Connection Profiles
Connection profiles are used to define access methods and security credentials for a specific application. They can be referenced by multiple jobs. To do this, you must deploy the connection profile definition before running the relevant jobs.
Note: For most types of connection profiles (except for File Transfer connection profiles), the name of the connection profile can contain only the following types of characters: uppercase letters, numbers, hyphens, and underscores. The connection profile name can contain up to 30 characters.
ConnectionProfile:Hadoop
These examples show how to use connection profiles for the various types of Hadoop jobs.
Hadoop (all types)
These are the required parameters for all Hadoop job types.
{
"HADOOP_CONNECTION_PROFILE":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost"
}
}| Parameter | Description |
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
These are the optional parameters for defining the user running the Hadoop job types and choosing between a local or centralized connection profile.
{
"HADOOP_CONNECTION_PROFILE":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"RunAs": "",
"KeyTabPath":"",
"Centralized":true
}
}| RunAs | Defines the user of the account on which to run Hadoop jobs. Leave this field empty to run Hadoop jobs using the user account where the agent was installed. The Control-M/Agent must run as root, if you define a specific RunAs user. |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
In the case of Kerberos security, the following parameters control security:
| RunAs | Principal name of the user |
| KeyTabPath | Keytab file path for the target user |
Apache Spark
The following example shows a connection profile that defines access to a Spark server.
{
"SPARK_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "docker-hadoop5",
"Spark" :
{
"CustomPath" : "/home"
}
}
}The CustomPath parameter is optional.
Apache Oozie
The following example shows a connection profile that defines access to an Oozie server.
{
"OOZIE_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "hdp-ubuntu",
"Centralized" : false,
"Oozie" :
{
"SslEnabled" : false,
"Host" : "hdp-centos",
"Port" : "11000",
"ExtractionRules": [
{
"RuleName" : "rule_name1",
"WorkFlowName" : "work_flow_name1",
"WorkFlowUserName" : "work_flow_user_name1",
"FolderName" : "folder_name1",
"JobName" : "job_name1"
},
{
"RuleName" : "rule_name2",
"WorkFlowName" : "work_flow_name2",
"WorkFlowUserName" : "work_flow_user_name2",
"FolderName" : "folder_name2",
"JobName" : "job_name2"
}
]
}
}
}| Parameter | Description |
|---|---|
| Host | Oozie server host |
| Port | Oozie server port Default: 11000 |
| SslEnabled | true | false Default: false |
| ExtractionRules | 9.0.20.010(Optional) Definitions of rules for filtering Oozie workflows. Each rule has the following definitions: |
| RuleName | Name of the rule |
| WorkFlowName | Name of the Oozie workflow to get from the Oozie server |
| WorkFlowUserName | Name of the user that runs the workflows from the Oozie server |
| FolderName | Name of the folder that contains the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template |
| JobName | Name of the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template |
Apache Sqoop
The following example shows a connection profile that defines a Sqoop data source and access credentials.
{
"SQOOP_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Centralized" : false,
"Sqoop" :
{
"User" : "username",
"Password" : "userpassword",
"ConnectionString" : "jdbc:mysql://mysql.server/database",
"DriverClass" : "com.mysql.jdbc.Driver"
}
}
}The following table describes the parameters in the example above, as well as several additional optional parameters:
| Parameter | Description |
|---|---|
| User | The database user connected to the Sqoop server |
| Password | A password for the specified user If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| ConnectionString | JDBC-compliant database: The connection string used to connect to the database |
| DriverClass | JDBC-compliant database: The driver class for the driver .jar file, which indicates the entry-point to the driver |
PasswordFile | (Optional) The full path to a file located on the HDFS that contains the password to the database Note: To use a JCEKS file, include the .jceks file extension. |
| DatabaseVendor | (Optional) The database vendor of an automatically supported database used with Sqoop, one of the following:
|
| DatabaseName | (Optional) Name of an automatically supported database used with Sqoop |
| DatabaseHost | (Optional) The host server of an automatically supported database used with Sqoop |
| DatabasePort | (Optional) The port number for an automatically supported database used with Sqoop |
Apache Tajo
The following example shows a connection profile that defines access to a Tajo server. Tajo is an advanced data warehousing system on top of HDFS.
{
"TAJO_CP" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"Tajo":
{
"BinaryPath": "$TAJO_HOME/bin/",
"DatabaseName": "myTajoDB",
"MasterServerName" : "myTajoServer",
"MasterServerPort": "26001"
}
}
}| Parameter | Description |
|---|---|
| BinaryPath | Path to the bin directory where tsql utility is located |
| DatabaseName | Name of the Tajo database |
| MasterServerName | Host name of the server where the Tajo master is running |
| MasterServerPort | Tajo master port number |
Apache Hive
The following example shows a connection profile that defines a Hive beeline endpoint and access credentials. The parameters in the example translate to this beeline command:
beeline -u jdbc:hive2://<Host>:<Port>/<DatabaseName>
{
"HIVE_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Hive" :
{
"Host" : "hive_host_name",
"Port" : "10000",
"DatabaseName" : "hive_database",
}
}
}The following shows how to use optional parameters for a Hadoop Hive job type connection profile.
The parameters in the example translate to this beeline command:
beeline -u jdbc:hive2://<Host>:<Port>/<DatabaseName>;principal=<Principal> -n <User> -p <Password>
{
"HIVE_CONNECTION_PROFILE1":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Centralized" : true,
"Hive" :
{
"Host" : "hive_host_name",
"Port" : "10000",
"DatabaseName" : "hive_database",
"User" : "user_name",
"Password" : "user_password",
"Principal" : "Server_Principal_of_HiveServer2@Realm"
}
}
}If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".
ConnectionProfile:FileTransfer
Connection profiles for File Transfers are available for the following types of target servers and communication protocols:
- FTP
- SFTP
- FTPS
- AS2
- Local filesystem
- S3 Storage solutions:
- Azure Storage solutions:
- Shared Key authentication using an access key
- Shared Key authentication using a full connection string
- Active Directory authentication with user and password
- Active Directory authentication with client secret
- Active Directory authentication with a certificate file
- Shared Access Signature (SAS) authentication
- Managed Identity authentication
- Google Cloud Storage (GCS)
- Oracle Object Storage
For FTP, SFTP, FTPS, and Local filesystem transfers, you can choose between the following types of connection profiles, depending on the number of hosts for which the connection profile contains connection details:
- Single endpoint: Each connection profile contains the connection details of a single host. Such a connection profile can be used for either the source host or the destination host in a file transfer.
- Dual endpoint: The connection profile contains connection details of two hosts, both the source host and the destination host, in a file transfer.
You can also create group connection profiles for file transfers, which enable you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.
ConnectionProfile:FileTransfer:FTP
The following examples show a connection profile for a file transfer to a single endpoint using the FTP communication protocol.
Simple ConnectionProfile:FileTransfer:FTP
{
"FTPConn" : {
"Type" : "ConnectionProfile:FileTransfer:FTP",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "FTPServer",
"Port": "21",
"User" : "FTPUser",
"Password" : "ftp password",
}
}ConnectionProfile:FileTransfer:FTP with optional parameters
{
"FTPConn" : {
"Type" : "ConnectionProfile:FileTransfer:FTP",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"WorkloadAutomationUsers":["john","bob"],
"HostName": "FTPServer",
"Port": "21",
"User" : "FTPUser",
"Password" : "ftp password",
"HomeDirectory": "/home/FTPUser",
"OsType": "Unix",
"Centralized" : false,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| Port | Number of the port to listen to for the file transfer. |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| OsType | (Optional) FTP server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
| Password | (Optional) Password for FTP server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| HomeDirectory | (Optional) User home directory |
| ConnectionMode | (Optional) Set the FTP client connection mode, one of the following options:
Default: Active |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:SFTP
The following examples show a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol.
Simple ConnectionProfile:FileTransfer:SFTP
{
"sFTPconn": {
"Type": "ConnectionProfile:FileTransfer:SFTP",
"TargetAgent": "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "SFTPServer",
"Port": "22",
"User" : "SFTPUser",
"Password" : "sftp password"
}
}ConnectionProfile:FileTransfer:SFTP with optional parameters
{
"sFTPconn": {
"Type": "ConnectionProfile:FileTransfer:SFTP",
"TargetAgent": "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "SFTPServer",
"Port": "22",
"User" : "SFTPUser",
"HomeDirectory": "/home/SFTPUser",
"PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
"Passphrase": "passphrase",
"SSHCompression": true,
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}| TargetAgent | Which agent computer to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| Port | Number of the port to listen to for the file transfer. |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| PrivateKeyName | (Optional) Private key full file path |
| Passphrase | (Optional) Password for the private key. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| Password | (Optional) Password for SFTP Server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| HomeDirectory | (Optional) User home directory |
| SSHCompression | (Optional) Whether to compress the file before the transfer. true | false Default: false |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:FTPS
The following example shows a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.
{
"FTPSConn": {
"Type": "ConnectionProfile:FileTransfer:FTPS",
"HomeDirectory": "/var/home",
"TargetAgent": "sqa",
"TargetCTM": "LocalControlM",
"HostName" : "localhost",
"User" : "controlm",
"Password": "ftps_pass",
"Port": "10021",
"SSLImplicit": false,
"ClearDataChannel": true,
"SSLLevel": "ClientServerAuthentication",
"ClearCommandChannel": true,
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| Port | Number of the port to listen to for the file transfer. |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| OsType | (Optional) FTPS server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
| Password | (Optional) Password for FTPS server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| HomeDirectory | (Optional) User home directory |
| ConnectionMode | (Optional) Set the FTPS client connection mode, one of the following options:
Default: Active |
| SSLImplicit | Whether to automatically create an SSL connection to the FTPS server (Default port 990). In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS). true (implicit connection) | false (explicit connection) Default: false |
| ClearDataChannel | Whether to encrypt the connection process while files are transferred without encryption. This option is useful if you want your login information encrypted and your files transferred without encryption. true | false Default: true |
| SSLLevel | The SSL security level, one of the following:
|
| ClearCommandChannel | Whether to set the transmission mode from encrypted mode to clear text mode. You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS). true | false Default: true |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:AS2
The following examples show connection profiles for file transfers from a local filesystem to an AS2 server using the AS2 protocol.
Note: File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.
Simple ConnectionProfile:FileTransfer:AS2
{
"AS2_Conn_1": {
"Type": "ConnectionProfile:FileTransfer:AS2",
"TargetCTM": "LocalControlM",
"TargetAgent": "sqa",
"WorkloadAutomationUsers": [
"noAi"
],
"PartnerAS2Id": "partner-as2-id",
"PartnerDestinationUrl": "sqa",
"PartnerCertificateAlias": "partnerCertAlias",
"HostName": "sqa",
"Password": "*****"
}
}
ConnectionProfile:FileTransfer:AS2 with optional parameters
{
"AS2_Conn_2": {
"Type": "ConnectionProfile:FileTransfer:AS2",
"TargetCTM": "LocalControlM",
"TargetAgent": "sqa",
"Centralized": true,
"WorkloadAutomationUsers": [
"em_user1"
],
"PartnerAS2Id": "partner-as2-id",
"PartnerDestinationUrl": "sqa",
"PartnerCertificateAlias": "partnerCertAlias",
"HostName": "sqa",
"Password": "*****",
"AsyncMdnTimeout": "18120000",
"User": "basicUser",
"SendMessageTimeout": "301000",
"CompressMessage": true,
"SignMessageParameters": {
"SignMessage": false,
"SignatureAlgorithm": "RSA with SHA-384"
},
"EncryptMessageParameters": {
"EncryptMessage": false,
"EncryptionAlgorithm": "tripleDES (DES EDE3)"
},
"RequestReceiptParameters": {
"RequestReceipt": false,
"Mode": "Asynchronous",
"Sign": "Unsigned"
},
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
} This connection profile has the following parameters:
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| PartnerAS2Id | The logical name of the remote AS2 server |
| PartnerDestinationUrl | The URL of the AS2 server |
| PartnerCertificateAlias | The alias of the partner certificate that is stored in the AS2 keystore |
| Password | (Optional) The password of the HTTP request for the AS2 message. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| AsyncMdnTimeout | (Optional) The number of minutes to wait for the AS2 server to send the receipt before a timeout occurs The default is 18000000 minutes. |
| User | The username of the HTTP request for the AS2 message |
| SendMessageTimeout | (Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs The default is 300000 seconds (5000 hours). |
| CompressMessage | Whether to compress the AS2 message when sent, either The default is |
| SignMessageParameters | |
| SignMessage | Whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm, either The default is |
| SignatureAlgorithm | The algorithm to use for signing the AS2 message, one of the following options:
The default is RSA with SHA-1. |
| EncryptMessageParameters | |
| EncryptMessage | Whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm, either The default is |
| EncryptionAlgorithm | The algorithm to use for encryption of the AS2 message, one of the following options:
The default is CAST5_CBC. |
| RequestReceiptParameters | |
| RequestReceipt | Whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed, either The default is |
| Mode | The mode for receiving the MDN receipt, either The default is |
| Sign | The type of MDN receipt to receive, either The default is |
| WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: false |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:Local
The following example shows a connection profile for a file transfer to a single endpoint on a Local File System.
{
"LocalConn" : {
"Type" : "ConnectionProfile:FileTransfer:Local",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"User" : "controlm",
"Password" : "local password",
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| OsType | (Optional) Local server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
| Password | (Optional) Password for local account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:Amazon
The following example shows a connection profile for file transfers to or from an Amazon S3 storage service.
{
"testAmazon": {
"Type": "ConnectionProfile:FileTransfer:S3:Amazon",
"Region": "us-west-2",
"AccessKey": "mykey",
"SecretAccessKey": "mysecret",
"VerifyDestination": true,
"TargetAgent": "sqa",
"Centralized": true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}This connection profile has the following parameters:
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| Region | The region in which the Amazon S3 storage bucket is located. Specify one of the following regions:
|
| AccessKey | The access key to the Amazon S3 storage. |
| SecretAccessKey | The secret access key to the Amazon S3 storage. Use Secrets in code to not expose this secret access key in the code. |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:Compatible
The following example shows a connection profile for file transfers to or from an S3-compatible storage service.
{
"testCompatible": {
"Type": "ConnectionProfile:FileTransfer:S3:Compatible",
"RestEndPoint": "api.com",
"AccessKey": "mykey",
"SecretAccessKey": "mysecret",
"VerifyDestination": true,
"TargetAgent": "sqa",
"Centralized": true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}This connection profile has the following parameters:
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| RestEndPoint | The network address where the S3 Compatible Storage is located. |
| AccessKey | The access key to the S3 Compatible storage. |
| SecretAccessKey | The secret access key to the S3 Compatible storage. Use Secrets in code to not expose this secret access key in the code. |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:AWSPrivateLink
{
"PRIVATE_LINK_AMAZON_CP": {
"Type": "ConnectionProfile:FileTransfer:S3:AWSPrivateLink",
"Region": "us-west-2",
"AccessKey": "f392vvrf353422dsfvsd5b",
"SecretAccessKey": "JXq5+dfsux71t3wee+PdQ2bzGOFpddfsdf",
"VerifyDestination": true,
"RestEndPoint": "apicom",
"TargetCTM": "CTMHost",
"TargetAgent": "web",
"Centralized": true
}
}The following example shows a connection profile for file transfers to or from an AWS PrivateLink for Amazon S3, for storage that resides in the virtual private cloud (VPC) endpoint.
This connection profile has the following parameters:
| Region | Determines the region in which the Amazon S3 storage bucket is located:
|
| AccessKey | Defines the access key to the Amazon S3 storage. |
| SecretAccessKey | Defines the secret access key to the Amazon S3 storage. Use Secrets in code to not expose this secret access key in the code. |
| VerifyDestination | (Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
| RestEndPoint | Defines the network address where the Amazon S3 storage is located. |
| TargetCTM | Defines the Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| TargetAgent | Defines the Control-M/Agent to which to deploy the connection profile. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:SharedKey
The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using an access key:
{
"AZURE_CCP1": {
"Type": "ConnectionProfile:FileTransfer:Azure:SharedKey",
"AzureAccountName": "mftdevstorage",
"AzureAccountAccessKey": "44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureAccountAccessKey | Defines the account access key that is used to connect to Azure. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:ConnectionString
The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using a full connection string:
{
"AZURE_CCP2": {
"Type": "ConnectionProfile:FileTransfer:Azure:ConnectionString",
"AzureAccountName": "mftdevstorage",
"AzureAccountConnectionString": "DefaultEndpointsProtocol=https;AccountName=mftdevstorage;AccountKey=44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==;EndpointSuffix=core.windows.net",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureAccountConnectionString | Defines the entire connection string used to connect to Azure. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdUserPass
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).
{
"AZURE_CCP3": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdUserPass",
"AzureAccountName": "mftdevstorage",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureUserNameAD": "john@mftteamoutlook.onmicrosoft.com",
"AzureUserPasswordAD": "Abcxyz1234!",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
| AzureClientId | Defines the ID of your application in Azure Active Directory. |
| AzureUserNameAD | Defines the name of the Azure AD user to use for authentication. |
| AzureUserPasswordAD | Defines the password of the Azure AD user. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdClientSecret
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.
{
"AZURE_CCP4": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdClientSecret",
"AzureAccountName": "mftdevstorage",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureClientSecret": "rbyHyYH7~pg0fs1pRNMEPuJG-Y.t_fE8yt",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
| AzureClientId | Defines the ID of your application in Azure Active Directory. |
| AzureClientSecret | Defines the name of the application secret. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdCertificate
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.
{
"AZURE_CCP5": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdCertificate",
"AzureAccountName": "mftdevstorage",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureClientCertificateFormat": "PFX",
"AzureClientCertificatePath": "C:\\as2_keystore.pfx",
"AzureClientCertificatePassword": "password",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
| AzureClientId | Defines the ID of your application in Azure Active Directory. |
| AzureClientCertificateFormat | Determines whether to use PEM or PFX as the certificate file. |
| AzureClientCertificatePath | Defines the location of the certificate file. |
| AzureClientCertificatePassword | Defines the password of the certificate. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:SharedAccessSignature
The following example shows a connection profile for file transfers to or from an Azure Storage service using a Shared Access Signature (SAS), which delegates access with specific permissions over a limited time interval.
{
"AZURE_CCP6": {
"Type": "ConnectionProfile:FileTransfer:Azure:SharedAccessSignature",
"AzureAccountName": "mftdevstorage",
"AzureAccountSaSToken": "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2022-06-21T16:47:01Z&st=2021-02-10T09:47:01Z&spr=https&sig=YK8ilBPZW2EzKPpfd2SBBrokZQdwepCca4igKJwP0YM%5D",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureAccountSaSToken | Defines the SAS token that is created for Azure limited access. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:ManagedIdentity
The following example shows a connection profile for file transfers to or from an Azure Storage service using a predefined Managed Identity that does not require credentials.
You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.
{
"AZURE_CCP7": {
"Type": "ConnectionProfile:FileTransfer:Azure:ManagedIdentity",
"AzureAccountName": "mftdevstorage",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"Centralized": true
}
}This connection profile has the following parameters:
| AzureAccountName | Defines the name of the Azure Storage account. |
| AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:GCS
The following example shows a connection profile for file transfers to or from a Google Cloud Storage (GCS) service:
{
"GCS_CCP1": {
"Type": "ConnectionProfile:FileTransfer:GCS",
"GCSServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"GCSServiceAccountKeyFileName": "john.json",
"Centralized": true
}
}This connection profile has the following parameters:
| GCSServiceAccountKey | Defines a JSON body that contains the required service account credentials to access the Google Cloud Storage account. |
| GCSServiceAccountKeyFileName | Defines the name of the file that contains the service account credentials. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Oracle
The following example shows a connection profile for file transfers to or from an Oracle Object Storage service.
Note: This feature requires Control-M/Enterprise Manager version 9.0.21.100 and Control-M MFT Enterprise B2B version 9.0.21.100.
{
"ORACLE_CCP1": {
"Type": "ConnectionProfile:FileTransfer:Oracle",
"OracleUserId": "ocid1.user.oc1..aaaaaaaaxs7s4xb6mbyvgwkypgcbopm3rexus3vjaiw4zlzbumlxt6blnckq",
"OracleUserPublicKeyFingerprint": "ae:07:4e:c6:43:17:12:73:0a:70:ed:c7:21:ea:5c:f3",
"OracleTenancyId": "ocid1.tenancy.oc1..aaaaaaaa5rdw3z2pk23454goj5xeftltlbofnp6moccpe6vtdxa7pp3r7bba",
"OracleUserPrivateKey": "-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----",
"OracleUserPrivateKeyFileName": "john.pem",
"OracleUserPrivateKeyPassphrase": "",
"OracleRegion": "il-jerusalem-1",
"OracleNamespace": "axeictwdjfly",
"OracleCompartmentId": "ocid1.tenancy.oc1..aaaaaaaa5rdw3z2pk23454goj5xeftltlbofnp6moccpe6vtdxa7pp3r7bba",
"Centralized": true
}
}This connection profile has the following parameters:
| OracleUserId | Defines the user ID that connects to Oracle Object Storage. |
| OracleUserPublicKeyFingerprint | Determines the API public key fingerprint. |
| OracleTenancyId | Defines the OCID of your Tenancy, which is a secure and isolated partition in Oracle Object Storage. |
| OracleUserPrivateKey | Determines the RSA private key in PEM format. After you generate an API Signing Key pair from the OCI Console, you must download the private key to your file system. |
| OracleUserPrivateKeyFileName | Defines the name of the file that contains the private key. |
| OracleUserPrivateKeyPassphrase | (Optional) Determines the private key passphrase. |
| OracleRegion | Determines the default region to perform the Oracle Object Storage requests. For better performance, select the region where the bucket is located. |
| OracleNamespace | Determines the Object Storage Namespace, which is the top level container for all buckets and objects. At account creation time, each Oracle Cloud Infrastructure tenant is assigned one unique system-generated and immutable Object Storage namespace name. |
| OracleCompartmentId | Determines the Compartment ID, which is a collection of related cloud resources. By default, your tenancy ID acts as the root compartment. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:DualEndPoint
In a dual-endpoint connection profile, you specify connection details for the source host and for the destaination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.
The following example shows a dual-endpoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol.
{
"DualEpConn" : {
"Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
"WorkloadAutomationUsers" : [ "em_user1" ],
"TargetAgent" : "AgentHost",
"Centralized" : false,
"src_endpoint" : {
"Type" : "Endpoint:Src:FTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "localhost",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
},
"dest_endpoint" : {
"Type" : "Endpoint:Dest:SFTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "host2",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
}
}
}The dual-endpoint connection profile can have the following parameters:
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
| VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
| VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
| Endpoint | Two endpoint objects, one for the source host and one for the destaination host. Each endpoint can be based on FTP, SFTP, FTPS or local file system. Here are all the possible types of Endpoint objects:
Parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection: |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Group
9.0.20.015The following example shows a group connection profile, which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.
{
"GROUP_CP": {
"Type": "ConnectionProfile:FileTransfer:Group",
"TargetAgent": "docker_aft_app_centos1",
"GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"],
"WorkloadAutomationUsers":["john","bob"]
}This connection profile has the following parameters:
| TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
| GroupAccounts | A list of file transfer connection profiles included in the group |
| WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
| WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
ConnectionProfile:Database
The connection profile for database allows you to connect to the following database types:
- ConnectionProfile:Database:DB2
- ConnectionProfile:Database:JDBC
- ConnectionProfile:Database:MSSQL
- ConnectionProfile:Database:Oracle
- ConnectionProfile:Database:PostgreSQL
- ConnectionProfile:Database:Sybase
ConnectionProfile:Database:DB2
The following example shows how to define a connection profile for DB2:
{
"DB2_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:DB2",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "DB2Host",
"Port":"50000",
"User": "db user",
"Password": "db password",
"DatabaseName": "db2"
}
} The following table describes the parameters in the example above, as well as several additional optional parameters:
| Parameter | Description |
|---|---|
| Port | The database port number. If the port is not specified, the following default values are used for each database type:
|
| Password | Password to the database account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| DatabaseName | The name of the database |
| DatabaseVersion | The version of the database. For a list of databases and versions supported by your version of Control-M for Databases, open the Product Availability & Compatibility page at https://customerapps.bmc.com/spac/o/welcome.html. In the Product Name field enter Control-M for Databases, and in the Product Version field select the relevant version. The default version for each database is the earliest version that is supported. |
| MaxConcurrentConnections | The maximum number of connections that the database can process at the same time. Allowed values: 1–512 |
| ConnectionRetryTimeOut | The number of seconds to wait before attempting to connect again. Allowed values: 1–300 |
| ConnectionIdleTime | The number of seconds that the database connection profile can remain idle before disconnecting. Default value: 300 seconds |
| ConnectionRetryNum | The number of times to attempt to reconnect after a connection failure. Allowed values: 1–24 |
ConnectionProfile:Database:JDBC
The following example shows how to define a connection profile using a custom defined database type created using JDBC. Parameters are described in the table above.
{
"JDBC_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:JDBC",
"User":"db user",
"TargetCTM":"CTMHost",
"Host": "PGSQLHost",
"Driver":"PGDRV",
"Port":"5432",
"TargetAgent": "AgentHost",
"Password": "db password",
"DatabaseName":"dbname"
}
}The following parameter is unique to JDBC connection profiles:
| Parmeter | Description |
| Driver | JDBC driver name as defined in Control-M or as defined using the Driver object |
Driver:JDBC:Database
You can define a driver to be used by a connection profile. The following example shows the parameters that you use to define a driver:
{
"MyDriver": {
"Type": "Driver:Jdbc:Database",
"TargetAgent":"app-redhat",
"StringTemplate":"jdbc:sqlserver://<HOST>:<PORT>/<DATABASE>",
"DriverJarsFolder":"/home/controlm/ctm/cm/DB/JDBCDrivers/PostgreSQL/9.4/",
"ClassName":"org.postgresql.Driver",
"LineComment" : "--",
"StatementSeparator" : ";"
}
}| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the driver. |
| StringTemplate | The structure according to which a connection profile string is created. |
| DriversJarsFolder | The path to the folder where the database driver jars are located. |
| ClassName | Name of driver class |
| LineComment | The syntax used for line comments in the scripts that run on the database. |
| StatementSeparator | The syntax used for statement separator in the scripts that run on the database. |
ConnectionProfile:Database:MSSQL
The following example shows how to define an MSSQL database connection profile. Parameters are described in the table above.
{
"MSSQL_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:MSSQL",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "MSSQLHost",
"User": "db user",
"Port":"1433",
"Password": "db password",
"DatabaseName": "master",
"DatabaseVersion": "2005",
"MaxConcurrentConnections": "9",
"ConnectionRetryTimeOut": "34",
"ConnectionIdleTime": "45"
}
}The following parameter is unique to MSSQL connection profiles:
| Parameter | Description |
|---|---|
| AuthenticationType | SQL Server Authentication Possible values are:
|
ConnectionProfile:Database:MSSQL:SSIS
9.0.19.220 The following example shows how to define a connection profile for SQL Server Integration Services (SSIS) packages:
{
"SSIS_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:MSSQL:SSIS",
"TargetAgent": "AgentHost",
"TargetCTM": "LocalControlM",
"Host": "localhost",
"User": "administrator",
"Port": "1433",
"Password": "db password",
"DatabaseName": "testdb",
"DatabaseVersion": "2016",
"AuthenticationType": "Windows Authentication",
"SkipPackagesTest" : false,
"SSIS": [
{
"Source": "File System",
"Name": "file_system_package",
"Password": "password"
},
{
"Source": "SSIS Package Store",
"Name": "ssis_package",
"Password": "password"
},
{
"Source": "SQL Server",
"Name": "sql_server_package",
"Password": "password"
}
]
}
}Most of the parameters are the same as for the basic MSSQL connection profile (including those described in the table above). The following parameters are unique to the MSSQL SSIS connection profile:
| Parameter | Description |
|---|---|
| SkipPackageTest | Whether to skip validation of SSIS packages when testing the connection profile, either true or false |
| SSIS | Connection details for all associated SSIS Packages |
| Source | Source location of the SSIS Package — SQL Server, File System, or SSIS Package Store |
| Name | Name of the SSIS Package |
| Password | Password required for accessing the SSIS Package If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
ConnectionProfile:Database:Oracle
Oracle connection profiles are available for three types of database definitions:
ConnectionProfile:Database:Oracle:SID
The following example shows how to define a connection profile for an Oracle database using the SID identifier. Additional available parameters are described in the table above.
{
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:SID",
"TargetCTM": "controlm",
"Port": "1521",
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",
"Password": "db password",
"SID": "ORCL"
}
}ConnectionProfile:Database:Oracle:ServiceName
The following example shows how to define a connection profile for an Oracle database using a single service name. Additional available parameters are described in the table above.
{
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:ServiceName",
"TargetCTM": "controlm",
"Port": "1521",
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",
"Password": "db password",
"ServiceName": "ORCL"
}
}ConnectionProfile:Database:Oracle:ConnectionString
The following example shows how to define a connection profile for an Oracle database using a connection string that contains text from your tnsname.ora file. Additional available parameters are described in the table above.
{
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:ConnectionString",
"TargetCTM":"CTMHost",
"ConnectionString":"OracleHost:1521:ORCL",
"TargetAgent": "AgentHost",
"User": "db user",
"Password": "db password"
}
}ConnectionProfile:Database:PostgreSQL
The following example shows how to define a connection profile for PostgreSQL. Parameters are described in the table above.
{
"POSTGRESQL_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:PostgreSQL",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "PostgreSQLHost",
"Port":"5432",
"User": "db user",
"Password": "db password",
"DatabaseName": "postgres"
}
} ConnectionProfile:Database:Sybase
The following example shows how to define a connection profile for Sybase. Parameters are described in the table above.
{
"SYBASE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Sybase",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "SybaseHost",
"Port":"4100",
"User": "db user",
"Password": "db password",
"DatabaseName": "Master"
}
} ConnectionProfile:SAP
SAP connection profiles that you create for use by your SAP jobs can be defined for logon to a specific SAP Application Server or for an SAP logon group.
The following example is for a connection profile for a specific SAP Application Server:
{
"SAP-SERVER-CONN" : {
"Type" : "ConnectionProfile:SAP",
"User" : "my-user",
"Password" : "123456",
"SapClient" : "100",
"Language" : "",
"XBPVersion": "XBP3.0",
"AppVersion": "R3",
"ApplicationServerLogon" : {
"Host" : "localhost",
"SystemNumber" : "12"
},
"SecuredNetworkConnection": {
"SncLib": " " ,
"SncPartnerName": "",
"QualityOfProtection": "2",
"SncMyName":""
},
"SapResponseTimeOut" : "180",
"UseExtended": true,
"SolutionManagerConnectionProfile" : "IP4-GROUP",
"IsSolutionManagerConnectionProfile": true
}
}The following example is for a connection profile for an SAP logon group:
{
"SAP-GROUP-CONN" : {
"Type" : "ConnectionProfile:SAP",
"User" : "my-user",
"Password" : "123456",
"SapClient" : "100",
"Language" : "",
"XBPVersion": "XBP3.0",
"AppVersion": "R3",
"GroupLogon": {
"SystemID": "123",
"MessageServerHostName": "msgsv",
"GroupName": "group1"
},
"SecuredNetworkConnection": {
"SncLib": " " ,
"SncPartnerName": "",
"QualityOfProtection": "2",
"SncMyName":""
},
"SapResponseTimeOut" : "180",
"UseExtended": true,
"SolutionManagerConnectionProfile" : "IP4-GROUP",
"IsSolutionManagerConnectionProfile": true
}
}| Parameter | Description |
|---|---|
| User | SAP user name |
| Password | Password for the SAP user If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| SapClient | SAP client number, a three-digit number |
| Language | The SAP language. The default is English. |
| XBPVersion | SAP XBP interface version installed on the SAP server Valid values are:
|
| AppVersion | Version of the SAP application, one of the following:
|
| GroupLogon | Parameters for defining an SAP logon group |
| SystemID | SAP system ID, three alpha-numeric characters |
| MessageServerHostName | Host name of the computer on which the SAP System Message Server is running |
| GroupName | SAP logon group name The Group name is defined in the SAP SMLG transaction. |
| ApplicationServerLogon | Parameters for defining a specific SAP Application Server |
| Host | The host name of the computer that runs the SAP Application Server |
| SystemNumber | SAP instance number, a two-digit number |
| SecuredNetworkConnection | Parameters that you can use to activate a secured network connection |
| SncLib | Client full path and file name to SAP crypto lib For example: /home1/agsapfp/SNC/libsapcrypto.sl |
| SncPartnerName | SNC name of the application server For example: p:CN=LE1, OU=BPM, O=BMC, C=US |
| QualityOfProtection | Quality of the protection Valid values: 1, 2, 3, 8 (default), 9 |
| SncMyName | SNC name of the user sending the RFC Default: The name provided by the security product for the user who is logged on. |
| SapResponseTimeOut | Number of seconds that the program waits for an RFC request to be handled by the SAP system before returning a timeout error Default: 180 |
| UseExtended | Whether the extended functionality of Control-M for SAP should be used, either false (default) or true NOTE: If you select this option, the Control-M Function Modules must be installed on your SAP server, as described in Control-M for SAP XBP Interface and Control-M Function Modules in the Control-M for SAP online help. |
| SolutionManagerConnectionProfile | Solution Manager connection profile for retrieval of SAP job Documentation This parameter is relevant only if the current connection profile is not a Solution Manager connection profile, as discussed in the next parameter. |
| IsSolutionManagerConnectionProfile | Whether the current connection profile is a Solution Manager connection profile, either true or false (the default) |
ConnectionProfile:ApplicationIntegrator
The following example shows how to define a connection profile for a job type defined in the Control-M Application Integrator. For information about the Control-M Application Integrator, see Application Integrator.
Properties defined for the connection profile in Control-M Application Integrator are all prefixed with "AI-" in the .json code, as shown in the following example.
{
"AI_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:ApplicationIntegrator:<JobType>",
"TargetAgent": "AgentHost",
"TargetCTM":"CTMHost",
"AI-Param03": "45",
"AI-Param04": "group",
"Centralized": true
}
} ConnectionProfile:Informatica
The following example shows how to define a connection profile for an Informatica job:
{
"INFORMATICA_CONNECTION": {
"Type": "ConnectionProfile:Informatica",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"Host": "InformaticaHost",
"Port": "7333",
"User": "UserName",
"Password": "Password",
"PowerCenterDomain": "DomainName",
"Repository": "RepositoryName",
"IntegrationService": "ServiceName",
"SecurityDomain": "Native",
"ConnectionType": "HTTP",
"MaxConcurrentConnections": "100",
"Centralized": false
}
}| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| Host | Name of the Informatica web services server |
| Port | (Optional) Port number of the Informatica web services server Values range from 1 to 65535. The default is 7333. |
| User | Name of a user to log into the Repository |
| Password | A password to log into the Repository. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| PowerCenterDomain | Name of the Informatica server that contains the Repository service |
| Repository | Name of the repository where the repository folders and workflows are located |
| IntegrationService | The Integration Service to use to run the workflows |
| SecurityDomain | The name of a Security Domain, a collection of user accounts and groups in a Power Center Domain. If the user name belongs to the native security domain, this parameter is optional, and the default is an empty value. If the user name belongs to an LDAP security domain, this parameter is required. |
| ConnectionType | (Optional) Protocol for the connection to the Informatica server, either HTTP (the default) or HTTPS. |
| MaxConcurrentConnections | (Optional) The maximum number of allowed concurrent workflows in the connection profile Values range from 1 to 512, with a default value of 100. |
| Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:Informatica CS
The following example shows how to define a connection profile for an Informatica Cloud Services job:
{
"INFORMATICA_CS_CONNECTION": {
"Type": "ConnectionProfile:Informatica CS",
"Login URL": "https://dm-us.informaticacloud.com",
"Base URL": "https://usw5.dm-us.informaticacloud.com",
"Username": "UserName",
"Password": "Password",
"Request Timeout": "3",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Login URL | The URL for login calls to Informatica Cloud |
| Base URL | The instance name of the Informatica Cloud server |
| Username | Username for the account to connect to Informatica Cloud |
| Password | A password for the login to Informatica Cloud Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| Request Timeout | A timeout value, in seconds, for the requests sent to Informatica Cloud The default is 3 seconds. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Informatica Cloud Services job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS
Note: This feature requires Control-M/Enterprise Manager version 9.0.21.
The following examples show how to define a connection profile for an AWS job.
The following example is based on authentication with an access key and a secret key:
{
"AWS_CONNECTION_ACCESSKEY": {
"Type": "ConnectionProfile:AWS",
"Centralized": true,
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"AuthenticationMethod": "AccessKey",
"AccessKey": "1234",
"SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
"Region": "ap-northeast-1",
}
}The following example is based on authentication with an IAM role:
{
"AWS_CONNECTION_IAMROLE": {
"Type": "ConnectionProfile:AWS",
"Centralized": true,
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"AuthenticationMethod": "IAMRole",
"IAMRole": "myRole",
"Region": "ap-northeast-1",
"ProxySettings": {
"Host": "host",
"Port": "12345",
"Username": "username",
"Password": "password"
}
}
}
| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
| AuthenticationMethod | One of the following authentication methods for the connection to AWS:
|
| AccessKey | (For AccessKey authentication) AWS account Access Key |
| SecretAccessKey | (For AccessKey authentication) AWS account Secret Access Key Use Secrets in code to not expose this secret access key in the code. |
| IAMRole | (For IAMRole authentication) The name of an IAM role for authentication of the connection to AWS |
| Region | Location of the AWS user |
| ProxySettings | Settings of an installed proxy server:
|
ConnectionProfile:AWS Batch
The following examples show how to define a connection profile for an AWS Batch job, which enables you to manage and run batch computing workloads in AWS.
The following example is based on authentication using an AWS access key and secret.
{
"AWS_BATCH": {
"Type": "ConnectionProfile:AWS Batch",
"Authentication": "SECRET",
"AWS Secret": "myAwsSecret12345",
"AWS Access Key": "MYAWSACCESSKEY1234",
"AWS Region": "eu-west-2",
"Batch URL": " https://batch.{{region}}.amazonaws.com",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWS_BATCH": {
"Type": "ConnectionProfile:AWS Batch",
"Authentication": "NOSECRET",
"IAM Role": "BATCHIAMROLE",
"AWS Region": "eu-west-2",
"Batch URL": " https://batch.{{region}}.amazonaws.com",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following types of authentication for the connection with AWS Batch:
|
| AWS Access Key | (For SECRET authentication) Defines the access key ID for connection to AWS. |
| AWS Secret | (For SECRET authentication) Defines the secret access key for connection to AWS. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS. |
| AWS Region | Determines the region where the AWS Batch resources are located. |
| Batch URL | Determines the URL of an AWS Batch service regional endpoint: https://batch.{{region}}.amazonaws.com For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation. |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to AWS Batch. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS Batch job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Step Functions
The following examples show how to define a connection profile for an AWS Step Functions job, which enables you to create visual workflows that can integrate other AWS services.
The following example is based on authentication using an AWS access key and secret.
{
"STEPFUNCTIONSCCP": {
"Type": "ConnectionProfile:AWS Step Functions",
"Authentication": "SECRET",
"AWS Secret": "myAwsSecret12345",
"AWS Access Key": "MYAWSACCESSKEY1234",
"AWS Region": "eu-west-2",
"Step Functions URL": "https://states.AWSRegion.amazonaws.com",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
} The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"STEPFUNCTIONSCCP": {
"Type": "ConnectionProfile:AWS Step Functions",
"Authentication": "NOSECRET",
"IAM Role": "STEPFXIAMROLE",
"AWS Region": "eu-west-2",
"Step Functions URL": "https://states.AWSRegion.amazonaws.com",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following types of authentication for the connection with AWS Step Functions:
|
| AWS Access Key | (For SECRET authentication) Defines the access key assigned to the account in the AWS Step Functions integration setup. |
| AWS Secret | (For SECRET authentication) Defines the secret access key assigned to the account in the AWS Step Functions integration setup. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS Step Functions. |
| AWS Region | Determines the region where the AWS Step Functions jobs are located. |
| Step Functions URL | Determines the authentication endpoint for AWS Step Functions, based on the following format: https://states.{{region}}.amazonaws.com For more information about regional endpoints available for the AWS Step Functions service, refer to the AWS documentation. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to AWS Step Functions before a timeout occurs. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS Step Functions job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Glue
The following examples show how to define a connection profile for an AWS Glue job, which executes Amazon Web Services (AWS) Glue, a serverless data integration service.
The following example is based on authentication using an AWS access key and secret.
{
"GLUECONNECTION": {
"Type": "ConnectionProfile:AWS Glue",
"AWS Access key ID": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"Authentication": "SECRET",
"AWS Region": "eu-west-2",
"Glue url": "glue.eu-west-2.amazonaws.com",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"GLUECONNECTIONIAM": {
"Type": "ConnectionProfile:AWS Glue",
"IAM Role": "GLUEEC2IAMROLE",
"Authentication": "NOSECRET",
"AWS Region": "eu-west-2",
"Glue url": "glue.eu-west-2.amazonaws.com",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Type of authentication to use for the connection with AWS Glue, one of the following:
|
| AWS Access key ID | (For SECRET authentication) Access key ID for connection to AWS |
| AWS Secret | (For SECRET authentication) Secret access key for connection to AWS |
| IAM Role | (For NOSECRET authentication) Identity and Access Management (IAM) role for connection to AWS |
| AWS Region | AWS Glue service region |
| Glue url | URL of an AWS Glue service regional endpoint For more information about regional endpoints available for the AWS Glue service, refer to the AWS documentation. |
| Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to AWS Glue The default is 40 seconds. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS Glue job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Glue DataBrew
The following examples show how to define a connection profile for an AWS DataBrew job, which executes Amazon Web Services (AWS) Glue DataBrew, a cloud-based ETL service that enables you to visualize your data and publish it to the Amazon S3 Data Lake.
The following example is based on authentication using an AWS access key and secret.
{
"AWSDATABREW": {
"Type": "ConnectionProfile:AWS Glue DataBrew",
"Authentication": "SECRET",
"AWS Access Key": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"AWS Region": "us-east-1",
"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWSDATABREW": {
"Type": "ConnectionProfile:AWS Glue DataBrew",
"Authentication": "NOSECRET",
"IAM Role": "IAMROLE",
"AWS Region": "us-east-1",
"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following authentication methods for the connection with AWS Glue DataBrew:
|
| AWS Access Key | (For SECRET authentication) Defines the AWS Glue DataBrew account access key. |
| AWS Secret | (For SECRET authentication) Defines the AWS Glue DataBrew account secret access key. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS. |
| AWS Region | Determines the region that the AWS Glue DataBrew jobs are located in. |
| AWS API Base URL | Defines the REST API URL for the AWS Glue DataBrew regional endpoint: For more information about regional endpoints available for the AWS Glue DataBrew service, refer to the AWS documentation. |
| AWS Logs URL | Defines the AWS Logs URL: https://logs.{{AWSRegion}}.amazonaws.com |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to AWS Glue DataBrew. Default: 30 seconds |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS DataBrew job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Data Pipeline
The following examples show how to define a connection profile for an AWS Data Pipeline job. This job executes an AWS Data Pipeline, a cloud-based ETL service that enables you to automate the transfer, processing, and storage of your data.
The following example is based on authentication using an AWS access key and secret.
{
"AWSDATAPIPELINESECRET ": {
"Type": "ConnectionProfile:AWS Data Pipeline",
"Authentication": "SECRET",
"AWS Access Key": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"AWS Region": "us-east-1",
"Data Pipeline URL": "https://datapipeline.{{AWSRegion}}.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWSDATAPIPELINEIAM": {
"Type": "ConnectionProfile:AWS Data Pipeline",
"Authentication": "NOSECRET",
"IAM Role": "IAMROLENAME",
"AWS Region": "us-east-1",
"Data Pipeline URL": "https://datapipeline.{{AWSRegion}}.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following authentication methods for the connection with AWS Data Pipeline:
|
| AWS Access Key | (For SECRET authentication) Defines the AWS Data Pipeline account access key. |
| AWS Secret | (For SECRET authentication) Defines the AWS Data Pipeline account secret access key. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS. |
| AWS Region | Determines the region where the AWS Data Pipeline jobs are located. |
| Data Pipeline URL | Defines the REST API URL for the AWS Data Pipeline regional endpoint: For more information about regional endpoints available for the AWS Data Pipeline service, refer to the AWS documentation. |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to AWS Data Pipeline. Default: 30 seconds |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS Data Pipeline job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS EMR
The following examples show how to define a connection profile for an AWS EMR job, which executes Amazon Web Services (AWS) EMR to run big data frameworks.
{
"AWS_EMR": {
"Type": "ConnectionProfile:AWS EMR",
"AWSRegion": "us-east-1",
"EMRAccessKey": “ABCDEF",
"EMRSecretKey": "****",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| AWSRegion | Determines the AWS region. |
| EMRAccessKey | Defines the token for the connection to AWS. |
| EMRSecretKey | Defines an additional security token for AWS. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS EMR job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWSEC2
The following examples show how to define a connection profile for an AWS EC2 job for the integration of AWS EC2 operations into Control-M.
The following example is based on authentication using an AWS access key and secret.
{
"AWSEC2": {
"Type": "ConnectionProfile:AWSEC2",
"Authentication": "SECRET",
"AWS Access key ID": "AK***************************",
"AWS Secret": "nw*****************************",
"EC2 Region": "us-west-2",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWSEC2": {
"Type": "ConnectionProfile:AWSEC2",
"Authentication": "NOSECRET",
"IAM Role": "GLUEEC2IAMROLE",
"EC2 Region": "us-west-2",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following types of authentication for the connection with AWS EC2:
|
| AWS Access key ID | (For SECRET authentication) Defines the Access key ID for connection to AWS. |
| AWS Secret | (For SECRET authentication) Defines the secret access key for connection to AWS. |
| IAM Role | (For NOSECRET authentication) Defines the IAM Role for connection to AWS. |
| EC2 Region | Determines the location of the AWS user. Example: us-east-1 |
| Connection Timeout | Determines the number of seconds to wait for the trigger call made by Control-M to AWS EC2 before timing out. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS EC2 job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS ECS
The following examples show how to define a connection profile for an AWS ECS job. AWS Elastic Container Service (ECS) is a container management service that enables you to run, stop, manage, and monitor containerized applications in a cluster.
The following example is based on authentication using an AWS access key and secret.
{
"AWS ECS": {
"Type": "ConnectionProfile:AWS ECS",
"AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
"Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication Method": "Secret",
"AWS Access Key": "<Access Key>",
"AWS Secret": "*****",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWS ECS": {
"Type": "ConnectionProfile:AWS ECS",
"AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
"Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication Method": "IAM",
"AWS IAM Role": "IAM ROLE",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| AWS ECS URL | Defines the AWS ECS authentication endpoint, based on the following format: https://ecs.{{region}}.amazonaws.com For more information about regional endpoints available for the AWS ECS service, refer to the AWS documentation. |
| Cloud Watch URL | Defines the Cloud Watch authentication endpoint. |
| AWS Region | Determines the region where the AWS ECS jobs are located. |
| Authentication Method | Determines one of the following authentication methods for the connection with AWS ECS:
|
| AWS Access Key | (Secret authentication) Defines the AWS ECS account access key. |
| AWS Secret | (Secret authentication) Defines the AWS ECS account secret access key. |
| AWS IAM Role | (IAM authentication) Defines the Identity and Access Management (IAM) role for the AWS ECS connection. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to AWS ECS before a timeout occurs. Default: 30 |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS ECS job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS QuickSight
The following examples show how to define a connection profile for an AWS QuickSight job, which enables you to visualize, analyze, and share large workloads of data.
The following example is based on authentication using an AWS access key and secret.
{
"AWS_QUICKSIGHT": {
"Type": "ConnectionProfile:AWS QuickSight",
"Authentication Method": "SECRET",
"AWS Access Key": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"AWS Region": "us-east-1",
"AWS Account ID": "12345678",
"AWS QuickSight URL": "https://quicksight.us-east-1.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWS_QUICKSIGHT": {
"Type": "ConnectionProfile:AWS QuickSight",
"Authentication Method": "NOSECRET",
"IAM Role": "QUICKSIGHTIAMROLE",
"AWS Region": "us-east-1",
"AWS Account ID": "12345678",
"AWS QuickSight URL": "https://quicksight.us-east-1.amazonaws.com",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication Method | Determines one of the following types of authentication for the connection with AWS QuickSight:
|
| AWS Access Key | (For SECRET authentication) Defines the access key assigned to the account in the AWS QuickSight integration setup. |
| AWS Secret | (For SECRET authentication) Defines the secret access key assigned to the account in the AWS QuickSight integration setup. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS QuickSight. |
| AWS Region | Determines the region where the AWS QuickSight jobs are located. |
| AWS Account ID | Determines the AWS account ID, which can be retrieved from the top right-hand corner of the AWS console. |
| AWS QuickSight URL | Determines the authentication endpoint for AWS QuickSight, based on the following format: https://quicksight.{{region}}.amazonaws.com For more information about regional endpoints available for the AWS QuickSight service, refer to the AWS documentation. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to AWS QuickSight before a timeout occurs. Default: 30 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS QuickSight job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Sagemaker
The following examples show how to define a connection profile for an AWS SageMaker job, which enables you to create and manage machine learning models.
The following example is based on authentication using an AWS access key and secret.
{
"AWS_SAGEMAKER": {
"Type": "ConnectionProfile:AWS Sagemaker",
"SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "SECRET",
"AWS Access key": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"Connection Timeout": "100",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWS_SAGEMAKER_IAM": {
"Type": "ConnectionProfile:AWS Sagemaker",
"SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "NOSECRET",
"IAM Role": "SAGEMAKERIAMROLE",
"Connection Timeout": "100",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication | Determines one of the following types of authentication for the connection with AWS SageMaker:
|
| AWS Access Key | (For SECRET authentication) Defines the AWS SageMaker account access key. |
| AWS Secret | (For SECRET authentication) Defines the AWS SageMaker account secret access key. |
| IAM Role | (For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for the AWS SageMaker connection. |
| AWS Region | Determines the region where the AWS SageMaker jobs are located. |
| SageMaker URL | Determines the authentication endpoint for AWS SageMaker, based on the following format: https://sagemaker.{{region}}.amazonaws.com For more information about regional endpoints available for the AWS SageMaker service, refer to the AWS documentation. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to AWS SageMaker before a timeout occurs. Default: 30 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS SageMaker job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS Athena
The following examples show how to define a connection profile for an AWS Athena job, which you can use for data processing, analysis, and storage.
The following example is based on authentication using an AWS access key and secret.
{
"AWS_ATHENA": {
"Type": "ConnectionProfile:AWS Athena",
"AWS API Base URL": "https://athena.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "SECRET",
"AWS Access Key": "ABCDEF",
"AWS Secret Key": "******",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
{
"AWS_ATHENA": {
"Type": "ConnectionProfile:AWS Athena",
"AWS API Base URL": "https://athena.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "NOSECRET",
"IAM Role": "ATHENAIAMROLE",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| AWS API Base URL | Determines the authentication endpoint for AWS Athena, based on the following format: https://athena.{{AWSRegion}}.amazonaws.com For more information about regional endpoints available for the AWS Athena service, refer to the AWS documentation. |
| AWS Region | Determines the region where the AWS Athena jobs are located. |
| Authentication | Determines one of the following authentication methods:
|
| AWS Access Key | Defines the AWS Athena account access key. |
| AWS Secret Key | Defines the AWS Athena account secret access key. |
| IAM Role | Defines the Identity and Access Management (IAM) role for the AWS Athena connection. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to AWS Athena before a timeout occurs. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The AWS Athena job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure
9.0.19.220 The following example shows how to define a connection profile for an Azure job:
{
"AZURE_CONNECTION": {
"Type": "ConnectionProfile:Azure",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
"SubscriptionID": "bcde-fgh-ijk-lmnopq",
"ApplicationID": "abcd-efg-hij-klmnop",
"User": "user1@bmc.onmicrosoft.com",
"Password": "*****"
"Batch": {
"BatchAccountName": "myFirstBatch",
"BatchAccountKey": "aaaaaabbbbbbbccccccc",
"Location": "centralus"
}
}
}| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| ActiveDirectoryDomainName | (Optional) Azure Active Directory Format: <company name>.onmicrosoft.com |
| SubscriptionID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
| ApplicationID | Azure application ID |
| User | Name of user to connect to the Azure server |
| Password | Password of the username that connects to the Azure server Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| Batch | (Optional) Enables the use of a batch account service By default, a batch account is not used. If you want to use a batch account, you must define the following parameters: |
| BatchAccountName | Name of the batch account |
| BatchAccountKey | Primary access key for the batch account This key can be retrieved from the Azure portal. |
| Location | Batch account location, as defined in the batch account properties The batch account name and batch account location are used to define the batch URI. |
ConnectionProfile:ADF
The following examples show how to define a connection profile for an ADF job, which executes an Azure Data Factory (ADF) service and allows you to automate the movement and transformation of data.
The following example is based on authentication using an Azure service principal.
{
"ADF_SERVPRINC": {
"Type": "ConnectionProfile:ADF",
"Tenant ID": "tenantId",
"Identity Type": "PRINCIPAL",
"Client Secret": "*****",
"Application ID": "applicationId",
"Subscription ID": "subscriptionId",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
{
"ADF_MANID": {
"Type": "ConnectionProfile:ADF",
"Identity Type": "MANAGEDID",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Subscription ID": "subscriptionId",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Identity Type | Type of authentication to use for the connection with the Azure Data Factory, one of the following:
|
| Specify Managed Identity Client ID | (For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (For Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Tenant ID | (For service principal authentication) The Azure Tenant ID where the Azure Data Factory was created |
| Client Secret | (For service principal authentication) The client secret associated with the service principal |
| Application ID | (For service principal authentication) ID of the Azure-registered application that is used to interact with the Azure Data Factory |
| Subscription ID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
| Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to the Azure Data Factory The default is 40 seconds. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The ADF job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Databricks
The following example shows how to define a connection profile for an Azure Databricks job, which performs big data analytics .
{
"ADF_SERVPRINC": {
"Type": "ConnectionProfile:Azure Databricks",
"Tenant ID": "tenantId",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*****",
"Databricks url": "https://adb-1111211144444680.0.azuredatabricks.net",
"Azure Login url": "https://login.microsoftonline.com",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Tenant ID | The Azure Tenant ID in Azure AD |
| Application ID | The application (service principal) ID of the registered application. The service principal must meet the following requirements:
|
| Client Secret | The client secret (password) associated with the Azure user and the application |
| Databricks url | The URL of your Databricks workspace |
| Azure Login url | The Azure AD authentication endpoint base URL |
| Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to Azure Databricks The default is 50 seconds. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Databricks job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AzureFunctions
The following examples show how to define a connection profile for an Azure Functions job, which executes an Azure cloud service for serverless application development.
The following example is based on authentication using an Azure service principal.
{
"AZUREFUNCTIONS": {
"Type": "ConnectionProfile:AzureFunctions",
"Subscription ID": "bcde-fgh-ijk-lmnopq",
"Identity Type": "PRINCIPAL",
"Tenant ID": "tenantId",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*********",
"Azure Login url": "https://login.microsoftonline.com",
"Resource Group": "resourceGroup",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZUREFUNCTIONS": {
"Type": "ConnectionProfile:AzureFunctions",
"Subscription ID": "bcde-fgh-ijk-lmnopq",
"Identity Type": "MANAGEDID",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Resource Group": "resourceGroup",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Subscription ID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
| Identity Type | Type of authentication to use for the connection with Azure Functions, one of the following:
|
| Specify Managed Identity Client ID | (For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (For Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Tenant ID | (For service principal authentication) The Azure Tenant ID in Azure AD |
| Application ID | The application (service principal) ID of the registered application. The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated. |
| Client Secret | (For service principal authentication) The client secret (password) associated with the Azure user and the application |
| Azure Login url | (For service principal authentication) The Azure AD authentication endpoint base URL |
| Resource Group | The name of the resource group that holds your application |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Functions job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Batch Accounts
The following examples show how to define a connection profile for execution of an Azure Batch Accounts service, which runs large-scale parallel and batch compute jobs.
The following example is based on authentication using an Azure service principal.
{
"AZURE_BATCH": {
"Type": "ConnectionProfile:Azure Batch Accounts",
"Authentication Method": "PRINCIPAL",
"Tenant ID": "tenantId",
"Azure AD url": "https://login.microsoftonline.com",
"App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Batch Account Name": "abc_batch",
"Batch Region ID": "uksouth",
"Batch Resource url": "https://batch.core.windows.net/",
"Client Secret": "*********",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZURE_BATCH": {
"Type": "ConnectionProfile:Azure Batch Accounts",
"Authentication Method": "MANAGEDID",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Batch Account Name": "abc_batch",
"Batch Region ID": "uksouth",
"Batch Resource url": "https://batch.core.windows.net/",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication Method | Defines one of the following types of authentication to use for the connection with Azure Batch:
|
| Tenant ID | (For service principal authentication) Defines the Azure Tenant ID in Azure AD |
| Specify Managed Identity Client ID | (For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (For Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Azure AD url | (For service principal authentication) Defines the Azure AD authentication endpoint base URL |
| App ID | Defines the application (service principal) ID of the registered application for the Azure Batch service. The service principal must be for an Azure Batch account with a Contributor role. |
| Batch Account Name | Defines the name of the Batch account created in Azure Portal. |
| Batch Region ID | Defines the region ID associated with the Batch account in Azure Portal. |
| Batch Resource url | Defines the identifier for the Azure Batch account for login via Azure AD. This identifier is a constant value set to https://batch.core.windows.net/ |
| Client Secret | (For service principal authentication) Defines the client secret (password) associated with the Azure user and the application. |
| Connection Timeout | Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts. Default: 50 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Batch job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Logic Apps
The following examples show how to define a connection profile for execution of an Azure Logic Apps service, which enables you to design and automate cloud-based workflows and integrations.
The following example is based on authentication using an Azure service principal.
{
"AZURE_LOGIC_APPS": {
"Type": "ConnectionProfile:Azure Logic Apps",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Authentication Method": "PRINCIPAL",
"Resource Group": "tb-resourcegroup",
"Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c69b",
"Azure Login url": "https://login.microsoftonline.com",
"Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b5",
"Client Secret": "*****",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
} The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZURE_LOGIC_APPS": {
"Type": "ConnectionProfile:Azure Logic Apps",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Authentication Method": "MANAGEDID",
"Resource Group": "tb-resourcegroup",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Subscription ID | Defines the Azure account subscription ID, which is located in the Azure portal. |
| Authentication Method | Defines one of the following types of authentication to use for the connection with Azure Logic Apps:
|
| Resource Group | Determines the resource group where your logic app is located. |
| Tenant ID | (Service Principal) Defines the Azure Tenant ID in Azure AD. |
| Azure Login url | (Service Principal) Defines the Azure AD authentication endpoint base URL. |
| Application ID | (Service Principal) Defines the application ID of the registered application. The service principal must be an Azure Logic Apps workspace user with a Contributor or Owner role. |
| Client Secret | (Service Principal) Defines the password associated with the Azure user and the application. |
| Specify Managed Identity Client ID | (Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Azure Logic Apps. Default: 50 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Logic Apps job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Machine Learning
The following examples show how to define a connection profile for an Azure Machine Learning job, which enables you to create and manage machine learning models.
The following example is based on authentication using an Azure service principal.
{
"AZURE_ML_SERVICE_PRINCIPAL": {
"Type": "ConnectionProfile:Azure Machine Learning",
"Authentication Method": "PRINCIPAL",
"Tenant ID": "82b34c5-5839-40f6-8pd9-c1fad320c69b",
"Azure Login URL": "https://login.microsoftonline.com",
"Azure ML URL": "https://{{location}}.api.azureml.ms/",
"Azure Management URL": "https://management.azure.com/",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Location Name": "centralus",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*****",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZURE_ML_SERVICE_IDENTITY": {
"Type": "ConnectionProfile:Azure Machine Learning",
"Authentication Method": "MANAGEDID",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Azure ML URL": "https://{{location}}.api.azureml.ms/",
"Azure Management URL": "https://management.azure.com/",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Location Name": "centralus",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication Method | Defines one of the following types of authentication to use for the connection with Azure Machine Learning:
To prepare for authentication using each of these methods:
|
| Specify Managed Identity Client ID | (Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Tenant ID | (Service Principal) Defines the ID where the Azure Machine Learning is created. |
| Azure Login URL | (Service Principal) Defines the Azure Active Directory (AD) authentication endpoint base URL. Default: https://login.microsoftonline.com |
| Azure ML URL | Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format: https://{{location}}.api.azureml.ms/ |
| Azure Management URL | Defines the Azure Management URL, which is used to get the token for a service principal authentication and to perform API calls. Default: https://management.azure.com/ |
| Subscription ID | Determines the Azure account subscription ID, which can be retrieved from the Azure portal. |
| Location Name | Determines the region where the Azure Machine Learning jobs are located. |
| Application ID | (Service Principal) Defines the Azure identity of a Service Principal that is granted access to interact with Azure Machine Learning. |
| Client Secret | (Service Principal) Defines the password of the Service Principal. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to Azure Machine Learning before a timeout occurs. Default: 50 |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Machine Learning job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Synapse
The following examples show how to define a connection profile for an Azure Synapse job, which performs data integration and big data analytics.
The following example is based on authentication using an Azure service principal.
{
"AZURE_SYNAPSE_1": {
"Type": "ConnectionProfile:Azure Synapse",
"Authentication Method": "PRINCIPAL",
"Tenant ID": "tenantId",
"Azure AD url": "https://login.microsoftonline.com",
"Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
"Synapse Resource": "https://dev.azuresynapse.net/",
"App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*****",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZURE_SYNAPSE_2": {
"Type": "ConnectionProfile:Azure Synapse",
"Authentication Method": "MANAGEDID",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
"Synapse Resource": "https://dev.azuresynapse.net/",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Authentication Method | Defines one of the following types of authentication to use for the connection with Azure Synapse Analytics:
To prepare for authentication using each of these methods:
|
| Specify Managed Identity Client ID | (For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (For Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Tenant ID | (For service principal authentication) Defines the Azure Tenant ID in Azure AD |
| Azure AD url | (For service principal authentication) Defines the Azure AD authentication endpoint base URL |
| Synapse url | Defines the workspace development endpoint. |
| Synapse Resource | Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD: |
| App ID | Defines the application (service principal) ID of the registered application for the Azure Synapse service. |
| Client Secret | (For service principal authentication) Defines the client secret (password) associated with the Azure user and the application. |
| Connection Timeout | Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Synapse Analytics. The default is 50 seconds. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Synapse job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure HDInsight
The following example shows how to define a connection profile for Azure HDInsight jobs.
{
"AZUREHDINSIGHT": {
"Type": "ConnectionProfile:Azure HDInsight",
"Cluster Name": "hdcluster",
"Cluster Username": "admin",
"Cluster Password": "*****",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
Cluster Name | Defines the name of the HDInsight cluster to connect to. |
Cluster Username | Defines the name of the Administrator to use to connect to Azure HDInsight. |
| Cluster Password | Defines the password for the Administrator, as configured in Azure HDInsight. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure HDInsight job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure VM
The following examples show how to define a connection profile for an Azure Virtual Machine (VM) job for the integration of Azure VM operations into Control-M.
The following example is based on authentication using an Azure service principal.
{
"AZUREVM": {
"Type": "ConnectionProfile:Azure VM",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Auth_Method": "service_account",
"Resource Group": "tb-resourcegroup",
"Tenant ID": "81b796g5-5839-40a6-8dd9-c1fam320c69b",
"Client Secret": "*****",
"Application ID": "7f499fc3-1a1f-4847-ba80-f39bb563f1b5",
"Azure Login url": "https://login.microsoftonline.com",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"AZUREVM": {
"Type": "ConnectionProfile:Azure VM",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
"Auth_Method": "managed_id",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
"Resource Group": "tb-resourcegroup",
"Connection timeout": "20",
"Description": "Azure VM connection profile",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Subscription ID | Determines the Azure account subscription ID. You can retrieve the subscription ID from the Subscription menu in the Azure portal. |
| Auth_Method | Determines one of the following authentication types:
|
| Specify Managed Identity Client ID | (For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (For Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Tenant ID | (For service principal) Defines the Azure Tenant ID in the Azure Virtual Machine. |
| Resource Group | Defines the name of the resource group where the function app is located. |
| Application ID | (For service principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine. The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated. |
| Client Secret | (For service principal) Defines the client secret (password) associated with the Azure user and the application. |
| Azure Login URL | (For service principal) Defines the Azure VM authentication endpoint base URL. |
| Connection Timeout | Defines a timeout value, in seconds, for the trigger call made by Control-M to the Azure VM. Default: 20 seconds. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure VM job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Backup
The following examples show how to define a connection profile for an Azure Backup job, which enables you to back up and restore your data in the Microsoft Azure cloud.
The following example is based on authentication using an Azure service principal.
{
"ABK_CCP_SERVICE_PRINCIPAL": {
"Type": "ConnectionProfile:Azure Backup",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
"Authentication Method": "service",
"Azure Management URL": "https://management.azure.com",
"Azure Login URL": "https://login.microsoftonline.com",
"Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c68c",
"Client Secret": "*****",
"Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}The following example is based on authentication using a managed identity.
Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
{
"ABK_CCP_MANAGED_IDENTITY ": {
"Type": "ConnectionProfile:Azure Backup",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
"Authentication Method": "identity",
"Azure Management URL": "https://management.azure.com",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| Subscription ID | Defines the registered subscription ID for the Azure Backup service. You can retrieve the subscription ID from the Subscription menu in the Azure portal. |
| Authentication Method | Determines one of the following authentication types:
|
| Azure Management URL | Defines the endpoint that enables you to perform API calls and retrieve the token for authentication. Default: https://management.azure.com |
| Specify Managed Identity Client ID | (Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
| Managed Identity Client ID | (Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
| Azure Login URL | (Service Principal) Defines the Azure Backup authentication endpoint base URL. Default: https://login.microsoftonline.com |
| Tenant ID | (Service Principal) Defines the Azure tenant ID, which represents your organization. |
| Client Secret | (Service Principal) Defines the password associated with the Azure user and the Azure AD application ID. |
| Application ID | (Service Principal) Defines the Azure AD application ID for Azure Backup. The Service Principal must be an Azure Backup workspace user with a Contributor or Owner role. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to Azure Backup before a timeout occurs. Default: 50 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Azure Backup job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Power BI
The following example shows how to define a connection profile for a Power BI job, which enables integration of Power BI workflows with your existing Control-M workflows.
{
"POWERBI": {
"Type": "ConnectionProfile:Power BI",
"Application ID": "77538c66-d7fp-4ca4-8cwa-120ed404fe8c",
"Client Secret": "*****",
"User Name": "user1@Elearningace.onmicrosoft.com",
"Password": "*****",
"Resource Group": "https://analysis.windows.net/powerbi/api",
"API URL": "https://api.powerbi.com/v1.0/myorg/",
"Description": "Power BI connection profile",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Application ID | Defines the application ID of the registered application. |
| Client Secret | Defines the client secret (password) associated with the user and the application. |
| User Name | Defines the name of a user for logging on to the Power BI platform, typically an email address. |
| Password | Defines the password for the specified Power BI user. |
| Resource Group | Defines the URL of the resource group that holds your application: https://analysis.windows.net/powerbi/api |
| API URL | Defines the Azure AD authentication endpoint base URL for Power BI: https://api.powerbi.com/v1.0/myorg/ |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Power BI job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Qlik Cloud
The following example shows how to define a connection profile for a Qlik Cloud job, which enables integration with Qlik Cloud Data Services for data visualization through Qlik Sense.
{
"QLIK_connection": {
"Type": "ConnectionProfile:Qlik Cloud",
"Tenant ID": "******",
"Qlik API URL": "qlikcloud.com/api/v1",
"Region": "sg",
"Connection Timeout": "10",
"API Key": "******",
"Description": "Qlik Cloud connection profile",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Tenant ID | Defines the tenant ID, which is a unit in Qlik Sense that can hold users, apps, and spaces. |
| Qlik API URL | Defines the REST API authentication endpoint base URL for Qlik Cloud. Example: qlikcloud.com/api/v1 |
| Region | Determines the region where the Qlik tenant is located, such as sg for Singapore. |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Qlik Cloud. Default: 10 seconds |
| API Key | Defines a Qlik Cloud API key that authenticates connections to Qlik Cloud, which is generated through the Qlik Cloud profile. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Qlik Cloud job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Tableau
The following example shows how to define a connection profile for a Tableau job, which enables you to visualize, analyze, and share large workloads of data.
{
"TABLEAU_CP": {
"Type": "ConnectionProfile:Tableau",
"Tableau URL": "https://prod-useast-b.online.tableau.com",
"Token Name": "myToken",
"Token Secret": "*****",
"Site Name": "bmctest",
"API Version": "3.19",
"Connection timeout": "50",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Tableau URL | Defines the REST API authentication endpoint base URL for Tableau. |
| Token Name | Defines the Tableau account access key. |
| Token Secret | Defines the Tableau account secret access key. |
| Site Name | Defines the name of the Tableau site where the job executes. |
| API Version | Determines which version of Tableau REST APIs the job executes. Most recent version: 3.19 |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to Tableau before a timeout occurs. Default: 50 |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Tableau job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:PeopleSoft
The following example shows how to define a connection profile for a PeopleSoft job:
{
"PS_CONNECT": {
"Type": "ConnectionProfile:PeopleSoft",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"Centralized": true,
"User": "User_Name",
"Password": "Password",
"DomainPassword": "****",
"PeopleToolsVersion": "8.52",
"ApplicationServers": [
{
"ApplicationServer": "ApplicationServer1",
"JoltPort": "1024"
},
{
"ApplicationServer": "ApplicationServer2",
"JoltPort": "65535"
}
]
}
}| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| User | A valid PeopleSoft user, as defined on PSOPRDEFN This user must have the role(s) to submit and execute processes. |
| Password | Password to connect the specified user to the PeopleSoft server Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| DomainPassword | Password for the PeopleSoft domain (for PeopleTools version 8.51 or later) If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
| PeopleToolsVersion | Version of PeopleTools Valid Values are in the format of <major.minor>, such as 8.48, or 8.52. To determine the exact version, consult with your PeopleSoft administrator. |
| ApplicationServers | Details of the associated PeopleSoft application servers |
| ApplicationServer | Name of a PeopleSoft application server |
| JoltPort | Number of the jolt port on the PeopleSoft application server. Values range from 1024 to 65535. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:Airflow
The following examples show how to define a connection profile for an Airflow Job, which enables you to monitor and manage DAG workflows.
The following example is for a standalone instance of Airflow:
{
"AIRFLOW_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Airflow:Standalone",
"Host": "dba-airflow-12",
"Port": "8080",
"User": "admin",
"Password": "password",
"SecuredConnection": true,
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Host | Defines the Airflow hostname. |
| Port | Defines the Airflow port number of the Airflow web server. |
| User | Defines the username that is used to log in to the Airflow server. |
| Password | Defines the password to log in to the Airflow server. |
| SecuredConnection | Determines whether a secure connection to the Airflow server is established. Values: true|false |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Airflow job requires a centralized connection profile. Set this parameter to true. |
The following example is for a Google Cloud Composer instance of Airflow:
{
"AIRFLOW_GC_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Airflow:GoogleComposer",
"ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"ServiceAccountKeyFilename": "1234.log",
"BaseURL": "http://akjsdlksajdksad",
"TargetAudience": "153767957930-mq2qc9l7p5i8liqvf19d77fku5nrcd1k.apps.googleusercontent.com",
"Centralized": true
}
}
| Parameter | Description |
|---|---|
| ServiceAccountKey | Defines a JSON body that contains the required service account credentials to access the Google Cloud Composer account. |
| ServiceAccountKeyFilename | Defines the name of the file that contains the service account credentials. |
| BaseURL | Defines the Airflow web UI URL in Google Composer. |
| TargetAudience | Defines the JWT (JSON Web Token) audience for the IAP (Identity-Aware Proxy) Google Cloud service. Note: If you do not know the target audience value, define any text value and test the connection profile. The error message indicates the required target audience value. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Airflow job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:WebServices
The following example shows how to define a connection profile for a job to a web service:
{
"WSDL_CONNECT": {
"Type": "ConnectionProfile:WebServices",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ServiceType": "WebServices",
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
"HttpAuthentication": "user1:password@realm1;"
}
}The following example shows how to define a connection profile for a job to a RESTful web service:
{
"WSDL_CONNECT": {
"Type": "ConnectionProfile:WebServices",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ServiceType": "Rest",
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
"HttpAuthentication": "user1:password@realm1;user2:password@realm2",
"LoginUrl": "http://abc.xyz.com/login",
"LoginHeader": "Accept:*/*",
"LoginBody": "{}",
"JobPreset": "@SessionId:@Token"
}
}| Parameter | Description |
|---|---|
| TargetAgent | The Control-M/Agent to which to deploy the connection profile |
| TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
| ServiceType | The type of service to connect with, one of the following:
|
| Location | The location of the Web Service, according to the service type:
|
| HttpAuthentication | Specification for simple text authentication (user password per realm). Optional. Enter a value of the following format: user1:password@realm1;user2:password@realm2 One user per realm only. Separate multiple sets with semicolons. End a single set with a semicolon. |
| LoginUrl | For REST services only: The URL for the login request |
| LoginHeader | (Optional, for REST services only) Any additional HTTP headers that are required in the login request. For each header, use a value of the following format: <name>=<value> For multiple headers, separate name/value pairs with colons. |
| LoginBody | (Optional, for REST services only ) Any text required in the login request body |
| JobPreset | For REST services only: An HTTP header or a parameter to add to each job request, in the HTTP query URL, based on the login returned data. Job Preset is defined in the following format. Use semicolons to separate multiple sets. <name>:<value>;<name>:<value>
|
ConnectionProfile:Web Services REST
The following examples show how to define a connection profile for a Web Services REST job.
Basic Authentication:
{ "REST_BASIC_AUTH": { "Type": "ConnectionProfile:Web Services REST", "Description": "", "Centralized": true, "WebServiceAuthenticationBasic": { "UsePreemptiveAuth": true, "User": "User Name", "Password": "Password" } } }OAuth2 Authentication:
{ "REST_OAUTH2": { "Type": "ConnectionProfile:Web Services REST", "Description": "", "Centralized": true, "WebServiceAuthenticationOauth2": { "Body": [{ "resource": "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" }], "ContentType": "application/x-www-form-urlencoded", "ClientId": "7f477fa3-1a1f-4877-ba80-f39bb563f1b5", "ClientSecret": "****", "ApiUrl": "https://login.microsoftonline.com/tenantId/oauth2/token" } } }AWS Authentication:
{ "REST_AWS": { "Type": "ConnectionProfile:Web Services REST", "Description": "", "Centralized": true, "WebServiceAuthenticationAws": { "CustomServiceName": "batch", "Region": "eu-west-2", "AuthMethodAccessAndSecretKeys": { "AccessKey": "MYAWSACCESSKEY1234", "SecretAccessKey": "myAwsSecret12345" } } } }Google Authentication:
{ "REST_GCP": { "Type": "ConnectionProfile:Web Services REST", "Description": "", "Centralized": true, "WebServiceAuthenticationGoogle": { "TokenType": "Access", "ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\,\"client_id\":\"116650586827623521335\",\"auth_uri\":\https://accounts.google.com/o/oauth2/auth\,\"token_uri\":\https://oauth2.googleapis.com/token\, \"auth_provider_x509_cert_url\":\https://www.googleapis.com/oauth2/v1/certs\,\"client_x509_cert_url\":\https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\}" } } }
The following table describes the Web Services REST connection profile parameters.
| Parameter | Authentication Type | Description |
|---|---|---|
| UsePreemptiveAuth | Basic | Determines whether to use preemptive authentication. Valid Values:
Default: False |
| User |
| Defines the basic authentication username. |
| Password |
| Defines the basic authentication password. |
| Use Basic Authentication | OAuth2 | Determines whether to add basic authentication to the OAuth2 authentication. |
| ApiUrl | OAuth2 | Defines the OAuth2 web service URL. |
| Grant Type | OAuth2 | Determines one of the following OAuth2 grant types, which determine how Web Services REST communicates with the OAuth2 web service:
|
| ClientID | OAuth2 | Defines the user ID associated with the Web Services REST user and application. |
| ClientSecret | OAuth2 | Defines the secret (password) associated with the Web Services REST user and application. |
| Username | OAuth2 | Defines an additional grant type username. |
| Password | OAuth2 | Defines an additional grant type password. |
| ContentType | OAuth2 | Defines the content type. Example: application/x-www-form-urlencoded |
| Headers | OAuth2 | Defines the following Oauth2 header parameters:
You must create one header parameter with the following values:
|
| Body | OAuth2 | (Optional) Defines the following Oauth2 body parameters:
|
| CustomServiceName | AWS | Defines the AWS service that the API accesses. |
| Region | AWS | Defines the region where the AWS jobs are located. Example: eu-west-2 |
| Authentication Method | AWS | Determines one of the following authentication methods:
|
| IAM Role | AWS | Defines the Identity and Access Management (IAM) role for the AWS connection. |
| AccessKey | AWS | Defines the AWS account access key. |
| SecretKey | AWS | Defines the AWS account secret access key. |
| TokenType | Determines one of the following authentication types for GCP Access Control:
| |
| ServiceAccountKey | Defines a service account that is associated with an RSA key pair. | |
| Centralized | All | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Web Services REST job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Web Services SOAP
The following examples show how to define a connection profile for a Web Services SOAP job.
Basic Authentication:
{ "SOAP_BASIC_AUTH": { "Type": "ConnectionProfile:Web Services SOAP", "Description": "", "Centralized": true, "WebServiceAuthenticationBasic": { "UsePreemptiveAuth": true, "User": "User Name", "Password": "Password" } } }No Authentication:
{ "SOAP_NO_AUTH": { "Type": "ConnectionProfile:Web Services SOAP", "Description": "", "Centralized": true } }
| Parameter | Description |
|---|---|
| UsePreemptiveAuth | Determines whether to use preemptive authentication. Valid Values:
Default: False |
| User | Defines the basic authentication username. |
| Password | Defines the basic authentication password. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Web Services SOAP job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:UI Path
The following examples show how to define a connection profile for a UiPath job, which performs robotic process automation (RPA) .
{
"UIPATH_Connect": {
"Type": "ConnectionProfile:UI Path",
"Tenant Url": "devabcdexample/DevDefault",
"Tenant Name": "DevDefaultexample",
"App ID": "caaabc57-v8ad-30e5-ah3b0-25am5jf361c3",
"App Secret": "L!Mh4o#0nv1odf#f",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Tenant Url | UiPath Account Logical Name, a unique URL for your site |
| Tenant Name | The display name of the UiPath tenant |
| App ID | ID of an external application registered in UiPath The specified external application must be assigned the following required Application Scope rights (through the UiPath Orchestrator, Admin > External Applications > Application Scopes):
|
| App Secret | Application secret generated in UiPath for the external application |
| Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to UiPath The default is 30 seconds. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The UI Path job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP DataFlow
The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataflow job, which performs cloud-based data processing for batch and real-time data streaming applications .
{
"GCPDATAFLOW": {
"Type": "ConnectionProfile:GCP DataFlow",
"Identity Type": "service_account",
"DataFlow URL": "https://dataflow.googleapis.com",
"Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Identity Type | Defines one of the following types of authentication to perform using GCP Access Control.
|
| DataFlow URL | Defines the Google Cloud Platform (GCP) authentication endpoint. Required only for Service Account authentication. For example, https://dataflow.googleapis.com |
| Service Account Key | Defines a JSON body that contains the required service account credentials to access GCP. Required only for Service Account authentication. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP Dataflow job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP Dataproc
The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataproc job, which performs cloud-based big data processing and machine learning.
{
"GCPDATAPROC": {
"Type": "ConnectionProfile:GCP Dataproc",
"Identity Type": "service_account",
"Dataproc URL": "https://dataproc.googleapis.com",
"Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
} | Parameter | Description |
|---|---|
| Identity Type | Defines one of the following types of authentication to perform using GCP Access Control.
|
| Dataproc URL | Defines the Google Cloud Platform (GCP) authentication endpoint. Required only for Service Account authentication. For example, https://dataproc.googleapis.com |
| Service Account Key | Defines a JSON body that contains the required service account credentials to access GCP. Required only for Service Account authentication. |
| Connection timeout | Defines a timeout value, in seconds, for the trigger call to the Google Cloud Platform. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP Dataproc job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP BigQuery
The following example shows how to define a connection profile for a GCP BigQuery job for data storage, processing, and analysis.
In this example, authentication is based on a service account.
{
"BIGQSA": {
"Type": "ConnectionProfile:GCP BigQuery",
"Identity Type": "service_account",
"Service Account Key": "*****",
"BigQuery URL": "https://bigquery.googleapis.com",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Identity Type | Determines one of the following authentication types using GCP Access Control:
|
| Service Account Key | (For Service Account) Defines a service account that is associated with an RSA key pair. |
| BigQuery URL | Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery. Default: https://bigquery.googleapis.com |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP BigQuery job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP VM
The following example shows how to define a connection profile for a Google Virtual Machine (VM) job for the integration of Google VM operations into Control-M.
In this example, authentication is based on a service account.
{
"GCPVM": {
"Type": "ConnectionProfile:GCP VM",
"Identity Type": "service_account",
"GCP API URL": "https://compute.googleapis.com/compute",
"Service Account Key": "*****",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Identity Type | Determines one of the following authentication types using GCP Access Control:
|
| GCP API URL | (For Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint. |
| Service Account Key | (For Service Account) Defines a service account that is associated with an RSA key pair. |
| Connection timeout | Determines the number of seconds to wait for the trigger call made by Control-M to GCP before timing out. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP VM job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP Batch
The following example shows how to define a connection profile for a Google Batch job for batch computing workloads on a virtual machine.
In this example, authentication is based on a service account.
{
"GCP_BATCH": {
"Type": "ConnectionProfile:GCP Batch",
"Identity Type": "service_account",
"Batch URL": "https://batch.googleapis.com",
"Service Account Key": "*****",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Identity Type | Determines one of the following authentication types using GCP Access Control:
|
| Batch URL | (For Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint. Default: https://batch.googleapis.com |
| Service Account Key | (For Service Account) Defines a service account that is associated with an RSA key pair. |
| Connection timeout | Determines the number of seconds to wait after Control-M initiates a connection request to GCP Batch before a timeout occurs. Default: 20 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP Batch job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP Functions
The following example shows how to define a connection profile for a Google Functions job, which enables you to develop, test, and run applications in the cloud.
In this example, authentication is based on a service account.
{
"GCPFUNCTIONS": {
"Type": "ConnectionProfile:GCP Functions",
"Identity Type": "service_account",
"GCP API URL": "https://cloudfunctions.googleapis.com",
"Service Account Key": "*****",
"Connection Timeout": "60",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Identity Type | Determines one of the following authentication types using GCP Access Control:
|
| GCP API URL | (Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint. |
| Service Account Key | (Service Account) Defines a service account that is associated with an RSA key pair. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Functions before a timeout occurs. Default: 20 |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP Functions job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP Dataprep
The following example shows how to define a connection profile for a Google Dataprep job, which enables you to visualize, format, and prepare your data for analysis.
{
"GCP_DATAPREP": {
"Type": "ConnectionProfile:GCP Dataprep",
"GCP Dataprep URL": "https://api.clouddataprep.com",
"User Access Token": "*****",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| GCP Dataprep URL | Defines the GCP Dataprep API authentication endpoint. Default: https://api.clouddataprep.com |
| User Access Token | Defines a token that enables you to authenticate Control-M and connect to your GCP Dataprep account. |
| Connection timeout | Determines the number of seconds to wait after Control-M initiates a connection request to GCP Dataprep before a timeout occurs. Default: 30 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The GCP Dataprep job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Boomi
The following example shows how to define a connection profile for a Boomi job, which enables integration of Boomi processes with your existing Control-M workflows.
{
"BOOMICCP": {
"Type": "ConnectionProfile:Boomi",
"AccountId": "*****",
"API Token": "*****",
"End Point": "https://api.boomi.com",
"API Username": "BOOMI_TOKEN.BoomiUsername",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| AccountId | Defines a unique Boomi account ID. |
| API Token | Defines a Boomi API Token of a Boomi user for connection to the Boomi endpoint. |
| End Point | Defines the Boomi API endpoint: https://api.boomi.com |
| API Username | Defines the name of a Boomi user in email format. Default: BOOMI_TOKEN.{Boomi username} Example: BOOMI_TOKEN.user@example.com |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Boomi job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Databricks
The following example shows how to define a connection profile for a Databricks job, which enables integration of jobs created in the Databricks environment with your existing Control-M workflows.
"DATABRICKS": {
"Type": "ConnectionProfile:Databricks",
"Databricks workspace url": "https://dbc-7b944b32-faf0.cloud.databricks.com",
"Databricks personal access token": "*****",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}| Parameter | Description |
|---|---|
| Databricks workspace url | Defines the URL of your Databricks workspace. |
| Databricks personal access token | Defines a Databricks token for authentication of connections to the Databricks workspace. |
| Connection Timeout | A timeout value, in seconds, for the REST calls made to Databricks. Default: 50 seconds |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Databricks job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:DBT
The following example shows how to define a connection profile for a DBT job. DBT (Data Build Tool) is a cloud-based computing platform that enables you to develop, test, schedule, document, and analyze data models.
"DBT_CP": {
"Type": "ConnectionProfile:DBT",
"DBT URL": "https://cloud.getdbt.com",
"DBT Token": "*****",
"Account ID": "123456",
"Connection Timeout": "60",
"Description": "",
"Centralized": true
} | Parameter | Description |
|---|---|
| DBT URL | Defines the DBT authentication endpoint. Default: https://cloud.getdbt.com |
| DBT Token | Defines the authentication code that is used to create a connection to the DBT platform. This is located in the API Access section in the DBT Cloud platform. |
| Account ID | Defines the unique ID that is assigned to your DBT Cloud account. This is located in the Account Info section in the DBT Cloud platform. |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to DBT before a timeout occurs. Default: 60 |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The DBT job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Snowflake
The following example shows how to define a connection profile for a Snowflake job. Snowflake is a cloud computing platform that you can use for data storage, processing, and analysis.
"SNOWFLAKE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Snowflake",
"Account Identifier": "{Account_ID}",
"Region": "us-east-1",
"Client ID": "DuHj****************",
"Client Secret": "*****",
"Refresh Token": "ver%******************",
"Redirect URI": "https%****************",
"Description": "",
"Centralized": true
}| Parameter | Description |
|---|---|
| Account Identifier | Defines the Snowflake account identifier. To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties. For more information about obtaining values for the parameters required by the connection profile, see Setting Up a Snowflake API Connection. |
| Region | Determines the region where the Snowflake jobs are located. Example: us-east-1 |
| Client ID | Defines the client ID assigned to the account in the Snowflake integration setup. |
| Client Secret | Defines the client secret assigned to the account in the Snowflake integration setup. |
| Refresh Token | Defines the value for the refresh token. This string must be URL-encoded. |
| Redirect URI | Defines the redirect URI assigned to the account in the Snowflake integration setup. This string must be URL-encoded. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Snowflake job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Talend Data Management
The following example shows how to define a connection profile for a Talend job, for data management and integration.
"TALENDDATA": {
"Type": "ConnectionProfile:Talend Data Management",
"API URL": "https://api.eu.cloud.talend.com/tmc/v2.6",
"Region": "eu",
"Personal access token authorization": "*****",
"Description": "Talend Data Management",
"Centralized": true
}| Parameter | Description |
|---|---|
| API URL | Defines the authentication endpoint base URL for the Talend Cloud Management Console: https://api.{{Region}.cloud.talend.com/tmc/v2.6 Where {{Region}} can be one of the following:
|
| Region | Determines the location of the AWS user, as it appears in the API URL. |
| Personal access token authentication | Defines a Talend token for authentication of connections to Talend. You generate this token through your Talend profile. |
| Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Talend job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Automation Anywhere
The following example shows how to define a connection profile for an Automation Anywhere job, which performs robotic process automation (RPA) .
{
"AA_CON": {
"Type": "ConnectionProfile:Automation Anywhere",
"Host": "https://trial.cloud.automationanywhere.digital",
"User Name": "JohnSmith@abc.onmicrosoft.com",
"Password": "*****",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Host | Defines the Control Room URL. |
| User Name | Defines the Automation Anywhere user name. |
| Password | Defines the Automation Anywhere user password. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Automation Anywhere job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:TRIFACTA
The following example shows how to define a connection profile for a Trifacta job, for data processing.
{
" TRIFACTA": {
"Type": "ConnectionProfile:TRIFACTA",
"Trifacta URL": "https://cloud.trifacta.com",
"User Name": "User Name",
"Password": "Password",
"Connection Timeout": "10",
"Description": " ",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Trifacta URL | Defines the Trifacta authentication endpoint. Default: https://cloud.trifacta.com |
| User Name | Defines the registered user name or email address for your Trifacta account. |
| Password | Defines the password for the Trifacta user. |
| Connection Timeout | Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to Trifacta. Default: 10 seconds |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Trifacta job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Micro Focus Windows and ConnectionProfile:Micro Focus Linux
The following examples show how to define a connection profile for a Micro Focus job, for mainframe modernization.
The following connection profile is for Micro Focus on Windows:
{
"MICROFWINDOWS": {
"Type": "ConnectionProfile:Micro Focus Windows",
"MFBSI Directory Path": "C:\\MicroFocus\\ES\\mfbsi\\ESBMC",
"MFBSI Config Path": "C:\\Workspace\\system\\config\\MFBSI.cfg",
"Runtime Environment": "\"C:\\Program Files (x86)\\Micro Focus\\Enterprise Developer\\createenv.bat\"",
"Additional Micro Focus Settings Script": "C:\\MicroFocus\\ES\mfbsi\\ESBMC\\settings\\options.bat",
"Run As": "microuser",
"Password": "*****",
"Description": "Centralized Connection Profile for Micro Focus Windows",
"Centralized": true
}
}The following connection profile is for Micro Focus on UNIX or Linux:
{
"MICROFLINUX": {
"Type": "ConnectionProfile:Micro Focus Linux",
"MFBSI Directory Path": "/home/esuser/ES/mfbsi/ESBMC1",
"MFBSI Config Path": "/home/user/config/mfbsi.cfg",
"Runtime Environment": ". /opt/microfocus/EnterpriseDeveloper/bin/cobsetenv",
"Additional Micro Focus Settings Script": "/home/esuser/bmc/configuration/mfexports.sh",
"Run As": "microuser",
"Password": "*****",
"Description": "Centralised Connection Profile for Micro Focus Linux",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| MFBSI Directory Path | Defines the directory path of the Micro Focus Batch Scheduler Integration (MFBSI) configuration file. The temporary files JOBnnnnn.Sem and JobId.Log are stored here. This folder must be accessible for the Micro Focus Batch Scheduler Integration JCL (MFBSIJCL) file to run. |
| MFBSI Config Path | Defines the file path of the MFBSI configuration file. |
| Runtime Environment | Defines the path of the runtime environment, as follows:
|
| Additional Micro Focus Settings Script | (Optional) Defines the path to a script file that contains additional variables for the job. The variables in the script file are defined in the following format:
|
| Run As | (Optional) Defines the user that runs the job. |
| Password | (Optional) Defines the password of the user that runs the job. |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The MicroFocus job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Communication Suite
The following example shows how to define a connection profile for a Communication Suite job, which enables you to automate business messaging and communication over Microsoft Teams, Slack, Telegram, and WhatsApp.
{
"COMM_SUITE": {
"Type": "ConnectionProfile: Communication Suite",
"Microsoft Teams Webhook URL": "https://x3dmj.webhook.office.com/webhookb2/5dbb288-138d-428d-ade7-478f727d93f3@edc0dae-4a7f-ac1e-91cb8a656e/IncomingWebhook/ba207b3181d9ede7c9ad1251141/05f0a54e-cec1-4df4-893b-8e61d84516a"
"Slack Webhook URL": "https://hooks.slack.com/services/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",
"Telegram URL": "https://api.telegram.org/bot",
"Telegram Bot Token": "*****",
"Telegram Chat ID": "207397578157",
"WhatsApp URL": "https://graph.facebook.com/Version/PhoneNumberID/messages",
"WhatsApp Business ID": "142913904062636",
"Phone Number ID": "790951673835859",
"Recipient Phone Number": "17185551212",
"User Access Token": "*****",
"Version": "v15.0",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Microsoft Teams Webhook URL | Defines an incoming webhook, which enables Control-M to communicate over Microsoft Teams channels. You must create this webhook in Teams before you can add it to the connection profile. |
| Slack Webhook URL | Defines an incoming webhook, which enables Control-M to communicate over Slack channels. You must create this webhook in Slack before you can add it to the connection profile. |
| Telegram URL | Determines the authentication endpoint for Telegram, which enables Control-M to connect to a Telegram bot. Default: https://api.telegram.org/bot |
| Telegram Bot Token | Defines a password that is used to authenticate Control-M, which enables you to access and communicate with a Telegram bot. You must create this bot in Telegram before you can add it to the connection profile. |
| Telegram Chat ID | Defines a unique identifier that is assigned to a specific chat conversation in Telegram, which enables you to communicate through a bot in this chat conversation. |
| WhatsApp URL | Determines the authentication endpoint for WhatsApp, which enables Control-M to connect to WhatsApp. Format: https://graph.facebook.com/<Version>/<PhoneNumberId>/messages |
| WhatsApp Business ID | Defines the unique ID that is associated with your WhatsApp business account. This enables Control-M to communicate over WhatsApp with customers who are connected to this account. You must create a WhatsApp business account before you can add it to the connection profile. |
| Phone Number ID | Defines a unique ID that is associated with the WhatsApp user. |
| Recipient Phone Number | Defines the country code and phone number of the WhatsApp user. |
| User Access Token | Defines a password that is used to authenticate Control-M, which enables you to access your WhatsApp Business API and perform actions with this account. |
| Version | Defines the WhatsApp API version number. Default: v15.0 |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to Communication Suite before a timeout occurs. Default: 30 seconds |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Communication Suite job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Kubernetes
The following example shows how to define a connection profile for a Kubernetes job, which enables you to run a pod to completion in a Kubernetes-based cluster.
{
"KBN_CCP": {
"Type": "ConnectionProfile:Kubernetes",
"Description": "Profile for agent running in the Kubernetes cluster",
"Namespace": "jobspace",
"Kubernetes Cluster URL": "https://kubernetes.default.svc",
"Service Token File": "/var/run/secrets/kubernetes.io/serviceaccount/token",
"Connection Timeout": "20",
"Centralized": true
}
}| Parameter | Description |
|---|---|
| Namespace | Defines the name of the Kubernetes namespace. |
| Kubernetes Cluster URL | Defines the URL for the connection to the Kubernetes cluster. Default: https://kubernetes.default.svc |
| Service Token File | Defines the path to the token file for the connection to Kubernetes. Default: /var/run/secrets/kubernetes.io/serviceaccount/token |
| Connection Timeout | Determines the number of seconds to wait after Control-M initiates a connection request to Kubernetes before a timeout occurs. Default: 20 seconds |
| Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents. Values: true|false Default: false The Kubernetes job requires a centralized connection profile. Set this parameter to true. |
Comments
Log in or register to comment.