for a Boomi job, which enables integration of Boomi processes with your existing Control-M workflows.

{
  "BOOMICCP": {
    "Type": "ConnectionProfile:Boomi",
    "AccountId": "*****",
    "API Token": "*****",
    "End Point": "https://api.boomi.com",
    "API Username": "BOOMI_TOKEN.BoomiUsername",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
AccountId

Defines a unique Boomi account ID.

API TokenDefines a Boomi API Token of a Boomi user for connection to the Boomi endpoint.
End Point

Defines the Boomi API endpoint:

https://api.boomi.com
API Username

Defines the name of a Boomi user in email format. 

Default: BOOMI_TOKEN.{Boomi username} 

Example: BOOMI_TOKEN.user@example.com

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Boomi job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Databricks

The following example shows how to define a connection profile for a Databricks job, which enables integration of jobs created in the Databricks environment with your existing Control-M workflows.

"DATABRICKS": {
    "Type": "ConnectionProfile:Databricks",
    "Databricks workspace url": "https://dbc-7b944b32-faf0.cloud.databricks.com",
    "Databricks personal access token": "*****", 
    "Connection Timeout": "50",
    "Description": "",
    "Centralized": true
}


ParameterDescription
Databricks workspace url

Defines the URL of your Databricks workspace. 

Databricks personal access tokenDefines a Databricks token for authentication of connections to the Databricks workspace.
Connection Timeout

A timeout value, in seconds, for the REST calls made to Databricks.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Snowflake

The following example shows how to define a connection profile for a Snowflake job. Snowflake is a cloud computing platform that you can use for data storage, processing, and analysis. 

"SNOWFLAKE_CONNECTION_PROFILE": { 
    "Type": "ConnectionProfile:Snowflake", 
	"Account Identifier": "{Account_ID}",  
    "Region": "us-east-1",
    "Client ID": "DuHj****************",
	"Client Secret": "*****",
    "Refresh Token": "ver%******************",   
    "Redirect URI": "https%****************” 
    "Description": "", 
    "Centralized": true 
}


ParameterDescription
Account Identifier

Defines the Snowflake account identifier.

To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties.

Example

OAUTH_AUTHORIZATION_ENDPOINT has the following value:
https://abc123.us-east-1.snowflakecomputing.com/oauth/authorize

In this value, the account identifier is the following string:
abc123

For more information about obtaining values for the parameters required by the connection profile, see Setting Up a Snowflake API Connection.

Region

Defines the Snowflake computing region.

Example: us-east-1

Client IDDefines the client ID assigned to the account in the Snowflake integration setup.
Client SecretDefines the client secret  assigned to the account in the Snowflake integration setup.
Refresh Token

Defines the value for the refresh token.

This string must be URL-encoded.

Redirect URI

Defines the redirect URI assigned to the account in the Snowflake integration setup.

This string must be URL-encoded.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Snowflake job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Talend Data Management

The following example shows how to define a connection profile for a Talend job, for data management and integration.

"TALENDDATA": {
    "Type": "ConnectionProfile:Talend Data Management",
    "API URL": "https://api.eu.cloud.talend.com/tmc/v2.6",
    "Region": "eu",
    "Personal access token authorization": "*****", 
    "Description": "Talend Data Management",
    "Centralized": true
}


ParameterDescription
API URL

Defines the authentication endpoint base URL for the Talend Cloud Management Console:

https://api.{{Region}.cloud.talend.com/tmc/v2.6

Where {{Region}} can be one of the following:

  • eu — Europe (the default AWS region)
  • us — United States - East
  • us-west — United States - West
  • au — Australia
  • ap — Asia
Region

Determines the location of the AWS user, as it appears in the API URL.

Personal access token authentication

Defines a Talend token for authentication of connections to Talend.

You generate this token through your Talend profile.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Talend job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Automation Anywhere

The following example shows how to define a connection profile for an Automation Anywhere job, which performs robotic process automation (RPA) .

{
  "AA_CON": {
    "Type": "ConnectionProfile:Automation Anywhere",
    "Host": "https://trial.cloud.automationanywhere.digital", 
    "User Name": "JohnSmith@abc.onmicrosoft.com",
    "Password": "*****", 
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
HostDefines the Control Room URL.
User NameDefines the Automation Anywhere user name.
PasswordDefines the Automation Anywhere user password.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Automation Anywhere job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:TRIFACTA

The following example shows how to define a connection profile for a Trifacta job, for data processing.

{
	" TRIFACTA": {
		"Type": "ConnectionProfile:TRIFACTA",
		"Trifacta URL": "https://cloud.trifacta.com",
		"User Name": "User Name",
		"Password": "Password",
		"Connection Timeout": "10",
		"Description": " ",
		"Centralized": true
	}
}


ParameterDescription
Trifacta URL

Defines the Trifacta authentication endpoint.

Default: https://cloud.trifacta.com

User NameDefines the registered user name or email address for your Trifacta account.
PasswordDefines the password for the Trifacta user.
Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to Trifacta.

Default: 10 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Trifacta job requires a centralized connection profile. Set this parameter to true.

Back to top

Was this page helpful? Yes No Submitting... Thank you

Comments