Connection Profiles


Connection profiles are used to define access methods and security credentials for a specific application. They can be referenced by multiple jobs. To do this, you must deploy the connection profile definition before running the relevant jobs. 

Note: For most types of connection profiles (except for File Transfer connection profiles), the name of the connection profile can contain only the following types of characters: uppercase letters, numbers, hyphens, and underscores. The connection profile name can contain up to 30 characters.

ConnectionProfile:Hadoop

These examples show how to use connection profiles for the various types of Hadoop jobs.

Hadoop (all types)

These are the required parameters for all Hadoop job types.

{
 "HADOOP_CONNECTION_PROFILE":
 {
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "edgenode",
   "TargetCTM" : "CTMHost"
 }
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile.

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

 These are the optional parameters for defining the user running the Hadoop job types and choosing between a local or centralized connection profile.

{
 "HADOOP_CONNECTION_PROFILE":
 {
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
   "RunAs": "",
   "KeyTabPath":"",
   "Centralized":true
 }
}

RunAs

Defines the user of the account on which to run Hadoop jobs.

Leave this field empty to run Hadoop jobs using the user account where the agent was installed.

The Control-M/Agent must run as root, if you define a specific RunAs user.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

In the case of Kerberos security, the following parameters control security:

RunAs

Principal name of the user

KeyTabPath

Keytab file path for the target user

Apache Spark

The following example shows a connection profile that defines access to a Spark server.

{
"SPARK_CONNECTION_PROFILE" :
{
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "docker-hadoop5",
   "Spark" :
   {
     "CustomPath" : "/home"
   }
 }
}

The CustomPath parameter is optional.

Apache Oozie

 The following example shows a connection profile that defines access to an Oozie server.

{
 "OOZIE_CONNECTION_PROFILE" :
{
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "hdp-ubuntu",
   "Centralized" : false,
   "Oozie" :
   {
     "SslEnabled"     : false,
     "Host" : "hdp-centos",
     "Port" : "11000",
     "ExtractionRules": [
     {
       "RuleName" : "rule_name1",
       "WorkFlowName" : "work_flow_name1",
       "WorkFlowUserName" : "work_flow_user_name1",
       "FolderName" : "folder_name1",
       "JobName" : "job_name1"
      },
     {
       "RuleName" : "rule_name2",
       "WorkFlowName" : "work_flow_name2",
       "WorkFlowUserName" : "work_flow_user_name2",
       "FolderName" : "folder_name2",
       "JobName" : "job_name2"
      }
      ]
  }
}
}

Parameter

Description

Host

Oozie server host

Port

Oozie server port

Default: 11000

SslEnabled

true | false

Default: false

ExtractionRules

9.0.20.010(Optional) Definitions of rules for filtering Oozie workflows. Each rule has the following definitions:

   RuleName

Name of the rule

   WorkFlowName

Name of the Oozie workflow to get from the Oozie server

   WorkFlowUserName

Name of the user that runs the workflows from the Oozie server

   FolderName

Name of the folder that contains the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template

   JobName

Name of the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template

Apache Sqoop

The following example shows a connection profile that defines a Sqoop data source and access credentials.

{
 "SQOOP_CONNECTION_PROFILE" :
 {
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "edgenode",
   "TargetCTM" : "CTMHost",
   "Centralized" : false,
   "Sqoop" :
   {
     "User"     : "username",
     "Password" : "userpassword",
     "ConnectionString" : "jdbc:mysql://mysql.server/database",
     "DriverClass" : "com.mysql.jdbc.Driver"
   }
  }
}

The following table describes the parameters in the example above, as well as several additional optional parameters:

Parameter

Description

User

The database user connected to the Sqoop server

Password

A password for the specified user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionString

JDBC-compliant database: The connection string used to connect to the database

DriverClass

JDBC-compliant database: The driver class for the driver .jar file, which indicates the entry-point to the driver

PasswordFile

(Optional) The full path to a file located on the HDFS that contains the password to the database

Note: To use a JCEKS file, include the .jceks file extension.

DatabaseVendor

(Optional) The database vendor of an automatically supported database used with Sqoop, one of the following:

  • MySQL
  • Oracle (SID)
  • Oracle (Service Name)
  • PostgreSQL

DatabaseName

(Optional) Name of an automatically supported database used with Sqoop

DatabaseHost

(Optional) The host server of an automatically supported database used with Sqoop

DatabasePort

(Optional) The port number for an automatically supported database used with Sqoop

Apache Tajo

The following example shows a connection profile that defines access to a Tajo server. Tajo is an advanced data warehousing system on top of HDFS.

{
 "TAJO_CP" :
 {
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "edgenode",
   "Tajo":
   {
     "BinaryPath": "$TAJO_HOME/bin/",
     "DatabaseName": "myTajoDB",
     "MasterServerName" : "myTajoServer",
     "MasterServerPort": "26001"
   }
 }
}

Parameter

Description

BinaryPath

Path to the bin directory where tsql utility is located

DatabaseName

Name of the Tajo database

MasterServerName

Host name of the server where the Tajo master is running

MasterServerPort

Tajo master port number

Apache Hive

The following example shows a connection profile that defines a Hive beeline endpoint and access credentials. The parameters in the example translate to this beeline command: 

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>

{
  "HIVE_CONNECTION_PROFILE" :
 {
   "Type" : "ConnectionProfile:Hadoop",
   "TargetAgent" : "edgenode",
   "TargetCTM" : "CTMHost",
   "Hive" :
   {
      "Host" : "hive_host_name",
      "Port" : "10000",
      "DatabaseName" : "hive_database",
   }
 }
}

The following shows how to use optional parameters for a Hadoop Hive job type connection profile. 

The parameters in the example translate to this beeline command:  

beeline  -u jdbc:hive2://<Host>:<Port>/<DatabaseName>;principal=<Principal> -n <User> -p <Password> 

{
  
"HIVE_CONNECTION_PROFILE1":
  
{
    
"Type" : "ConnectionProfile:Hadoop",
    
"TargetAgent" : "edgenode",
    
"TargetCTM" : "CTMHost",
    
"Centralized" : true,
    
"Hive" :
    
{
       
"Host" : "hive_host_name",
       
"Port" : "10000",
       
"DatabaseName" : "hive_database",
       
"User" : "user_name",
       
"Password" : "user_password",
       
"Principal" : "Server_Principal_of_HiveServer2@Realm"
    
}
  
}
}

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Back to top

ConnectionProfile:FileTransfer

Connection profiles for File Transfers are available for the following types of target servers and communication protocols:

For FTP, SFTP, FTPS, and Local filesystem transfers, you can choose between the following types of connection profiles, depending on the number of hosts for which the connection profile contains connection details:

  • Single endpoint: Each connection profile contains the connection details of a single host. Such a connection profile can be used for either the source host or the destination host in a file transfer.
  • Dual endpoint: The connection profile contains connection details of two hosts, both the source host and the destination host, in a file transfer.

You can also create group connection profiles for file transfers, which enable you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

ConnectionProfile:FileTransfer:FTP

The following examples show a connection profile for a file transfer to a single endpoint using the FTP communication protocol.

Simple ConnectionProfile:FileTransfer:FTP

{
"FTPConn" : {
  "Type" : "ConnectionProfile:FileTransfer:FTP",
  "TargetAgent" : "AgentHost",
  "TargetCTM" : "CTMHost",
  "HostName": "FTPServer",
  "User" : "FTPUser",
  "Password" : "ftp password",
}
}

ConnectionProfile:FileTransfer:FTP with optional parameters

{
"FTPConn" : {
  "Type" : "ConnectionProfile:FileTransfer:FTP",
  "TargetAgent" : "AgentHost",
  "TargetCTM" : "CTMHost",
  "WorkloadAutomationUsers":["john","bob"],
  "HostName": "FTPServer",
  "Port": "21",
  "User" : "FTPUser",
  "Password" : "ftp password",
  "HomeDirectory": "/home/FTPUser",
  "OsType": "Unix",
  "Centralized" : false,
  "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
 }
}

TargetAgent

The Control-M/Agent to which to deploy the connection profile.

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTP server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTP server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory

(Optional) User home directory

ConnectionMode

(Optional) Set the FTP client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:SFTP

The following examples show a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol. 

Simple ConnectionProfile:FileTransfer:SFTP

{
"sFTPconn": {
  "Type": "ConnectionProfile:FileTransfer:SFTP",
  "TargetAgent": "AgentHost",
  "TargetCTM" : "CTMHost",
  "HostName": "SFTPServer",
  "Port": "22",
  "User" : "SFTPUser",
  "Password" : "sftp password"
}
}

ConnectionProfile:FileTransfer:SFTP with optional parameters

{
"sFTPconn": {
  "Type": "ConnectionProfile:FileTransfer:SFTP",
  "TargetAgent": "AgentHost",
  "TargetCTM" : "CTMHost",
  "HostName": "SFTPServer",
  "Port": "22",
  "User" : "SFTPUser",
  "HomeDirectory": "/home/SFTPUser",  
  "PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
  "Passphrase": "passphrase",
  "SSHCompression": true,
  "Centralized" : true,
  "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
 }
}

TargetAgent

Which agent computer to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

PrivateKeyName

(Optional) Private key full file path

Passphrase

(Optional) Password for the private key. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Password

(Optional) Password for SFTP Server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory

(Optional) User home directory

SSHCompression

(Optional) Whether to compress the file before the transfer.

true | false

Default: false

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:FTPS

The following example shows a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.

{
"FTPSConn": {
   "Type": "ConnectionProfile:FileTransfer:FTPS",
   "HomeDirectory": "/var/home",
   "TargetAgent": "sqa",
   "TargetCTM": "LocalControlM",
   "HostName" : "localhost",
   "User" : "controlm",
   "Password": "ftps_pass",
   "Port": "10021",
   "SSLImplicit": false,
   "ClearDataChannel": true,
   "SSLLevel": "ClientServerAuthentication",
   "ClearCommandChannel": true,
   "Centralized" : true,
   "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
  }
}

TargetAgent

The Control-M/Agent to which to deploy the connection profile.

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) FTPS server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for FTPS server account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

HomeDirectory

(Optional) User home directory

ConnectionMode

(Optional) Set the FTPS client connection mode, one of the following options:

  • Active
  • Passive — Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • PassiveSubstituteIpAddress — Passive + force passive connections to use the host address.
  • EPSV — Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).
  • EPSVSubstituteIpAddress — EPSV + force passive connections to use the host address.

Default: Active

SSLImplicit

Whether to automatically create an SSL connection to the FTPS server (Default port 990).

In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS).

true (implicit connection) | false (explicit connection)

Default: false

ClearDataChannel

Whether to encrypt the connection process while files are transferred without encryption.

This option is useful if you want your login information encrypted and your files transferred without encryption.

true | false

Default: true

SSLLevel

The SSL security level, one of the following:

  • NoAuthentication — low security level; client certificate not sent (the default)
  • ServerAuthentication — moderate security level; client certificate not sent
  • ClientServerAuthentication — high security level; client certificate sent

ClearCommandChannel

Whether to set the transmission mode from encrypted mode to clear text mode.

You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:AS2

The following examples show connection profiles for file transfers from a local filesystem to an AS2 server using the AS2 protocol.

Note: File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.

Simple ConnectionProfile:FileTransfer:AS2

{
 "AS2_Conn_1": {
   "Type": "ConnectionProfile:FileTransfer:AS2",
   "TargetCTM": "LocalControlM",
   "TargetAgent": "sqa",
   "WorkloadAutomationUsers": [
     "noAi"
    ],
   "PartnerAS2Id": "partner-as2-id",
   "PartnerDestinationUrl": "sqa",
   "PartnerCertificateAlias": "partnerCertAlias",
   "HostName": "sqa",
   "Password": "*****"
 }
}

ConnectionProfile:FileTransfer:AS2 with optional parameters

{
 "AS2_Conn_2": {
   "Type": "ConnectionProfile:FileTransfer:AS2",
   "TargetCTM": "LocalControlM",
   "TargetAgent": "sqa",
   "Centralized": true,
   "WorkloadAutomationUsers": [
     "em_user1"
    ],
   "PartnerAS2Id": "partner-as2-id",
   "PartnerDestinationUrl": "sqa",
   "PartnerCertificateAlias": "partnerCertAlias",
   "HostName": "sqa",
   "Password": "*****",
   "AsyncMdnTimeout": "18120000",
   "User": "basicUser",
   "SendMessageTimeout": "301000",
   "CompressMessage": true,
   "SignMessageParameters": {
     "SignMessage": false,
     "SignatureAlgorithm": "RSA with SHA-384"
   },
   "EncryptMessageParameters": {
     "EncryptMessage": false,
     "EncryptionAlgorithm": "tripleDES (DES EDE3)"
   },
   "RequestReceiptParameters": {
     "RequestReceipt": false,
     "Mode": "Asynchronous",
     "Sign": "Unsigned"
   },
   "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
 }
} 

This connection profile has the following parameters:

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

TargetAgent

The Control-M/Agent to which to  deploy the connection profile.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

PartnerAS2Id

The logical name of the remote AS2 server

PartnerDestinationUrl

The URL of the AS2 server

PartnerCertificateAlias

The alias of the partner certificate that is stored in the AS2 keystore

Password

(Optional) The password of the HTTP request for the AS2 message. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

AsyncMdnTimeout

(Optional) The number of minutes to wait for the AS2 server to send the receipt before a timeout occurs

The default is 18000000 minutes.

User

The username of the HTTP request for the AS2 message

SendMessageTimeout

(Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs

The default is 300000 seconds (5000 hours).

CompressMessage

Whether to compress the AS2 message when sent, either true or false

The default is false.

SignMessageParameters


    SignMessage

Whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm, either true or false

The default is true.

    SignatureAlgorithm

The algorithm to use for signing the AS2 message, one of the following options:

  • RSA with SHA-1
  • RSA with SHA-224
  • RSA with SHA-256
  • RSA with SHA-384
  • RSA with SHA-512
  • RSA with MD5

The default is RSA with SHA-1.

EncryptMessageParameters


    EncryptMessage

Whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm, either true or false

The default is true.

    EncryptionAlgorithm

The algorithm to use for encryption of the AS2 message, one of the following options:

  • CAST5_CBC
  • IDEA_CBC
  • RC2_CBC
  • tripleDES (DES EDE3)
  • AES128_CBC
  • AES192_CBC
  • AES256_CBC

The default is CAST5_CBC.

RequestReceiptParameters


    RequestReceipt

Whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed, either true or false

The default is true.

    Mode

The mode for receiving the MDN receipt, either Asynchronous or Synchronous

The default is Synchronous.

    Sign

The type of MDN receipt to receive, either Signed or Unsigned

The default is Signed.

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: false

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:Local

The following example shows a connection profile for a file transfer to a single endpoint on a Local File System. 

{
"LocalConn" : {
  "Type" : "ConnectionProfile:FileTransfer:Local",
  "TargetAgent" : "AgentHost",
  "TargetCTM" : "CTMHost",
  "User" : "controlm",
  "Password" : "local password",
  "Centralized" : true,
  "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
  }
}

TargetAgent

The Control-M/Agent to which to deploy the connection profile.

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. 

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE : You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

OsType

(Optional) Local server operating system type

Default: Unix

Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS

Password

(Optional) Password for local account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Amazon

The following example shows a connection profile for file transfers to or from an Amazon S3 storage service.

{
  "testAmazon": {
   "Type": "ConnectionProfile:FileTransfer:S3:Amazon",
   "Region": "us-west-2",
   "AccessKey": "mykey",
   "SecretAccessKey": "mysecret",
   "VerifyDestination": true,
   "TargetAgent": "sqa",
   "Centralized": true,
   "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
 }
}

This connection profile has the following parameters:

TargetAgent

The Control-M/Agent to which to  deploy the connection profile.

Region

The region in which the Amazon S3 storage bucket is located.

Specify one of the following regions:

  • us-gov-west-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • cn-north-1
  • cn-northeast-1

AccessKey

The access key to the Amazon S3 storage.

SecretAccessKey

The secret access key to the Amazon S3 storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

ConnectionProfile:FileTransfer:S3:Compatible

The following example shows a connection profile for file transfers to or from an S3-compatible storage service.

{
 "testCompatible": {
   "Type": "ConnectionProfile:FileTransfer:S3:Compatible",
   "RestEndPoint": "api.com",
   "AccessKey": "mykey",
   "SecretAccessKey": "mysecret",
   "VerifyDestination": true,            
   "TargetAgent": "sqa",
   "Centralized": true,
   "AdditionalParameters": [
     {
       "Name": "param1",
       "Value": "1"
     },
     {
       "Name": "param2",
       "Value": "2"
     }
    ]
 }
}

This connection profile has the following parameters:

TargetAgent

The Control-M/Agent to which to  deploy the connection profile.

RestEndPoint

The network address where the S3 Compatible Storage is located.

AccessKey

The access key to the S3 Compatible storage.

SecretAccessKey

The secret access key to the S3 Compatible storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AdditionalParameters

9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help).

The following example shows a connection profile for file transfers to or from an AWS PrivateLink for Amazon S3, for storage that resides in the virtual private cloud (VPC) endpoint.

{
  "PRIVATE_LINK_AMAZON_CP": {
     "Type": "ConnectionProfile:FileTransfer:S3:AWSPrivateLink",
     "Region": "us-west-2",
     "AccessKey": "f392vvrf389222dsfvsd5b",
     "SecretAccessKey": "JXq5+dfsux71t3wee+PdQ2bzGOFexcfsdf",
     "VerifyDestination": true,
     "RestEndPoint": "apicom",
     "TargetCTM": "CTMHost",
     "TargetAgent": "web",
 "Centralized": true
  }
}

This connection profile has the following parameters:

Region

Determines the region in which the Amazon S3 storage bucket is located:

  • us-gov-west-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • cn-north-1
  • cn-northeast-1

AccessKey

Defines the access key to the Amazon S3 storage.

SecretAccessKey

Defines the secret access key to the Amazon S3 storage.

Use Secrets in code to not expose this secret access key in the code.

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

RestEndPoint

Defines the network address where the Amazon S3 storage is located.

TargetCTM

Defines the Control-M/Server to which to deploy the connection profile.

If there is only one Control-M/Server, that is the default.

TargetAgent

Defines the Control-M/Agent to which to deploy the connection profile.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:SharedKey

The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using an access key:

{
  "AZURE_CCP1": {
     "Type": "ConnectionProfile:FileTransfer:Azure:SharedKey",
     "AzureAccountName": "devAccount",
     "AzureAccountAccessKey": "44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureAccountAccessKey

Defines the account access key that is used to connect to Azure.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:ConnectionString

The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using a full connection string:

{
  "AZURE_CCP2": {
     "Type": "ConnectionProfile:FileTransfer:Azure:ConnectionString",
     "AzureAccountName": "devAccount",
     "AzureAccountConnectionString": "DefaultEndpointsProtocol=https;AccountName=devAccount;AccountKey=44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==;EndpointSuffix=core.windows.net",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureAccountConnectionString

Defines the entire connection string used to connect to Azure.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdUserPass

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).

{
   
"AZURE_CCP3": {
      
"Type": "ConnectionProfile:FileTransfer:Azure:AdUserPass",
      
"AzureAccountName": "devAccount",
      
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
      
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
      
"AzureUserNameAD": "john@mftteamoutlook.onmicrosoft.com",
      
"AzureUserPasswordAD": "Abcxyz1234!",
      
"Centralized": true
   
}
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureUserNameAD

Defines the name of the Azure AD user to use for authentication.

AzureUserPasswordAD

Defines the password of the Azure AD user.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdClientSecret

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.

{
  "AZURE_CCP4": {
     "Type": "ConnectionProfile:FileTransfer:Azure:AdClientSecret",
     "AzureAccountName": "devAccount",
     "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
     "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
     "AzureClientSecret": "rbyHyYH7~pg0fs1pRNMEPuJG-Y.t_fE8yt",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureClientSecret

Defines the name of the application secret.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:AdCertificate

The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.

{
  "AZURE_CCP5": {
     "Type": "ConnectionProfile:FileTransfer:Azure:AdCertificate",
     "AzureAccountName": "devAccount",
     "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
     "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
     "AzureClientCertificateFormat": "PFX",
     "AzureClientCertificatePath": "C:\\as2_keystore.pfx",
     "AzureClientCertificatePassword": "password",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureClientCertificateFormat

Determines whether to use PEM or PFX as the certificate file.

AzureClientCertificatePath

Defines the location of the certificate file.

AzureClientCertificatePassword

Defines the password of the certificate.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:SharedAccessSignature

The following example shows a connection profile for file transfers to or from an Azure Storage service using a Shared Access Signature (SAS), which delegates access with specific permissions over a limited time interval.

{
  "AZURE_CCP6": {
     "Type": "ConnectionProfile:FileTransfer:Azure:SharedAccessSignature",
     "AzureAccountName": "devAccount",
     "AzureAccountSaSToken": "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2022-07-23T16:47:01Z&st=2021-02-10T09:47:01Z&spr=https&sig=Ym8ilBPZW2EzKPpfd2SBTpokZQdwzjCca4igKJwP0YM%5D",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureAccountSaSToken

Defines the SAS token that is created for Azure limited access.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Azure:ManagedIdentity

The following example shows a connection profile for file transfers to or from an Azure Storage service using a predefined Managed Identity that does not require credentials.

You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.

{
  "AZURE_CCP7": {
     "Type": "ConnectionProfile:FileTransfer:Azure:ManagedIdentity",
     "AzureAccountName": "devAccount",
     "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
     "Centralized": true
  }
}

This connection profile has the following parameters:

AzureAccountName

Defines the name of the Azure Storage account.

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:GCS

The following example shows a connection profile for file transfers to or from a Google Cloud Storage (GCS) service:

{
  "GCS_CCP1": {
     "Type": "ConnectionProfile:FileTransfer:GCS",
     "GCSServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm5-priv-cc30914\",\"private_key_id\":\"5197d05c5b8215irw944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\"}",
      "GCSServiceAccountKeyFileName": "john.json",
     "Centralized": true
   }
}

This connection profile has the following parameters:

GCSServiceAccountKey

Defines a JSON body that contains the required service account credentials to access the Google Cloud Storage account.

GCSServiceAccountKeyFileName

Defines the name of the file that contains the service account credentials.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false.

The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:DualEndPoint

In a dual-endpoint connection profile, you specify connection details for the source host and for the destaination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.

The following example shows a dual-endpoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol.

{
"DualEpConn" : {
"Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
"WorkloadAutomationUsers" : [ "em_user1" ],
"TargetAgent" : "AgentHost",
   "Centralized" : false,
"src_endpoint" : {
"Type" : "Endpoint:Src:FTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "localhost",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
},
"dest_endpoint" : {
"Type" : "Endpoint:Dest:SFTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "host2",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
}
 }
}

The dual-endpoint connection profile can have the following parameters:

TargetAgent

The Control-M/Agent to which to  deploy the connection profile.

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

WorkloadAutomationUsers

(Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

VerifyChecksum

(Optional) Enable or disable error detection on file transfer

true | false

Default: false

VerifyDestination

(Optional) Verify the size of the file at the destination after a successful binary-mode transfer.

true | false

Default: true

VerifyBytes

(Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

true | false

Default: false

Endpoint

Two endpoint objects, one for the source host and one for the destaination host. Each endpoint can be based on FTP, SFTP, FTPS or local file system.

Here are all the possible types of Endpoint objects:

  • Endpoint:Src:FTP
  • Endpoint:Src:SFTP
  • Endpoint:Src:FTPS
  • Endpoint:Src:Local
  • Endpoint:Dest:FTP
  • Endpoint:Dest:SFTP
  • Endpoint:Dest:FTPS
  • Endpoint:Dest:Local

Parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection:

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

ConnectionProfile:FileTransfer:Group

9.0.20.015The following example shows a group connection profile, which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.

{
 "GROUP_CP": {
   "Type": "ConnectionProfile:FileTransfer:Group",
   "TargetAgent": "docker_aft_app_centos1",
   "GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"],
   "WorkloadAutomationUsers":["john","bob"]
 }

This connection profile has the following parameters:

TargetAgent

The Control-M/Agent to which to deploy the connection profile.

GroupAccounts

A list of file transfer connection profiles included in the group

WorkloadAutomationUsers

(Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: * (all users)

WorkloadAutomationGroups

(Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles.

NOTE: You can use "*" as a wildcard. For example, "e*"

Default: Empty (no roles specified)

Back to top

ConnectionProfile:Database

The connection profile for database allows you to connect to the following database types:

ConnectionProfile:Database:DB2

The following example shows how to define a connection profile for DB2:

{
 "DB2_CONNECTION_PROFILE": {
   "Type": "ConnectionProfile:Database:DB2",
"TargetCTM":"CTMHost",
   "TargetAgent": "AgentHost",
   "Host": "DB2Host",
   "Port":"50000",
   "User": "db user",
   "Password": "db password",
   "DatabaseName": "db2"
 }
} 

The following table describes the parameters in the example above, as well as several additional optional parameters:

Parameter

Description

Port

The database port number.

If the port is not specified, the following default values are used for each database type:

  • MSSQL - 1433
  • Oracle - 1521
  • DB2 - 50000
  • Sybase - 4100
  • PostgreSQL - 5432

Password

Password to the database account. Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DatabaseName

The name of the database

DatabaseVersion

The version of the database.

For a list of databases and versions supported by your version of Control-M for Databases, open the Product Availability & Compatibility page at https://customerapps.bmc.com/spac/o/welcome.html. In the Product Name field enter Control-M for Databases, and in the Product Version field select the relevant version.

The default version for each database is the earliest version that is supported.

MaxConcurrentConnections

The maximum number of connections that the database can process at the same time.

Allowed values: 1–512
Default value: 100

ConnectionRetryTimeOut

The number of seconds to wait before attempting to connect again.

Allowed values: 1–300
Default value: 5 seconds

ConnectionIdleTime

The number of seconds that the database connection profile can remain idle before disconnecting.

Default value: 300 seconds

ConnectionRetryNum

The number of times to attempt to reconnect after a connection failure.

Allowed values: 1–24
Default value: 5

ConnectionProfile:Database:JDBC

The following example shows how to define a connection profile using a custom defined database type created using JDBC. Parameters are described in the table above.

{
"JDBC_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:JDBC",
"User":"db user",
"TargetCTM":"CTMHost",
"Host": "PGSQLHost",
"Driver":"PGDRV",
"Port":"5432",
"TargetAgent": "AgentHost",
"Password": "db password",
"DatabaseName":"dbname"
}
}

The following parameter is unique to JDBC connection profiles:

Parmeter

Description

Driver

JDBC driver name as defined in Control-M or as defined using the Driver object

Driver:JDBC:Database

You can define a driver to be used by a connection profile. The following example shows the parameters that you use to define a driver:

{
 "MyDriver": {
   "Type": "Driver:Jdbc:Database",
   "TargetAgent":"app-redhat",
   "StringTemplate":"jdbc:sqlserver://<HOST>:<PORT>/<DATABASE>",
   "DriverJarsFolder":"/home/controlm/ctm/cm/DB/JDBCDrivers/PostgreSQL/9.4/",
   "ClassName":"org.postgresql.Driver",
   "LineComment" : "--",
   "StatementSeparator" : ";"
 }
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the driver.

StringTemplate

The structure according to which a connection profile string is created.

DriversJarsFolder

The path to the folder where the database driver jars are located.

ClassName

Name of driver class

LineComment 

The syntax used for line comments in the scripts that run on the database.

StatementSeparator

The syntax used for statement separator in the scripts that run on the database.

ConnectionProfile:Database:MSSQL

The following example shows how to define an MSSQL database connection profile. Parameters are described in the table above.

 {
"MSSQL_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:MSSQL",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "MSSQLHost",
"User": "db user",
"Port":"1433",
"Password": "db password",
"DatabaseName": "master",
"DatabaseVersion": "2005",
"MaxConcurrentConnections": "9",
"ConnectionRetryTimeOut": "34",
"ConnectionIdleTime": "45"
}
}

The following parameter is unique to MSSQL connection profiles:

Parameter

Description

AuthenticationType

SQL Server Authentication

Possible values are:

  • NTLM2 Windows Authentication
  • Windows Authentication
  • SQL Server Authentication

ConnectionProfile:Database:MSSQL:SSIS

9.0.19.220 The following example shows how to define a connection profile for SQL Server Integration Services (SSIS) packages:

{
   "SSIS_CONNECTION_PROFILE": {
       "Type": "ConnectionProfile:Database:MSSQL:SSIS",
       "TargetAgent": "AgentHost",
       "TargetCTM": "LocalControlM",
       "Host": "localhost",
       "User": "administrator",
       "Port": "1433",
       "Password": "db password",
       "DatabaseName": "testdb",
       "DatabaseVersion": "2016",
       "AuthenticationType": "Windows Authentication",
       "SkipPackagesTest" : false,
       "SSIS": [
           {
               "Source": "File System",
               "Name": "file_system_package",
               "Password": "password"
           },
           {
               "Source": "SSIS Package Store",
               "Name": "ssis_package",
               "Password": "password"
           },
           {
               "Source": "SQL Server",
               "Name": "sql_server_package",
               "Password": "password"
           }
        ]
   }
}

Most of the parameters are the same as for the basic MSSQL connection profile (including those described in the table above). The following parameters are unique to the MSSQL SSIS connection profile:

Parameter

Description

SkipPackageTest

Whether to skip validation of SSIS packages when testing the connection profile, either true or false

SSIS

Connection details for all associated SSIS Packages

     Source

Source location of the SSIS Package — SQL Server, File System, or SSIS Package Store

     Name

Name of the SSIS Package

     Password

Password required for accessing the SSIS Package

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

ConnectionProfile:Database:Oracle

Oracle connection profiles are available for three types of database definitions:

ConnectionProfile:Database:Oracle:SID

The following example shows how to define a connection profile for an Oracle database using the SID identifier. Additional available parameters are described in the table above.

{
 "ORACLE_CONNECTION_PROFILE": {   
"Type": "ConnectionProfile:Database:Oracle:SID",   
"TargetCTM": "controlm",   
"Port": "1521",   
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",   
"Password": "db password",
"SID": "ORCL"
 }
}

ConnectionProfile:Database:Oracle:ServiceName

The following example shows how to define a connection profile for an Oracle database using a single service name. Additional available parameters are described in the table above.

{
 "ORACLE_CONNECTION_PROFILE": {   
"Type": "ConnectionProfile:Database:Oracle:ServiceName",   
"TargetCTM": "controlm",   
"Port": "1521",   
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",   
"Password": "db password",
"ServiceName": "ORCL"
 }
}

ConnectionProfile:Database:Oracle:ConnectionString

The following example shows how to define a connection profile for an Oracle database using a connection string that contains text from your tnsname.ora file. Additional available parameters are described in the table above.

{
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:ConnectionString",
"TargetCTM":"CTMHost",
"ConnectionString":"OracleHost:1521:ORCL",
"TargetAgent": "AgentHost",
"User": "db user",
"Password": "db password"
}
}

ConnectionProfile:Database:PostgreSQL

The following example shows how to define a connection profile for PostgreSQL. Parameters are described in the table above.

{
 "POSTGRESQL_CONNECTION_PROFILE": {
   "Type": "ConnectionProfile:Database:PostgreSQL",
"TargetCTM":"CTMHost",
   "TargetAgent": "AgentHost",
   "Host": "PostgreSQLHost",
   "Port":"5432",
   "User": "db user",
   "Password": "db password",
   "DatabaseName": "postgres"
 }
} 

ConnectionProfile:Database:Sybase

The following example shows how to define a connection profile for Sybase. Parameters are described in the table above.

{
 "SYBASE_CONNECTION_PROFILE": {
   "Type": "ConnectionProfile:Database:Sybase",
"TargetCTM":"CTMHost",
   "TargetAgent": "AgentHost",
   "Host": "SybaseHost",
   "Port":"4100",
   "User": "db user",
   "Password": "db password",
   "DatabaseName": "Master"
 }
} 


Back to top

ConnectionProfile:SAP

SAP connection profiles that you create for use by your SAP jobs can be defined for logon to a specific SAP Application Server or for an SAP logon group.

The following example is for a connection profile for a specific SAP Application Server:

{
 "SAP-SERVER-CONN" : {
   "Type" : "ConnectionProfile:SAP",
           "User" : "my-user",
           "Password" : "123456",
           "SapClient" : "100",
           "Language" : "",
           "XBPVersion": "XBP3.0",
           "AppVersion": "R3",
           "ApplicationServerLogon" : {
               "Host" : "localhost",
               "SystemNumber" : "12"
           },
           "SecuredNetworkConnection": {
               "SncLib": " " ,
               "SncPartnerName": "",
               "QualityOfProtection": "2",
               "SncMyName":""
           },
           "SapResponseTimeOut" : "180",
           "UseExtended": true,
           "SolutionManagerConnectionProfile" : "IP4-GROUP",
           "IsSolutionManagerConnectionProfile": true
 }
}

The following example is for a connection profile for an SAP logon group:

{
 "SAP-GROUP-CONN" : {
   "Type" : "ConnectionProfile:SAP",
           "User" : "my-user",
           "Password" : "123456",
           "SapClient" : "100",
           "Language" : "",
           "XBPVersion": "XBP3.0",
           "AppVersion": "R3",
           "GroupLogon": {
               "SystemID": "123",
               "MessageServerHostName": "msgsv",
               "GroupName": "group1"
           },
           "SecuredNetworkConnection": {
               "SncLib": " " ,
               "SncPartnerName": "",
               "QualityOfProtection": "2",
               "SncMyName":""
           },
           "SapResponseTimeOut" : "180",
           "UseExtended": true,
           "SolutionManagerConnectionProfile" : "IP4-GROUP",
           "IsSolutionManagerConnectionProfile": true
 }
}

Parameter

Description

User

SAP user name

Password

Password for the SAP user

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

SapClient

SAP client number, a three-digit number

Language

The SAP language. The default is English.

XBPVersion

SAP XBP interface version installed on the SAP server

Valid values are:

  • XBP 1.0
  • XBP 2.0
  • XBP 3.0 (Default)

AppVersion

Version of the SAP application, one of the following:

  • R3
  • BW 2.<X>
  • BW 3.<X> or later

GroupLogon

Parameters for defining an SAP logon group

     SystemID

SAP system ID, three alpha-numeric characters

     MessageServerHostName

Host name of the computer on which the SAP System Message Server is running

     GroupName

SAP logon group name

The Group name is defined in the SAP SMLG transaction.

ApplicationServerLogon

Parameters for defining a specific SAP Application Server

      Host

The host name of the computer that runs the SAP Application Server

      SystemNumber

SAP instance number, a two-digit number

SecuredNetworkConnection

Parameters that you can use to activate a secured network connection

      SncLib

Client full path and file name to SAP crypto lib

For example: /home1/agsapfp/SNC/libsapcrypto.sl

      SncPartnerName

SNC name of the application server

For example: p:CN=LE1, OU=BPM, O=BMC, C=US

      QualityOfProtection

Quality of the protection

Valid values: 1, 2, 3, 8 (default), 9

      SncMyName

SNC name of the user sending the RFC

Default: The name provided by the security product for the user who is logged on.

SapResponseTimeOut

Number of seconds that the program waits for an RFC request to be handled by the SAP system before returning a timeout error

Default: 180

UseExtended

Whether the extended functionality of Control-M for SAP should be used, either false (default) or true

NOTE: If you select this option, the Control-M Function Modules must be installed on your SAP server, as described in Control-M for SAP XBP Interface and Control-M Function Modules in the Control-M for SAP online help.

SolutionManagerConnectionProfile

Solution Manager connection profile for retrieval of SAP job Documentation

This parameter is relevant only if the current connection profile is not a Solution Manager connection profile, as discussed in the next parameter.

IsSolutionManagerConnectionProfile

Whether the current connection profile is a Solution Manager connection profile, either true or false (the default)

Back to top

ConnectionProfile:ApplicationIntegrator

The following example shows how to define a connection profile for a job type defined in the Control-M Application Integrator. For information about the Control-M Application Integrator, see Application Integrator.

Properties defined for the connection profile in Control-M Application Integrator are all prefixed with "AI-" in the .json code, as shown in the following example.

{
   "AI_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:ApplicationIntegrator:<JobType>",
"TargetAgent": "AgentHost",
"TargetCTM":"CTMHost",
"AI-Param03": "45",
"AI-Param04": "group",
       "Centralized": true
   }
} 

Back to top

ConnectionProfile:Informatica

The following example shows how to define a connection profile for an Informatica job:

{
 "INFORMATICA_CONNECTION": {
   "Type": "ConnectionProfile:Informatica",
   "TargetAgent": "AgentHost",
   "TargetCTM": "CTMHost",
   "Host": "InformaticaHost",
   "Port": "7333",
   "User": "UserName",
   "Password": "Password",
   "PowerCenterDomain": "DomainName",
   "Repository": "RepositoryName",
   "IntegrationService": "ServiceName",
   "SecurityDomain": "Native",
   "ConnectionType": "HTTP",
   "MaxConcurrentConnections": "100",
   "Centralized": false
  }
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

Host

Name of the Informatica web services server

Port

(Optional) Port number of the Informatica web services server

Values range from 1 to 65535. The default is 7333.

User

Name of a user to log into the Repository

Password

A password to log into the Repository.

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PowerCenterDomain

Name of the Informatica server that contains the Repository service

Repository

Name of the repository where the repository folders and workflows are located

IntegrationService

The Integration Service to use to run the workflows

SecurityDomain

The name of a Security Domain, a collection of user accounts and groups in a Power Center Domain.

If the user name belongs to the native security domain, this parameter is optional, and the default is an empty value.

If the user name belongs to an LDAP security domain, this parameter is required.

ConnectionType

(Optional) Protocol for the connection to the Informatica server, either HTTP (the default) or HTTPS.

MaxConcurrentConnections

(Optional) The maximum number of allowed concurrent workflows in the connection profile

Values range from 1 to 512, with a default value of 100.

Centralized

9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:Informatica CS

The following example shows how to define a connection profile for an Informatica Cloud Services job:

 {
 "INFORMATICA_CS_CONNECTION": {
    "Type": "ConnectionProfile:Informatica CS",       
    "Login URL": "https://dm-us.informaticacloud.com",
    "Base URL": "https://usw5.dm-us.informaticacloud.com",
    "Username": "UserName",  
    "Password": "Password",
    "Request Timeout": "3",
    "Description": "",
    "Centralized": true
}
}

Parameter

Description

Login URL

The URL for login calls to Informatica Cloud 

Base URL

The instance name of the Informatica Cloud server

Username

Username for the account to connect to Informatica Cloud  

Password

A password for the login to Informatica Cloud

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Request Timeout

A timeout value, in seconds, for the requests sent to Informatica Cloud

The default is 3 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Values: true|false

Default: false

The Informatica Cloud Services job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AWS

Note: This feature requires Control-M/Enterprise Manager version 9.0.21

The following examples show how to define a connection profile for an AWS job.

The following example is based on authentication with an access key and a secret key:

{
 "AWS_CONNECTION_ACCESSKEY": {
   "Type": "ConnectionProfile:AWS",
   "Centralized": true,
   "TargetAgent": "AgentHost",
   "TargetCTM": "CTMHost",
   "AuthenticationMethod": "AccessKey",
   "AccessKey": "1234",
   "SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
   "Region": "ap-northeast-1",
 }
}

The following example is based on authentication with an IAM role:

{
 "AWS_CONNECTION_IAMROLE": {
   "Type": "ConnectionProfile:AWS",
   "Centralized": true,
   "TargetAgent": "AgentHost",
   "TargetCTM": "CTMHost",
   "AuthenticationMethod": "IAMRole",
   "IAMRole": "myRole",
   "Region": "ap-northeast-1",
   "ProxySettings": {
     "Host": "host",
     "Port": "12345",
     "Username": "username",
     "Password": "password"
   }
 }
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

AuthenticationMethod

One of the following authentication methods for the connection to AWS:

  • AccessKey
  • IAMRole

AccessKey

(For AccessKey authentication) AWS account Access Key

SecretAccessKey

(For AccessKey authentication) AWS account Secret Access Key

Use Secrets in code to not expose this secret access key in the code.

IAMRole

(For IAMRole authentication) The name of an IAM role for authentication of the connection to AWS

Region

Location of the AWS user

ProxySettings

Settings of an installed proxy server:

  • Host
  • Port - a number between 1024 and 65535
  • Username
  • Password 

Back to top

ConnectionProfile:AWS Glue

The following examples show how to define a connection profile for an AWS Glue job, which executes Amazon Web Services (AWS) Glue, a serverless data integration service.

The following example is based on authentication using an AWS access key and secret.

{
 "GLUECONNECTION": {
   "Type": "ConnectionProfile:AWS Glue",
   "AWS Access key ID": "MYAWSACCESSKEY1234",
   "AWS Secret": "myAwsSecret12345",
   "Authentication": "SECRET",
   "AWS Region": "eu-west-2",
   "Glue url": "glue.eu-west-2.amazonaws.com",
   "Connection Timeout": "40",
   "Description": "",
   "Centralized": true
 }  
}

The following example is based on authentication using an AWS IAM role from inside an EC2 instance.

{
 "GLUECONNECTIONIAM": {
   "Type": "ConnectionProfile:AWS Glue",
   "IAM Role": "GLUEEC2IAMROLE",
   "Authentication": "NOSECRET",
   "AWS Region": "eu-west-2",
   "Glue url": "glue.eu-west-2.amazonaws.com",
   "Connection Timeout": "40",
   "Description": "",
   "Centralized": true
 }
}

Parameter

Description

Authentication

Type of authentication to use for the connection with AWS Glue, one of the following:

  • SECRET —  authentication using an AWS access key and secret
  • NOSECRET — authentication using an AWS IAM role from inside an EC2 instance

AWS Access key ID

(For SECRET authentication) Access key ID for connection to AWS

AWS Secret

(For SECRET authentication) Secret access key for connection to AWS

IAM Role

(For NOSECRET authentication) Identity and Access Management (IAM) role for connection to AWS

AWS Region

AWS Glue service region

Glue url

URL of an AWS Glue service regional endpoint

For more information about regional endpoints available for the AWS Glue service, refer to the AWS documentation.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to AWS Glue

The default is 40 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The AWS Glue job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure

9.0.19.220 The following example shows how to define a connection profile for an Azure job:

{
  
"AZURE_CONNECTION": {
    
"Type": "ConnectionProfile:Azure",
    
"TargetAgent": "AgentHost",
    
"TargetCTM": "CTMHost",
    
"ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
    
"SubscriptionID": "bcde-fgh-ijk-lmnopq",
    
"ApplicationID": "abcd-efg-hij-klmnop",
    
"User": "user1@bmc.onmicrosoft.com",
    
"Password": "*****"
    
"Batch": {
      
"BatchAccountName": "myFirstBatch",
      
"BatchAccountKey": "aaaaaabbbbbbbccccccc",
      
"Location": "centralus"
    
}
  
}    
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

ActiveDirectoryDomainName

(Optional) Azure Active Directory

Format: <company name>.onmicrosoft.com

SubscriptionID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

ApplicationID

Azure application ID

User

Name of user to connect to the Azure server

Password

Password of the username that connects to the Azure server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

Batch

(Optional) Enables the use of a batch account service

By default, a batch account is not used. If you want to use a batch account, you must define the following parameters:

    BatchAccountName

Name of the batch account

    BatchAccountKey

Primary access key for the batch account

This key can be retrieved from the Azure portal.

    Location

Batch account location, as defined in the batch account properties

The batch account name and batch account location are used to define the batch URI.

Back to top

ConnectionProfile:ADF

The following examples show how to define a connection profile for an ADF job, which executes an Azure Data Factory (ADF) service and allows you to automate the movement and transformation of data.

The following example is based on authentication using an Azure service principal.

{
 "ADF_SERVPRINC": {
   "Type": "ConnectionProfile:ADF",
   "Tenant ID": "tenantId",
   "Identity Type": "PRINCIPAL",
   "Client Secret": "*****",
   "Application ID": "applicationId",
   "Subscription ID": "subscriptionId",
   "Connection Timeout": "40",
   "Description": "",
   "Centralized": true
 }
}

The following example is based on authentication using managed identities.

{
"ADF_MANID": {
   "Type": "ConnectionProfile:ADF",
   "Identity Type": "MANAGEDID",
   "Subscription ID": "subscriptionId",
   "Connection Timeout": "40",
   "Description": "",
   "Centralized": true
 }
}

Parameter

Description

Identity Type

Type of authentication to use for the connection with the Azure Data Factory, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using managed identities

Tenant ID

(For service principal authentication) The Azure Tenant ID where the Azure Data Factory was created

Client Secret

(For service principal authentication) The client secret associated with the service principal

Application ID

(For service principal authentication) ID of the Azure-registered application that is used to interact with the Azure Data Factory

Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to the Azure Data Factory

The default is 40 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The ADF job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Databricks

The following example shows how to define a connection profile for an Azure Databricks job, which performs big data analytics .

{
 "ADF_SERVPRINC": {
   "Type": "ConnectionProfile:Azure Databricks",
   "Tenant ID": "tenantId",
   "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
   "Client Secret": "*****",
   "Databricks url": "https://adb-1111211144444680.0.azuredatabricks.net",
   "Azure Login url": "https://login.microsoftonline.com",
   "Connection Timeout": "50",
   "Description": "",
   "Centralized": true
 }
}


Parameter

Description

Tenant ID

The Azure Tenant ID in Azure AD

Application ID

The application (service principal) ID of the registered application.

The service principal must meet the following requirements:

  • The service principal must be an Azure Databricks workspace user and an admin. In the Databricks Admin Console, it must appear under users and also under admins.
  • The service principal must be associated with a Contributor or Owner role.

Client Secret

The client secret (password) associated with the Azure user and the application

Databricks url

The URL of your Databricks workspace

Azure Login url

The Azure AD authentication e ndpoint base URL

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to Azure Databricks

The default is 50 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Azure Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:AzureFunctions

The following examples show how to define a connection profile for an Azure Functions job, which executes an Azure cloud service for serverless application development.

The following example is based on authentication using an Azure service principal.

{
 "AZUREFUNCTIONS": {
   "Type": "ConnectionProfile:AzureFunctions",
   "Subscription ID": "bcde-fgh-ijk-lmnopq",
   "Identity Type": "PRINCIPAL",
   "Tenant ID": "tenantId",
   "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
   "Client Secret": "*********",
   "Azure Login url": "https://login.microsoftonline.com",
   "Resource Group": "resourceGroup",  
   "Description": "",
   "Centralized": true
  }
}

The following example is based on authentication using managed identities.

Note: Managed I dentity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
 "AZUREFUNCTIONS": {
   "Type": "ConnectionProfile:AzureFunctions",
   "Subscription ID": "bcde-fgh-ijk-lmnopq",
   "Identity Type": "MANAGEDID",
   "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
   "Resource Group": "resourceGroup",  
   "Description": "",
   "Centralized": true
  }
}

Parameter

Description

Subscription ID

Azure account subscription ID

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Identity Type

Type of authentication to use for the connection with Azure Functions, one of the following:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using managed identities

Tenant ID

(For service principal authentication) The Azure Tenant ID in Azure AD

Application ID

The application (service principal) ID of the registered application.

The service principal must be an Azure Functions workspace user with  a Contributor or Owner role associated.

Client Secret

(For service principal authentication) The client secret (password) associated with the Azure user and the application

Azure Login url

(For service principal authentication) The Azure AD authentication e ndpoint base URL

Resource Group

The name of the resource group that holds your application

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Azure Functions job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Azure Batch Accounts

The following examples show how to define a connection profile for execution of an Azure Batch Accounts service, which runs large-scale parallel and batch compute jobs.

The following example is based on authentication using an Azure service principal.

{
 "AZURE_BATCH": {
   "Type": "ConnectionProfile:Azure Batch Accounts",
   "Authentication Method": "PRINCIPAL",
   "Tenant ID": "tenantId",
   "Azure AD url": "https://login.microsoftonline.com",
   "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",  
   "Batch Account Name": "abc_batch",
   "Batch Region ID": "uksouth",
   "Batch Resource url": "https://batch.core.windows.net/",
   "Client Secret": "*********",   
   "Connection Timeout": "50",
   "Description": "",
   "Centralized": true
  }
}

The following example is based on authentication using managed identities.

Note: Managed I dentity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.  

{
 "AZURE_BATCH": {
   "Type": "ConnectionProfile:Azure Batch Accounts",
   "Authentication Method": "MANAGEDID",  
   "Batch Account Name": "abc_batch",
   "Batch Region ID": "uksouth",
   "Batch Resource url": "https://batch.core.windows.net/",
   "Connection Timeout": "50",
   "Description": "",
   "Centralized": true
  }
}

Parameter

Description

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Batch:

  • PRINCIPAL —  authentication using a service principal
  • MANAGEDID — authentication using managed identities

Tenant ID

(For service principal authentication) Defines the Azure Tenant ID in Azure AD

Azure AD url

(For service principal authentication) Defines the Azure AD authentication e ndpoint base URL

App ID

Defines the application (service principal) ID of the registered application for the Azure Batch service.

The service principal must be for an Azure Batch account with  a Contributor role.

Batch Account Name

Defines the name of the Batch account created in Azure Portal.

Batch Region ID

Defines the region ID associated with the Batch account in Azure Portal.

Batch Resource url

Defines the identifier for the Azure Batch account for login via Azure AD.

This identifier is a constant value set to https://batch.core.windows.net/

Client Secret

(For service principal authentication) Defines the client secret (password) associated with the Azure user and the application.

Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts.

The default is 50 seconds.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Azure Batch job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Power BI

The following example shows how to define a connection profile for a Power BI job, which enables integration of Power BI workflows with your existing Control-M workflows.

{
  
"POWERBI": {
    
"Type": "ConnectionProfile:Power BI",
    
"Application ID": "77538c66-d7fp-4ca4-8cwa-120ed404fe8c",  
    
"Client Secret": "*****",
    
"User Name": "user1@Elearningace.onmicrosoft.com",
    
"Password": "*****",  
    
"Resource Group": "https://analysis.windows.net/powerbi/api",
    
"API URL": "https://api.powerbi.com/v1.0/myorg/",  
    
"Description": "Power BI connection profile",
    
"Centralized": true
  
}
}


Parameter

Description

Application ID

Defines the application ID of the registered application.

Client Secret

Defines the client secret (password) associated with the user and the application.

User Name

Defines the name of a user for logging on to the Power BI platform, typically an email address.

Password

Defines the password for the specified Power BI user.

Resource Group

Defines the URL of the resource group that holds your application:

https://analysis.windows.net/powerbi/api

API URL

Defines the Azure AD authentication e ndpoint base URL for Power BI:

https://api.powerbi.com/v1.0/myorg/ 

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Power BI job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:PeopleSoft

The following example shows how to define a connection profile for a PeopleSoft job:

{
 "PS_CONNECT": {
     "Type": "ConnectionProfile:PeopleSoft",
     "TargetAgent": "AgentHost",
     "TargetCTM": "CTMHost",
     "Centralized": true,
     "User": "User_Name",
     "Password": "Password",
     "DomainPassword": "****",
     "PeopleToolsVersion": "8.52",
     "ApplicationServers": [
       {
         "ApplicationServer": "ApplicationServer1",
         "JoltPort": "1024"
       },
       {
         "ApplicationServer": "ApplicationServer2",
         "JoltPort": "65535"
       }

      ]
 }
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

User

A valid PeopleSoft user, as defined on PSOPRDEFN

This user must have the role(s) to submit and execute processes.

Password

Password to connect the specified user to the PeopleSoft server

Use Secrets in code to not expose the password in the code.

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

DomainPassword

Password for the PeopleSoft domain (for PeopleTools version 8.51 or later)

If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".

PeopleToolsVersion

Version of PeopleTools

Valid Values are in the format of <major.minor>, such as 8.48, or 8.52. To determine the exact version, consult with your PeopleSoft administrator.

ApplicationServers

Details of the associated PeopleSoft application servers

   ApplicationServer

Name of a PeopleSoft application server

   JoltPort

Number of the jolt port on the PeopleSoft application server.

Values range from 1024 to 65535.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).

Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent.

Back to top

ConnectionProfile:Airflow

The following examples show how to define a connection profile for an Airflow Job, which enables you to monitor and manage DAG workflows.

The following example is for a standalone instance of Airflow:

{
  "AIRFLOW_CONNECTION_PROFILE": {
     "Type": "ConnectionProfile:Airflow:Standalone",
     "Host": "dba-airflow-12",
     "Port": "8080",
     "User": "admin",
     "Password": "password",
     "SecuredConnection": true,
     "Centralized": true
  }
}

Parameter

Description

Host

Defines the Airflow hostname.

Port

Defines the Airflow port number of the Airflow web server.

User

Defines the username that is used to log in to the Airflow server.

Password

Defines the password to log in to the Airflow server.

SecuredConnection

Determines whether a secure connection to the Airflow server is established.

Values: true|false

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Airflow  job requires a centralized connection profile. Set this parameter to true.

The following example is for a Google Cloud Composer instance of Airflow:

{
  "AIRFLOW_GC_CONNECTION_PROFILE": {
     "Type": "ConnectionProfile:Airflow:GoogleComposer",
     "ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
     "ServiceAccountKeyFilename": "1234.log",
     "BaseURL": "http://akjsdlksajdksad",
     "TargetAudience": "153767957930-mq2qc9l7p5i8liqvf19d77fku5nrcd1k.apps.googleusercontent.com",
     "Centralized": true
   }
}

Parameter

Description

ServiceAccountKey

Defines a JSON body that contains the required service account credentials to access the Google Cloud Composer account.

ServiceAccountKeyFilename

Defines the name of the file that contains the service account credentials.

BaseURL

Defines the Airflow web UI URL in Google Composer.

TargetAudience

Defines the JWT (JSON Web Token) audience for the IAP (Identity-Aware Proxy) Google Cloud service.

NoteIf you do not know the target audience value, define any text value and test the connection profile. The error message indicates the required target audience value.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Airflow  job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:WebServices

The following example shows how to define a connection profile for a job to a web service:

{
  
"WSDL_CONNECT": {
    
"Type": "ConnectionProfile:WebServices",
    
"TargetAgent": "AgentHost",
    
"TargetCTM": "CTMHost",
    
"ServiceType": "WebServices",
    
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    
"HttpAuthentication": "user1:password@realm1;"
  
}
}

The following example shows how to define a connection profile for a job to a RESTful web service:

{
  
"WSDL_CONNECT": {
    
"Type": "ConnectionProfile:WebServices",
    
"TargetAgent": "AgentHost",
    
"TargetCTM": "CTMHost",
    
"ServiceType": "Rest",
    
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
    
"HttpAuthentication": "user1:password@realm1;user2:password@realm2",
    
"LoginUrl": "http://abc.xyz.com/login",
    
"LoginHeader": "Accept:*/*",
    
"LoginBody": "{}",
    
"JobPreset": "@SessionId:@Token"
  
}
}

Parameter

Description

TargetAgent

The Control-M/Agent to which to deploy the connection profile

TargetCTM

The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default.

ServiceType

The type of service to connect with, one of the following:

  • File — Local File System, for jobs that execute web services based on the WSDL source file located on the Agent machine.
  • WebServices — Web Service URL, for jobs that execute web services based on the WSDL source that is managed from a web server.
  • Rest — For jobs that execute REST services

Location

The location of the Web Service, according to the service type:

  • File (Local File System): The path to the directory containing the WSDL files
  • WebServices (Web Service URL): A URL that points to the location of one specific WSDL file
  • Rest: The base URL location to the RESTful services, excluding the specific resource context path

HttpAuthentication

Specification for simple text authentication (user password per realm). Optional.

Enter a value of the following format:

user1:password@realm1;user2:password@realm2

One user per realm only. Separate multiple sets with semicolons. End a single set with a semicolon.

LoginUrl

For REST services only: The URL for the login request

LoginHeader

(Optional, for REST services only) Any additional HTTP headers that are required in the login request.

For each header, use a value of the following format:

<name>=<value>

For multiple headers, separate name/value pairs with colons.

LoginBody

(Optional, for REST services only ) Any text required in the login request body

JobPreset

For REST services only: An HTTP header or a parameter to add to each job request, in the HTTP query URL, based on the login returned data.

Job Preset is defined in the following format. Use semicolons to separate multiple sets.

<name>:<value>;<name>:<value>

  • <name>: Type one of the following:• HTTP header: Start with the character ‘@’ for the job and then the header name

    • HTTP parameter name: Start with the character ‘#’ for the job and then the parameter name.

  • <value>: Type one of the following:• Start with ‘/’ for the Xpath from the login response data and then the Xpath

    • ‘$’ for Jsonpath from the login response data and then the Jsonpath

    • ‘@’ for the header from the login response HTTP headers and followed by the header name:
     <’@’ | ‘#’><job HTTP header or parameter name>:<’/’ | ‘$’ | ‘@’><Xpath, Jsonpath, or header name of the login response>

Back to top

ConnectionProfile:UI Path

The following examples show how to define a connection profile for a UiPath job, which performs robotic process automation (RPA) .

{
 "UIPATH_Connect": {
   "Type": "ConnectionProfile:UI Path",
   "Tenant Url": "devabcdexample/DevDefault",
   "Tenant Name": "DevDefaultexample",
   "App ID": "caaabc57-v8ad-30e5-ah3b0-25am5jf361c3",
   "App Secret": "L!Mh4o#0nv1odf#f",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
 }
}


Parameter

Description

Tenant Url

UiPath Account Logical Name, a unique URL for your site

Tenant Name

The display name of the UiPath tenant

App ID

ID of an external application registered in UiPath

The specified external application must be assigned the following required Application Scope rights (through the UiPath Orchestrator, Admin > External Applications > Application Scopes):

  • OR.Folders 
  • OR.Robots
  • OR.Jobs 
  • OR.Execution

App Secret

Application secret generated in UiPath for the external application

Connection Timeout

A timeout value, in seconds, for the trigger call made by Control-M to UiPath

The default is 30 seconds.

Centralized

Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The UI Path job requires a centralized connection profile. Set this parameter to true.

Back to top

 ConnectionProfile:GCP DataFlow

The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataflow job, which performs cloud-based data processing for batch and real-time data streaming applications .

{
 "GCPDATAFLOW": {
   "Type": "ConnectionProfile:GCP DataFlow",
   "Identity Type": "service_account",
   "DataFlow URL": "https://dataflow.googleapis.com",
   "Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
    "Description": "",
   "Centralized": true
  }
}


Parameter

Description

Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only

DataFlow URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataflow.googleapis.com  

Service Account Key

Defines a JSON body that contains the required service account credentials to access GCP.

Required only for Service Account authentication.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The GCP Dataflow job requires a centralized connection profile. Set this parameter to true.

Back to top

 ConnectionProfile:GCP Dataproc

The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataproc job, which performs cloud-based big data processing and machine learning.

{
 "GCPDATAPROC": {
   "Type": "ConnectionProfile:GCP Dataproc",
   "Identity Type": "service_account",
   "Dataproc URL": "https://dataproc.googleapis.com",
   "Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
    "Connection timeout": "20",
    "Description": "",
   "Centralized": true
  }


Parameter

Description

Identity Type

Defines one of the following types of authentication to perform using GCP Access Control. 

  • service_account – authenticates using an application ID (service account) and client secret
  • managed_identity – does not require credentials; available on GCP VMs only

Dataproc URL

Defines the Google Cloud Platform (GCP) authentication endpoint. 

Required only for Service Account authentication.

For example, https://dataproc.googleapis.com  

Service Account Key

Defines a JSON body that contains the required service account credentials to access GCP.

Required only for Service Account authentication.

Connection timeout

Defines a timeout value, in seconds, for the trigger call to the Google Cloud Platform.

Default:  20 seconds

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The GCP Dataproc job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Boomi

The following examples show how to define a connection profile for a Boomi job, which enables integration of Boomi processes with your existing Control-M workflows.

{
 "BOOMICCP": {
   "Type": "ConnectionProfile:Boomi",
   "AccountId": "*****",
   "API Token": "*****",
   "End Point": "https://api.boomi.com",
   "API Username": "BOOMI_TOKEN.BoomiUsername",
   "Description": "",
   "Centralized": true
  }
}


Parameter

Description

AccountId

Defines a unique Boomi account ID.

API Token

Defines a Boomi API Token of a Boomi user for connection to the Boomi endpoint.

End Point

Defines the Boomi API endpoint:

https://api.boomi.com

API Username

Defines the name of a Boomi user in email format. 

Default: BOOMI_TOKEN.{Boomi username} 

Example: BOOMI_TOKEN.user@example.com

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Boomi job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Databricks

The following examples show how to define a connection profile for a Databricks job, which enables integration of jobs created in the Databricks environment with your existing Control-M workflows.

"DATABRICKS": {
   "Type": "ConnectionProfile:Databricks",
   "Databricks workspace url": "https://dbc-7b944b32-faf0.cloud.databricks.com",
   "Databricks personal access token": "*****",
   "Connection Timeout": "50",
   "Description": "",
   "Centralized": true
}


Parameter

Description

Databricks workspace url

Defines the URL of your Databricks workspace. 

Databricks personal access token

Defines a Databricks token for authentication of connections to the Databricks workspace.

Connection Timeout

A timeout value, in seconds, for the REST calls made to Databricks.

Default: 50 seconds

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Databricks job requires a centralized connection profile. Set this parameter to true.

Back to top

ConnectionProfile:Talend Data Management

The following examples show how to define a connection profile for a Talend job, for data management and integration.

"TALENDDATA": {
   "Type": "ConnectionProfile:Talend Data Management",
   "API URL": "https://api.eu.cloud.talend.com/tmc/v2.6",
   "Personal access token authorization": "*****",
   "Description": "Talend Data Management",
   "Centralized": true
}


Parameter

Description

API URL

Defines the authentication e ndpoint base URL for the Talend Cloud Management Console:

https://api.eu.cloud.talend.com/tmc/v2.6

Personal access token authorization

Defines a Talend token for authentication of connections to Talend.

You generate this token through your Talend profile.

Centralized

Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false

Default: false

The Talend job requires a centralized connection profile. Set this parameter to true.

Back to top

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*