MFT Connection Profile Parameters
The following table describes MFT connection profile parameters that are relevant to all types of MFT connection profiles:
Parameter |
Description |
---|---|
MFT Connection Profile Type |
Determines one of the following connection profile types:
|
Connect to |
Transfers files using one of the following protocols:
|
Manual Additional Parameters |
Enables you to add parameters for further connection profile configuration, as described in Connection Profile Manual Additional Parameters |
File System Parameters
The following table lists the File System parameters:
Parameter |
Description |
---|---|
Host Name |
Defines the name of the host computer. |
OS Type |
Determines which platform the host resides.
|
User Name |
Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server. |
Password |
Defines the password for each user connection profile |
Home Directory |
Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane. (OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used. To retrieve the home directory from the remote server or local computer, click Get Home Directory. (This feature is not available for Unisys OS2200). |
FTP Protocol Parameters
The following table lists the FTP protocol parameters.
Parameter |
Description |
---|---|
Host Name |
Defines the name of the host computer. |
Port |
Determines the port used to communicate for each host. Default: 21 |
OS Type |
Determines which platform the host resides. |
User Name |
Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server. |
Password |
Defines the password for each user connection profile |
Home Directory |
Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane. (OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used. To retrieve the home directory from the remote server or local computer, click Get Home Directory. (This feature is not available for Unisys OS2200). |
FTP Connection Modes |
Determines one of the following connection modes for FTP:
|
Substitute IP address |
Forces passive connections to use the host address. |
FTP over SSL/TLS (FTPS) |
Defines the communication protocol as FTP over SSL/TLS. |
SSL Implicit |
Automatically creates an SSL connection between the MFT client and the FTP server (Default Port: 990). In SSL Explicit mode, the MFT client connects to the FTP server and then changes the connection to SSL mode (FTP over SSL/TLS). |
Clear Command Channel |
Sets the transmission mode in a control connection from an encrypted mode to clear text mode. You can secure sensitive information, including your user name and password, by sending them in an encrypted mode, and then use the CCC sub-command to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS). |
Clear Data Channel |
Encrypts the connection process while files are transferred without encryption. You can select this option if you want your login information encrypted and your files transferred without encryption. |
SSL Security Level |
Defines the SSL security levels of encrypted communication for the host, as follows:
|
SFTP (SSH) Protocol Parameters
The following table lists the SFTP (SSH) protocol parameters.
Password and Key authentication must be used if the remote SFTP server both Password and Key. (AuthenticationMethod = "publickey,password")
Parameter |
Description |
---|---|
Host Name |
Defines the name of the host computer. |
Port |
Determines the port used to communicate for each host. Default: 22 |
OS Type |
Determines which platform the host resides.
|
User Name |
Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server. |
Password |
Defines the password for each user connection profile |
Home Directory |
Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane. |
Key Authentication |
Uses Key Authentication to access the SFTP server. To generate SSH keys, see Generating SSH Keys. |
Private Key Name |
Defines the path and file name of the private key. |
Key Passphrase |
Defines the password of the private key file. |
Password |
Defines the password of the SFTP server. |
Compression |
Compresses the file before the transfer. |
S3 Protocol Parameters
The following table describes S3 protocol parameters.
Parameter |
Storage Type |
Description |
---|---|---|
Storage Type |
N/A |
Determines one of the following S3 storage types:
|
REST Endpoint |
|
Defines the network address where the storage is located. |
Access Key |
|
Determines which access key is used to access the storage. If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Access Key value, even though it is a required field. |
Secret Access Key |
|
Determines which secret access key is used to access the storage. If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Secret Access Key value even though it is a required field. |
Region |
|
Determines the default region to perform the Amazon S3 requests. For better performance, select the region where the bucket is located. |
Azure Storage Protocol Parameters
The following table describes the SharePoint Connection Profile Parameters.
Parameter |
Description |
---|---|
Account Name |
Defines the name of the Azure Storage account. |
Storage Type |
Determines whether to connect to one of following Azure Storage types:
|
Endpoint URL |
Shows the URL of Blob Storage or Data Lake Storage where the storage is located. Defaults:
|
Overwrite Endpoint URL |
Overwrites the default Endpoint URL and allows you to connect to a different URL. |
Authentication Method |
Determines one of the following authentication methods:
|
Using |
Determines whether to connect to the Azure account with one of the following based on the Authentication Method:
|
Tenant ID |
Defines the ID of the Azure Active Directory instance where your application is located. |
Client ID |
Defines the ID of your application in Azure Active Directory. |
Client Secret |
Defines the name of the application secret. |
Certificate File Type |
Determines whether to use PEM or PFX as the certificate file. |
Certificate File Path |
Defines the location of the certificate file. |
Certificate Password |
Defines the password of the certificate. |
SAS Token |
Defines the SAS token that is created for Azure limited access. |
Google Cloud Storage Parameters
The following table describes Google Cloud Storage parameters.
Parameter |
Description |
---|---|
Service Account Key |
Defines a JSON file that contains the required service account credentials to access the Google Cloud Storage account. |
Service account JSON format:
{
"type": "service_account",
"project_id": "project-id",
"private_key_id": "key-id",
"private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n",
"client_email": "service-account-email",
"client_id": "client-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
}
Oracle Object Storage Parameters
The following table describes Oracle Object Storage parameters.
Parameter |
Description |
---|---|
Namespace |
Determines the Object Storage Namespace, which is the top level container for all buckets and objects. At account creation time, each Oracle Cloud Infrastructure tenant is assigned one unique system-generated and immutable Object Storage namespace name. |
Tenancy ID |
Defines the OCID of your Tenancy, which is a secure and isolated partition in Oracle Object Storage. |
Compartment ID |
Determines the Compartment ID, which is a collection of related cloud resources. By default, your tenancy ID acts as the root compartment. The field is disabled by default (root compartment is used). You must enter all the Connection Details to list the available Compartment IDs in your account. |
Region |
Determines the default region to perform the Oracle Object Storage requests. For better performance, select the region where the bucket is located. |
User ID |
Defines the user ID that connects to Oracle Object Storage. |
User Private Key |
Determines the RSA private key in PEM format. After you generate an API Signing Key pair from the OCI Console, you must download the private key to your file system. |
User Private Key Passphrase |
(Optional) Determines the private key passphrase. |
User Public Key Fingerprint |
Determines the API public key fingerprint. |
AS2 Parameters
The following table describes AS2 parameters.
Parameter |
Description |
---|---|
Partner AS2 ID |
Defines the logical name of the remote AS2 server. |
Destination URL |
Defines the URL of the AS2 server. |
Partner Certificate Alias |
Defines the alias of the partner certificate that is stored in the AS2 keystore. |
Sign Message |
Determines whether to digitally sign the AS2 message with one of the listed algorithms. |
Encrypt Message |
Determines whether to encrypt the AS2 message with one of the listed encryption algorithms. |
Request Receipt |
Determines whether to receive a signed or unsigned MDN receipt of the AS2 message from the AS2 server that it was received and processed. |
Compress Message |
Determines whether to compress the AS2 message when sent. |
User Name |
Defines the username of the HTTP request for the AS2 message. |
Password |
Defines the password of the HTTP request for the AS2 message. |
Confirm Password |
Confirms the password of the HTTP request for the AS2 message. |
Send Message Timeout |
Determines the number of seconds to wait for the AS2 server to reply before a timeout occurs. Default: 300 |
A-sync Receive Timeout |
Determines the number of minutes to wait for the AS2 server to send the receipt before a timeout occurs. Default: 300 |
MFT Connection Profile Additional Parameters
The following table lists the connection profile additional parameters.
Parameter |
Description |
---|---|
Verify Destination File Size |
Verifies the size of the file after a successful transfer.
|
Verify Total Bytes Sent |
Determines whether to verify, after a successful transfer, if the actual number of bytes sent to destination is the same as the size of the file on the source. If it is not the same size, the transfer fails.
|
Verify Checksum |
Verifies that the file transferred correctly by executing the MD5 checksum on the FTP server. This option is available only for FTP servers that support either the MD5, XMD5, or the SITE CHECKSUM checksum commands. For UNIX FTP servers, ensure that the md5sum program is installed on the FTP server search path, to enable the SITE CHECKMETHOD MD5 and SITE CHECKSUM commands to work properly. |
Connection Profile Manual Additional Parameters
The following table describes the Connection profile manual additional parameters.
Parameter |
Description |
---|---|
as2.compressMessageBeforeSign |
Determines whether to compress AS2 message before signing the message. |
azure.proxy.scheme |
Determines which proxy scheme to use when connecting to Azure via a Web Proxy. Valid Values:
|
|
Defines the proxy host and port when you connect to Azure via a proxy. |
azure.proxy.nonProxyHosts |
Defines the list of hosts to access directly, and bypass the proxy, when you connect to Azure via the Web Proxy. This parameter is useful if certain hosts are within the local network, and do not require a proxy for access. Use the ‘|’ character as a separator. localhost|127.0.0.1|*.local|*.my-co.com |
azure.useMultipartDownloadOnDownloadToLocal |
Determines whether to download large files from Azure Storage to the local file system in multipart. Default: true |
azure.skipContainerExistCheck |
Determines whether to skip the verification process if the specified Azure container exists. Default: false |
azure.skipAccountDetailsCheck |
Determines whether to skip the verification process of the Connection Profile details. Default: false |
azure.enableDirectoryAsFileSeparator |
Determines whether to use file separator for a directory in Azure Storage. Default: false |
errorStringsToFailTransfer |
Determines the list of error message patterns received from the server specified in the connection profile. The error message patterns indicate what causes the job to fail. Default: broken|socket write error |
file.stream.operations.retry |
Determines whether to perform retries during transfer when write/read to/from file streams fail. Default: false |
|
Determines whether to restart the file transfer from the beginning of the file upon reconnection. Default: false |
format.detectLittleEndianEncoding |
Determines whether to perform endianness verification. The job treats the system as big-endian if you do not verify endianness. Default: false |
ftp.charset |
Defines a different character set when connecting to a remote FTP server (if not specified, UTF-8 is the default charset). ISO-8859-1 |
ftp.doNotCheckForFileExistenceOnAppend |
Determines whether to check if the remote file exists before performing an Append operation on transfer. |
ftp.enableSmartWildcardDirectoryListing |
Determines the method to list the remote directory when the source patterns contain wildcards. Valid Values:
|
ftp.openVMSEnableVersioning |
Determines whether to enable file versioning when files are transferred from or to OpenVMS. |
ftp.path.with.spaces.improved.directory.listing |
Determines whether the FTP client performs a directory listing on the whole directory when the system transfers a specific file path with spaces, such as /aaa/bbb/ccc ddd.txt or [ ]. This property does not impact the transfer of a path without spaces, a directory or a pattern. This property is supported only if the Connection Profile is on Windows or Linux. It does not support AIX. Valid Values:
|
ftp.remoteVerificationControlVsDataEnabled |
Determines whether to verify if the FTP server address in the data channel is similar to the one used in the control channel. Valid Values:
Default: true |
ftp.search.file.using.directory.listing |
Determines whether to locate the remote file by performing a directory listing for the parent directory, or by accessing the file directly. |
ftp.timezone.offset |
Defines the timezone offset of the remote FTP server. Use this if the FTP server timezone is different than the Agent timezone. Format: +/-HH:MM. +04:00 |
|
Determines whether to change the working directory to the target FTP or SFTP path before writing a file. |
files.order.by |
Determines whether files are watched or transferred by name, timestamp, or size on the source host. Valid Values:
Default: none The value of this parameter overrides the value defined in the aft_configurable.properties file. |
files.order.direction |
Determines whether files are watched or transferred by the latest or oldest files on the source host. Valid Values:
Default: ascending The value of this parameter overrides the value defined in the aft_configurable.properties file. |
gcs.impersonatedServiceAccountEmail |
Determines the service account email for impersonation. |
gcs.proxy.scheme |
Determines the proxy scheme to connect to Google Cloud via Web Proxy. Valid Values:
Default: https |
|
Defines the proxy host and port to connect to the Google Cloud via a proxy. |
gcs.role.session.duration.seconds |
Defines the duration in seconds of the temporary access to Google Cloud Storage. |
gcs.sse.kms.key.id |
Defines the GCS KMS Key ID to use for encryption. This parameter is mandatory if gcs.sse.type is set to SSE-KMS. |
gcs.sse.type |
Determines whether to use Customer-managed encryption keys in server-side encryption, as follows
|
gcs.useApplicationDefaultCredential |
Determines whether Google Cloud Application Default Credentials (ADC) authentication strategy is enabled. Default: false |
oracle.enableDirectoryAsFileSeparator |
Determines whether to use file separator for a directory in Oracle Object Storage. |
|
Determines the proxy host and port when you connect to the Oracle Cloud Object Storage via a proxy. |
oracle.proxy.scheme |
Determines the proxy scheme to connect to Oracle Cloud via a Web Proxy. Valid Values:
Default: https |
oracle.useMultipartDownloadOnDownloadToLocal |
Determines whether to download large files from Oracle Object Storage to the local file system in multipart. |
resumeConnectionFromDestinationFileOffset |
Determines whether to continue to retrieve the destination file size from the point of failure, after the system reconnects to the remote host. This is only for binary transfers to distributed systems. |
sftp.charset |
Defines a different character set when connecting to a remote SFTP server (if not specified, UTF-8 is the default charset). ISO-8859-1 |
sftp.check.ciphers |
Determines the list of ciphers to omit from the default ciphers proposed by the client, and listed in sftp.ciphers The sftp.ignore.check.ciphers parameter must be false. |
sftp.check.kexes |
Determines the list of key exchange algorithms to omit from the default kex algorithms proposed by the client, and listed in sftp.kex. The sftp.ignore.check.kexes parameter must be false. |
sftp.check.macs |
Determines the list of MAC algorithms to omit from the default MAC algorithms proposed by the client, and listed in sftp.mac. The sftp.ignore.check.macs parameter must be false |
sftp.check.signatures |
Determines the list of signatures (host keys) to omit from the default signatures proposed by the client, and listed in sftp.signatures. The sftp.ignore.check.signatures parameter must be false |
sftp.ciphers |
Defines the ciphers to override the SFTP ciphers that are used when connecting to the SFTP server. The list must be specified with comma separated values. aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr |
sftp.enableSmartWildcardDirectoryListing |
Determines whether to enable the method to list the remote directory if the source patterns contain wildcards. Valid Values:
|
sftp.flush |
Determines whether to ask SFTP server to flush any buffer than was sent (to verify the target file was updated in case of disconnections). If set to true, performance might be affected. |
sftp.ignore.check.ciphers |
Determines whether to omit ciphers listed in sftp.check.ciphers from the default ciphers proposed by the client, and listed in sftp.ciphers. Valid Values:
Default: true |
sftp.ignore.check.kexes |
Determines whether to omit ciphers listed in sftp.check.kexes from the default ciphers proposed by the client, and listed in sftp.kex. Valid Values:
Default: true |
sftp.ignore.check.macs |
Determines whether to omit ciphers listed in sftp.check.macs from the default ciphers proposed by the client, and listed in sftp.mac. Valid Values:
Default: true |
sftp.ignore.check.signatures |
Determines whether to omit ciphers listed in sftp.check.signatures from the default ciphers proposed by the client, and listed in sftp.signatures. If set to true, sftp.signatures is sent without changes. Valid Values:
Default: true |
sftp.ignore.PreferredAuthentications |
Determines whether to ignore the preferred authentication list for the SFTP server. |
sftp.ignoreIsRemoteDirCheckingWhenStoreFile |
Determines whether to skip checking the existence of the destination directory before a file is stored. Default: true |
sftp.ignore.StrictHostKeyChecking |
Determines whether to perform the strict HostKey checking for the SFTP server. Valid Values:
Default: false |
sftp.StrictHostKeyChecking |
Determines the behavior when performing SFTP server’s strict HostKey checking. Valid Values:
Default: ask |
sftp.ignore.verify.signature |
Determines whether to perform the signature verification for the SFTP server. |
sftp.kex |
Overrides the SFTP key exchange algorithms that are used when connecting to the SFTP server (comma-separated values). ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1 |
sftp.mac |
Overrides the SFTP mac algorithms that are used when connecting to the SFTP server (commas separated values). hmac-md5,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5-96 |
sftp.newline |
Defines CRLF or LF to override the ASCII End of Line control character abbreviation, when transferring with SFTP protocol and ASCII mode. By default, End of Line is based on the Connection Profile OS type (Windows = CRLF, UNIX = LF). CRLF or LF |
sftp.pubkeyAcceptedAlgorithms |
Determines the list of accepted key algorithms. |
sftp.signatures |
Determines the list of host key signature algorithms. |
sftp.remove.directory.trailing.slash |
Determines whether the remote SFTP server enforces omitting a trailing slash when running directory operations (such as, mkdir and rmdir). Default: Trailing slash true or false |
slowdown.rate.millisecond |
Determines the number of milliseconds to wait between each read and write operation during transfer when the remote server is very slow. 300 |
s3.enable.global.bucket.access |
Forces global bucket access on the MFT S3 client for that connection profile. |
s3.compatible.storage.region |
Determines which region to use when connecting to a compatible S3 storage server. |
s3.disable.chunked.encoding |
Disables chunked transfer encoding for object writes and reads. |
s3.disable.multipart.upload |
Determines whether to disable multipart uploads for files size range of 16 MB–5 GB. |
s3.proxy.host |
Determines the hostname or IP of the web proxy server. The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters). |
s3.proxy.port |
Determines the port number of the web proxy server. The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters). |
s3.role.arn |
Defines the Amazon Resource Name of the role, which provides temporary access credentials when you assume the role. |
s3.role.mfa.serial |
Determines the serial number of the MFA device of the S3 role. |
s3.role.session.duration.seconds |
Determines the duration of the temporary access defined in s3.role.arn. |
s3.role.external.id |
Determines the external ID of the S3 role. |
s3.set.api.version |
Determines which REST API version to use . Default: 2 |
s3.set.bucket.owner.full.control.canned.acl |
Determines whether to provide full access to objects uploaded to any bucket in this connection profile. |
s3.set.http.connection.protocol |
Determines whether to use HTTP instead of HTTPS for S3 connections. |
s3.addChecksumForLocalFiles |
Determines whether the file upload request includes the MD5 checksum of the file when it transfers from a local or network file system to S3. |
s3.handle.content.type |
Determines whether to adjust the file content-type based on the file type or extension when files upload to S3. |
s3.skip.bucket.exist.check |
Determines whether to skip the verification process that checks if a specified S3 bucket exists before the files transfer. |
s3.useDefaultCredentialProviderChain |
Determines whether to use the Instance profile credentials delivered through the Amazon EC2 metadata service. This option only works when Control-M MFT and the Agent are running on an EC2 instance. |
s3.useMultipartDownloadOnDownloadToLocal |
Determines whether to perform multipart download for large files from S3 Storage to the local file system. |
s3.use.virtual.hosted.style |
Determines whether to use the virtual-hosted style (mybucket1.s3-eu-west-1.amazonaws.com) for S3 buckets on S3 API calls. |
s3.sse.type |
Determines one of the following server-side encryption methods:
|
s3.sse.kms.key.id |
Defines the AWS KMS Key ID to use for encryption. If this parameter is not defined or left empty, the AWS managed key is used. This parameter is only relevant when s3.sse.type is set to SSE-KMS. |
spo.ignoreFailureWhenUploadingFileInParts |
Determines whether to ignore SharePoint errors when files are uploaded with multipart uploads. |
spo.listSites.useSiteDisplayName |
Determines whether the list should contain the site display name or site physical name in the UI. Default: true |
ssl.keystore.keyalias |
Overrides the keystore alias |
ssl.provider.options.tlsciphersuite |
Overrides the enabled cipher suites |
ssl.provider.options.sslprotocol |
Overrides the enabled SSL protocols such as, SSLv3, TLSv1, TLSv1.1, and TLSv1.2. If you want to work with SSLv3, mark the jdk.tls.disabledAlgorithms=SSLv3 attribute with #, and then restart the container. This parameter affects only the connection to the host which is defined in the connection profile. To limit the whole MFT module to specific TLS versions, you can configure the tls_protocols parameter in mft_startup.properties and hub_startup.properties file, and then restart the Agent. TLSv1.2 |
transfer.bufferSize |
Defines the buffer size for every chunk sent during a file transfer. This parameter overrides the following parameters in aft_configurable.properties:
Default: 32,768 |
transfer.fail.job.file.count |
Defines the maximum file count allowed for an MFT job to transfer in a single transfer. The job fails when the total count exceeds this amount. Default: 500,000 |
transfer.fail.job.file.volume.MB |
Defines the maximum file volume allowed for an MFT job to transfer in a single transfer. The job fails when the size of the files exceeds the volume. Set the value to 0 for unlimited volume. Default: 0 |
transfer.max.files.to.transfer |
Defines the maximum file count to transfer from the source directory in a single transfer. The minimum value is one. |
ui.max.records.in.list |
Limits or extends the number of records returned to the File Transfer browser dialog. 10,000 records are returned be default. 20000 |
useDefaultSearchFilesForLocal |
Determines whether to search for local files with the default search algorithm. Valid Values:
Default: false |
use.proxy |
Determines whether to connect to the SFTP, FTP, or S3 server via Web Proxy, if enabled in the Configuration Management window. Default: true |