Connection Profiles
Connection profiles are used to define access methods and security credentials for a specific application. They can be referenced by multiple jobs. To do this, you must deploy the connection profile definition before running the relevant jobs.
Note: For most types of connection profiles (except for File Transfer connection profiles), the name of the connection profile can contain only the following types of characters: uppercase letters, numbers, hyphens, and underscores. The connection profile name can contain up to 30 characters.
ConnectionProfile:Hadoop
These examples show how to use connection profiles for the various types of Hadoop jobs.
Hadoop (all types)
These are the required parameters for all Hadoop job types.
"HADOOP_CONNECTION_PROFILE":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost"
}
}
Parameter | Description |
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
These are the optional parameters for defining the user running the Hadoop job types and choosing between a local or centralized connection profile.
"HADOOP_CONNECTION_PROFILE":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"RunAs": "",
"KeyTabPath":"",
"Centralized":true
}
}
RunAs | Defines the user of the account on which to run Hadoop jobs. Leave this field empty to run Hadoop jobs using the user account where the agent was installed. The Control-M/Agent must run as root, if you define a specific RunAs user. |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
In the case of Kerberos security, the following parameters control security:
RunAs | Principal name of the user |
KeyTabPath | Keytab file path for the target user |
Apache Spark
The following example shows a connection profile that defines access to a Spark server.
"SPARK_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "docker-hadoop5",
"Spark" :
{
"CustomPath" : "/home"
}
}
}
The CustomPath parameter is optional.
Apache Oozie
The following example shows a connection profile that defines access to an Oozie server.
"OOZIE_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "hdp-ubuntu",
"Centralized" : false,
"Oozie" :
{
"SslEnabled" : false,
"Host" : "hdp-centos",
"Port" : "11000",
"ExtractionRules": [
{
"RuleName" : "rule_name1",
"WorkFlowName" : "work_flow_name1",
"WorkFlowUserName" : "work_flow_user_name1",
"FolderName" : "folder_name1",
"JobName" : "job_name1"
},
{
"RuleName" : "rule_name2",
"WorkFlowName" : "work_flow_name2",
"WorkFlowUserName" : "work_flow_user_name2",
"FolderName" : "folder_name2",
"JobName" : "job_name2"
}
]
}
}
}
Parameter | Description |
---|---|
Host | Oozie server host |
Port | Oozie server port Default: 11000 |
SslEnabled | true | false Default: false |
ExtractionRules | 9.0.20.010(Optional) Definitions of rules for filtering Oozie workflows. Each rule has the following definitions: |
RuleName | Name of the rule |
WorkFlowName | Name of the Oozie workflow to get from the Oozie server |
WorkFlowUserName | Name of the user that runs the workflows from the Oozie server |
FolderName | Name of the folder that contains the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template |
JobName | Name of the Hadoop job of the Oozie Extractor, as defined in the Hadoop job template |
Apache Sqoop
The following example shows a connection profile that defines a Sqoop data source and access credentials.
"SQOOP_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Centralized" : false,
"Sqoop" :
{
"User" : "username",
"Password" : "userpassword",
"ConnectionString" : "jdbc:mysql://mysql.server/database",
"DriverClass" : "com.mysql.jdbc.Driver"
}
}
}
The following table describes the parameters in the example above, as well as several additional optional parameters:
Parameter | Description |
---|---|
User | The database user connected to the Sqoop server |
Password | A password for the specified user If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
ConnectionString | JDBC-compliant database: The connection string used to connect to the database |
DriverClass | JDBC-compliant database: The driver class for the driver .jar file, which indicates the entry-point to the driver |
PasswordFile | (Optional) The full path to a file located on the HDFS that contains the password to the database Note: To use a JCEKS file, include the .jceks file extension. |
DatabaseVendor | (Optional) The database vendor of an automatically supported database used with Sqoop, one of the following:
|
DatabaseName | (Optional) Name of an automatically supported database used with Sqoop |
DatabaseHost | (Optional) The host server of an automatically supported database used with Sqoop |
DatabasePort | (Optional) The port number for an automatically supported database used with Sqoop |
Apache Tajo
The following example shows a connection profile that defines access to a Tajo server. Tajo is an advanced data warehousing system on top of HDFS.
"TAJO_CP" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"Tajo":
{
"BinaryPath": "$TAJO_HOME/bin/",
"DatabaseName": "myTajoDB",
"MasterServerName" : "myTajoServer",
"MasterServerPort": "26001"
}
}
}
Parameter | Description |
---|---|
BinaryPath | Path to the bin directory where tsql utility is located |
DatabaseName | Name of the Tajo database |
MasterServerName | Host name of the server where the Tajo master is running |
MasterServerPort | Tajo master port number |
Apache Hive
The following example shows a connection profile that defines a Hive beeline endpoint and access credentials. The parameters in the example translate to this beeline command:
beeline -u jdbc:hive2://<Host>:<Port>/<DatabaseName>
"HIVE_CONNECTION_PROFILE" :
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Hive" :
{
"Host" : "hive_host_name",
"Port" : "10000",
"DatabaseName" : "hive_database",
}
}
}
The following shows how to use optional parameters for a Hadoop Hive job type connection profile.
The parameters in the example translate to this beeline command:
beeline -u jdbc:hive2://<Host>:<Port>/<DatabaseName>;principal=<Principal> -n <User> -p <Password>
"HIVE_CONNECTION_PROFILE1":
{
"Type" : "ConnectionProfile:Hadoop",
"TargetAgent" : "edgenode",
"TargetCTM" : "CTMHost",
"Centralized" : true,
"Hive" :
{
"Host" : "hive_host_name",
"Port" : "10000",
"DatabaseName" : "hive_database",
"User" : "user_name",
"Password" : "user_password",
"Principal" : "Server_Principal_of_HiveServer2@Realm"
}
}
}
If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****".
ConnectionProfile:FileTransfer
Connection profiles for File Transfers are available for the following types of target servers and communication protocols:
- FTP
- SFTP
- FTPS
- AS2
- Local filesystem
- S3 Storage solutions:
- Azure Storage solutions:
- Shared Key authentication using an access key
- Shared Key authentication using a full connection string
- Active Directory authentication with user and password
- Active Directory authentication with client secret
- Active Directory authentication with a certificate file
- Shared Access Signature (SAS) authentication
- Managed Identity authentication
- Google Cloud Storage (GCS)
For FTP, SFTP, FTPS, and Local filesystem transfers, you can choose between the following types of connection profiles, depending on the number of hosts for which the connection profile contains connection details:
- Single endpoint: Each connection profile contains the connection details of a single host. Such a connection profile can be used for either the source host or the destination host in a file transfer.
- Dual endpoint: The connection profile contains connection details of two hosts, both the source host and the destination host, in a file transfer.
You can also create group connection profiles for file transfers, which enable you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.
ConnectionProfile:FileTransfer:FTP
The following examples show a connection profile for a file transfer to a single endpoint using the FTP communication protocol.
Simple ConnectionProfile:FileTransfer:FTP
"FTPConn" : {
"Type" : "ConnectionProfile:FileTransfer:FTP",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "FTPServer",
"User" : "FTPUser",
"Password" : "ftp password",
}
}
ConnectionProfile:FileTransfer:FTP with optional parameters
"FTPConn" : {
"Type" : "ConnectionProfile:FileTransfer:FTP",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"WorkloadAutomationUsers":["john","bob"],
"HostName": "FTPServer",
"Port": "21",
"User" : "FTPUser",
"Password" : "ftp password",
"HomeDirectory": "/home/FTPUser",
"OsType": "Unix",
"Centralized" : false,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
OsType | (Optional) FTP server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
Password | (Optional) Password for FTP server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
HomeDirectory | (Optional) User home directory |
ConnectionMode | (Optional) Set the FTP client connection mode, one of the following options:
Default: Active |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:SFTP
The following examples show a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol.
Simple ConnectionProfile:FileTransfer:SFTP
"sFTPconn": {
"Type": "ConnectionProfile:FileTransfer:SFTP",
"TargetAgent": "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "SFTPServer",
"Port": "22",
"User" : "SFTPUser",
"Password" : "sftp password"
}
}
ConnectionProfile:FileTransfer:SFTP with optional parameters
"sFTPconn": {
"Type": "ConnectionProfile:FileTransfer:SFTP",
"TargetAgent": "AgentHost",
"TargetCTM" : "CTMHost",
"HostName": "SFTPServer",
"Port": "22",
"User" : "SFTPUser",
"HomeDirectory": "/home/SFTPUser",
"PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
"Passphrase": "passphrase",
"SSHCompression": true,
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
TargetAgent | Which agent computer to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
PrivateKeyName | (Optional) Private key full file path |
Passphrase | (Optional) Password for the private key. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
Password | (Optional) Password for SFTP Server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
HomeDirectory | (Optional) User home directory |
SSHCompression | (Optional) Whether to compress the file before the transfer. true | false Default: false |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:FTPS
The following example shows a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.
"FTPSConn": {
"Type": "ConnectionProfile:FileTransfer:FTPS",
"HomeDirectory": "/var/home",
"TargetAgent": "sqa",
"TargetCTM": "LocalControlM",
"HostName" : "localhost",
"User" : "controlm",
"Password": "ftps_pass",
"Port": "10021",
"SSLImplicit": false,
"ClearDataChannel": true,
"SSLLevel": "ClientServerAuthentication",
"ClearCommandChannel": true,
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
OsType | (Optional) FTPS server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
Password | (Optional) Password for FTPS server account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
HomeDirectory | (Optional) User home directory |
ConnectionMode | (Optional) Set the FTPS client connection mode, one of the following options:
Default: Active |
SSLImplicit | Whether to automatically create an SSL connection to the FTPS server (Default port 990). In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS). true (implicit connection) | false (explicit connection) Default: false |
ClearDataChannel | Whether to encrypt the connection process while files are transferred without encryption. This option is useful if you want your login information encrypted and your files transferred without encryption. true | false Default: true |
SSLLevel | The SSL security level, one of the following:
|
ClearCommandChannel | Whether to set the transmission mode from encrypted mode to clear text mode. You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS). true | false Default: true |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:AS2
The following examples show connection profiles for file transfers from a local filesystem to an AS2 server using the AS2 protocol.
Note: File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.
Simple ConnectionProfile:FileTransfer:AS2
"AS2_Conn_1": {
"Type": "ConnectionProfile:FileTransfer:AS2",
"TargetCTM": "LocalControlM",
"TargetAgent": "sqa",
"WorkloadAutomationUsers": [
"noAi"
],
"PartnerAS2Id": "partner-as2-id",
"PartnerDestinationUrl": "sqa",
"PartnerCertificateAlias": "partnerCertAlias",
"HostName": "sqa",
"Password": "*****"
}
}
ConnectionProfile:FileTransfer:AS2 with optional parameters
"AS2_Conn_2": {
"Type": "ConnectionProfile:FileTransfer:AS2",
"TargetCTM": "LocalControlM",
"TargetAgent": "sqa",
"Centralized": true,
"WorkloadAutomationUsers": [
"em_user1"
],
"PartnerAS2Id": "partner-as2-id",
"PartnerDestinationUrl": "sqa",
"PartnerCertificateAlias": "partnerCertAlias",
"HostName": "sqa",
"Password": "*****",
"AsyncMdnTimeout": "18120000",
"User": "basicUser",
"SendMessageTimeout": "301000",
"CompressMessage": true,
"SignMessageParameters": {
"SignMessage": false,
"SignatureAlgorithm": "RSA with SHA-384"
},
"EncryptMessageParameters": {
"EncryptMessage": false,
"EncryptionAlgorithm": "tripleDES (DES EDE3)"
},
"RequestReceiptParameters": {
"RequestReceipt": false,
"Mode": "Asynchronous",
"Sign": "Unsigned"
},
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
This connection profile has the following parameters:
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
PartnerAS2Id | The logical name of the remote AS2 server |
PartnerDestinationUrl | The URL of the AS2 server |
PartnerCertificateAlias | The alias of the partner certificate that is stored in the AS2 keystore |
Password | (Optional) The password of the HTTP request for the AS2 message. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
AsyncMdnTimeout | (Optional) The number of minutes to wait for the AS2 server to send the receipt before a timeout occurs The default is 18000000 minutes. |
User | The username of the HTTP request for the AS2 message |
SendMessageTimeout | (Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs The default is 300000 seconds (5000 hours). |
CompressMessage | Whether to compress the AS2 message when sent, either true or false The default is false. |
SignMessageParameters | |
SignMessage | Whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm, either true or false The default is true. |
SignatureAlgorithm | The algorithm to use for signing the AS2 message, one of the following options:
The default is RSA with SHA-1. |
EncryptMessageParameters | |
EncryptMessage | Whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm, either true or false The default is true. |
EncryptionAlgorithm | The algorithm to use for encryption of the AS2 message, one of the following options:
The default is CAST5_CBC. |
RequestReceiptParameters | |
RequestReceipt | Whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed, either true or false The default is true. |
Mode | The mode for receiving the MDN receipt, either Asynchronous or Synchronous The default is Synchronous. |
Sign | The type of MDN receipt to receive, either Signed or Unsigned The default is Signed. |
WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: false |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:Local
The following example shows a connection profile for a file transfer to a single endpoint on a Local File System.
"LocalConn" : {
"Type" : "ConnectionProfile:FileTransfer:Local",
"TargetAgent" : "AgentHost",
"TargetCTM" : "CTMHost",
"User" : "controlm",
"Password" : "local password",
"Centralized" : true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE : You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
OsType | (Optional) Local server operating system type Default: Unix Types: Unix, Windows, z/OS, OS400, Tandem, OS2200, OpenVMS |
Password | (Optional) Password for local account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:Amazon
The following example shows a connection profile for file transfers to or from an Amazon S3 storage service.
"testAmazon": {
"Type": "ConnectionProfile:FileTransfer:S3:Amazon",
"Region": "us-west-2",
"AccessKey": "mykey",
"SecretAccessKey": "mysecret",
"VerifyDestination": true,
"TargetAgent": "sqa",
"Centralized": true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
This connection profile has the following parameters:
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
Region | The region in which the Amazon S3 storage bucket is located. Specify one of the following regions:
|
AccessKey | The access key to the Amazon S3 storage. |
SecretAccessKey | The secret access key to the Amazon S3 storage. Use Secrets in code to not expose this secret access key in the code. |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:Compatible
The following example shows a connection profile for file transfers to or from an S3-compatible storage service.
"testCompatible": {
"Type": "ConnectionProfile:FileTransfer:S3:Compatible",
"RestEndPoint": "api.com",
"AccessKey": "mykey",
"SecretAccessKey": "mysecret",
"VerifyDestination": true,
"TargetAgent": "sqa",
"Centralized": true,
"AdditionalParameters": [
{
"Name": "param1",
"Value": "1"
},
{
"Name": "param2",
"Value": "2"
}
]
}
}
This connection profile has the following parameters:
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
RestEndPoint | The network address where the S3 Compatible Storage is located. |
AccessKey | The access key to the S3 Compatible storage. |
SecretAccessKey | The secret access key to the S3 Compatible storage. Use Secrets in code to not expose this secret access key in the code. |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AdditionalParameters | 9.0.19.220 (Optional) Additional parameters that are specific to your environment and you can add manually. Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters (in the Control-M Online Help). |
ConnectionProfile:FileTransfer:S3:AWSPrivateLink
The following example shows a connection profile for file transfers to or from an AWS PrivateLink for Amazon S3, for storage that resides in the virtual private cloud (VPC) endpoint.
"PRIVATE_LINK_AMAZON_CP": {
"Type": "ConnectionProfile:FileTransfer:S3:AWSPrivateLink",
"Region": "us-west-2",
"AccessKey": "f392vvrf389222dsfvsd5b",
"SecretAccessKey": "JXq5+dfsux71t3wee+PdQ2bzGOFexcfsdf",
"VerifyDestination": true,
"RestEndPoint": "apicom",
"TargetCTM": "CTMHost",
"TargetAgent": "web",
"Centralized": true
}
}
This connection profile has the following parameters:
Region | Determines the region in which the Amazon S3 storage bucket is located:
|
AccessKey | Defines the access key to the Amazon S3 storage. |
SecretAccessKey | Defines the secret access key to the Amazon S3 storage. Use Secrets in code to not expose this secret access key in the code. |
VerifyDestination | (Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
RestEndPoint | Defines the network address where the Amazon S3 storage is located. |
TargetCTM | Defines the Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
TargetAgent | Defines the Control-M/Agent to which to deploy the connection profile. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:SharedKey
The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using an access key:
"AZURE_CCP1": {
"Type": "ConnectionProfile:FileTransfer:Azure:SharedKey",
"AzureAccountName": "devAccount",
"AzureAccountAccessKey": "44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureAccountAccessKey | Defines the account access key that is used to connect to Azure. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:ConnectionString
The following example shows a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using a full connection string:
"AZURE_CCP2": {
"Type": "ConnectionProfile:FileTransfer:Azure:ConnectionString",
"AzureAccountName": "devAccount",
"AzureAccountConnectionString": "DefaultEndpointsProtocol=https;AccountName=devAccount;AccountKey=44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==;EndpointSuffix=core.windows.net",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureAccountConnectionString | Defines the entire connection string used to connect to Azure. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdUserPass
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).
"AZURE_CCP3": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdUserPass",
"AzureAccountName": "devAccount",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureUserNameAD": "john@mftteamoutlook.onmicrosoft.com",
"AzureUserPasswordAD": "Abcxyz1234!",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
AzureClientId | Defines the ID of your application in Azure Active Directory. |
AzureUserNameAD | Defines the name of the Azure AD user to use for authentication. |
AzureUserPasswordAD | Defines the password of the Azure AD user. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdClientSecret
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.
"AZURE_CCP4": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdClientSecret",
"AzureAccountName": "devAccount",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureClientSecret": "rbyHyYH7~pg0fs1pRNMEPuJG-Y.t_fE8yt",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
AzureClientId | Defines the ID of your application in Azure Active Directory. |
AzureClientSecret | Defines the name of the application secret. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:AdCertificate
The following example shows a connection profile for file transfers to or from an Azure Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.
"AZURE_CCP5": {
"Type": "ConnectionProfile:FileTransfer:Azure:AdCertificate",
"AzureAccountName": "devAccount",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
"AzureClientCertificateFormat": "PFX",
"AzureClientCertificatePath": "C:\\as2_keystore.pfx",
"AzureClientCertificatePassword": "password",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
AzureClientId | Defines the ID of your application in Azure Active Directory. |
AzureClientCertificateFormat | Determines whether to use PEM or PFX as the certificate file. |
AzureClientCertificatePath | Defines the location of the certificate file. |
AzureClientCertificatePassword | Defines the password of the certificate. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:SharedAccessSignature
The following example shows a connection profile for file transfers to or from an Azure Storage service using a Shared Access Signature (SAS), which delegates access with specific permissions over a limited time interval.
"AZURE_CCP6": {
"Type": "ConnectionProfile:FileTransfer:Azure:SharedAccessSignature",
"AzureAccountName": "devAccount",
"AzureAccountSaSToken": "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2022-07-23T16:47:01Z&st=2021-02-10T09:47:01Z&spr=https&sig=Ym8ilBPZW2EzKPpfd2SBTpokZQdwzjCca4igKJwP0YM%5D",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureAccountSaSToken | Defines the SAS token that is created for Azure limited access. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Azure:ManagedIdentity
The following example shows a connection profile for file transfers to or from an Azure Storage service using a predefined Managed Identity that does not require credentials.
You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.
"AZURE_CCP7": {
"Type": "ConnectionProfile:FileTransfer:Azure:ManagedIdentity",
"AzureAccountName": "devAccount",
"AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
"Centralized": true
}
}
This connection profile has the following parameters:
AzureAccountName | Defines the name of the Azure Storage account. |
AzureTenantId | Defines the ID of the Azure Active Directory instance where your application is located. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:GCS
The following example shows a connection profile for file transfers to or from a Google Cloud Storage (GCS) service:
"GCS_CCP1": {
"Type": "ConnectionProfile:FileTransfer:GCS",
"GCSServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm5-priv-cc30914\",\"private_key_id\":\"5197d05c5b8215irw944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\"}",
"GCSServiceAccountKeyFileName": "john.json",
"Centralized": true
}
}
This connection profile has the following parameters:
GCSServiceAccountKey | Defines a JSON body that contains the required service account credentials to access the Google Cloud Storage account. |
GCSServiceAccountKeyFileName | Defines the name of the file that contains the service account credentials. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:DualEndPoint
In a dual-endpoint connection profile, you specify connection details for the source host and for the destaination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.
The following example shows a dual-endpoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol.
"DualEpConn" : {
"Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
"WorkloadAutomationUsers" : [ "em_user1" ],
"TargetAgent" : "AgentHost",
"Centralized" : false,
"src_endpoint" : {
"Type" : "Endpoint:Src:FTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "localhost",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
},
"dest_endpoint" : {
"Type" : "Endpoint:Dest:SFTP",
"User" : "controlm",
"Port" : "10023",
"HostName" : "host2",
"Password" : "password",
"HomeDirectory" : "/home/controlm/"
}
}
}
The dual-endpoint connection profile can have the following parameters:
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
WorkloadAutomationUsers | (Optional) Users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
VerifyChecksum | (Optional) Enable or disable error detection on file transfer true | false Default: false |
VerifyDestination | (Optional) Verify the size of the file at the destination after a successful binary-mode transfer. true | false Default: true |
VerifyBytes | (Optional) Verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails. true | false Default: false |
Endpoint | Two endpoint objects, one for the source host and one for the destaination host. Each endpoint can be based on FTP, SFTP, FTPS or local file system. Here are all the possible types of Endpoint objects:
Parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection: |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:FileTransfer:Group
9.0.20.015The following example shows a group connection profile, which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers.
"GROUP_CP": {
"Type": "ConnectionProfile:FileTransfer:Group",
"TargetAgent": "docker_aft_app_centos1",
"GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"],
"WorkloadAutomationUsers":["john","bob"]
}
This connection profile has the following parameters:
TargetAgent | The Control-M/Agent to which to deploy the connection profile. |
GroupAccounts | A list of file transfer connection profiles included in the group |
WorkloadAutomationUsers | (Optional) Control-M users that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: * (all users) |
WorkloadAutomationGroups | (Optional) Control-M roles (groups of users) that are allowed to access the connection profile. Relevant only for local connection profiles. NOTE: You can use "*" as a wildcard. For example, "e*" Default: Empty (no roles specified) |
ConnectionProfile:Database
The connection profile for database allows you to connect to the following database types:
- ConnectionProfile:Database:DB2
- ConnectionProfile:Database:JDBC
- ConnectionProfile:Database:MSSQL
- ConnectionProfile:Database:Oracle
- ConnectionProfile:Database:PostgreSQL
- ConnectionProfile:Database:Sybase
ConnectionProfile:Database:DB2
The following example shows how to define a connection profile for DB2:
"DB2_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:DB2",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "DB2Host",
"Port":"50000",
"User": "db user",
"Password": "db password",
"DatabaseName": "db2"
}
}
The following table describes the parameters in the example above, as well as several additional optional parameters:
Parameter | Description |
---|---|
Port | The database port number. If the port is not specified, the following default values are used for each database type:
|
Password | Password to the database account. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
DatabaseName | The name of the database |
DatabaseVersion | The version of the database. For a list of databases and versions supported by your version of Control-M for Databases, open the Product Availability & Compatibility page at https://customerapps.bmc.com/spac/o/welcome.html. In the Product Name field enter Control-M for Databases, and in the Product Version field select the relevant version. The default version for each database is the earliest version that is supported. |
MaxConcurrentConnections | The maximum number of connections that the database can process at the same time. Allowed values: 1–512 |
ConnectionRetryTimeOut | The number of seconds to wait before attempting to connect again. Allowed values: 1–300 |
ConnectionIdleTime | The number of seconds that the database connection profile can remain idle before disconnecting. Default value: 300 seconds |
ConnectionRetryNum | The number of times to attempt to reconnect after a connection failure. Allowed values: 1–24 |
ConnectionProfile:Database:JDBC
The following example shows how to define a connection profile using a custom defined database type created using JDBC. Parameters are described in the table above.
"JDBC_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:JDBC",
"User":"db user",
"TargetCTM":"CTMHost",
"Host": "PGSQLHost",
"Driver":"PGDRV",
"Port":"5432",
"TargetAgent": "AgentHost",
"Password": "db password",
"DatabaseName":"dbname"
}
}
The following parameter is unique to JDBC connection profiles:
Parmeter | Description |
Driver | JDBC driver name as defined in Control-M or as defined using the Driver object |
Driver:JDBC:Database
You can define a driver to be used by a connection profile. The following example shows the parameters that you use to define a driver:
"MyDriver": {
"Type": "Driver:Jdbc:Database",
"TargetAgent":"app-redhat",
"StringTemplate":"jdbc:sqlserver://<HOST>:<PORT>/<DATABASE>",
"DriverJarsFolder":"/home/controlm/ctm/cm/DB/JDBCDrivers/PostgreSQL/9.4/",
"ClassName":"org.postgresql.Driver",
"LineComment" : "--",
"StatementSeparator" : ";"
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the driver. |
StringTemplate | The structure according to which a connection profile string is created. |
DriversJarsFolder | The path to the folder where the database driver jars are located. |
ClassName | Name of driver class |
LineComment | The syntax used for line comments in the scripts that run on the database. |
StatementSeparator | The syntax used for statement separator in the scripts that run on the database. |
ConnectionProfile:Database:MSSQL
The following example shows how to define an MSSQL database connection profile. Parameters are described in the table above.
"MSSQL_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:MSSQL",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "MSSQLHost",
"User": "db user",
"Port":"1433",
"Password": "db password",
"DatabaseName": "master",
"DatabaseVersion": "2005",
"MaxConcurrentConnections": "9",
"ConnectionRetryTimeOut": "34",
"ConnectionIdleTime": "45"
}
}
The following parameter is unique to MSSQL connection profiles:
Parameter | Description |
---|---|
AuthenticationType | SQL Server Authentication Possible values are:
|
ConnectionProfile:Database:MSSQL:SSIS
9.0.19.220 The following example shows how to define a connection profile for SQL Server Integration Services (SSIS) packages:
"SSIS_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:MSSQL:SSIS",
"TargetAgent": "AgentHost",
"TargetCTM": "LocalControlM",
"Host": "localhost",
"User": "administrator",
"Port": "1433",
"Password": "db password",
"DatabaseName": "testdb",
"DatabaseVersion": "2016",
"AuthenticationType": "Windows Authentication",
"SkipPackagesTest" : false,
"SSIS": [
{
"Source": "File System",
"Name": "file_system_package",
"Password": "password"
},
{
"Source": "SSIS Package Store",
"Name": "ssis_package",
"Password": "password"
},
{
"Source": "SQL Server",
"Name": "sql_server_package",
"Password": "password"
}
]
}
}
Most of the parameters are the same as for the basic MSSQL connection profile (including those described in the table above). The following parameters are unique to the MSSQL SSIS connection profile:
Parameter | Description |
---|---|
SkipPackageTest | Whether to skip validation of SSIS packages when testing the connection profile, either true or false |
SSIS | Connection details for all associated SSIS Packages |
Source | Source location of the SSIS Package — SQL Server, File System, or SSIS Package Store |
Name | Name of the SSIS Package |
Password | Password required for accessing the SSIS Package If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
ConnectionProfile:Database:Oracle
Oracle connection profiles are available for three types of database definitions:
ConnectionProfile:Database:Oracle:SID
The following example shows how to define a connection profile for an Oracle database using the SID identifier. Additional available parameters are described in the table above.
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:SID",
"TargetCTM": "controlm",
"Port": "1521",
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",
"Password": "db password",
"SID": "ORCL"
}
}
ConnectionProfile:Database:Oracle:ServiceName
The following example shows how to define a connection profile for an Oracle database using a single service name. Additional available parameters are described in the table above.
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:ServiceName",
"TargetCTM": "controlm",
"Port": "1521",
"TargetAgent": "AgentHost",
"Host": "OracleHost",
"User": "db user",
"Password": "db password",
"ServiceName": "ORCL"
}
}
ConnectionProfile:Database:Oracle:ConnectionString
The following example shows how to define a connection profile for an Oracle database using a connection string that contains text from your tnsname.ora file. Additional available parameters are described in the table above.
"ORACLE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Oracle:ConnectionString",
"TargetCTM":"CTMHost",
"ConnectionString":"OracleHost:1521:ORCL",
"TargetAgent": "AgentHost",
"User": "db user",
"Password": "db password"
}
}
ConnectionProfile:Database:PostgreSQL
The following example shows how to define a connection profile for PostgreSQL. Parameters are described in the table above.
"POSTGRESQL_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:PostgreSQL",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "PostgreSQLHost",
"Port":"5432",
"User": "db user",
"Password": "db password",
"DatabaseName": "postgres"
}
}
ConnectionProfile:Database:Sybase
The following example shows how to define a connection profile for Sybase. Parameters are described in the table above.
"SYBASE_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Database:Sybase",
"TargetCTM":"CTMHost",
"TargetAgent": "AgentHost",
"Host": "SybaseHost",
"Port":"4100",
"User": "db user",
"Password": "db password",
"DatabaseName": "Master"
}
}
ConnectionProfile:SAP
SAP connection profiles that you create for use by your SAP jobs can be defined for logon to a specific SAP Application Server or for an SAP logon group.
The following example is for a connection profile for a specific SAP Application Server:
"SAP-SERVER-CONN" : {
"Type" : "ConnectionProfile:SAP",
"User" : "my-user",
"Password" : "123456",
"SapClient" : "100",
"Language" : "",
"XBPVersion": "XBP3.0",
"AppVersion": "R3",
"ApplicationServerLogon" : {
"Host" : "localhost",
"SystemNumber" : "12"
},
"SecuredNetworkConnection": {
"SncLib": " " ,
"SncPartnerName": "",
"QualityOfProtection": "2",
"SncMyName":""
},
"SapResponseTimeOut" : "180",
"UseExtended": true,
"SolutionManagerConnectionProfile" : "IP4-GROUP",
"IsSolutionManagerConnectionProfile": true
}
}
The following example is for a connection profile for an SAP logon group:
"SAP-GROUP-CONN" : {
"Type" : "ConnectionProfile:SAP",
"User" : "my-user",
"Password" : "123456",
"SapClient" : "100",
"Language" : "",
"XBPVersion": "XBP3.0",
"AppVersion": "R3",
"GroupLogon": {
"SystemID": "123",
"MessageServerHostName": "msgsv",
"GroupName": "group1"
},
"SecuredNetworkConnection": {
"SncLib": " " ,
"SncPartnerName": "",
"QualityOfProtection": "2",
"SncMyName":""
},
"SapResponseTimeOut" : "180",
"UseExtended": true,
"SolutionManagerConnectionProfile" : "IP4-GROUP",
"IsSolutionManagerConnectionProfile": true
}
}
Parameter | Description |
---|---|
User | SAP user name |
Password | Password for the SAP user If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
SapClient | SAP client number, a three-digit number |
Language | The SAP language. The default is English. |
XBPVersion | SAP XBP interface version installed on the SAP server Valid values are:
|
AppVersion | Version of the SAP application, one of the following:
|
GroupLogon | Parameters for defining an SAP logon group |
SystemID | SAP system ID, three alpha-numeric characters |
MessageServerHostName | Host name of the computer on which the SAP System Message Server is running |
GroupName | SAP logon group name The Group name is defined in the SAP SMLG transaction. |
ApplicationServerLogon | Parameters for defining a specific SAP Application Server |
Host | The host name of the computer that runs the SAP Application Server |
SystemNumber | SAP instance number, a two-digit number |
SecuredNetworkConnection | Parameters that you can use to activate a secured network connection |
SncLib | Client full path and file name to SAP crypto lib For example: /home1/agsapfp/SNC/libsapcrypto.sl |
SncPartnerName | SNC name of the application server For example: p:CN=LE1, OU=BPM, O=BMC, C=US |
QualityOfProtection | Quality of the protection Valid values: 1, 2, 3, 8 (default), 9 |
SncMyName | SNC name of the user sending the RFC Default: The name provided by the security product for the user who is logged on. |
SapResponseTimeOut | Number of seconds that the program waits for an RFC request to be handled by the SAP system before returning a timeout error Default: 180 |
UseExtended | Whether the extended functionality of Control-M for SAP should be used, either false (default) or true NOTE: If you select this option, the Control-M Function Modules must be installed on your SAP server, as described in Control-M for SAP XBP Interface and Control-M Function Modules in the Control-M for SAP online help. |
SolutionManagerConnectionProfile | Solution Manager connection profile for retrieval of SAP job Documentation This parameter is relevant only if the current connection profile is not a Solution Manager connection profile, as discussed in the next parameter. |
IsSolutionManagerConnectionProfile | Whether the current connection profile is a Solution Manager connection profile, either true or false (the default) |
ConnectionProfile:ApplicationIntegrator
The following example shows how to define a connection profile for a job type defined in the Control-M Application Integrator. For information about the Control-M Application Integrator, see Application Integrator.
Properties defined for the connection profile in Control-M Application Integrator are all prefixed with "AI-" in the .json code, as shown in the following example.
"AI_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:ApplicationIntegrator:<JobType>",
"TargetAgent": "AgentHost",
"TargetCTM":"CTMHost",
"AI-Param03": "45",
"AI-Param04": "group",
"Centralized": true
}
}
ConnectionProfile:Informatica
The following example shows how to define a connection profile for an Informatica job:
"INFORMATICA_CONNECTION": {
"Type": "ConnectionProfile:Informatica",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"Host": "InformaticaHost",
"Port": "7333",
"User": "UserName",
"Password": "Password",
"PowerCenterDomain": "DomainName",
"Repository": "RepositoryName",
"IntegrationService": "ServiceName",
"SecurityDomain": "Native",
"ConnectionType": "HTTP",
"MaxConcurrentConnections": "100",
"Centralized": false
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
Host | Name of the Informatica web services server |
Port | (Optional) Port number of the Informatica web services server Values range from 1 to 65535. The default is 7333. |
User | Name of a user to log into the Repository |
Password | A password to log into the Repository. Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
PowerCenterDomain | Name of the Informatica server that contains the Repository service |
Repository | Name of the repository where the repository folders and workflows are located |
IntegrationService | The Integration Service to use to run the workflows |
SecurityDomain | The name of a Security Domain, a collection of user accounts and groups in a Power Center Domain. If the user name belongs to the native security domain, this parameter is optional, and the default is an empty value. If the user name belongs to an LDAP security domain, this parameter is required. |
ConnectionType | (Optional) Protocol for the connection to the Informatica server, either HTTP (the default) or HTTPS. |
MaxConcurrentConnections | (Optional) The maximum number of allowed concurrent workflows in the connection profile Values range from 1 to 512, with a default value of 100. |
Centralized | 9.0.20.000 Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:Informatica CS
The following example shows how to define a connection profile for an Informatica Cloud Services job:
"INFORMATICA_CS_CONNECTION": {
"Type": "ConnectionProfile:Informatica CS",
"Login URL": "https://dm-us.informaticacloud.com",
"Base URL": "https://usw5.dm-us.informaticacloud.com",
"Username": "UserName",
"Password": "Password",
"Request Timeout": "3",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Login URL | The URL for login calls to Informatica Cloud |
Base URL | The instance name of the Informatica Cloud server |
Username | Username for the account to connect to Informatica Cloud |
Password | A password for the login to Informatica Cloud Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
Request Timeout | A timeout value, in seconds, for the requests sent to Informatica Cloud The default is 3 seconds. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Values: true|false Default: false The Informatica Cloud Services job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AWS
Note: This feature requires Control-M/Enterprise Manager version 9.0.21
The following examples show how to define a connection profile for an AWS job.
The following example is based on authentication with an access key and a secret key:
"AWS_CONNECTION_ACCESSKEY": {
"Type": "ConnectionProfile:AWS",
"Centralized": true,
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"AuthenticationMethod": "AccessKey",
"AccessKey": "1234",
"SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
"Region": "ap-northeast-1",
}
}
The following example is based on authentication with an IAM role:
"AWS_CONNECTION_IAMROLE": {
"Type": "ConnectionProfile:AWS",
"Centralized": true,
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"AuthenticationMethod": "IAMRole",
"IAMRole": "myRole",
"Region": "ap-northeast-1",
"ProxySettings": {
"Host": "host",
"Port": "12345",
"Username": "username",
"Password": "password"
}
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
AuthenticationMethod | One of the following authentication methods for the connection to AWS:
|
AccessKey | (For AccessKey authentication) AWS account Access Key |
SecretAccessKey | (For AccessKey authentication) AWS account Secret Access Key Use Secrets in code to not expose this secret access key in the code. |
IAMRole | (For IAMRole authentication) The name of an IAM role for authentication of the connection to AWS |
Region | Location of the AWS user |
ProxySettings | Settings of an installed proxy server:
|
ConnectionProfile:AWS Glue
The following examples show how to define a connection profile for an AWS Glue job, which executes Amazon Web Services (AWS) Glue, a serverless data integration service.
The following example is based on authentication using an AWS access key and secret.
"GLUECONNECTION": {
"Type": "ConnectionProfile:AWS Glue",
"AWS Access key ID": "MYAWSACCESSKEY1234",
"AWS Secret": "myAwsSecret12345",
"Authentication": "SECRET",
"AWS Region": "eu-west-2",
"Glue url": "glue.eu-west-2.amazonaws.com",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
The following example is based on authentication using an AWS IAM role from inside an EC2 instance.
"GLUECONNECTIONIAM": {
"Type": "ConnectionProfile:AWS Glue",
"IAM Role": "GLUEEC2IAMROLE",
"Authentication": "NOSECRET",
"AWS Region": "eu-west-2",
"Glue url": "glue.eu-west-2.amazonaws.com",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Authentication | Type of authentication to use for the connection with AWS Glue, one of the following:
|
AWS Access key ID | (For SECRET authentication) Access key ID for connection to AWS |
AWS Secret | (For SECRET authentication) Secret access key for connection to AWS |
IAM Role | (For NOSECRET authentication) Identity and Access Management (IAM) role for connection to AWS |
AWS Region | AWS Glue service region |
Glue url | URL of an AWS Glue service regional endpoint For more information about regional endpoints available for the AWS Glue service, refer to the AWS documentation. |
Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to AWS Glue The default is 40 seconds. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The AWS Glue job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure
9.0.19.220 The following example shows how to define a connection profile for an Azure job:
"AZURE_CONNECTION": {
"Type": "ConnectionProfile:Azure",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
"SubscriptionID": "bcde-fgh-ijk-lmnopq",
"ApplicationID": "abcd-efg-hij-klmnop",
"User": "user1@bmc.onmicrosoft.com",
"Password": "*****"
"Batch": {
"BatchAccountName": "myFirstBatch",
"BatchAccountKey": "aaaaaabbbbbbbccccccc",
"Location": "centralus"
}
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
ActiveDirectoryDomainName | (Optional) Azure Active Directory Format: <company name>.onmicrosoft.com |
SubscriptionID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
ApplicationID | Azure application ID |
User | Name of user to connect to the Azure server |
Password | Password of the username that connects to the Azure server Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
Batch | (Optional) Enables the use of a batch account service By default, a batch account is not used. If you want to use a batch account, you must define the following parameters: |
BatchAccountName | Name of the batch account |
BatchAccountKey | Primary access key for the batch account This key can be retrieved from the Azure portal. |
Location | Batch account location, as defined in the batch account properties The batch account name and batch account location are used to define the batch URI. |
ConnectionProfile:ADF
The following examples show how to define a connection profile for an ADF job, which executes an Azure Data Factory (ADF) service and allows you to automate the movement and transformation of data.
The following example is based on authentication using an Azure service principal.
"ADF_SERVPRINC": {
"Type": "ConnectionProfile:ADF",
"Tenant ID": "tenantId",
"Identity Type": "PRINCIPAL",
"Client Secret": "*****",
"Application ID": "applicationId",
"Subscription ID": "subscriptionId",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
The following example is based on authentication using managed identities.
"ADF_MANID": {
"Type": "ConnectionProfile:ADF",
"Identity Type": "MANAGEDID",
"Subscription ID": "subscriptionId",
"Connection Timeout": "40",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Identity Type | Type of authentication to use for the connection with the Azure Data Factory, one of the following:
|
Tenant ID | (For service principal authentication) The Azure Tenant ID where the Azure Data Factory was created |
Client Secret | (For service principal authentication) The client secret associated with the service principal |
Application ID | (For service principal authentication) ID of the Azure-registered application that is used to interact with the Azure Data Factory |
Subscription ID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to the Azure Data Factory The default is 40 seconds. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The ADF job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Databricks
The following example shows how to define a connection profile for an Azure Databricks job, which performs big data analytics .
"ADF_SERVPRINC": {
"Type": "ConnectionProfile:Azure Databricks",
"Tenant ID": "tenantId",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*****",
"Databricks url": "https://adb-1111211144444680.0.azuredatabricks.net",
"Azure Login url": "https://login.microsoftonline.com",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Tenant ID | The Azure Tenant ID in Azure AD |
Application ID | The application (service principal) ID of the registered application. The service principal must meet the following requirements:
|
Client Secret | The client secret (password) associated with the Azure user and the application |
Databricks url | The URL of your Databricks workspace |
Azure Login url | The Azure AD authentication e ndpoint base URL |
Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to Azure Databricks The default is 50 seconds. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Azure Databricks job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:AzureFunctions
The following examples show how to define a connection profile for an Azure Functions job, which executes an Azure cloud service for serverless application development.
The following example is based on authentication using an Azure service principal.
"AZUREFUNCTIONS": {
"Type": "ConnectionProfile:AzureFunctions",
"Subscription ID": "bcde-fgh-ijk-lmnopq",
"Identity Type": "PRINCIPAL",
"Tenant ID": "tenantId",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Client Secret": "*********",
"Azure Login url": "https://login.microsoftonline.com",
"Resource Group": "resourceGroup",
"Description": "",
"Centralized": true
}
}
The following example is based on authentication using managed identities.
Note: Managed I dentity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
"AZUREFUNCTIONS": {
"Type": "ConnectionProfile:AzureFunctions",
"Subscription ID": "bcde-fgh-ijk-lmnopq",
"Identity Type": "MANAGEDID",
"Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Resource Group": "resourceGroup",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Subscription ID | Azure account subscription ID The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu. |
Identity Type | Type of authentication to use for the connection with Azure Functions, one of the following:
|
Tenant ID | (For service principal authentication) The Azure Tenant ID in Azure AD |
Application ID | The application (service principal) ID of the registered application. The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated. |
Client Secret | (For service principal authentication) The client secret (password) associated with the Azure user and the application |
Azure Login url | (For service principal authentication) The Azure AD authentication e ndpoint base URL |
Resource Group | The name of the resource group that holds your application |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Azure Functions job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Azure Batch Accounts
The following examples show how to define a connection profile for execution of an Azure Batch Accounts service, which runs large-scale parallel and batch compute jobs.
The following example is based on authentication using an Azure service principal.
"AZURE_BATCH": {
"Type": "ConnectionProfile:Azure Batch Accounts",
"Authentication Method": "PRINCIPAL",
"Tenant ID": "tenantId",
"Azure AD url": "https://login.microsoftonline.com",
"App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
"Batch Account Name": "abc_batch",
"Batch Region ID": "uksouth",
"Batch Resource url": "https://batch.core.windows.net/",
"Client Secret": "*********",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
The following example is based on authentication using managed identities.
Note: Managed I dentity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
"AZURE_BATCH": {
"Type": "ConnectionProfile:Azure Batch Accounts",
"Authentication Method": "MANAGEDID",
"Batch Account Name": "abc_batch",
"Batch Region ID": "uksouth",
"Batch Resource url": "https://batch.core.windows.net/",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Authentication Method | Defines one of the following types of authentication to use for the connection with Azure Batch:
|
Tenant ID | (For service principal authentication) Defines the Azure Tenant ID in Azure AD |
Azure AD url | (For service principal authentication) Defines the Azure AD authentication e ndpoint base URL |
App ID | Defines the application (service principal) ID of the registered application for the Azure Batch service. The service principal must be for an Azure Batch account with a Contributor role. |
Batch Account Name | Defines the name of the Batch account created in Azure Portal. |
Batch Region ID | Defines the region ID associated with the Batch account in Azure Portal. |
Batch Resource url | Defines the identifier for the Azure Batch account for login via Azure AD. This identifier is a constant value set to https://batch.core.windows.net/ |
Client Secret | (For service principal authentication) Defines the client secret (password) associated with the Azure user and the application. |
Connection Timeout | Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts. The default is 50 seconds. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Azure Batch job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Power BI
The following example shows how to define a connection profile for a Power BI job, which enables integration of Power BI workflows with your existing Control-M workflows.
"POWERBI": {
"Type": "ConnectionProfile:Power BI",
"Application ID": "77538c66-d7fp-4ca4-8cwa-120ed404fe8c",
"Client Secret": "*****",
"User Name": "user1@Elearningace.onmicrosoft.com",
"Password": "*****",
"Resource Group": "https://analysis.windows.net/powerbi/api",
"API URL": "https://api.powerbi.com/v1.0/myorg/",
"Description": "Power BI connection profile",
"Centralized": true
}
}
Parameter | Description |
---|---|
Application ID | Defines the application ID of the registered application. |
Client Secret | Defines the client secret (password) associated with the user and the application. |
User Name | Defines the name of a user for logging on to the Power BI platform, typically an email address. |
Password | Defines the password for the specified Power BI user. |
Resource Group | Defines the URL of the resource group that holds your application: https://analysis.windows.net/powerbi/api |
API URL | Defines the Azure AD authentication e ndpoint base URL for Power BI: https://api.powerbi.com/v1.0/myorg/ |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Power BI job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:PeopleSoft
The following example shows how to define a connection profile for a PeopleSoft job:
"PS_CONNECT": {
"Type": "ConnectionProfile:PeopleSoft",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"Centralized": true,
"User": "User_Name",
"Password": "Password",
"DomainPassword": "****",
"PeopleToolsVersion": "8.52",
"ApplicationServers": [
{
"ApplicationServer": "ApplicationServer1",
"JoltPort": "1024"
},
{
"ApplicationServer": "ApplicationServer2",
"JoltPort": "65535"
}
]
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
User | A valid PeopleSoft user, as defined on PSOPRDEFN This user must have the role(s) to submit and execute processes. |
Password | Password to connect the specified user to the PeopleSoft server Use Secrets in code to not expose the password in the code. If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
DomainPassword | Password for the PeopleSoft domain (for PeopleTools version 8.51 or later) If you are updating an existing connection profile and do not want to change the existing password, enter a string of 5 asterisk characters, "*****". |
PeopleToolsVersion | Version of PeopleTools Valid Values are in the format of <major.minor>, such as 8.48, or 8.52. To determine the exact version, consult with your PeopleSoft administrator. |
ApplicationServers | Details of the associated PeopleSoft application servers |
ApplicationServer | Name of a PeopleSoft application server |
JoltPort | Number of the jolt port on the PeopleSoft application server. Values range from 1024 to 65535. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later). Either true or false. The default is false, that is, the connection profile is created as a local connection profile that is associated with a specific agent and is stored on that agent. |
ConnectionProfile:Airflow
The following examples show how to define a connection profile for an Airflow Job, which enables you to monitor and manage DAG workflows.
The following example is for a standalone instance of Airflow:
"AIRFLOW_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Airflow:Standalone",
"Host": "dba-airflow-12",
"Port": "8080",
"User": "admin",
"Password": "password",
"SecuredConnection": true,
"Centralized": true
}
}
Parameter | Description |
---|---|
Host | Defines the Airflow hostname. |
Port | Defines the Airflow port number of the Airflow web server. |
User | Defines the username that is used to log in to the Airflow server. |
Password | Defines the password to log in to the Airflow server. |
SecuredConnection | Determines whether a secure connection to the Airflow server is established. Values: true|false |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Airflow job requires a centralized connection profile. Set this parameter to true. |
The following example is for a Google Cloud Composer instance of Airflow:
"AIRFLOW_GC_CONNECTION_PROFILE": {
"Type": "ConnectionProfile:Airflow:GoogleComposer",
"ServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"ServiceAccountKeyFilename": "1234.log",
"BaseURL": "http://akjsdlksajdksad",
"TargetAudience": "153767957930-mq2qc9l7p5i8liqvf19d77fku5nrcd1k.apps.googleusercontent.com",
"Centralized": true
}
}
Parameter | Description |
---|---|
ServiceAccountKey | Defines a JSON body that contains the required service account credentials to access the Google Cloud Composer account. |
ServiceAccountKeyFilename | Defines the name of the file that contains the service account credentials. |
BaseURL | Defines the Airflow web UI URL in Google Composer. |
TargetAudience | Defines the JWT (JSON Web Token) audience for the IAP (Identity-Aware Proxy) Google Cloud service. Note: If you do not know the target audience value, define any text value and test the connection profile. The error message indicates the required target audience value. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Airflow job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:WebServices
The following example shows how to define a connection profile for a job to a web service:
"WSDL_CONNECT": {
"Type": "ConnectionProfile:WebServices",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ServiceType": "WebServices",
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
"HttpAuthentication": "user1:password@realm1;"
}
}
The following example shows how to define a connection profile for a job to a RESTful web service:
"WSDL_CONNECT": {
"Type": "ConnectionProfile:WebServices",
"TargetAgent": "AgentHost",
"TargetCTM": "CTMHost",
"ServiceType": "Rest",
"Location": http://example.com/serverpolicy/Request.asmx?wsdl,
"HttpAuthentication": "user1:password@realm1;user2:password@realm2",
"LoginUrl": "http://abc.xyz.com/login",
"LoginHeader": "Accept:*/*",
"LoginBody": "{}",
"JobPreset": "@SessionId:@Token"
}
}
Parameter | Description |
---|---|
TargetAgent | The Control-M/Agent to which to deploy the connection profile |
TargetCTM | The Control-M/Server to which to deploy the connection profile. If there is only one Control-M/Server, that is the default. |
ServiceType | The type of service to connect with, one of the following:
|
Location | The location of the Web Service, according to the service type:
|
HttpAuthentication | Specification for simple text authentication (user password per realm). Optional. Enter a value of the following format: user1:password@realm1;user2:password@realm2 One user per realm only. Separate multiple sets with semicolons. End a single set with a semicolon. |
LoginUrl | For REST services only: The URL for the login request |
LoginHeader | (Optional, for REST services only) Any additional HTTP headers that are required in the login request. For each header, use a value of the following format: <name>=<value> For multiple headers, separate name/value pairs with colons. |
LoginBody | (Optional, for REST services only ) Any text required in the login request body |
JobPreset | For REST services only: An HTTP header or a parameter to add to each job request, in the HTTP query URL, based on the login returned data. Job Preset is defined in the following format. Use semicolons to separate multiple sets. <name>:<value>;<name>:<value>
|
ConnectionProfile:UI Path
The following examples show how to define a connection profile for a UiPath job, which performs robotic process automation (RPA) .
"UIPATH_Connect": {
"Type": "ConnectionProfile:UI Path",
"Tenant Url": "devabcdexample/DevDefault",
"Tenant Name": "DevDefaultexample",
"App ID": "caaabc57-v8ad-30e5-ah3b0-25am5jf361c3",
"App Secret": "L!Mh4o#0nv1odf#f",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Tenant Url | UiPath Account Logical Name, a unique URL for your site |
Tenant Name | The display name of the UiPath tenant |
App ID | ID of an external application registered in UiPath The specified external application must be assigned the following required Application Scope rights (through the UiPath Orchestrator, Admin > External Applications > Application Scopes):
|
App Secret | Application secret generated in UiPath for the external application |
Connection Timeout | A timeout value, in seconds, for the trigger call made by Control-M to UiPath The default is 30 seconds. |
Centralized | Whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The UI Path job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP DataFlow
The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataflow job, which performs cloud-based data processing for batch and real-time data streaming applications .
"GCPDATAFLOW": {
"Type": "ConnectionProfile:GCP DataFlow",
"Identity Type": "service_account",
"DataFlow URL": "https://dataflow.googleapis.com",
"Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Identity Type | Defines one of the following types of authentication to perform using GCP Access Control.
|
DataFlow URL | Defines the Google Cloud Platform (GCP) authentication endpoint. Required only for Service Account authentication. For example, https://dataflow.googleapis.com |
Service Account Key | Defines a JSON body that contains the required service account credentials to access GCP. Required only for Service Account authentication. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The GCP Dataflow job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:GCP Dataproc
The following example shows how to define a connection profile for a Google Cloud Platform (GCP) Dataproc job, which performs cloud-based big data processing and machine learning.
"GCPDATAPROC": {
"Type": "ConnectionProfile:GCP Dataproc",
"Identity Type": "service_account",
"Dataproc URL": "https://dataproc.googleapis.com",
"Service Account Key": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm1-priv-cc30752\",\"private_key_id\":\"5197d05c5b8212bea944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-02@sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\", \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-02%40sso-gcp-dba-ctm1-priv-cc30752.iam.gserviceaccount.com\"}",
"Connection timeout": "20",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
Identity Type | Defines one of the following types of authentication to perform using GCP Access Control.
|
Dataproc URL | Defines the Google Cloud Platform (GCP) authentication endpoint. Required only for Service Account authentication. For example, https://dataproc.googleapis.com |
Service Account Key | Defines a JSON body that contains the required service account credentials to access GCP. Required only for Service Account authentication. |
Connection timeout | Defines a timeout value, in seconds, for the trigger call to the Google Cloud Platform. Default: 20 seconds |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The GCP Dataproc job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Boomi
The following examples show how to define a connection profile for a Boomi job, which enables integration of Boomi processes with your existing Control-M workflows.
"BOOMICCP": {
"Type": "ConnectionProfile:Boomi",
"AccountId": "*****",
"API Token": "*****",
"End Point": "https://api.boomi.com",
"API Username": "BOOMI_TOKEN.BoomiUsername",
"Description": "",
"Centralized": true
}
}
Parameter | Description |
---|---|
AccountId | Defines a unique Boomi account ID. |
API Token | Defines a Boomi API Token of a Boomi user for connection to the Boomi endpoint. |
End Point | Defines the Boomi API endpoint: |
API Username | Defines the name of a Boomi user in email format. Default: BOOMI_TOKEN.{Boomi username} Example: BOOMI_TOKEN.user@example.com |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Boomi job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Databricks
The following examples show how to define a connection profile for a Databricks job, which enables integration of jobs created in the Databricks environment with your existing Control-M workflows.
"Type": "ConnectionProfile:Databricks",
"Databricks workspace url": "https://dbc-7b944b32-faf0.cloud.databricks.com",
"Databricks personal access token": "*****",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
Parameter | Description |
---|---|
Databricks workspace url | Defines the URL of your Databricks workspace. |
Databricks personal access token | Defines a Databricks token for authentication of connections to the Databricks workspace. |
Connection Timeout | A timeout value, in seconds, for the REST calls made to Databricks. Default: 50 seconds |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Databricks job requires a centralized connection profile. Set this parameter to true. |
ConnectionProfile:Talend Data Management
The following examples show how to define a connection profile for a Talend job, for data management and integration.
"Type": "ConnectionProfile:Talend Data Management",
"API URL": "https://api.eu.cloud.talend.com/tmc/v2.6",
"Personal access token authorization": "*****",
"Description": "Talend Data Management",
"Centralized": true
}
Parameter | Description |
---|---|
API URL | Defines the authentication e ndpoint base URL for the Talend Cloud Management Console: https://api.eu.cloud.talend.com/tmc/v2.6 |
Personal access token authorization | Defines a Talend token for authentication of connections to Talend. You generate this token through your Talend profile. |
Centralized | Determines whether to create the connection profile as a centralized connection profile that is stored in the Control-M database and is available to all Control-M/Agents (version 9.0.20 or later).Values: true|false Default: false The Talend job requires a centralized connection profile. Set this parameter to true. |