New Documentation

   

Control-M Automation API Documentation has moved to a new location, with a new design to enhance ease of use.

Connection Profiles

Connection profiles are used to define access methods and security credentials for a specific application. They can be referenced by multiple jobs. To do this, you must deploy the connection profile definition before running the relevant jobs. 

Note: For most types of connection profiles (except for File Transfer connection profiles), the name of the connection profile can contain only the following types of characters: uppercase letters, numbers, hyphens, and underscores. The connection profile name can contain up to 30 characters.

ConnectionProfile:Hadoop

These examples show how to use connection profiles for the various types of Hadoop jobs.

Hadoop (all types)

These are the required parameters for all Hadoop job types.

{
  "HADOOP_CONNECTION_PROFILE":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost"
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

 These are the optional parameters for defining the user running the Hadoop job types and choosing between a local or centralized connection profile.

{
  "HADOOP_CONNECTION_PROFILE":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
	"TargetCTM" : "CTMHost",
    "RunAs": "",
    "KeyTabPath":"",
    "Centralized":true
  }
}
RunAs

Defines the user of the account on which to run Hadoop jobs.

Leave this field empty to run Hadoop jobs using the user account where the agent was installed.

The Control-M/Agent must run as root, if you define a specific RunAs user.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

In the case of Kerberos security, the following parameters control security:

RunAs

Principal name of the user

KeyTabPathKeytab file path for the target user

Apache Spark

The following example shows a connection profile that defines access to a Spark server.

{
 "SPARK_CONNECTION_PROFILE" :
 {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "docker-hadoop5",
    "Spark" :
    {
      "CustomPath" : "/home"
    }
  }
}

The CustomPath parameter is optional.

Apache Oozie

 The following example shows a connection profile that defines access to an Oozie server.

{
 "OOZIE_CONNECTION_PROFILE" :
 {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "hdp-ubuntu",
    "Centralized" : false,
    "Oozie" :
    {
      "SslEnabled"     : false,
      "Host" : "hdp-centos",
      "Port" : "11000",
      "ExtractionRules": [
      {
        "RuleName" : "rule_name1",
        "WorkFlowName" : "work_flow_name1",
        "WorkFlowUserName" : "work_flow_user_name1",
        "FolderName" : "folder_name1",
        "JobName" : "job_name1"
       },
      {
        "RuleName" : "rule_name2",
        "WorkFlowName" : "work_flow_name2",
        "WorkFlowUserName" : "work_flow_user_name2",
        "FolderName" : "folder_name2",
        "JobName" : "job_name2"
       }
      ]
   }
 }
}
ParameterDescription
HostOozie server host
Port

Oozie server port

Default: 11000

SslEnabled

true | false

Default: false

ExtractionRules

9.0.20.010(Optional) Definitions of rules for filtering Oozie workflows. Each rule has the following definitions:

   RuleNameName of the rule
   WorkFlowNameName of the Oozie workflow to get from the Oozie server
   WorkFlowUserNameName of the user that runs the workflows from the Oozie server
   FolderNameName of the folder that contains the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template
   JobNameName of the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template

Apache Sqoop

The following example shows a connection profile that defines a Sqoop data source and access credentials.

{
  "SQOOP_CONNECTION_PROFILE" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Centralized" : false,
    "Sqoop" :
    {
      "User"     : "username",
      "Password" : "userpassword",
      "ConnectionString" : "jdbc:mysql://mysql.server/database",
      "DriverClass" : "com.mysql.jdbc.Driver"
    }
  }
}

The following table describes the parameters in the example above, as well as several additional optional parameters:

ParameterDescription
UserThe database user connected to the Sqoop server
Password

A password for the specified user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionStringJDBC-compliant database: The connection string used to connect to the database
DriverClassJDBC-compliant database: The driver class for the driver .jar file, which indicates the entry-point to the driver

PasswordFile

(Optional) The full path to a file located on the HDFS that contains the password to the database

Note: To use a JCEKS file, include the .jceks file extension.

DatabaseVendor

(Optional) The database vendor of an automatically supported database used with Sqoop, one of the following:

  • MySQL
  • Oracle (SID)
  • Oracle (Service Name)
  • PostgreSQL
DatabaseName(Optional) Name of an automatically supported database used with Sqoop
DatabaseHost(Optional) The host server of an automatically supported database used with Sqoop
DatabasePort(Optional) The port number for an automatically supported database used with Sqoop

Apache Tajo

The following example shows a connection profile that defines access to a Tajo server. Tajo is an advanced data warehousing system on top of HDFS.

{
  "TAJO_CP" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "Tajo":
    {
      "BinaryPath": "$TAJO_HOME/bin/",
      "DatabaseName": "myTajoDB",
      "MasterServerName" : "myTajoServer",
      "MasterServerPort": "26001"
    }
  }
}
ParameterDescription
BinaryPathPath to the bin directory where tsql utility is located
DatabaseNameName of the Tajo database
MasterServerNameHost name of the server where the Tajo master is running
MasterServerPortTajo master port number

Apache Hive

The following example shows a connection profile that defines a Hive beeline endpoint and access credentials. The parameters in the example translate to this beeline command: 

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>

{
  "HIVE_CONNECTION_PROFILE" :
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Hive" :
    {
       "Host" : "hive_host_name",
       "Port" : "10000",
       "DatabaseName" : "hive_database",
    }
  }
}

The following shows how to use optional parameters for a Hadoop Hive job type connection profile. 

The parameters in the example translate to this beeline command:  

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>;principal=<Principal> -n <User> -p <Password> 

{
  "HIVE_CONNECTION_PROFILE1":
  {
    "Type" : "ConnectionProfile:Hadoop",
    "TargetAgent" : "edgenode",
    "TargetCTM" : "CTMHost",
    "Centralized" : true,
    "Hive" :
    {
       "Host" : "hive_host_name",
       "Port" : "10000",
       "DatabaseName" : "hive_database",
       "User" : "user_name",
       "Password" : "user_password",
       "Principal" : "Server_Principal_of_HiveServer2@Realm"
    }
  }
}

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Back to top

ConnectionProfile:FileTransfer 

Connection profiles for File Transfers are available for the following types of target servers and communication protocols:

For FTP, SFTP, FTPS, and Local filesystem transfers, you can choose between the following types of connection profiles, depending on the number of hosts for which the connection profile contains connection details:

  • Single endpoint: Each connection profile contains the connection details of a single host. Such a connection profile can be used for either the source host or the destination host in a file transfer.
  • Dual endpoint: The connection profile contains connection details of two hosts, both the source host and the destination host, in a file transfer.

You can also create group connection profiles for file transfers, which enable you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

ConnectionProfile:FileTransfer:FTP

The following examples show a connection profile for a file transfer to a single endpoint using the FTP communication protocol.

Simple ConnectionProfile:FileTransfer:FTP

{
 "FTPConn" : {
   "Type" : "ConnectionProfile:FileTransfer:FTP",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "FTPServer",
   "User" : "FTPUser",
   "Password" : "ftp password",
 }
}

ConnectionProfile:FileTransfer:FTP with optional parameters

{
 "FTPConn" : {
   "Type" : "ConnectionProfile:FileTransfer:FTP",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "WorkloadAutomationUsers":["john","bob"],
   "HostName": "FTPServer",
   "Port": "21",
   "User" : "FTPUser",
   "Password" : "ftp password",
   "HomeDirectory": "/home/FTPUser",
   "OsType": "Unix",
   "Centralized" : false,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTP server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTP server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
ConnectionMode

(Optional) Set the FTP client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:SFTP

The following examples show a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol. 

Simple ConnectionProfile:FileTransfer:SFTP

{
 "sFTPconn": {
   "Type": "ConnectionProfile:FileTransfer:SFTP",
   "TargetAgent": "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "SFTPServer",
   "Port": "22",
   "User" : "SFTPUser",
   "Password" : "sftp password"
 }
}

ConnectionProfile:FileTransfer:SFTP with optional parameters

{
 "sFTPconn": {
   "Type": "ConnectionProfile:FileTransfer:SFTP",
   "TargetAgent": "AgentHost",
   "TargetCTM" : "CTMHost",
   "HostName": "SFTPServer",
   "Port": "22",
   "User" : "SFTPUser",
   "HomeDirectory": "/home/SFTPUser",  
   "PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
   "Passphrase": "passphrase",
   "SSHCompression": true,
   "Centralized" : true,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}
TargetAgentWhich agent computer to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

PrivateKeyName

(Optional) Private key full file path

Passphrase

(Optional) Password for the private key. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Password

(Optional) Password for SFTP Server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
SSHCompression

(Optional) Whether to compress the file before the transfer.

true | false

Default: false

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:FTPS

The following example shows a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.

{
 "FTPSConn": {
    "Type": "ConnectionProfile:FileTransfer:FTPS",
    "HomeDirectory": "/var/home",
    "TargetAgent": "sqa",
    "TargetCTM": "LocalControlM",
    "HostName" : "localhost",
    "User" : "controlm",
    "Password": "ftps_pass",
    "Port": "10021",
    "SSLImplicit": false,
    "ClearDataChannel": true,
    "SSLLevel": "ClientServerAuthentication",
    "ClearCommandChannel": true,
    "Centralized" : true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTPS server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTPS server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory(Optional) User home directory
ConnectionMode

(Optional) Set the FTPS client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

SSLImplicit

Whether to automatically create an SSL connection to the FTPS server (Default port 990).

In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS).

true (implicit connection) | false (explicit connection)

Default: false

ClearDataChannel

Whether to encrypt the connection process while files are transferred without encryption.

This option is useful if you want your login information encrypted and your files transferred without encryption.

true | false

Default: true

SSLLevel

The SSL security level, one of the following:

  • NoAuthentication — low security level; client certificate not sent (the default)
  • ServerAuthentication — moderate security level; client certificate not sent
  • ClientServerAuthentication — high security level; client certificate sent
ClearCommandChannel

Whether to set the transmission mode from encrypted mode to clear text mode.

You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:AS2

The following examples show connection profiles for file transfers from a local filesystem to an AS2 server using the AS2 protocol.

Note: File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.

Simple ConnectionProfile:FileTransfer:AS2

{
  "AS2_Conn_1": {
    "Type": "ConnectionProfile:FileTransfer:AS2",
    "TargetCTM": "LocalControlM",
    "TargetAgent": "sqa",
    "WorkloadAutomationUsers": [
      "noAi"
    ],
    "PartnerAS2Id": "partner-as2-id",
    "PartnerDestinationUrl": "sqa",
    "PartnerCertificateAlias": "partnerCertAlias",
    "HostName": "sqa",
    "Password": "*****"
  }
}

ConnectionProfile:FileTransfer:AS2 with optional parameters

{
  "AS2_Conn_2": {
    "Type": "ConnectionProfile:FileTransfer:AS2",
    "TargetCTM": "LocalControlM",
    "TargetAgent": "sqa",
    "Centralized": true,
    "WorkloadAutomationUsers": [
      "em_user1"
    ],
    "PartnerAS2Id": "partner-as2-id",
    "PartnerDestinationUrl": "sqa",
    "PartnerCertificateAlias": "partnerCertAlias",
    "HostName": "sqa",
    "Password": "*****",
    "AsyncMdnTimeout": "18120000",
    "User": "basicUser",
    "SendMessageTimeout": "301000",
    "CompressMessage": true,
    "SignMessageParameters": {
      "SignMessage": false,
      "SignatureAlgorithm": "RSA with SHA-384"
    },
    "EncryptMessageParameters": {
      "EncryptMessage": false,
      "EncryptionAlgorithm": "tripleDES (DES EDE3)"
    },
    "RequestReceiptParameters": {
      "RequestReceipt": false,
      "Mode": "Asynchronous",
      "Sign": "Unsigned"
    },
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
} 

This connection profile has the following parameters:

TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
PartnerAS2IdThe logical name of the remote AS2 server
PartnerDestinationUrlThe URL of the AS2 server
PartnerCertificateAliasThe alias of the partner certificate that is stored in the AS2 keystore
Password

(Optional) The password of the HTTP request for the AS2 message. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

AsyncMdnTimeout

(Optional) The number of minutes to wait for the AS2 server to send the receipt before a timeout occurs

The default is 18000000 minutes.

UserThe username of the HTTP request for the AS2 message
SendMessageTimeout

(Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs

The default is 300000 seconds (5000 hours).

CompressMessage

Whether to compress the AS2 message when sent, either true or false

The default is false.

SignMessageParameters
    SignMessage

Whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm, either true or false

The default is true.

    SignatureAlgorithm

The algorithm to use for signing the AS2 message, one of the following options:

  • RSA with SHA-1
  • RSA with SHA-224
  • RSA with SHA-256
  • RSA with SHA-384
  • RSA with SHA-512
  • RSA with MD5

The default is RSA with SHA-1.

EncryptMessageParameters
    EncryptMessage

Whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm, either true or false

The default is true.

    EncryptionAlgorithm

The algorithm to use for encryption of the AS2 message, one of the following options:

  • CAST5_CBC
  • IDEA_CBC
  • RC2_CBC
  • tripleDES (DES EDE3)
  • AES128_CBC
  • AES192_CBC
  • AES256_CBC

The default is CAST5_CBC.

RequestReceiptParameters
    RequestReceipt

Whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed, either true or false

The default is true.

    Mode

The mode for receiving the MDN receipt, either Asynchronous or Synchronous

The default is Synchronous.

    Sign

The type of MDN receipt to receive, either Signed or Unsigned

The default is Signed.

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: false

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:Local

The following example shows a connection profile for a file transfer to a single endpoint on a Local File System. 

{
 "LocalConn" : {
   "Type" : "ConnectionProfile:FileTransfer:Local",
   "TargetAgent" : "AgentHost",
   "TargetCTM" : "CTMHost",
   "User" : "controlm",
   "Password" : "local password",
   "Centralized" : true,
   "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}
TargetAgentThe Control-M/Agent to which to deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. 
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) Local server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for local account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Amazon

The following example shows a connection profile for file transfers to or from an Amazon S3 storage service.

{
  "testAmazon": {
    "Type": "ConnectionProfile:FileTransfer:S3:Amazon",
    "Region": "us-west-2",
    "AccessKey": "mykey",
    "SecretAccessKey": "mysecret", 
    "VerifyDestination": true,
    "TargetAgent": "sqa",
    "Centralized": true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
 }
}

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to deploy the connection profile.
Region

The region in which the Amazon S3 storage bucket is located.

Specify one of the following regions:

  • us-gov-west-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • cn-north-1
  • cn-northeast-1
AccessKeyThe access key to the Amazon S3 storage.
SecretAccessKey

The secret access key to the Amazon S3 storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Compatible

The following example shows a connection profile for file transfers to or from an S3-compatible storage service.

{
  "testCompatible": {
    "Type": "ConnectionProfile:FileTransfer:S3:Compatible",
    "RestEndPoint": "api.com",
    "AccessKey": "mykey",
    "SecretAccessKey": "mysecret",
    "VerifyDestination": true,            
    "TargetAgent": "sqa",
    "Centralized": true,
    "AdditionalParameters": [
      {
        "Name": "param1",
        "Value": "1"
      },
      {
        "Name": "param2",
        "Value": "2"
      }
    ]
  }
}

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
RestEndPointThe network address where the S3 Compatible Storage is located.
AccessKeyThe access key to the S3 Compatible storage.
SecretAccessKey

The secret access key to the S3 Compatible storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.
AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

{
   "PRIVATE_LINK_AMAZON_CP": {
      "Type": "ConnectionProfile:FileTransfer:S3:AWSPrivateLink",
      "Region": "us-west-2",
      "AccessKey": "f392vvrf353422dsfvsd5b",
      "SecretAccessKey": "JXq5+dfsux71t3wee+PdQ2bzGOFpddfsdf",
      "VerifyDestination": true, 
      "RestEndPoint": "apicom",
      "TargetCTM": "CTMHost",
      "TargetAgent": "web",
	  "Centralized": true
   }
}

The following example shows a connection profile for file transfers to or from an AWS PrivateLink for Amazon S3, for storage that resides in the virtual private cloud (VPC) endpoint.

This connection profile has the following parameters:

Region

Determines the region in which the Amazon S3 storage bucket is located:

  • us-gov-west-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • cn-north-1
  • cn-northeast-1
AccessKeyDefines the access key to the Amazon S3 storage.
SecretAccessKey

Defines the secret access key to the Amazon S3 storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

RestEndPointDefines the network address where the Amazon S3 storage is located.
TargetCTM

Defines the Control-M/Server to which to deploy the connection profile.

If there is only one Control-M/Server, that is the default.

TargetAgentDefines the Control-M/Agent to which to deploy the connection profile.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:SharedKey

The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using an access key:

{
   "AZURE_CCP1": {
      "Type": "ConnectionProfile:FileTransfer:Azure:SharedKey",
      "AzureAccountName": "mftdevstorage",
      "AzureAccountAccessKey": "44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureAccountAccessKeyDefines the account access key that is used to connect to Azure.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:ConnectionString

The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using a full connection string:

{
   "AZURE_CCP2": {
      "Type": "ConnectionProfile:FileTransfer:Azure:ConnectionString",
      "AzureAccountName": "mftdevstorage",
      "AzureAccountConnectionString": "DefaultEndpointsProtocol=https;AccountName=mftdevstorage;AccountKey=44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==;EndpointSuffix=core.windows.net",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureAccountConnectionStringDefines the entire connection string used to connect to Azure.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdUserPass

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).

{
   "AZURE_CCP3": {
      "Type": "ConnectionProfile:FileTransfer:Azure:AdUserPass",
      "AzureAccountName": "mftdevstorage",
      "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
      "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
      "AzureUserNameAD": "john@mftteamoutlook.onmicrosoft.com",
      "AzureUserPasswordAD": "Abcxyz1234!",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureTenantIdDefines the ID of the Azure Active Directory instance where your application is located.
AzureClientIdDefines the ID of your application in Azure Active Directory.
AzureUserNameADDefines the name of the Azure AD user to use for authentication.
AzureUserPasswordADDefines the password of the Azure AD user.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdClientSecret

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.

{
   "AZURE_CCP4": {
      "Type": "ConnectionProfile:FileTransfer:Azure:AdClientSecret",
      "AzureAccountName": "mftdevstorage",
      "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
      "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
      "AzureClientSecret": "rbyHyYH7~pg0fs1pRNMEPuJG-Y.t_fE8yt",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureTenantIdDefines the ID of the Azure Active Directory instance where your application is located.
AzureClientIdDefines the ID of your application in Azure Active Directory.
AzureClientSecretDefines the name of the application secret.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdCertificate

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.

{
   "AZURE_CCP5": {
      "Type": "ConnectionProfile:FileTransfer:Azure:AdCertificate",
      "AzureAccountName": "mftdevstorage",
      "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
      "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
      "AzureClientCertificateFormat": "PFX",
      "AzureClientCertificatePath": "C:\\as2_keystore.pfx",
      "AzureClientCertificatePassword": "password",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureTenantIdDefines the ID of the Azure Active Directory instance where your application is located.
AzureClientIdDefines the ID of your application in Azure Active Directory.
AzureClientCertificateFormatDetermines whether to use PEM or PFX as the certificate file.
AzureClientCertificatePathDefines the location of the certificate file.
AzureClientCertificatePasswordDefines the password of the certificate.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:SharedAccessSignature

The following example shows a connection profile for file transfers to or from an Azure Storage service using a Shared Access Signature (SAS), which delegates access with specific permissions over a limited time interval.

{
   "AZURE_CCP6": {
      "Type": "ConnectionProfile:FileTransfer:Azure:SharedAccessSignature",
      "AzureAccountName": "mftdevstorage",
      "AzureAccountSaSToken": "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2022-06-21T16:47:01Z&st=2021-02-10T09:47:01Z&spr=https&sig=YK8ilBPZW2EzKPpfd2SBBrokZQdwepCca4igKJwP0YM%5D",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureAccountSaSTokenDefines the SAS token that is created for Azure limited access.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:ManagedIdentity

The following example shows a connection profile for file transfers to or from an Azure Storage service using a predefined Managed Identity that does not require credentials.

You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.

{
   "AZURE_CCP7": {
      "Type": "ConnectionProfile:FileTransfer:Azure:ManagedIdentity",
      "AzureAccountName": "mftdevstorage",
      "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
      "Centralized": true
   }
}

This connection profile has the following parameters:

AzureAccountNameDefines the name of the Azure Storage account.
AzureTenantIdDefines the ID of the Azure Active Directory instance where your application is located.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:GCS

The following example shows a connection profile for file transfers to or from a Google Cloud Storage (GCS) service:

{
   "GCS_CCP1": {
      "Type": "ConnectionProfile:FileTransfer:GCS",
      "GCSServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
      "GCSServiceAccountKeyFileName": "john.json",
      "Centralized": true
   }
}

This connection profile has the following parameters:

GCSServiceAccountKeyDefines a JSON body that contains the required service account credentials to access the Google Cloud Storage account.
GCSServiceAccountKeyFileNameDefines the name of the file that contains the service account credentials.
Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Oracle

The following example shows a connection profile for file transfers to or from an Oracle Object Storage service.

Note: This feature requires Control-M/Enterprise Manager version 9.0.21.100 and Control-M MFT Enterprise B2B version 9.0.21.100.

{
   "ORACLE_CCP1": {
      "Type": "ConnectionProfile:FileTransfer:Oracle",
      "OracleUserId": "ocid1.user.oc1..aaaaaaaaxs7s4xb6mbyvgwkypgcbopm3rexus3vjaiw4zlzbumlxt6blnckq",
      "OracleUserPublicKeyFingerprint": "ae:07:4e:c6:43:17:12:73:0a:70:ed:c7:21:ea:5c:f3",
      "OracleTenancyId": "ocid1.tenancy.oc1..aaaaaaaa5rdw3z2pk23454goj5xeftltlbofnp6moccpe6vtdxa7pp3r7bba",
      "OracleUserPrivateKey": "-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----",
      "OracleUserPrivateKeyFileName": "john.pem",
      "OracleUserPrivateKeyPassphrase": "",
      "OracleRegion": "il-jerusalem-1",
      "OracleNamespace": "axeictwdjfly",
      "OracleCompartmentId": "ocid1.tenancy.oc1..aaaaaaaa5rdw3z2pk23454goj5xeftltlbofnp6moccpe6vtdxa7pp3r7bba",
      "Centralized": true
   }
}

This connection profile has the following parameters:

OracleUserIdDefines the user ID that connects to Oracle Object Storage.
OracleUserPublicKeyFingerprintDetermines the API public key fingerprint.
OracleTenancyIdDefines the OCID of your Tenancy, which is a secure and isolated partition in Oracle Object Storage.
OracleUserPrivateKeyDetermines the RSA private key in PEM format. After you generate an API Signing Key pair from the OCI Console, you must download the private key to your file system.
OracleUserPrivateKeyFileNameDefines the name of the file that contains the private key.
OracleUserPrivateKeyPassphrase(Optional) Determines the private key passphrase.
OracleRegionDetermines the default region to perform the Oracle Object Storage requests. For better performance, select the region where the bucket is located.
OracleNamespace

Determines the Object Storage Namespace, which is the top level container for all buckets and objects.

At account creation time, each Oracle Cloud Infrastructure tenant is assigned one unique system-generated and immutable Object Storage namespace name.

OracleCompartmentId

Determines the Compartment ID, which is a collection of related cloud resources.

By default, your tenancy ID acts as the root compartment.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.
The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:DualEndPoint

In a dual-endpoint connection profile, you specify connection details for the source host and for the destaination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.

The following example shows a dual-endpoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol.

{
 "DualEpConn" : {
	"Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
	"WorkloadAutomationUsers" : [ "em_user1" ],
	"TargetAgent" : "AgentHost",
    "Centralized" : false,
	"src_endpoint" : {
		"Type" : "Endpoint:Src:FTP",
		"User" : "controlm",
 		"Port" : "10023",
		"HostName" : "localhost",
		"Password" : "password",
		"HomeDirectory" : "/home/controlm/"
	},
	"dest_endpoint" : {
		"Type" : "Endpoint:Dest:SFTP",
		"User" : "controlm",
		"Port" : "10023",
		"HostName" : "host2",
		"Password" : "password",
		"HomeDirectory" : "/home/controlm/"
	}
  }
}

The dual-endpoint connection profile can have the following parameters:

TargetAgentThe Control-M/Agent to which to  deploy the connection profile.
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

Endpoint

Two endpoint objects, one for the source host and one for the destaination host. Each endpoint can be based on FTP, SFTP, FTPS or local file system.

Here are all the possible types of Endpoint objects:

  • Endpoint:Src:FTP
  • Endpoint:Src:SFTP
  • Endpoint:Src:FTPS

  • Endpoint:Src:Local
  • Endpoint:Dest:FTP
  • Endpoint:Dest:SFTP
  • Endpoint:Dest:FTPS
  • Endpoint:Dest:Local

Parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection:

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Group

9.0.20.015The following example shows a group connection profile, which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

{
  "GROUP_CP": {
    "Type": "ConnectionProfile:FileTransfer:Group",
    "TargetAgent": "docker_aft_app_centos1",
    "GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"],
    "WorkloadAutomationUsers":["john","bob"] 
  }

This connection profile has the following parameters:

TargetAgentThe Control-M/Agent to which to deploy the connection profile.
GroupAccountsA list of file transfer connection profiles included in the group
WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

Back to top

ConnectionProfile:Database

The connection profile for database allows you to connect to the following database types:

ConnectionProfile:Database:DB2

The following example shows how to define a connection profile for DB2:

{
  "DB2_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:DB2",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "DB2Host",
    "Port":"50000",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "db2"
  }
} 

The following table describes the parameters in the example above, as well as several additional optional parameters:

ParameterDescription
Port

The database port number.

If the port is not specified, the following default values are used for each database type:

  • MSSQL - 1433
  • Oracle - 1521
  • DB2 - 50000
  • Sybase - 4100
  • PostgreSQL - 5432
Password

Password to the database account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DatabaseNameThe name of the database
DatabaseVersion

The version of the database.

For a list of databases and versions supported by your version of Control-M for Databases, open the Product Availability & Compatibility page at https://customerapps.bmc.com/spac/o/welcome.html. In the Product Name field enter Control-M for Databases, and in the Product Version field select the relevant version.

The default version for each database is the earliest version that is supported.

MaxConcurrentConnections

The maximum number of connections that the database can process at the same time.

Allowed values: 1–512
Default value: 100

ConnectionRetryTimeOut

The number of seconds to wait before attempting to connect again.

Allowed values: 1–300
Default value: 5 seconds

ConnectionIdleTime

The number of seconds that the database connection profile can remain idle before disconnecting.

Default value: 300 seconds

ConnectionRetryNum

The number of times to attempt to reconnect after a connection failure.

Allowed values: 1–24
Default value: 5

ConnectionProfile:Database:JDBC

The following example shows how to define a connection profile using a custom defined database type created using JDBC. Parameters are described in the table above.

{
	"JDBC_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:JDBC",
		"User":"db user",
		"TargetCTM":"CTMHost",
		"Host": "PGSQLHost",
		"Driver":"PGDRV",
		"Port":"5432",
		"TargetAgent": "AgentHost",
		"Password": "db password",
		"DatabaseName":"dbname"
	}
}

The following parameter is unique to JDBC connection profiles:

ParmeterDescription
Driver

JDBC driver name as defined in Control-M or as defined using the Driver object

Driver:JDBC:Database

You can define a driver to be used by a connection profile. The following example shows the parameters that you use to define a driver:

{
  "MyDriver": {
    "Type": "Driver:Jdbc:Database",
    "TargetAgent":"app-redhat",
    "StringTemplate":"jdbc:sqlserver://<HOST>:<PORT>/<DATABASE>",
    "DriverJarsFolder":"/home/controlm/ctm/cm/DB/JDBCDrivers/PostgreSQL/9.4/",
    "ClassName":"org.postgresql.Driver",
    "LineComment" : "--",
    "StatementSeparator" : ";"
 }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the driver.
StringTemplateThe structure according to which a connection profile string is created.
DriversJarsFolderThe path to the folder where the database driver jars are located.
ClassNameName of driver class
LineComment The syntax used for line comments in the scripts that run on the database.
StatementSeparatorThe syntax used for statement separator in the scripts that run on the database.

ConnectionProfile:Database:MSSQL

The following example shows how to define an MSSQL database connection profile. Parameters are described in the table above.

 {
	"MSSQL_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:MSSQL",
		"TargetCTM":"CTMHost",
		"TargetAgent": "AgentHost",
		"Host": "MSSQLHost",
		"User": "db user",
		"Port":"1433",
		"Password": "db password",
		"DatabaseName": "master",
		"DatabaseVersion": "2005",
		"MaxConcurrentConnections": "9",
		"ConnectionRetryTimeOut": "34",
		"ConnectionIdleTime": "45"
	}
}

The following parameter is unique to MSSQL connection profiles:

ParameterDescription
AuthenticationType

SQL Server Authentication

Possible values are:

  • NTLM2 Windows Authentication
  • Windows Authentication
  • SQL Server Authentication

ConnectionProfile:Database:MSSQL:SSIS

9.0.19.220 The following example shows how to define a connection profile for SQL Server Integration Services (SSIS) packages:

{
    "SSIS_CONNECTION_PROFILE": {
        "Type": "ConnectionProfile:Database:MSSQL:SSIS",
        "TargetAgent": "AgentHost",
        "TargetCTM": "LocalControlM",
        "Host": "localhost",
        "User": "administrator",
        "Port": "1433",
        "Password": "db password",
        "DatabaseName": "testdb",
        "DatabaseVersion": "2016",
        "AuthenticationType": "Windows Authentication",
        "SkipPackagesTest" : false,
        "SSIS": [
            {
                "Source": "File System",
                "Name": "file_system_package",
                "Password": "password"
            },
            {
                "Source": "SSIS Package Store",
                "Name": "ssis_package",
                "Password": "password"
            },
            {
                "Source": "SQL Server",
                "Name": "sql_server_package",
                "Password": "password"
            }
        ]
    }
}

Most of the parameters are the same as for the basic MSSQL connection profile (including those described in the table above). The following parameters are unique to the MSSQL SSIS connection profile:

ParameterDescription
SkipPackageTestWhether to skip validation of SSIS packages when testing the connection profile, either true or false
SSISConnection details for all associated SSIS Packages
     SourceSource location of the SSIS Package — SQL Server, File System, or SSIS Package Store
     NameName of the SSIS Package
     Password

Password required for accessing the SSIS Package

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionProfile:Database:Oracle

Oracle connection profiles are available for three types of database definitions:

ConnectionProfile:Database:Oracle:SID

The following example shows how to define a connection profile for an Oracle database using the SID identifier. Additional available parameters are described in the table above.

{
  "ORACLE_CONNECTION_PROFILE": {   
	"Type": "ConnectionProfile:Database:Oracle:SID",   
	"TargetCTM": "controlm",   
	"Port": "1521",   
	"TargetAgent": "AgentHost",
	"Host": "OracleHost",
	"User": "db user",   
	"Password": "db password",
	"SID": "ORCL" 
  }
}

ConnectionProfile:Database:Oracle:ServiceName

The following example shows how to define a connection profile for an Oracle database using a single service name. Additional available parameters are described in the table above.

{
  "ORACLE_CONNECTION_PROFILE": {   
	"Type": "ConnectionProfile:Database:Oracle:ServiceName",   
	"TargetCTM": "controlm",   
	"Port": "1521",   
	"TargetAgent": "AgentHost",
	"Host": "OracleHost",
	"User": "db user",   
	"Password": "db password",
	"ServiceName": "ORCL" 
  }
}

ConnectionProfile:Database:Oracle:ConnectionString

The following example shows how to define a connection profile for an Oracle database using a connection string that contains text from your tnsname.ora file. Additional available parameters are described in the table above.

{
	"ORACLE_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:Database:Oracle:ConnectionString",
		"TargetCTM":"CTMHost",
		"ConnectionString":"OracleHost:1521:ORCL",
		"TargetAgent": "AgentHost",
		"User": "db user",
		"Password": "db password"
	}
}

ConnectionProfile:Database:PostgreSQL

The following example shows how to define a connection profile for PostgreSQL. Parameters are described in the table above.

{
  "POSTGRESQL_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:PostgreSQL",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "PostgreSQLHost",
    "Port":"5432",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "postgres"
  }
} 

ConnectionProfile:Database:Sybase

The following example shows how to define a connection profile for Sybase. Parameters are described in the table above.

{
  "SYBASE_CONNECTION_PROFILE": {
    "Type": "ConnectionProfile:Database:Sybase",
	"TargetCTM":"CTMHost",
    "TargetAgent": "AgentHost",
    "Host": "SybaseHost",
    "Port":"4100",
    "User": "db user",
    "Password": "db password",
    "DatabaseName": "Master"
  }
} 


Back to top

ConnectionProfile:SAP

SAP connection profiles that you create for use by your SAP jobs can be defined for logon to a specific SAP Application Server or for an SAP logon group.

The following example is for a connection profile for a specific SAP Application Server:

{
  "SAP-SERVER-CONN" : {
    "Type" : "ConnectionProfile:SAP",
            "User" : "my-user",
            "Password" : "123456",
            "SapClient" : "100",
            "Language" : "",
            "XBPVersion": "XBP3.0",
            "AppVersion": "R3",
            "ApplicationServerLogon" : {
                "Host" : "localhost",
                "SystemNumber" : "12"
            },
            "SecuredNetworkConnection": {
                "SncLib": " " ,
                "SncPartnerName": "",
                "QualityOfProtection": "2",
                "SncMyName":""
            },
            "SapResponseTimeOut" : "180",
            "UseExtended": true,
            "SolutionManagerConnectionProfile" : "IP4-GROUP",
            "IsSolutionManagerConnectionProfile": true
  }
}

The following example is for a connection profile for an SAP logon group:

{
  "SAP-GROUP-CONN" : {
    "Type" : "ConnectionProfile:SAP",
            "User" : "my-user",
            "Password" : "123456",
            "SapClient" : "100",
            "Language" : "",
            "XBPVersion": "XBP3.0",
            "AppVersion": "R3",
            "GroupLogon": {
                "SystemID": "123",
                "MessageServerHostName": "msgsv",
                "GroupName": "group1"
            },
            "SecuredNetworkConnection": {
                "SncLib": " " ,
                "SncPartnerName": "",
                "QualityOfProtection": "2",
                "SncMyName":""
            },
            "SapResponseTimeOut" : "180",
            "UseExtended": true,
            "SolutionManagerConnectionProfile" : "IP4-GROUP",
            "IsSolutionManagerConnectionProfile": true
  }
}
ParameterDescription
UserSAP user name
Password

Password for the SAP user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

SapClientSAP client number, a three-digit number
LanguageThe SAP language. The default is English.
XBPVersion

SAP XBP interface version installed on the SAP server

Valid values are:

  • XBP 1.0
  • XBP 2.0
  • XBP 3.0 (Default)
AppVersion

Version of the SAP application, one of the following:

  • R3
  • BW 2.<X>
  • BW 3.<X> or later
GroupLogonParameters for defining an SAP logon group
     SystemIDSAP system ID, three alpha-numeric characters
     MessageServerHostNameHost name of the computer on which the SAP System Message Server is running
     GroupName

SAP logon group name

The Group name is defined in the SAP SMLG transaction.

ApplicationServerLogonParameters for defining a specific SAP Application Server
      Host

The host name of the computer that runs the SAP Application Server

      SystemNumberSAP instance number, a two-digit number
SecuredNetworkConnectionParameters that you can use to activate a secured network connection
      SncLib

Client full path and file name to SAP crypto lib

For example: /home1/agsapfp/SNC/libsapcrypto.sl

      SncPartnerName

SNC name of the application server

For example: p:CN=LE1, OU=BPM, O=BMC, C=US

      QualityOfProtection

Quality of the protection

Valid values: 1, 2, 3, 8 (default), 9

      SncMyName

SNC name of the user sending the RFC

Default: The name provided by the security product for the user who is logged on.

SapResponseTimeOut

Number of seconds that the program waits for an RFC request to be handled by the SAP system before returning a timeout error

Default: 180

UseExtended

Whether the extended functionality of Control-M for SAP should be used, either false (default) or true

NOTE: If you select this option, the Control-M Function Modules must be installed on your SAP server, as described in Control-M for SAP XBP Interface and Control-M Function Modules in the Control-M for SAP online help.

SolutionManagerConnectionProfile

Solution Manager connection profile for retrieval of SAP job Documentation

This parameter is relevant only if the current connection profile is not a Solution Manager connection profile, as discussed in the next parameter.

IsSolutionManagerConnectionProfileWhether the current connection profile is a Solution Manager connection profile, either true or false (the default)

Back to top

ConnectionProfile:ApplicationIntegrator

The following example shows how to define a connection profile for a job type defined in the Control-M Application Integrator. For information about the Control-M Application Integrator, see Application Integrator.

Properties defined for the connection profile in Control-M Application Integrator are all prefixed with "AI-" in the .json code, as shown in the following example.

{
    "AI_CONNECTION_PROFILE": {
		"Type": "ConnectionProfile:ApplicationIntegrator:<JobType>",
		"TargetAgent": "AgentHost",
		"TargetCTM":"CTMHost",
		"AI-Param03": "45",
		"AI-Param04": "group",
        "Centralized": true
    }
} 

Back to top

ConnectionProfile:Informatica

The following example shows how to define a connection profile for an Informatica job:

{
  "INFORMATICA_CONNECTION": {
    "Type": "ConnectionProfile:Informatica",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "Host": "InformaticaHost",
    "Port": "7333",
    "User": "UserName",
    "Password": "Password",
    "PowerCenterDomain": "DomainName",
    "Repository": "RepositoryName",
    "IntegrationService": "ServiceName",
    "SecurityDomain": "Native",
    "ConnectionType": "HTTP",
    "MaxConcurrentConnections": "100",
    "Centralized": false
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
HostName of the Informatica web services server
Port

(Optional) Port number of the Informatica web services server

Values range from 1 to 65535. The default is 7333.

UserName of a user to log into the Repository
Password

A password to log into the Repository.

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PowerCenterDomainName of the Informatica server that contains the Repository service
RepositoryName of the repository where the repository folders and workflows are located
IntegrationServiceThe Integration Service to use to run the workflows
SecurityDomain

The name of a Security Domain, a collection of user accounts and groups in a Power Center Domain.

If the user name belongs to the native security domain, this parameter is optional, and the default is an empty value.

If the user name belongs to an LDAP security domain, this parameter is required.

ConnectionType(Optional) Protocol for the connection to the Informatica server, either HTTP (the default) or HTTPS.
MaxConcurrentConnections

(Optional) The maximum number of allowed concurrent workflows in the connection profile

Values range from 1 to 512, with a default value of 100.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:Informatica CS

The following example shows how to define a connection profile for an Informatica Cloud Services job:

 {
  "INFORMATICA_CS_CONNECTION": {
     "Type": "ConnectionProfile:Informatica CS",
     "Login URL": "https://dm-us.informaticacloud.com",
     "Base URL": "https://usw5.dm-us.informaticacloud.com", 
     "Username": "UserName",  
     "Password": "Password", 
     "Request Timeout": "3", 
     "Description": "", 
     "Centralized": true 
	} 
 }
ParameterDescription
Login URLThe URL for login calls to Informatica Cloud 
Base URL

The instance name of the Informatica Cloud server

Username Username for the account to connect to Informatica Cloud  
Password

A password for the login to Informatica Cloud

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Request Timeout

A timeout value, in seconds, for the requests sent to Informatica Cloud

The default is 3 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Informatica Cloud Services job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS

Note: This feature requires Control-M/Enterprise Manager version 9.0.21.

The following examples show how to define a connection profile for an AWS job.

The following example is based on authentication with an access key and a secret key:

{
  "AWS_CONNECTION_ACCESSKEY": {
    "Type": "ConnectionProfile:AWS",
    "Centralized": true,
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "AuthenticationMethod": "AccessKey", 
    "AccessKey": "1234",
    "SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
    "Region": "ap-northeast-1",
  }
}

The following example is based on authentication with an IAM role:

{
  "AWS_CONNECTION_IAMROLE": {
    "Type": "ConnectionProfile:AWS",
    "Centralized": true,
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "AuthenticationMethod": "IAMRole", 
    "IAMRole": "myRole",
    "Region": "ap-northeast-1",
    "ProxySettings": {
      "Host": "host",
      "Port": "12345",
      "Username": "username",
      "Password": "password"
    }
  }
}

ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AuthenticationMethod

One of the following authentication methods for the connection to AWS:

  • AccessKey
  • IAMRole
AccessKey(For AccessKey authentication) AWS account Access Key
SecretAccessKey

(For AccessKey authentication) AWS account Secret Access Key

Use Secrets in code to not expose this secret access key in the code.

IAMRole(For IAMRole authentication) The name of an IAM role for authentication of the connection to AWS
RegionLocation of the AWS user
ProxySettings

Settings of an installed proxy server:

  • Host
  • Port - a number between 1024 and 65535
  • Username
  • Password 

Back to top

ConnectionProfile:AWS Batch

The following examples show how to define a connection profile for an AWS Batch job, which enables you to manage and run batch computing workloads in AWS.

The following example is based on authentication using an AWS access key and secret.

{
   "AWS_BATCH": {
      "Type": "ConnectionProfile:AWS Batch",
      "Authentication": "SECRET", 
      "AWS Secret": "myAwsSecret12345",
      "AWS Access Key": "MYAWSACCESSKEY1234",
      "AWS Region": "eu-west-2",
      "Batch URL": " https://batch.{{region}}.amazonaws.com",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
   }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
   "AWS_BATCH": {
      "Type": "ConnectionProfile:AWS Batch",
      "Authentication": "NOSECRET", 
      "IAM Role": "BATCHIAMROLE", 
      "AWS Region": "eu-west-2",
      "Batch URL": " https://batch.{{region}}.amazonaws.com",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
Authentication

Determines one of the following types of authentication for the connection with AWS Batch:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from within the AWS infrastructure
AWS Access Key 
(For SECRET authentication) Defines the access key ID for connection to AWS.
AWS Secret
(For SECRET authentication) Defines the secret access key for connection to AWS.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS.

AWS Region

Determines the region where the AWS Batch resources are located.

Batch URL

Determines the URL of an AWS Batch service regional endpoint:

https://batch.{{region}}.amazonaws.com

For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to AWS Batch.

Default: 20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Batch job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Step Functions 

The following examples show how to define a connection profile for an AWS Step Functions job, which enables you to create visual workflows that can integrate other AWS services.

The following example is based on authentication using an AWS access key and secret.

{
   "STEPFUNCTIONSCCP": {
      "Type": "ConnectionProfile:AWS Step Functions",
      "Authentication": "SECRET",
      "AWS Secret": "myAwsSecret12345",
      "AWS Access Key": "MYAWSACCESSKEY1234",
      "AWS Region": "eu-west-2", 
      "Step Functions URL": "https://states.AWSRegion.amazonaws.com",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
   }
} 

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
   "STEPFUNCTIONSCCP": {
      "Type": "ConnectionProfile:AWS Step Functions",
      "Authentication": "NOSECRET", 
      "IAM Role": "STEPFXIAMROLE", 
      "AWS Region": "eu-west-2",
      "Step Functions URL": "https://states.AWSRegion.amazonaws.com",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
Authentication

Determines one of the following types of authentication for the connection with AWS Step Functions:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from within the AWS infrastructure
AWS Access Key 
(For SECRET authentication) Defines the access key assigned to the account in the AWS Step Functions integration setup.
AWS Secret
(For SECRET authentication) Defines the secret access key assigned to the account in the AWS Step Functions integration setup.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS Step Functions.

AWS Region

Determines the region where the AWS Step Functions jobs are located.

Step Functions URL

Determines the authentication endpoint for AWS Step Functions, based on the following format:

https://states.{{region}}.amazonaws.com

For more information about regional endpoints available for the AWS Step Functions service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS Step Functions before a timeout occurs.

Default: 20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Step Functions job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Glue

The following examples show how to define a connection profile for an AWS Glue job, which executes Amazon Web Services (AWS) Glue, a serverless data integration service.

The following example is based on authentication using an AWS access key and secret.

{
  "GLUECONNECTION": {
    "Type": "ConnectionProfile:AWS Glue",
    "AWS Access key ID": "MYAWSACCESSKEY1234",
    "AWS Secret": "myAwsSecret12345",
    "Authentication": "SECRET",
    "AWS Region": "eu-west-2",
    "Glue url": "glue.eu-west-2.amazonaws.com",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }  
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
  "GLUECONNECTIONIAM": {
    "Type": "ConnectionProfile:AWS Glue",
    "IAM Role": "GLUEEC2IAMROLE",
    "Authentication": "NOSECRET",
    "AWS Region": "eu-west-2",
    "Glue url": "glue.eu-west-2.amazonaws.com",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Authentication

Type of authentication to use for the connection with AWS Glue, one of the following:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance
AWS Access key ID
(For SECRET authentication) Access key ID for connection to AWS
AWS Secret
(For SECRET authentication) Secret access key for connection to AWS
IAM Role

(For NOSECRET authentication) Identity and Access Management (IAM) role for connection to AWS

AWS Region

AWS Glue service region

Glue url

URL of an AWS Glue service regional endpoint

For more information about regional endpoints available for the AWS Glue service, refer to the AWS documentation.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to AWS Glue

The default is 40 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Glue job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Glue DataBrew

The following examples show how to define a connection profile for an AWS DataBrew job, which executes Amazon Web Services (AWS) Glue DataBrew, a cloud-based ETL service that enables you to visualize your data and publish it to the Amazon S3 Data Lake. 

The following example is based on authentication using an AWS access key and secret.

{
	"AWSDATABREW": {
		"Type": "ConnectionProfile:AWS Glue DataBrew",
 		"Authentication": "SECRET", 
		"AWS Access Key": "MYAWSACCESSKEY1234",
		"AWS Secret": "myAwsSecret12345",
		"AWS Region": "us-east-1",
		"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
  		"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
	"AWSDATABREW": {
		"Type": "ConnectionProfile:AWS Glue DataBrew",
		"Authentication": "NOSECRET", 
		"IAM Role": "IAMROLE", 
		"AWS Region": "us-east-1",
		"AWS API Base URL": "https://databrew.{{AWSRegion}}.amazonaws.com",
		"AWS Logs URL": "https://logs.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}


ParameterDescription
Authentication

Determines one of the following authentication methods for the connection with AWS Glue DataBrew:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance
AWS Access Key(For SECRET authentication) Defines the AWS Glue DataBrew account access key.
AWS Secret(For SECRET authentication) Defines the AWS Glue DataBrew account secret access key.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS.

AWS Region

Determines the region that the AWS Glue DataBrew jobs are located in.

AWS API Base URL

Defines the REST API URL for the AWS Glue DataBrew regional endpoint:
https://databrew.{{AWSRegion}}.amazonaws.com

For more information about regional endpoints available for the AWS Glue DataBrew service, refer to the AWS documentation.

AWS Logs URL

Defines the AWS Logs URL:

https://logs.{{AWSRegion}}.amazonaws.com

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to AWS Glue DataBrew.

Default: 30 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS DataBrew job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Data Pipeline 

The following examples show how to define a connection profile for an AWS Data Pipeline job. This job executes an AWS Data Pipeline, a cloud-based ETL service that enables you to automate the transfer, processing, and storage of your data.

The following example is based on authentication using an AWS access key and secret.

{
	"AWSDATAPIPELINESECRET ": {
		"Type": "ConnectionProfile:AWS Data Pipeline",
		"Authentication": "SECRET",
		"AWS Access Key": "MYAWSACCESSKEY1234",
		"AWS Secret": "myAwsSecret12345",
		"AWS Region": "us-east-1",
		"Data Pipeline URL": "https://datapipeline.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
	"AWSDATAPIPELINEIAM": {
		"Type": "ConnectionProfile:AWS Data Pipeline",
		"Authentication": "NOSECRET",
		"IAM Role": "IAMROLENAME",
		"AWS Region": "us-east-1",
		"Data Pipeline URL": "https://datapipeline.{{AWSRegion}}.amazonaws.com",
		"Connection Timeout": "30",
		"Description": "",
		"Centralized": true
	}
}


ParameterDescription
Authentication

Determines one of the following authentication methods for the connection with AWS Data Pipeline:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance
AWS Access Key(For SECRET authentication) Defines the AWS Data Pipeline account access key.
AWS Secret(For SECRET authentication) Defines the AWS Data Pipeline account secret access key.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS.

AWS Region

Determines the region where the AWS Data Pipeline jobs are located.

Data Pipeline URL

Defines the REST API URL for the AWS Data Pipeline regional endpoint:
https://datapipeline.{{AWSRegion}}.amazonaws.com

For more information about regional endpoints available for the AWS Data Pipeline service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to AWS Data Pipeline.

Default: 30 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Data Pipeline job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS EMR

The following examples show how to define a connection profile for an AWS EMR job, which executes Amazon Web Services (AWS) EMR to run big data frameworks.

{
  "AWS_EMR": {
     "Type": "ConnectionProfile:AWS EMR",
     "AWSRegion": "us-east-1",
     "EMRAccessKey": “ABCDEF",
     "EMRSecretKey": "****",
     "Description": "",
     "Centralized": true
  }
}


ParameterDescription
AWSRegionDetermines the AWS region.
EMRAccessKeyDefines the token for the connection to AWS.
EMRSecretKeyDefines an additional security token for AWS.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS EMR job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWSEC2

The following examples show how to define a connection profile for an AWS EC2 job for the integration of AWS EC2 operations into Control-M.

The following example is based on authentication using an AWS access key and secret.

{
  "AWSEC2": {
    "Type": "ConnectionProfile:AWSEC2",
    "Authentication": "SECRET", 
    "AWS Access key ID": "AK***************************",
    "AWS Secret": "nw*****************************",
    "EC2 Region": "us-west-2",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
  "AWSEC2": {
    "Type": "ConnectionProfile:AWSEC2",
    "Authentication": "NOSECRET",
    "IAM Role": "GLUEEC2IAMROLE", 
    "EC2 Region": "us-west-2",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Authentication

Determines one of the following types of authentication for the connection with AWS EC2:

  • SECRET —  Authenticates using an access key and secret.
  • NOSECRET — Authenticates based on an IAM role, which removes the need to provide additional credentials.
AWS Access key ID (For SECRET authentication) Defines the Access key ID for connection to AWS.
AWS Secret (For SECRET authentication) Defines the secret access key for connection to AWS.
IAM Role

(For NOSECRET authentication) Defines the IAM Role for connection to AWS.

EC2 Region

Determines the location of the AWS user.

Example: us-east-1

Connection Timeout

Determines the number of seconds to wait for the trigger call made by Control-M to AWS EC2 before timing out.

Default: 20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS EC2 job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS ECS

The following examples show how to define a connection profile for an AWS ECS jobAWS Elastic Container Service (ECS) is a container management service that enables you to run, stop, manage, and monitor containerized applications in a cluster.

The following example is based on authentication using an AWS access key and secret.

{
   "AWS ECS": {
      "Type": "ConnectionProfile:AWS ECS",
      "AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
      "Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
      "AWS Region": "us-east-1",
      "Authentication Method": "Secret",
      "AWS Access Key": "<Access Key>",
      "AWS Secret": "*****",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
   }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
   "AWS ECS": {
      "Type": "ConnectionProfile:AWS ECS",
      "AWS ECS URL": "https://ecs.us-east-1.amazonaws.com",
      "Cloud Watch URL": "https://logs.us-east-1.amazonaws.com",
      "AWS Region": "us-east-1",
      "Authentication Method": "IAM",
      "AWS IAM Role": "IAM ROLE",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
AWS ECS URL

Defines the AWS ECS authentication endpoint, based on the following format:

https://ecs.{{region}}.amazonaws.com

For more information about regional endpoints available for the AWS ECS service, refer to the AWS documentation.

Cloud Watch URL

Defines the Cloud Watch authentication endpoint.

AWS Region

Determines the region where the AWS ECS jobs are located.

Authentication Method

Determines one of the following authentication methods for the connection with AWS ECS:

  • Secret —  Authenticates using an access key and secret.
  • IAM — Authenticates based on an IAM role, which removes the need to provide additional credentials.
AWS Access Key(Secret authentication) Defines the AWS ECS account access key.
AWS Secret (Secret authentication) Defines the AWS ECS account secret access key.
AWS IAM Role

(IAM authentication) Defines the Identity and Access Management (IAM) role for the AWS ECS connection.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS ECS before a timeout occurs.

Default: 30

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS ECS job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS QuickSight 

The following examples show how to define a connection profile for an AWS QuickSight job, which enables you to visualize, analyze, and share large workloads of data.

The following example is based on authentication using an AWS access key and secret.

{
   "AWS_QUICKSIGHT": {
      "Type": "ConnectionProfile:AWS QuickSight",
      "Authentication Method": "SECRET",
      "AWS Access Key": "MYAWSACCESSKEY1234", 
      "AWS Secret": "myAwsSecret12345",
      "AWS Region": "us-east-1", 
      "AWS Account ID": "12345678",
      "AWS QuickSight URL": "https://quicksight.us-east-1.amazonaws.com",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
   }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
   "AWS_QUICKSIGHT": {
      "Type": "ConnectionProfile:AWS QuickSight",
      "Authentication Method": "NOSECRET",
      "IAM Role": "QUICKSIGHTIAMROLE",  
      "AWS Region": "us-east-1", 
      "AWS Account ID": "12345678",
      "AWS QuickSight URL": "https://quicksight.us-east-1.amazonaws.com",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
Authentication Method

Determines one of the following types of authentication for the connection with AWS QuickSight:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from within the AWS infrastructure
AWS Access Key 
(For SECRET authentication) Defines the access key assigned to the account in the AWS QuickSight integration setup.
AWS Secret
(For SECRET authentication) Defines the secret access key assigned to the account in the AWS QuickSight integration setup.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS QuickSight.

AWS Region

Determines the region where the AWS QuickSight  jobs are located.

AWS Account ID

Determines the AWS account ID, which can be retrieved from the top right-hand corner of the AWS console.

AWS QuickSight URL

Determines the authentication endpoint for AWS QuickSight, based on the following format:

https://quicksight.{{region}}.amazonaws.com

For more information about regional endpoints available for the AWS QuickSight service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS QuickSight before a timeout occurs.

Default: 30 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS QuickSight job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Sagemaker 

The following examples show how to define a connection profile for an AWS SageMaker job, which enables you to create and manage machine learning models.

The following example is based on authentication using an AWS access key and secret.

{
    "AWS_SAGEMAKER": {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "SECRET",
       "AWS Access key": "MYAWSACCESSKEY1234",
       "AWS Secret": "myAwsSecret12345",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
   }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
    "AWS_SAGEMAKER_IAM": {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "NOSECRET",
       "IAM Role": "SAGEMAKERIAMROLE",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
   }
}     


ParameterDescription
Authentication

Determines one of the following types of authentication for the connection with AWS SageMaker:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from within the AWS infrastructure
AWS Access Key 
(For SECRET authentication) Defines the AWS SageMaker account access key.
AWS Secret
(For SECRET authentication) Defines the AWS SageMaker account secret access key.
IAM Role

(For NOSECRET authentication) Defines the Identity and Access Management (IAM) role for the AWS SageMaker connection.

AWS Region

Determines the region where the AWS SageMaker jobs are located.

SageMaker URL

Determines the authentication endpoint for AWS SageMaker, based on the following format:

https://sagemaker.{{region}}.amazonaws.com

For more information about regional endpoints available for the AWS SageMaker service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SageMaker before a timeout occurs.

Default: 30 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS SageMaker job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS Athena 

The following examples show how to define a connection profile for an AWS Athena job, which you can use for data processing, analysis, and storage.

The following example is based on authentication using an AWS access key and secret.

{
    "AWS_ATHENA": {
        "Type": "ConnectionProfile:AWS Athena",
        "AWS API Base URL": "https://athena.us-east-1.amazonaws.com",
        "AWS Region": "us-east-1",
        "Authentication": "SECRET",
        "AWS Access Key": "ABCDEF",
        "AWS Secret Key": "******",
        "Description": "",
        "Centralized": true
    }
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
    "AWS_ATHENA": {
        "Type": "ConnectionProfile:AWS Athena",
        "AWS API Base URL": "https://athena.us-east-1.amazonaws.com",
        "AWS Region": "us-east-1",
        "Authentication": "NOSECRET",
        "IAM Role": "ATHENAIAMROLE",
        "Description": "",
        "Centralized": true
    }
}


ParameterDescription
AWS API Base URL

Determines the authentication endpoint for AWS Athena, based on the following format:

https://athena.{{AWSRegion}}.amazonaws.com

For more information about regional endpoints available for the AWS Athena service, refer to the AWS documentation.

AWS Region

Determines the region where the AWS Athena jobs are located.

Authentication

Determines one of the following authentication methods:

  • SECRET: Authenticates with an AWS access key and secret
  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure
AWS Access Key 
Defines the AWS Athena account access key.
AWS Secret Key
Defines the AWS Athena account secret access key.
IAM Role

Defines the Identity and Access Management (IAM) role for the AWS Athena connection.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS Athena before a timeout occurs.

Default: 20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The AWS Athena job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure

9.0.19.220 The following example shows how to define a connection profile for an Azure job:

{
  "AZURE_CONNECTION": {
    "Type": "ConnectionProfile:Azure",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
    "SubscriptionID": "bcde-fgh-ijk-lmnopq",
    "ApplicationID": "abcd-efg-hij-klmnop",
    "User": "user1@bmc.onmicrosoft.com",
    "Password": "*****"
    "Batch": {
      "BatchAccountName": "myFirstBatch",
      "BatchAccountKey": "aaaaaabbbbbbbccccccc",
      "Location": "centralus"
    }
  }    
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
ActiveDirectoryDomainName

(Optional) Azure Active Directory

Format: <company name>.onmicrosoft.com

SubscriptionID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

ApplicationIDAzure application ID
UserName of user to connect to the Azure server
Password

Password of the username that connects to the Azure server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Batch

(Optional) Enables the use of a batch account service

By default, a batch account is not used. If you want to use a batch account, you must define the following parameters:

    BatchAccountNameName of the batch account
    BatchAccountKey

Primary access key for the batch account

This key can be retrieved from the Azure portal.

    Location

Batch account location, as defined in the batch account properties

The batch account name and batch account location are used to define the batch URI.

Back to top

ConnectionProfile:ADF

The following examples show how to define a connection profile for an ADF job, which executes an Azure Data Factory (ADF) service and allows you to automate the movement and transformation of data.

The following example is based on authentication using an Azure service principal.

{
  "ADF_SERVPRINC": {
    "Type": "ConnectionProfile:ADF",
    "Tenant ID": "tenantId",
    "Identity Type": "PRINCIPAL",
    "Client Secret": "*****",
    "Application ID": "applicationId",
    "Subscription ID": "subscriptionId",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using a managed identity.

{
"ADF_MANID": {
    "Type": "ConnectionProfile:ADF",
    "Identity Type": "MANAGEDID",
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",  
    "Subscription ID": "subscriptionId",
    "Connection Timeout": "40",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Identity Type

Type of authentication to use for the connection with the Azure Data Factory, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) The Azure Tenant ID where the Azure Data Factory was created
Client Secret
(For service principal authentication) The client secret associated with the service principal
Application ID

(For service principal authentication) ID of the Azure-registered application that is used to interact with the Azure Data Factory

Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to the Azure Data Factory

The default is 40 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The ADF job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Databricks

The following example shows how to define a connection profile for an Azure Databricks job, which performs big data analytics .

{
  "ADF_SERVPRINC": {
    "Type": "ConnectionProfile:Azure Databricks",
    "Tenant ID": "tenantId",
    "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
    "Client Secret": "*****", 
    "Databricks url": "https://adb-1111211144444680.0.azuredatabricks.net",
    "Azure Login url": "https://login.microsoftonline.com",
    "Connection Timeout": "50",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Tenant IDThe Azure Tenant ID in Azure AD
Application ID

The application (service principal) ID of the registered application.

The service principal must meet the following requirements:

  • The service principal must be an Azure Databricks workspace user and an admin. In the Databricks Admin Console, it must appear under users and also under admins.
  • The service principal must be associated with a Contributor or Owner role.
Client SecretThe client secret (password) associated with the Azure user and the application
Databricks url

The URL of your Databricks workspace

Azure Login urlThe Azure AD authentication endpoint base URL
Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to Azure Databricks

The default is 50 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AzureFunctions

The following examples show how to define a connection profile for an Azure Functions job, which executes an Azure cloud service for serverless application development.

The following example is based on authentication using an Azure service principal.

{ 
  "AZUREFUNCTIONS": { 
    "Type": "ConnectionProfile:AzureFunctions", 
    "Subscription ID": "bcde-fgh-ijk-lmnopq", 
    "Identity Type": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1", 
    "Client Secret": "*********", 
    "Azure Login url": "https://login.microsoftonline.com", 
    "Resource Group": "resourceGroup",  
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZUREFUNCTIONS": { 
    "Type": "ConnectionProfile:AzureFunctions", 
    "Subscription ID": "bcde-fgh-ijk-lmnopq", 
    "Identity Type": "MANAGEDID", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Resource Group": "resourceGroup",  
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Identity Type

Type of authentication to use for the connection with Azure Functions, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) The Azure Tenant ID in Azure AD
Application ID

The application (service principal) ID of the registered application.

The service principal must be an Azure Functions workspace user with  a Contributor or Owner role associated.

Client Secret
(For service principal authentication) The client secret (password) associated with the Azure user and the application
Azure Login url

(For service principal authentication) The Azure AD authentication endpoint base URL

Resource Group

The name of the resource group that holds your application

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Functions job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Batch Accounts

The following examples show how to define a connection profile for execution of an Azure Batch Accounts service, which runs large-scale parallel and batch compute jobs.

The following example is based on authentication using an Azure service principal.

{ 
  "AZURE_BATCH": { 
    "Type": "ConnectionProfile:Azure Batch Accounts",
    "Authentication Method": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Azure AD url": "https://login.microsoftonline.com",
    "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",  
    "Batch Account Name": "abc_batch",
    "Batch Region ID": "uksouth",
    "Batch Resource url": "https://batch.core.windows.net/", 
    "Client Secret": "*********",   
    "Connection Timeout": "50", 
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZURE_BATCH": { 
    "Type": "ConnectionProfile:Azure Batch Accounts",
    "Authentication Method": "MANAGEDID",  
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Batch Account Name": "abc_batch",
    "Batch Region ID": "uksouth",
    "Batch Resource url": "https://batch.core.windows.net/", 
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Batch:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Tenant ID(For service principal authentication) Defines the Azure Tenant ID in Azure AD
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Azure AD url

(For service principal authentication) Defines the Azure AD authentication endpoint base URL

App ID

Defines the application (service principal) ID of the registered application for the Azure Batch service.

The service principal must be for an Azure Batch account with  a Contributor role.

Batch Account NameDefines the name of the Batch account created in Azure Portal.
Batch Region ID

Defines the region ID associated with the Batch account in Azure Portal.

Batch Resource url

Defines the identifier for the Azure Batch account for login via Azure AD.

This identifier is a constant value set to https://batch.core.windows.net/

Client Secret
(For service principal authentication) Defines the client secret (password) associated with the Azure user and the application.
Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Batch job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Logic Apps

The following examples show how to define a connection profile for execution of an Azure Logic Apps service, which enables you to design and automate cloud-based workflows and integrations.

The following example is based on authentication using an Azure service principal.

{
	"AZURE_LOGIC_APPS": {
		"Type": "ConnectionProfile:Azure Logic Apps",
		"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
		"Authentication Method": "PRINCIPAL",
 		"Resource Group": "tb-resourcegroup", 
		"Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c69b", 
		"Azure Login url": "https://login.microsoftonline.com", 
		"Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b5", 
		"Client Secret": "*****", 
		"Connection timeout": "20", 
 		"Description": "",
		"Centralized": true
	}
} 

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
	"AZURE_LOGIC_APPS": {
		"Type": "ConnectionProfile:Azure Logic Apps",
		"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
		"Authentication Method": "MANAGEDID",
 		"Resource Group": "tb-resourcegroup", 
		"Specify Managed Identity Client ID": "&client_id=",
		"Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",  
		"Connection timeout": "20", 
 		"Description": "",
		"Centralized": true
	}
} 


ParameterDescription
Subscription ID

Defines the Azure account subscription ID, which is located in the Azure portal.

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Logic Apps:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity
Resource GroupDetermines the resource group where your logic app is located.
Tenant ID(Service Principal) Defines the Azure Tenant ID in Azure AD.
Azure Login url

(Service Principal) Defines the Azure AD authentication endpoint base URL.

Application ID

(Service Principal) Defines the application ID of the registered application.

The service principal must be an Azure Logic Apps workspace user with a Contributor or Owner role.

Client Secret
(Service Principal)  Defines the password associated with the Azure user and the application.
Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Azure Logic Apps.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Logic Apps job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Machine Learning

The following examples show how to define a connection profile for an Azure Machine Learning job, which enables you to create and manage machine learning models.

The following example is based on authentication using an Azure service principal.

{
   "AZURE_ML_SERVICE_PRINCIPAL": {
      "Type": "ConnectionProfile:Azure Machine Learning",
      "Authentication Method": "PRINCIPAL",
      "Tenant ID": "82b34c5-5839-40f6-8pd9-c1fad320c69b",
      "Azure Login URL": "https://login.microsoftonline.com", 
      "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
      "Azure Management URL": "https://management.azure.com/",
      "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
      "Location Name": "centralus",
      "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
      "Client Secret": "*****",
      "Connection Timeout": "50",
      "Description": "",
      "Centralized": true
   }
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
   "AZURE_ML_SERVICE_IDENTITY": {
       "Type": "ConnectionProfile:Azure Machine Learning", 
       "Authentication Method": "MANAGEDID",
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
   }
}


ParameterDescription
Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Machine Learning:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity

To prepare for authentication using each of these methods:

  • Grant your Managed Identity or service principal access to your Machine Learning workspace.
  • Assign a Contributor role or Owner role to the Machine Learning workspace accessed by the Managed Identity or service principal.
Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(Service Principal) Defines the ID where the Azure Machine Learning is created.
Azure Login URL

(Service Principal) Defines the Azure Active Directory (AD) authentication endpoint base URL.

Default: https://login.microsoftonline.com

Azure ML URL

Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format:

https://{{location}}.api.azureml.ms/

Azure Management URL

Defines the Azure Management URL, which is used to get the token for a service principal authentication and to perform API calls.

Default: https://management.azure.com/

Subscription ID

Determines the Azure account subscription ID, which can be retrieved from the Azure portal.

Location Name

Determines the region where the Azure Machine Learning jobs are located.

Application ID

(Service Principal) Defines the Azure identity of a Service Principal that is granted access to interact with Azure Machine Learning.

Client Secret
(Service Principal) Defines the password of the Service Principal.
Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Azure Machine Learning before a timeout occurs.

Default: 50

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Machine Learning job requires a centralized connection profile. Set this parameter to true.

Back to top

  ConnectionProfile:Azure Synapse

The following examples show how to define a connection profile for an Azure Synapse job, which performs data integration and big data analytics.

The following example is based on authentication using an Azure service principal.

{ 
  "AZURE_SYNAPSE_1": { 
    "Type": "ConnectionProfile:Azure Synapse", 
    "Authentication Method": "PRINCIPAL", 
    "Tenant ID": "tenantId", 
    "Azure AD url": "https://login.microsoftonline.com",
    "Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
    "Synapse Resource": "https://dev.azuresynapse.net/",
    "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1", 
    "Client Secret": "*****", 
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{ 
  "AZURE_SYNAPSE_2": { 
    "Type": "ConnectionProfile:Azure Synapse", 
    "Authentication Method": "MANAGEDID", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16", 
    "Synapse url": "https://ncu-if-synapse.dev.azuresynapse.net",
    "Synapse Resource": "https://dev.azuresynapse.net/",
    "Connection Timeout": "50",
    "Description": "", 
    "Centralized": true 
   } 
}


ParameterDescription
Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Synapse Analytics:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using a managed identity

To prepare for authentication using each of these methods:

  • Grant your Managed Identity or service principal access to your Synapse workspace through the Synapse Studio (Manage > Access Control).
  • Assign a Contributor role to the Synapse workspace accessed by the Managed Identity or service principal.
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID(For service principal authentication) Defines the Azure Tenant ID in Azure AD
Azure AD url

(For service principal authentication) Defines the Azure AD authentication endpoint base URL

Synapse url

Defines the workspace development endpoint.

Example: https://myworkspace.dev.azuresynapse.net

Synapse Resource

Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD:

https://dev.azuresynapse.net/

App ID

Defines the application (service principal) ID of the registered application for the Azure Synapse service.

Client Secret
(For service principal authentication) Defines the client secret (password) associated with the Azure user and the application.
Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Synapse Analytics.

The default is 50 seconds.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Synapse job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure HDInsight

The following example shows how to define a connection profile for Azure HDInsight jobs.

{
  "AZUREHDINSIGHT": {
    "Type": "ConnectionProfile:Azure HDInsight",     
    "Cluster Name": "hdcluster", 
    "Cluster Username": "admin",  
    "Cluster Password": "*****", 
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription

Cluster Name

Defines the name of the HDInsight cluster to connect to.

Cluster Username

Defines the name of the Administrator to use to connect to Azure HDInsight.
Cluster PasswordDefines the password for the Administrator, as configured in Azure HDInsight.
CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure HDInsight job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure VM

The following examples show how to define a connection profile for an Azure Virtual Machine (VM) job for the integration of Azure VM operations into Control-M.

The following example is based on authentication using an Azure service principal.

{
  "AZUREVM": {
    "Type": "ConnectionProfile:Azure VM",
    "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f", 
    "Auth_Method": "service_account", 
    "Resource Group": "tb-resourcegroup",
    "Tenant ID": "81b796g5-5839-40a6-8dd9-c1fam320c69b",
    "Client Secret": "*****",
    "Application ID": "7f499fc3-1a1f-4847-ba80-f39bb563f1b5",
    "Azure Login url": "https://login.microsoftonline.com",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
  "AZUREVM": {
    "Type": "ConnectionProfile:Azure VM",
    "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
    "Auth_Method": "managed_id", 
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
    "Resource Group": "tb-resourcegroup", 
    "Connection timeout": "20",
    "Description": "Azure VM connection profile",
    "Centralized": true
  }
}


ParameterDescription
Subscription ID

Determines the Azure account subscription ID.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Auth_Method

Determines one of the following authentication types:

  • managed_id: Authenticates using an Azure Active Directory token, which removes the need to provide additional credentials.
  • service_account: Authenticates using an application ID (service account) and client secret.
Specify Managed Identity Client ID

(For Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(For Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Tenant ID

(For service principal) Defines the Azure Tenant ID in the Azure Virtual Machine. 

Resource GroupDefines the name of the resource group where the function app is located.
Application ID

(For service principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated.

Client Secret

(For service principal) Defines the client secret (password) associated with the Azure user and the application.

Azure Login URL

(For service principal) Defines the Azure VM authentication endpoint base URL.

Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to the Azure VM.

Default: 20 seconds.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure VM job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Backup 

The following examples show how to define a connection profile for an Azure Backup job, which enables you to back up and restore your data in the Microsoft Azure cloud.

The following example is based on authentication using an Azure service principal.

{
   "ABK_CCP_SERVICE_PRINCIPAL": {
      "Type": "ConnectionProfile:Azure Backup",
	  "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
	  "Authentication Method": "service",
	  "Azure Management URL": "https://management.azure.com",
      "Azure Login URL": "https://login.microsoftonline.com", 
      "Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c68c",
      "Client Secret": "*****",
      "Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
      "Connection Timeout": "50",
      "Description": "",
      "Centralized": true
   }
}

The following example is based on authentication using a managed identity.

Note: Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
   "ABK_CCP_MANAGED_IDENTITY ": {
      "Type": "ConnectionProfile:Azure Backup",
	  "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
	  "Authentication Method": "identity",
	  "Azure Management URL": "https://management.azure.com",
      "Specify Managed Identity Client ID": "&client_id=",
      "Managed Identity Client ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
      "Connection Timeout": "50",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
Subscription ID

Defines the registered subscription ID for the Azure Backup service.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Authentication Method

Determines one of the following authentication types:

  • identity: Managed identity - Authenticates using an Azure Active Directory token, which removes the need to provide additional credentials.
  • service: Service Principal - Authenticates using an application ID (service account) and client secret.
Azure Management URL

Defines the endpoint that enables you to perform API calls and retrieve the token for authentication.

Default: https://management.azure.com

Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one Managed Identity, it is detected automatically.

Azure Login URL

(Service Principal) Defines the Azure Backup authentication endpoint base URL.

Default: https://login.microsoftonline.com

Tenant ID

(Service Principal) Defines the Azure tenant ID, which represents your organization. 

Client Secret

(Service Principal) Defines the password associated with the Azure user and the Azure AD application ID.

Application ID

(Service Principal) Defines the Azure AD application ID for Azure Backup.

The Service Principal must be an Azure Backup workspace user with a Contributor or Owner role.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Azure Backup before a timeout occurs.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Azure Backup job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Power BI

The following example shows how to define a connection profile for a Power BI job, which enables integration of Power BI workflows with your existing Control-M workflows.

{ 
  "POWERBI": { 
    "Type": "ConnectionProfile:Power BI", 
    "Application ID": "77538c66-d7fp-4ca4-8cwa-120ed404fe8c",  
    "Client Secret": "*****", 
    "User Name": "user1@Elearningace.onmicrosoft.com", 
    "Password": "*****",  
    "Resource Group": "https://analysis.windows.net/powerbi/api", 
    "API URL": "https://api.powerbi.com/v1.0/myorg/",  
    "Description": "Power BI connection profile", 
    "Centralized": true 
  } 
}


ParameterDescription
Application IDDefines the application ID of the registered application.
Client SecretDefines the client secret (password) associated with the user and the application.
User NameDefines the name of a user for logging on to the Power BI platform, typically an email address.
PasswordDefines the password for the specified Power BI user.
Resource Group

Defines the URL of the resource group that holds your application:

https://analysis.windows.net/powerbi/api

API URL

Defines the Azure AD authentication endpoint base URL for Power BI:

https://api.powerbi.com/v1.0/myorg/ 

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Power BI job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Qlik Cloud

The following example shows how to define a connection profile for a Qlik Cloud job, which enables integration with Qlik Cloud Data Services for data visualization through Qlik Sense.

{
  "QLIK_connection": {
    "Type": "ConnectionProfile:Qlik Cloud",
    "Tenant ID": "******",
    "Qlik API URL": "qlikcloud.com/api/v1",
    "Region": "sg",
    "Connection Timeout": "10",
    "API Key": "******",
    "Description": "Qlik Cloud connection profile",
    "Centralized": true
  }
}


ParameterDescription
Tenant IDDefines the tenant ID, which is a unit in Qlik Sense that can hold users, apps, and spaces.
Qlik API URL

Defines the REST API authentication endpoint base URL for Qlik Cloud.

Example: qlikcloud.com/api/v1 

RegionDetermines the region where the Qlik tenant is located, such as sg for Singapore. 
Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a request to Qlik Cloud.

Default: 10 seconds

API KeyDefines a Qlik Cloud API key that authenticates connections to Qlik Cloud, which is generated through the Qlik Cloud profile.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Qlik Cloud job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Tableau

The following example shows how to define a connection profile for a Tableau job, which enables you to visualize, analyze, and share large workloads of data.

{
    "TABLEAU_CP": {
        "Type": "ConnectionProfile:Tableau",
        "Tableau URL": "https://prod-useast-b.online.tableau.com",
        "Token Name": "myToken",
        "Token Secret": "*****",
        "Site Name": "bmctest",
        "API Version": "3.19",
        "Connection timeout": "50",
        "Description": "",
        "Centralized": true
    }
}
ParameterDescription
Tableau URLDefines the REST API authentication endpoint base URL for Tableau.
Token NameDefines the Tableau account access key.
Token SecretDefines the Tableau account secret access key.
Site NameDefines the name of the Tableau site where the job executes.
API Version

Determines which version of Tableau REST APIs the job executes.

Most recent version: 3.19

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Tableau before a timeout occurs.

Default: 50

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Tableau job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:PeopleSoft

The following example shows how to define a connection profile for a PeopleSoft job:

{
  "PS_CONNECT": {
      "Type": "ConnectionProfile:PeopleSoft",
      "TargetAgent": "AgentHost",
      "TargetCTM": "CTMHost",
      "Centralized": true,
      "User": "User_Name",
      "Password": "Password",
      "DomainPassword": "****",
      "PeopleToolsVersion": "8.52",
      "ApplicationServers": [
        {
          "ApplicationServer": "ApplicationServer1",
          "JoltPort": "1024"
        },
        {
          "ApplicationServer": "ApplicationServer2",
          "JoltPort": "65535"
        }

      ]
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
User

A valid PeopleSoft user, as defined on PSOPRDEFN

This user must have the role(s) to submit and execute processes.

Password

Password to connect the specified user to the PeopleSoft server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DomainPassword

Password for the PeopleSoft domain (for PeopleTools version 8.51 or later)

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PeopleToolsVersion

Version of PeopleTools

Valid Values are in the format of <major.minor>, such as 8.48, or 8.52. To determine the exact version, consult with your PeopleSoft administrator.

ApplicationServersDetails of the associated PeopleSoft application servers
   ApplicationServerName of a PeopleSoft application server
   JoltPort

Number of the jolt port on the PeopleSoft application server.

Values range from 1024 to 65535.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:Airflow

The following examples show how to define a connection profile for an Airflow Job, which enables you to monitor and manage DAG workflows.

The following example is for a standalone instance of Airflow:

{
   "AIRFLOW_CONNECTION_PROFILE": {
      "Type": "ConnectionProfile:Airflow:Standalone",
      "Host": "dba-airflow-12",
      "Port": "8080",
      "User": "admin",
      "Password": "password",
      "SecuredConnection": true,
      "Centralized": true
   }
}


ParameterDescription
HostDefines the Airflow hostname.
PortDefines the Airflow port number of the Airflow web server.
UserDefines the username that is used to log in to the Airflow server.
PasswordDefines the password to log in to the Airflow server.
SecuredConnection

Determines whether a secure connection to the Airflow server is established.

Values: true|false

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Airflow  job requires a centralized connection profile. Set this parameter to true.

The following example is for a Google Cloud Composer instance of Airflow:

{ 
   "AIRFLOW_GC_CONNECTION_PROFILE": {
      "Type": "ConnectionProfile:Airflow:GoogleComposer",
      "ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
      "ServiceAccountKeyFilename": "1234.log",
      "BaseURL": "http://akjsdlksajdksad",
      "TargetAudience": "153767957930-mq2qc9l7p5i8liqvf19d77fku5nrcd1k.apps.googleusercontent.com",
      "Centralized": true
   } 
}


ParameterDescription
ServiceAccountKeyDefines a JSON body that contains the required service account credentials to access the Google Cloud Composer account.
ServiceAccountKeyFilenameDefines the name of the file that contains the service account credentials.
BaseURLDefines the Airflow web UI URL in Google Composer.
TargetAudience

Defines the JWT (JSON Web Token) audience for the IAP (Identity-Aware Proxy) Google Cloud service.

NoteIf you do not know the target audience value, define any text value and test the connection profile. The error message indicates the required target audience value.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Airflow  job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:WebServices

The following example shows how to define a connection profile for a job to a web service:

{
  "WSDL_CONNECT": {
    "Type": "ConnectionProfile:WebServices",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ServiceType": "WebServices",
    "Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    "HttpAuthentication": "user1:password@realm1;"
  }
}

The following example shows how to define a connection profile for a job to a RESTful web service:

{
  "WSDL_CONNECT": {
    "Type": "ConnectionProfile:WebServices",
    "TargetAgent": "AgentHost",
    "TargetCTM": "CTMHost",
    "ServiceType": "Rest",
    "Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    "HttpAuthentication": "user1:password@realm1;user2:password@realm2",
    "LoginUrl": "http://abc.xyz.com/login",
    "LoginHeader": "Accept:*/*",
    "LoginBody": "{}",
    "JobPreset": "@SessionId:@Token"
  }
}
ParameterDescription
TargetAgentThe Control-M/Agent to which to deploy the connection profile
TargetCTMThe Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.
ServiceType

The type of service to connect with, one of the following:

  • File — Local File System, for jobs that execute web services based on the WSDL source file located on the Agent machine.
  • WebServices — Web Service URL, for jobs that execute web services based on the WSDL source that is managed from a web server.
  • Rest — For jobs that execute REST services
Location

The location of the Web Service, according to the service type:

  • File (Local File System): The path to the directory containing the WSDL files
  • WebServices (Web Service URL): A URL that points to the location of one specific WSDL file
  • Rest: The base URL location to the RESTful services, excluding the specific resource context path
HttpAuthentication

Specification for simple text authentication (user password per realm). Optional.

Enter a value of the following format:

user1:password@realm1;user2:password@realm2

One user per realm only. Separate multiple sets with semicolons. End a single set with a semicolon.

LoginUrlFor REST services only: The URL for the login request
LoginHeader

(Optional, for REST services only) Any additional HTTP headers that are required in the login request.

For each header, use a value of the following format:

<name>=<value>

For multiple headers, separate name/value pairs with colons.

LoginBody(Optional, for REST services only ) Any text required in the login request body
JobPreset

For REST services only: An HTTP header or a parameter to add to each job request, in the HTTP query URL, based on the login returned data.

Job Preset is defined in the following format. Use semicolons to separate multiple sets.

<name>:<value>;<name>:<value>

  • <name>: Type one of the following:

    • HTTP header: Start with the character ‘@’ for the job and then the header name

    • HTTP parameter name: Start with the character ‘#’ for the job and then the parameter name.

  • <value>: Type one of the following:

    • Start with ‘/’ for the Xpath from the login response data and then the Xpath

    • ‘$’ for Jsonpath from the login response data and then the Jsonpath

    • ‘@’ for the header from the login response HTTP headers and followed by the header name:
     <’@’ | ‘#’><job HTTP header or parameter name>:<’/’ | ‘$’ | ‘@’><Xpath, Jsonpath, or header name of the login response>

Back to top

ConnectionProfile:Web Services REST

The following examples show how to define a connection profile for a Web Services REST job.

  • Basic Authentication:

    {
         "REST_BASIC_AUTH": {
             "Type": "ConnectionProfile:Web Services REST",
             "Description": "",
             "Centralized": true,
             "WebServiceAuthenticationBasic": {
                  "UsePreemptiveAuth": true,
                  "User": "User Name",
                  "Password": "Password"
             }
         }
    }
  • OAuth2 Authentication:

    {
        "REST_OAUTH2": {
            "Type": "ConnectionProfile:Web Services REST",
            "Description": "",
            "Centralized": true,
            "WebServiceAuthenticationOauth2": {
                "Body": [{
                    "resource": "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
                }],
                "ContentType": "application/x-www-form-urlencoded",
                "ClientId": "7f477fa3-1a1f-4877-ba80-f39bb563f1b5",
                "ClientSecret": "****",
                "ApiUrl": "https://login.microsoftonline.com/tenantId/oauth2/token"
            }
        }
    }
  • AWS Authentication:

    {
        "REST_AWS": {
            "Type": "ConnectionProfile:Web Services REST",
            "Description": "",
            "Centralized": true,
            "WebServiceAuthenticationAws": {
                 "CustomServiceName": "batch",
                 "Region": "eu-west-2",
                 "AuthMethodAccessAndSecretKeys": {
                     "AccessKey": "MYAWSACCESSKEY1234",
                     "SecretAccessKey": "myAwsSecret12345"
                 }
            }
        }
    }
  • Google Authentication:

    {
        "REST_GCP": {
            "Type": "ConnectionProfile:Web Services REST",
            "Description": "",
            "Centralized": true,
            "WebServiceAuthenticationGoogle": {
                "TokenType": "Access",
                "ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\,\"client_id\":\"116650586827623521335\",\"auth_uri\":\https://accounts.google.com/o/oauth2/auth\,\"token_uri\":\https://oauth2.googleapis.com/token\,  \"auth_provider_x509_cert_url\":\https://www.googleapis.com/oauth2/v1/certs\,\"client_x509_cert_url\":\https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\}"
            }
        }
    }

The following table describes the Web Services REST connection profile parameters.

ParameterAuthentication TypeDescription
UsePreemptiveAuthBasic

Determines whether to use preemptive authentication.

Valid Values:

  • True
  • False

Default: False

User
  • Basic
  • OAuth2
Defines the basic authentication username.
Password
  • Basic
  • OAuth2
Defines the basic authentication password.
Use Basic AuthenticationOAuth2Determines whether to add basic authentication to the OAuth2 authentication.
ApiUrlOAuth2Defines the OAuth2 web service URL.
Grant TypeOAuth2

Determines one of the following OAuth2 grant types, which determine how Web Services REST communicates with the OAuth2 web service:

  • Client Credentials: Requests a username and password.
  • Password: Requests an additional access token username and password, which provides additional security.
ClientIDOAuth2Defines the user ID associated with the Web Services REST user and application.
ClientSecretOAuth2Defines the secret (password) associated with the Web Services REST user and application.
UsernameOAuth2Defines an additional grant type username.
PasswordOAuth2Defines an additional grant type password.
ContentTypeOAuth2

Defines the content type.

Example: application/x-www-form-urlencoded

HeadersOAuth2

Defines the following Oauth2 header parameters:

  • Key
  • Value

You must create one header parameter with the following values:

  • Key: Authorization

  • Value: <Leave empty.>
    Control-M automatically generates a value for the Authorization key.

BodyOAuth2

(Optional) Defines the following Oauth2 body parameters:

  • Key
  • Value
CustomServiceNameAWS

Defines the AWS service that the API accesses.

RegionAWS

Defines the region where the AWS jobs are located.

Example: eu-west-2

Authentication MethodAWS

Determines one of the following authentication methods:

  • IAM Role: Used for services within the AWS infrastructure.
  • Access & Secret Keys: Used for services outside the AWS infrastructure.
IAM RoleAWS

Defines the Identity and Access Management (IAM) role for the AWS connection.

AccessKeyAWS

Defines the AWS account access key.

SecretKeyAWS

Defines the AWS account secret access key.

TokenTypeGoogle

Determines one of the following authentication types for GCP Access Control:

  • Access Token
  • Identity Token
ServiceAccountKeyGoogle

Defines a service account that is associated with an RSA key pair.

CentralizedAll

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Web Services REST job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Web Services SOAP

The following examples show how to define a connection profile for a Web Services SOAP job.

  • Basic Authentication:

    {
         "SOAP_BASIC_AUTH": {
             "Type": "ConnectionProfile:Web Services SOAP",
             "Description": "",
             "Centralized": true,
             "WebServiceAuthenticationBasic": {
                  "UsePreemptiveAuth": true,
                  "User": "User Name",
                  "Password": "Password"
             }
         }
    }
  • No Authentication:

    {
         "SOAP_NO_AUTH": {
             "Type": "ConnectionProfile:Web Services SOAP",
             "Description": "",
             "Centralized": true
         }
    }
ParameterDescription
UsePreemptiveAuth

Determines whether to use preemptive authentication.

Valid Values:

  • True
  • False

Default: False

UserDefines the basic authentication username.
PasswordDefines the basic authentication password.
Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Web Services SOAP job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:UI Path

The following examples show how to define a connection profile for a UiPath job, which performs robotic process automation (RPA) .

{
  "UIPATH_Connect": {
    "Type": "ConnectionProfile:UI Path",
    "Tenant Url": "devabcdexample/DevDefault",
    "Tenant Name": "DevDefaultexample",
    "App ID": "caaabc57-v8ad-30e5-ah3b0-25am5jf361c3",
    "App Secret": "L!Mh4o#0nv1odf#f",
    "Connection Timeout": "30",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Tenant Url

UiPath Account Logical Name, a unique URL for your site

Tenant Name

The display name of the UiPath tenant

App ID

ID of an external application registered in UiPath

The specified external application must be assigned the following required Application Scope rights (through the UiPath Orchestrator, Admin > External Applications > Application Scopes):

  • OR.Folders 
  • OR.Robots
  • OR.Jobs 
  • OR.Execution
App Secret

Application secret generated in UiPath for the external application

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to UiPath

The default is 30 seconds.

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The UI Path job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP DataFlow

The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataflow job, which performs cloud-based data processing for batch and real-time data streaming applications .

{ 
  "GCPDATAFLOW": { 
    "Type": "ConnectionProfile:GCP DataFlow", 
    "Identity Type": "service_account", 
    "DataFlow URL": "https://dataflow.googleapis.com", 
    "Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
    "Description": "", 
    "Centralized": true 
  } 
}


ParameterDescription
Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only
DataFlow URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataflow.googleapis.com  

Service Account Key

Defines a JSON body that contains the required service account credentials to access GCP.

Required only for Service Account authentication.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP Dataflow job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP Dataproc

The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataproc job, which performs cloud-based big data processing and machine learning.

{ 
  "GCPDATAPROC": { 
    "Type": "ConnectionProfile:GCP Dataproc", 
    "Identity Type": "service_account", 
    "Dataproc URL": "https://dataproc.googleapis.com", 
    "Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
    "Connection timeout": "20",
    "Description": "", 
    "Centralized": true 
  } 
} 


ParameterDescription
Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only
Dataproc URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataproc.googleapis.com  

Service Account Key

Defines a JSON body that contains the required service account credentials to access GCP.

Required only for Service Account authentication.

Connection timeout

Defines a timeout value, in seconds, for the trigger call to the Google Cloud Platform.

Default:  20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP Dataproc job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP BigQuery

The following example shows how to define a connection profile for a GCP BigQuery job for data storage, processing, and analysis.

In this example, authentication is based on a service account.

{
	"BIGQSA": {
		"Type": "ConnectionProfile:GCP BigQuery",
		"Identity Type": "service_account",
		"Service Account Key": "*****",
		"BigQuery URL": "https://bigquery.googleapis.com",
		"Description": "",
		"Centralized": true
	}
}


ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
Service Account Key

(For Service Account) Defines a service account that is associated with an RSA key pair.

BigQuery URL

Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery.

Default: https://bigquery.googleapis.com

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP BigQuery job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP VM

The following example shows how to define a connection profile for a Google Virtual Machine (VM) job for the integration of Google VM operations into Control-M.

In this example, authentication is based on a service account.

{
  "GCPVM": {
    "Type": "ConnectionProfile:GCP VM",
    "Identity Type": "service_account",
    "GCP API URL": "https://compute.googleapis.com/compute", 
    "Service Account Key": "*****",
    "Connection timeout": "20",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
GCP API URL

(For Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint.

Default: https://compute.googleapis.com/compute 

Service Account Key

(For Service Account) Defines a service account that is associated with an RSA key pair.

Connection timeout

Determines the number of seconds to wait for the trigger call made by Control-M to GCP before timing out.

Default:  20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP VM job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP Batch

The following example shows how to define a connection profile for a Google Batch job for batch computing workloads on a virtual machine.

In this example, authentication is based on a service account.

{
  "GCP_BATCH": {
      "Type": "ConnectionProfile:GCP Batch",
      "Identity Type": "service_account",
      "Batch URL": "https://batch.googleapis.com",
      "Service Account Key": "*****",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
  }
}


ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
Batch URL

(For Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint.

Default: https://batch.googleapis.com

Service Account Key

(For Service Account) Defines a service account that is associated with an RSA key pair.

Connection timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Batch before a timeout occurs.

Default:  20 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP Batch job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP Functions

The following example shows how to define a connection profile for a Google Functions job, which enables you to develop, test, and run applications in the cloud.

In this example, authentication is based on a service account.

{
    "GCPFUNCTIONS": {
        "Type": "ConnectionProfile:GCP Functions",
        "Identity Type": "service_account",
        "GCP API URL": "https://cloudfunctions.googleapis.com",
        "Service Account Key": "*****",
        "Connection Timeout": "60",
        "Description": "",
        "Centralized": true
    }
}
ParameterDescription
Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.
  • IAM: Authenticates based on a detected IAM role,  which removes the need to provide additional credentials.
GCP API URL(Service Account) Defines the Google Cloud Platform (GCP) authentication endpoint. 
Service Account Key(Service Account) Defines a service account that is associated with an RSA key pair.
Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Functions before a timeout occurs.

Default: 20

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP Functions job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:GCP Dataprep

The following example shows how to define a connection profile for a Google Dataprep job, which enables you to visualize, format, and prepare your data for analysis.

{
    "GCP_DATAPREP": {
        "Type": "ConnectionProfile:GCP Dataprep",
        "GCP Dataprep URL": "https://api.clouddataprep.com",
        "User Access Token": "*****",
        "Connection Timeout": "30",
        "Description": "",
        "Centralized": true
    }
}


ParameterDescription
GCP Dataprep URL

Defines the GCP Dataprep API authentication endpoint.

Default: https://api.clouddataprep.com

User Access TokenDefines a token that enables you to authenticate Control-M and connect to your GCP Dataprep account.
Connection timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Dataprep before a timeout occurs.

Default:  30 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The GCP Dataprep job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Boomi

The following example shows how to define a connection profile for a Boomi job, which enables integration of Boomi processes with your existing Control-M workflows.

{
  "BOOMICCP": {
    "Type": "ConnectionProfile:Boomi",
    "AccountId": "*****",
    "API Token": "*****",
    "End Point": "https://api.boomi.com",
    "API Username": "BOOMI_TOKEN.BoomiUsername",
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
AccountId

Defines a unique Boomi account ID.

API TokenDefines a Boomi API Token of a Boomi user for connection to the Boomi endpoint.
End Point

Defines the Boomi API endpoint:

https://api.boomi.com
API Username

Defines the name of a Boomi user in email format. 

Default: BOOMI_TOKEN.{Boomi username} 

Example: BOOMI_TOKEN.user@example.com

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Boomi job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Databricks

The following example shows how to define a connection profile for a Databricks job, which enables integration of jobs created in the Databricks environment with your existing Control-M workflows.

"DATABRICKS": {
    "Type": "ConnectionProfile:Databricks",
    "Databricks workspace url": "https://dbc-7b944b32-faf0.cloud.databricks.com",
    "Databricks personal access token": "*****", 
    "Connection Timeout": "50",
    "Description": "",
    "Centralized": true
}


ParameterDescription
Databricks workspace url

Defines the URL of your Databricks workspace. 

Databricks personal access tokenDefines a Databricks token for authentication of connections to the Databricks workspace.
Connection Timeout

A timeout value, in seconds, for the REST calls made to Databricks.

Default: 50 seconds

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:DBT

The following example shows how to define a connection profile for a DBT job. DBT (Data Build Tool) is a cloud-based computing platform that enables you to develop, test, schedule, document, and analyze data models.

"DBT_CP": { 
   "Type": "ConnectionProfile:DBT", 
   "DBT URL": "https://cloud.getdbt.com",  
   "DBT Token": "*****", 
   "Account ID": "123456", 
   "Connection Timeout": "60",
   "Description": "", 
   "Centralized": true 
} 


ParameterDescription
DBT URL

Defines the DBT authentication endpoint.

Default: https://cloud.getdbt.com

DBT Token

Defines the authentication code that is used to create a connection to the DBT platform.

This is located in the API Access section in the DBT Cloud platform.

Account ID

Defines the unique ID that is assigned to your DBT Cloud account.

This is located in the Account Info section in the DBT Cloud platform.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to DBT before a timeout occurs.

Default: 60

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The DBT job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Snowflake

The following example shows how to define a connection profile for a Snowflake job. Snowflake is a cloud computing platform that you can use for data storage, processing, and analysis. 

"SNOWFLAKE_CONNECTION_PROFILE": { 
    "Type": "ConnectionProfile:Snowflake", 
	"Account Identifier": "{Account_ID}",  
    "Region": "us-east-1",
    "Client ID": "DuHj****************",
	"Client Secret": "*****",
    "Refresh Token": "ver%******************",   
    "Redirect URI": "https%****************", 
    "Description": "", 
    "Centralized": true 
}


ParameterDescription
Account Identifier

Defines the Snowflake account identifier.

To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties.

Example

OAUTH_AUTHORIZATION_ENDPOINT has the following value:
https://abc123.us-east-1.snowflakecomputing.com/oauth/authorize

In this value, the account identifier is the following string:
abc123

For more information about obtaining values for the parameters required by the connection profile, see Setting Up a Snowflake API Connection.

Region

Determines the region where the Snowflake jobs are located.

Example: us-east-1

Client IDDefines the client ID assigned to the account in the Snowflake integration setup.
Client SecretDefines the client secret  assigned to the account in the Snowflake integration setup.
Refresh Token

Defines the value for the refresh token.

This string must be URL-encoded.

Redirect URI

Defines the redirect URI assigned to the account in the Snowflake integration setup.

This string must be URL-encoded.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Snowflake job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Talend Data Management

The following example shows how to define a connection profile for a Talend job, for data management and integration.

"TALENDDATA": {
    "Type": "ConnectionProfile:Talend Data Management",
    "API URL": "https://api.eu.cloud.talend.com/tmc/v2.6",
    "Region": "eu",
    "Personal access token authorization": "*****", 
    "Description": "Talend Data Management",
    "Centralized": true
}


ParameterDescription
API URL

Defines the authentication endpoint base URL for the Talend Cloud Management Console:

https://api.{{Region}.cloud.talend.com/tmc/v2.6

Where {{Region}} can be one of the following:

  • eu — Europe (the default AWS region)
  • us — United States - East
  • us-west — United States - West
  • au — Australia
  • ap — Asia
Region

Determines the location of the AWS user, as it appears in the API URL.

Personal access token authentication

Defines a Talend token for authentication of connections to Talend.

You generate this token through your Talend profile.

CentralizedDetermines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Talend job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Automation Anywhere

The following example shows how to define a connection profile for an Automation Anywhere job, which performs robotic process automation (RPA) .

{
  "AA_CON": {
    "Type": "ConnectionProfile:Automation Anywhere",
    "Host": "https://trial.cloud.automationanywhere.digital", 
    "User Name": "JohnSmith@abc.onmicrosoft.com",
    "Password": "*****", 
    "Description": "",
    "Centralized": true
  }
}


ParameterDescription
HostDefines the Control Room URL.
User NameDefines the Automation Anywhere user name.
PasswordDefines the Automation Anywhere user password.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Automation Anywhere job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:TRIFACTA

The following example shows how to define a connection profile for a Trifacta job, for data processing.

{
	" TRIFACTA": {
		"Type": "ConnectionProfile:TRIFACTA",
		"Trifacta URL": "https://cloud.trifacta.com",
		"User Name": "User Name",
		"Password": "Password",
		"Connection Timeout": "10",
		"Description": " ",
		"Centralized": true
	}
}


ParameterDescription
Trifacta URL

Defines the Trifacta authentication endpoint.

Default: https://cloud.trifacta.com

User NameDefines the registered user name or email address for your Trifacta account.
PasswordDefines the password for the Trifacta user.
Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to Trifacta.

Default: 10 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Trifacta job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Micro Focus Windows and ConnectionProfile:Micro Focus Linux

The following examples show how to define a connection profile for a Micro Focus job, for mainframe modernization.

The following connection profile is for Micro Focus on Windows: 

{
   "MICROFWINDOWS": {
      "Type": "ConnectionProfile:Micro Focus Windows",
      "MFBSI Directory Path": "C:\\MicroFocus\\ES\\mfbsi\\ESBMC",
      "MFBSI Config Path": "C:\\Workspace\\system\\config\\MFBSI.cfg",
      "Runtime Environment": "\"C:\\Program Files (x86)\\Micro Focus\\Enterprise Developer\\createenv.bat\"", 
      "Additional Micro Focus Settings Script": "C:\\MicroFocus\\ES\mfbsi\\ESBMC\\settings\\options.bat",
      "Run As": "microuser",
      "Password": "*****", 
      "Description": "Centralized Connection Profile for Micro Focus Windows",
      "Centralized": true
   }
}

The following connection profile is for Micro Focus on UNIX or Linux: 

{
   "MICROFLINUX": {
      "Type": "ConnectionProfile:Micro Focus Linux",
      "MFBSI Directory Path": "/home/esuser/ES/mfbsi/ESBMC1", 
      "MFBSI Config Path": "/home/user/config/mfbsi.cfg", 
      "Runtime Environment": ". /opt/microfocus/EnterpriseDeveloper/bin/cobsetenv", 
      "Additional Micro Focus Settings Script": "/home/esuser/bmc/configuration/mfexports.sh", 
      "Run As": "microuser", 
      "Password": "*****",
      "Description": "Centralised Connection Profile for Micro Focus Linux", 
      "Centralized": true
   }
}


ParameterDescription
MFBSI Directory Path

Defines the directory path of the Micro Focus Batch Scheduler Integration (MFBSI) configuration file. The temporary files JOBnnnnn.Sem and JobId.Log are stored here.

This folder must be accessible for the Micro Focus Batch Scheduler Integration JCL (MFBSIJCL) file to run.

MFBSI Config PathDefines the file path of the MFBSI configuration file.
Runtime Environment

Defines the path of the runtime environment, as follows:

  • UNIX/Linux: . <Micro Focus Visual COBOL directory>/bin/cobsetenv
  • Windows: "<Micro Focus Enterprise Developer directory>\createenv.bat"
Additional Micro Focus Settings Script

(Optional) Defines the path to a script file that contains additional variables for the job.

The variables in the script file are defined in the following format:

  • UNIX/Linux:
    export VAR1=VAR1VAL
    export VAR2=VAR2VAL
  • Windows: 
    set VAR1=VAR1VAL
    set VAR2=VAR2VAL
Run As(Optional) Defines the user that runs the job.
Password(Optional) Defines the password of the user that runs the job.
CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The MicroFocus job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Communication Suite

The following example shows how to define a connection profile for a Communication Suite job, which enables you to automate business messaging and communication over Microsoft Teams, Slack, Telegram, and WhatsApp.

{
   "COMM_SUITE": {
      "Type": "ConnectionProfile: Communication Suite",
      "Microsoft Teams Webhook URL": "https://x3dmj.webhook.office.com/webhookb2/5dbb288-138d-428d-ade7-478f727d93f3@edc0dae-4a7f-ac1e-91cb8a656e/IncomingWebhook/ba207b3181d9ede7c9ad1251141/05f0a54e-cec1-4df4-893b-8e61d84516a"
      "Slack Webhook URL": "https://hooks.slack.com/services/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",
      "Telegram URL": "https://api.telegram.org/bot",
      "Telegram Bot Token": "*****",
      "Telegram Chat ID": "207397578157",
      "WhatsApp URL": "https://graph.facebook.com/Version/PhoneNumberID/messages",
      "WhatsApp Business ID": "142913904062636",
      "Phone Number ID": "790951673835859",
      "Recipient Phone Number": "17185551212",
      "User Access Token": "*****",
      "Version": "v15.0",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
   }
}


ParameterDescription
Microsoft Teams Webhook URL

Defines an incoming webhook, which enables Control-M to communicate over Microsoft Teams channels. 

You must create this webhook in Teams before you can add it to the connection profile.

Slack Webhook URL

Defines an incoming webhook, which enables Control-M to communicate over Slack channels.

You must create this webhook in Slack before you can add it to the connection profile.

Telegram URL

Determines the authentication endpoint for Telegram, which enables Control-M to connect to a Telegram bot.

Default: https://api.telegram.org/bot

Telegram Bot Token

Defines a password that is used to authenticate Control-M, which enables you to access and communicate with a Telegram bot.

You must create this bot in Telegram  before you can add it to the connection profile.

Telegram Chat IDDefines a unique identifier that is assigned to a specific chat conversation in Telegram, which enables you to communicate through a bot in this chat conversation.
WhatsApp URL

Determines the authentication endpoint for WhatsApp, which enables Control-M to connect to WhatsApp.

Format: https://graph.facebook.com/<Version>/<PhoneNumberId>/messages

WhatsApp Business ID

Defines the unique ID that is associated with your WhatsApp business account.

This enables Control-M to communicate over WhatsApp with customers who are connected to this account.

You must create a WhatsApp business account  before you can add it to the connection profile.

Phone Number IDDefines a unique ID that is associated with the WhatsApp user.
Recipient Phone NumberDefines the country code and phone number of the WhatsApp user.
User Access TokenDefines a password that is used to authenticate Control-M, which enables you to access your WhatsApp Business API and perform actions with this account.
Version

Defines the WhatsApp API version number.

Default: v15.0

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Communication Suite before a timeout occurs.

Default: 30 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Communication Suite job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Kubernetes

The following example shows how to define a connection profile for a Kubernetes job, which enables you to run a pod to completion in a Kubernetes-based cluster.

{
    "KBN_CCP": {
        "Type": "ConnectionProfile:Kubernetes",
        "Description": "Profile for agent running in the Kubernetes cluster",
        "Namespace": "jobspace",
        "Kubernetes Cluster URL": "https://kubernetes.default.svc",
        "Service Token File": "/var/run/secrets/kubernetes.io/serviceaccount/token",
        "Connection Timeout": "20",
        "Centralized": true
    }
}


ParameterDescription
NamespaceDefines the name of the Kubernetes namespace.
Kubernetes Cluster URL

Defines the URL for the connection to the Kubernetes cluster.

Default: https://kubernetes.default.svc

Service Token File

Defines the path to the token file for the connection to Kubernetes.

Default: /var/run/secrets/kubernetes.io/serviceaccount/token

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Kubernetes before a timeout occurs.

Default: 20 seconds

CentralizedWhether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents.

Values: true|false

Default: false

The Kubernetes job requires a centralized connection profile. Set this parameter to true.

Back to top

Was this page helpful? Yes No Submitting... Thank you

Comments