File Transfer Connection Profiles

Connection profiles for file transfers made with Control-M Managed File Transfer (Control-M MFT) are available for the following types of target servers and communication protocols:

The following types of FTP, SFTP, FTPS, and local file system transfer connection profiles are available:

  • Single Endpoint: A connection profile for a single host, which can serve as the file transfer source or destination.

  • Dual Endpoint: A connection profile for two hosts—the file transfer source and destination.

  • Group: A connection profile that bundles multiple, previously defined connection profiles, which enables you to transfer a file from one to multiple hosts in a single transfer.

ConnectionProfile:FileTransfer:FTP

File Transfer jobs enable you to transfer files to and from local hosts, remote hosts, and cloud storage buckets and containers. You can define up to five different file transfer definitions that sequentially transfer one or more files, subdirectories, or directories.

The following examples show how to define a connection profile for a file transfer to a single endpoint with the FTP communication protocol:

  • This JSON defines a Simple ConnectionProfile:FileTransfer:FTP connection profile:

    Copy
     "FTPConn"
    {
       "Type" : "ConnectionProfile:FileTransfer:FTP",
       "Centralized" : true,
       "HostName": "FTPServer",
       "Port": "21",
       "User" : "FTPUser",
       "Password" : "ftp password",
    }
  • This JSON defines a ConnectionProfile:FileTransfer:FTP connection profile with optional parameters:

    Copy
    "FTPConn"
    {
       "Type" : "ConnectionProfile:FileTransfer:FTP",
       "HostName": "FTPServer",
       "Port": "21",
       "User" : "FTPUser",
       "Password" : "ftp password",
       "HomeDirectory": "/home/FTPUser",
       "OsType": "Unix",
       "Centralized" : true,
       "AdditionalParameters": [
       {
          "Name": "param1",
          "Value": "1"
       },
       {
          "Name": "param2",
          "Value": "2"
       } ]
    }

The following table describes the ConnectionProfile:FileTransfer:FTP connection profile parameters.

Parameter

Description

HostName

Defines the name of the host computer.

Port

Determines the number of the port to listen to for the file transfer.

OsType

(Optional) Determines one of the following FTP server operating system types.

  • Unix

  • Windows

  • z/OS

  • OS400

  • Tandem

  • OS2200

  • OpenVMS

Default: Unix

User

Defines the host username.

Password

(Optional) Defines the password for an FTP server account. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

HomeDirectory

(Optional) Defines the User home directory.

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

ConnectionMode

(Optional) Defines the FTP client connection mode.

Valid Values:

  • Active

  • Passive: Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.

  • PassiveSubstituteIpAddress: Passive + force passive connections to use the host address.

  • EPSV: Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).

  • EPSVSubstituteIpAddress: EPSV + force passive connections to use the host address.

Default: Active

AdditionalParameters

(Optional) Defines additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:SFTP

The ConnectionProfile:FileTransfer:SFTP type creates a connection profile for a file transfer to a single endpoint using the SFTP (SSH File Transfer Protocol) communication protocol.

The following examples show how to define ConnectionProfile:FileTransfer:SFTP connection profiles.

  • This JSON defines a Simple ConnectionProfile:FileTransfer:SFTP connection profile:

    Copy
    "sFTPconn"
    {
       "Type": "ConnectionProfile:FileTransfer:SFTP",
       "Centralized" : true,
       "HostName": "SFTPServer",
       "Port": "22",
       "User" : "SFTPUser",
       "Password" : "sftp password"
    }
  • This JSON defines a ConnectionProfile:FileTransfer:SFTP connection profile with optional parameters:

    Copy
    "sFTPconn"
    {
       "Type": "ConnectionProfile:FileTransfer:SFTP",
       "HostName": "SFTPServer",
       "Port": "22",
       "User" : "SFTPUser",
       "HomeDirectory": "/home/SFTPUser",  
       "PrivateKeyName": "/home/controlm/ctm_agent/ctm/cm/AFT/data/Keys/sFTPkey",
       "Passphrase": "passphrase",
       "SSHCompression": true,
       "Centralized" : true,
       "AdditionalParameters": [
       {
          "Name": "param1",
          "Value": "1"
       },
       {
          "Name": "param2",
          "Value": "2"
       } ]
    }

The following table describes the ConnectionProfile:FileTransfer:SFTP connection profile parameters.

Parameter

Description

HostName

Defines the name of the host computer.

Port

Determines the number of the port to listen to for the file transfer.

User

Defines the host username.

Password

(Optional) Defines the password for SFTP Server account. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

HomeDirectory

(Optional) Defines the user home directory.

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

PrivateKeyName

(Optional) Defines the private key full file path.

Passphrase

(Optional) Defines the password for the private key. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

SSHCompression

(Optional) Determines whether to compress the file before the transfer.

Valid Values:

  • true

  • false

Default: false

AdditionalParameters

(Optional) Defines additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:FTPS

The ConnectionProfile:FileTransfer:FTPS type creates a connection profile for a file transfer to a single endpoint using the FTPS (FTP over SSL) communication protocol.

The following example shows how to define a ConnectionProfile:FileTransfer:FTPS connection profile:

Copy
"FTPSConn"
{
   "Type": "ConnectionProfile:FileTransfer:FTPS",
   "HomeDirectory": "/var/home",
   "HostName" : "localhost",
   "User" : "controlm",
   "Password": "ftps_pass",
   "Port": "10021",
   "SSLImplicit": false,
   "ClearDataChannel": true,
   "SSLLevel": "ClientServerAuthentication",
   "ClearCommandChannel": true,
   "Centralized" : true,
   "AdditionalParameters": [
   {
      "Name": "param1",
      "Value": "1"
   },
   {
      "Name": "param2",
      "Value": "2"
   } ]
}

The following table describes the ConnectionProfile:FileTransfer:FTPS connection profile parameters.

Parameter

Description

HostName

Defines the name of the host computer.

Port

Determines the number of the port to listen to for the file transfer.

OsType

(Optional) Determines one of the following types of FTPS server operating systems:

  • UNIX

  • Windows

  • z/OS

  • OS400

  • Tandem

  • OS2200

  • OpenVMS

Default: Unix

User

Defines the host username.

Password

(Optional) Defines the password for FTPS server account. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

HomeDirectory

(Optional) Defines the User home directory.

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

ConnectionMode

(Optional) Sets the FTPS client connection mode.

Valid Values:

  • Active

  • Passive: Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.

  • PassiveSubstituteIpAddress: Passive + force passive connections to use the host address.

  • EPSV: Extended Passive Mode; the FTP client uses the same IP address to open a data channel (used mainly for IPV6 environments).

  • EPSVSubstituteIpAddress: EPSV + force passive connections to use the host address.

Default: Active

SSLImplicit

Determines whether to automatically create an SSL connection to the FTPS server (Default port 990).

In SSL Explicit mode, a connection is first established with the FTP server and the connection is then changed to SSL mode (FTP over SSL/TLS).

Valid Values:

  • true (implicit connection).

  • false (explicit connection).

Default: false

ClearDataChannel

Determines whether to encrypt the connection process while files are transferred without encryption.

This option is useful if you want your login information encrypted and your files transferred without encryption.

Valid Values:

  • true

  • false

Default: true

SSLLevel

Determines the SSL security level, one of the following:

  • NoAuthentication: Low security level; client certificate not sent (default).

  • ServerAuthentication: Moderate security level; client certificate not sent.

  • ClientServerAuthentication: High security level; client certificate sent.

ClearCommandChannel

Determines whether to set the transmission mode from encrypted mode to clear text mode.

You can secure sensitive information, including user name and password, by sending them in an encrypted mode, and then use this parameter to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).

Valid Values:

  • true

  • false

Default: true

AdditionalParameters

(Optional) Defines additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:AS2

The ConnectionProfile:FileTransfer:AS2 type creates a connection profile for a file transfer from a local filesystem to an AS2 server using the AS2 protocol.

The following examples show how to define ConnectionProfile:FileTransfer:AS2 connection profiles:

File transfers that use the AS2 protocol are supported by Control-M Automation API only in one direction — from a local filesystem to an AS2 server.

  • This JSON defines a simple ConnectionProfile:FileTransfer:AS2 connection profile:

    Copy
    "AS2_Conn_1":
    {
       "Type": "ConnectionProfile:FileTransfer:AS2",
       "Centralized": true,
       "PartnerAS2Id": "partner-as2-id",
       "PartnerDestinationUrl": "sqa",
       "PartnerCertificateAlias": "partnerCertAlias",
       "HostName": "sqa",
       "Password": "*****"
    }
  • This JSON defines a ConnectionProfile:FileTransfer:AS2 connection profile with optional parameters:

    Copy
    "AS2_Conn_2"
    {
       "Type": "ConnectionProfile:FileTransfer:AS2",
       "Centralized": true,
       "PartnerAS2Id": "partner-as2-id",
       "PartnerDestinationUrl": "sqa",
       "PartnerCertificateAlias": "partnerCertAlias",
       "HostName": "sqa",
       "Password": "*****",
       "AsyncMdnTimeout": "18120000",
       "User": "basicUser",
       "SendMessageTimeout": "301000",
       "CompressMessage": true,
       "SignMessageParameters"
       {
          "SignMessage": false,
          "SignatureAlgorithm": "RSA with SHA-384"
       },
       "EncryptMessageParameters"
       {
          "EncryptMessage": false,
          "EncryptionAlgorithm": "tripleDES (DES EDE3)"
       },
       "RequestReceiptParameters"
       {
          "RequestReceipt": false,
          "Mode": "Asynchronous",
          "Sign": "Unsigned"
       },
       "AdditionalParameters": [
       {
          "Name": "param1",
          "Value": "1"
       },
       {
          "Name": "param2",
          "Value": "2"
       } ]
      } 

The following table describes the ConnectionProfile:FileTransfer:AS2 connection profile parameters.

Parameter

Description

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

PartnerAS2Id

Defines the logical name of the remote AS2 server.

PartnerDestinationUrl

Defines the URL of the AS2 server.

PartnerCertificateAlias

Defines the alias of the partner certificate that is stored in the AS2 keystore.

Password

(Optional) Defines the password of the HTTP request for the AS2 message. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

AsyncMdnTimeout

(Optional) Defines the number of minutes to wait for the AS2 server to send the receipt before a timeout occurs.

Default: 18,000,000

User

Defines the username of the HTTP request for the AS2 message.

SendMessageTimeout

(Optional) The number of seconds to wait for the AS2 server to reply before a timeout occurs.

Default: 18,000,000 (300,000 minutes or 5,000 hours).

CompressMessage

Determines whether to compress the AS2 message when sent.

Valid Values:

  • true

  • false

Default: false

SignMessageParameters

 

   SignMessage

Determines whether to digitally sign the AS2 message with the algorithm specified by SignatureAlgorithm.

Valid Values:

  • true

  • false

Default: true

   SignatureAlgorithm

Determines which algorithm to use for signing the AS2 message.

Valid Values:

  • RSA with SHA-1.

  • RSA with SHA-224.

  • RSA with SHA-256.

  • RSA with SHA-384.

  • RSA with SHA-512.

  • RSA with MD5.

Default: RSA with SHA-1.

EncryptMessageParameters

 

   EncryptMessage

Determines whether to encrypt the AS2 message with one of the encryption algorithm specified by EncryptionAlgorithm.

Valid Values:

  • true

  • false

Default: true

   EncryptionAlgorithm

Determines the algorithm to use for encryption of the AS2 message.

Valid Values:

  • CAST5_CBC

  • IDEA_CBC

  • RC2_CBC

  • tripleDES (DES EDE3)

  • AES128_CBC

  • AES192_CBC

  • AES256_CBC

Default: CAST5_CBC

RequestReceiptParameters

 

   RequestReceipt

Determines whether to receive an MDN receipt of the AS2 message from the AS2 server that confirms that it was received and processed.

Valid Values:

  • true

  • false

Default: true

   Mode

Determines the mode for receiving the MDN receipt.

Valid Values:

  • Asynchronous

  • Synchronous

Default: Synchronous

   Sign

Determines the type of MDN receipt to receive.

Valid Values:

  • Signed

  • Unsigned

Default: Signed

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

AdditionalParameters

(Optional) Defines Additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

ConnectionProfile:FileTransfer:Local

The ConnectionProfile:FileTransfer:Local type creates a connection profile for a file transfer to a single endpoint on a Local File System.

The following example shows how to define a ConnectionProfile:FileTransfer:Local connection profile:

Copy
"LocalConn"
{
   "Type" : "ConnectionProfile:FileTransfer:Local",
   "User" : "controlm",
   "Password" : "local password",
   "Centralized" : true,
   "AdditionalParameters": [
   {
      "Name": "param1",
      "Value": "1"
   },
   {
      "Name": "param2",
      "Value": "2"
   } ]
}

The following table describes the ConnectionProfile:FileTransfer:Local connection profile parameters.

Parameter

Description

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

OsType

(Optional) Determines the following types of the local server operating system:

  • Unix

  • Windows

  • z/OS

  • OS400

  • Tandem

  • OS2200

  • OpenVMS

Default: Unix

Password

(Optional) Defines the password for local account. Use Secrets in Code to not expose the password in the code.

To update an existing connection profile and keep the current password, type five *, as follows:

*****

AdditionalParameters

(Optional) Defines additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:S3:Amazon

The ConnectionProfile:FileTransfer:S3:Amazon type creates a connection profile for a file transfer for file transfers to or from an Amazon S3 storage service.

The following example shows how to define a ConnectionProfile:FileTransfer:S3:Amazon connection profile:

Copy
"testAmazon"
{
   "Type": "ConnectionProfile:FileTransfer:S3:Amazon",
   "Region": "us-west-2",
   "AccessKey": "mykey",
   "SecretAccessKey": "mysecret"
   "VerifyDestination": true,
   "Centralized": true,
   "AdditionalParameters": [
   {
      "Name": "param1",
      "Value": "1"
   },
   {
      "Name": "param2",
      "Value": "2"
   } ]
}

The following table describes the ConnectionProfile:FileTransfer:S3:Amazon connection profile parameters.

Parameter

Description

Region

Determines one of the following regions where the Amazon S3 storage bucket is located:

  • us-gov-west-1

  • ap-northeast-1

  • ap-northeast-2

  • ap-south-1

  • ap-southeast-1

  • ap-southeast-2

  • ca-central-1

  • eu-central-1

  • eu-west-1

  • eu-west-2

  • eu-west-3

  • sa-east-1

  • us-east-1

  • us-east-2

  • us-west-1

  • us-west-2

  • cn-north-1

  • cn-northeast-1

AccessKey

Defines the access key to the Amazon S3 storage.

SecretAccessKey

Defines the secret access key to the Amazon S3 storage.

Use Secrets in Code to not expose this secret access key in the code.

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

AdditionalParameters

(Optional) Defines additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value.

For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:S3:Compatible

The ConnectionProfile:FileTransfer:S3:Compatible type creates a connection profile for file transfers to or from an S3-compatible storage service.

The following example shows how to define a ConnectionProfile:FileTransfer:S3:Compatible connection profile:

Copy
"testCompatible"
{
   "Type": "ConnectionProfile:FileTransfer:S3:Compatible",
   "RestEndPoint": "api.com",
   "AccessKey": "mykey",
   "SecretAccessKey": "mysecret",
   "VerifyDestination": true,            
   "Centralized": true,
   "AdditionalParameters": [
   {
      "Name": "param1",
      "Value": "1"
   },
   {
      "Name": "param2",
      "Value": "2"
   } ]
}

The following table describes the ConnectionProfile:FileTransfer:S3:Compatible connection profile parameters.

Parameter

Description

RestEndPoint

Defines the network address where the S3 Compatible Storage is located.

AccessKey

Defines the access key to the Amazon S3 storage.

SecretAccessKey

Defines the secret access key to the Amazon S3 storage.

Use Secrets in Code to not expose this secret access key in the code.

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

AdditionalParameters

(Optional) Defines the additional parameters that are specific to your environment and you can add manually.

Each parameter is defined by its name and value. For an updated list of parameters that are supported by Control-M for MFT, see Connection Profile Manual Additional Parameters.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

The ConnectionProfile:FileTransfer:S3:AWSPrivateLink type creates a connection profile for file transfers to or from an AWS PrivateLink for Amazon S3, for storage that resides in the virtual private cloud (VPC) endpoint.

The following example shows how to define a ConnectionProfile:FileTransfer:S3:AWSPrivateLink connection profile:

Copy
"PRIVATE_LINK_AMAZON_CP"
{
   "Type": "ConnectionProfile:FileTransfer:S3:AWSPrivateLink",
   "Region": "us-west-2",
   "AccessKey": "f392vvrf389222dsfvsd5b",
   "SecretAccessKey": "JXq5+dfsux71t3wee+PdQ2bzGOFexcfsdf",
   "VerifyDestination": true
   "RestEndPoint": "apicom",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:S3:AWSPrivateLink connection profile parameters.

Parameter

Description

Region

Determines one of the following regions where the Amazon S3 storage bucket is located:

  • us-gov-west-1

  • ap-northeast-1

  • ap-northeast-2

  • ap-south-1

  • ap-southeast-1

  • ap-southeast-2

  • ca-central-1

  • eu-central-1

  • eu-west-1

  • eu-west-2

  • eu-west-3

  • sa-east-1

  • us-east-1

  • us-east-2

  • us-west-1

  • us-west-2

  • cn-north-1

  • cn-northeast-1

AccessKey

Defines the access key to the Amazon S3 storage.

SecretAccessKey

Defines the secret access key to the Amazon S3 storage.

Use Secrets in Code to not expose this secret access key in the code.

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

RestEndPoint

Defines the network address where the Amazon S3 storage is located.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:SharedKey

The ConnectionProfile:FileTransfer:Azure:SharedKey type creates a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using an access key.

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:SharedKey connection profile:

Copy
"AZURE_CCP1":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:SharedKey",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "https://devAccount.blob.core.windows.net",
   "AzureAccountAccessKey": "44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:SharedKey connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureAccountAccessKey

Defines the account access key that is used to connect to Azure.

Use Secrets in Code to not expose this access key in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:ConnectionString

The ConnectionProfile:FileTransfer:Azure:ConnectionString type creates a connection profile for file transfers to or from an Azure Storage service with Shared Key authentication using a full connection string.

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:ConnectionString connection profile:

Copy
"AZURE_CCP2":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:ConnectionString",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "",
   "AzureAccountConnectionString": "DefaultEndpointsProtocol=https;AccountName=devAccount;AccountKey=44ZHQnMJeIk4hZ4npQMZGfXTuwlciq82lbeYvtBZ+Ig9yCagX4FMOECSg1xDyzr8qO6A==;EndpointSuffix=core.windows.net",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:ConnectionString connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureAccountConnectionString

Defines the entire connection string used to connect to Azure.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:AdUserPass

The ConnectionProfile:FileTransfer:Azure:AdUserPass type creates a connection profile for file transfers to or from an Azure Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:AdUserPass connection profile:

Copy
"AZURE_CCP3":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:AdUserPass",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "",
   "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
   "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
   "AzureUserNameAD": "[email protected]",
   "AzureUserPasswordAD": "Abcxyz1234!",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:AdUserPass connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureUserNameAD

Defines the name of the Azure AD user to use for authentication.

AzureUserPasswordAD

Defines the password of the Azure AD user.

Use Secrets in Code to not expose this password in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:AdClientSecret

The ConnectionProfile:FileTransfer:Azure:AdClientSecret type creates a connection profile for file transfers to or from an Azure Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:AdClientSecret connection profile:

Copy
"AZURE_CCP4":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:AdClientSecret",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "",
   "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
   "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
   "AzureClientSecret": "rbyHyYH7~pg0fs1pRNMEPuJG-Y.t_fE8yt",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:AdClientSecret connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureClientSecret

Defines the name of the application secret.

Use Secrets in Code to not expose this secret in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:AdCertificate

The ConnectionProfile:FileTransfer:Azure:AdCertificate type creates a connection profile for a file transfer to or from an Azure Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:AdCertificate connection profile.

Copy
"AZURE_CCP5":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:AdCertificate",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "",
   "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
   "AzureClientId": "ce64ad51-yh90-4d01-a73b-7ad58a766741",
   "AzureClientCertificateFormat": "PFX",
   "AzureClientCertificatePath": "C:\\as2_keystore.pfx",
   "AzureClientCertificatePassword": "password",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:AdCertificate connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

AzureClientId

Defines the ID of your application in Azure Active Directory.

AzureClientCertificateFormat

Determines whether to use PEM or PFX as the certificate file.

AzureClientCertificatePath

Defines the location of the certificate file.

AzureClientCertificatePassword

Defines the password of the certificate.

Use Secrets in Code to not expose this password in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:SharedAccessSignature

The ConnectionProfile:FileTransfer:Azure:SharedAccessSignature type creates a connection profile for file transfers to or from an Azure Storage service using a Shared Access Signature (SAS), which delegates access with specific permissions over a limited time interval.

The following example shows how to define a ConnectionProfile:FileTransfer:Azure:SharedAccessSignature connection profile.

Copy
"AZURE_CCP6":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:SharedAccessSignature",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "",
   "AzureAccountSaSToken": "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2022-07-23T16:47:01Z&st=2021-02-10T09:47:01Z&spr=https&sig=Ym8ilBPZW2EzKPpfd2SBTpokZQdwzjCca4igKJwP0YM%5D",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:SharedAccessSignature connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureAccountSaSToken

Defines the SAS token that is created for Azure limited access.

Use Secrets in Code to not expose this token in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Azure:ManagedIdentity

The ConnectionProfile:FileTransfer:Azure:ManagedIdentity type creates a connection profile for file transfers to or from an Azure Storage service using a predefined Managed Identity that does not require credentials. You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.

The following example shows how to define ConnectionProfile:FileTransfer:Azure:ManagedIdentity connection profile:

Copy
"AZURE_CCP7":
{
   "Type": "ConnectionProfile:FileTransfer:Azure:ManagedIdentity",
   "AzureAccountName": "devAccount",
   "AzureStorageType": "BLOB_STORAGE",
   "AzureEndpoint": "https://devAccount.blob.core.windows.net",
   "AzureTenantId": "4092bb37-ebce-8xmi-b6c1-42d0f71c6f5c",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:Azure:ManagedIdentity connection profile parameters.

Parameter

Description

AzureAccountName

Defines the name of the Azure Storage account.

AzureStorageType

(Optional) Determines one of the following types of Azure Storage to connect to:

  • BLOB_STORAGE

  • DATA_LAKE_STORAGE_GEN2

Default: BLOB_STORAGE

AzureEndpoint

(Optional) Defines the endpoint URL where the storage is located.

You can use this parameter to overwrite the default Endpoint URL.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

AzureTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:SharePoint:AdUserPass

The ConnectionProfile:FileTransfer:SharePoint:AdUserPass type creates a connection profile for file transfers to or from a SharePoint Storage service with authentication based on the credentials of a user in the Azure Active Directory (AD).

The following example shows how to define a ConnectionProfile:FileTransfer:SharePoint:AdUserPass connection profile:

Copy
"SPO_CCP1"
{
   "Type": "ConnectionProfile:FileTransfer:SharePoint:AdUserPass",
   "SharePointEndpoint":"my.sharepoint.com",
   "SharePointTenantId": "ce508ef6-757c-46be-8e8e-0778h37b4q12",
   "SharePointClientId": "6902af15-be7f-4bca-926f-w18d68ip5426",
   "SharePointUserNameAD": "[email protected]",
   "SharePointUserPasswordAD": "Abcxyz1234!",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:SharePoint:AdUserPass connection profile parameters.

Parameter

Description

SharePointEndpoint

Defines the URL where the SharePoint Storage is located.

SharePointTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

SharePointClientId

Defines the ID of your application in Azure Active Directory.

SharePointUserNameAD

Defines the name of the Azure AD user to use for authentication.

SharePointUserPasswordAD

Defines the password of the Azure AD user.

Use Secrets in Code to not expose this password in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:SharePoint:AdClientSecret

The ConnectionProfile:FileTransfer:SharePoint:AdClientSecret type creates a connection profile for file transfers to or from a SharePoint Storage service with authentication based on an application secret for the Azure Active Directory (AD) IAM service.

The following example shows how to define a ConnectionProfile:FileTransfer:SharePoint:AdClientSecret connection profile:

Copy
"SPO_CCP2"
{
   "Type": "ConnectionProfile:FileTransfer:SharePoint:AdClientSecret",
   "SharePointEndpoint":"my.sharepoint.com",
   "SharePointTenantId": "ce508ef6-757c-46be-8e8e-0778h37b4q12",
   "SharePointClientId": "6902af15-be7f-4bca-926f-w18d68ip5426",
   "SharePointClientSecret": "dyd8Q~AxMMiqlNIZKbZRT5yBbybYFoZb3XvLtc5f",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:SharePoint:AdClientSecret connection profile parameters.

Parameter

Description

SharePointEndpoint

Defines the URL where the SharePoint Storage is located.

SharePointTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

SharePointClientId

Defines the ID of your application in Azure Active Directory.

SharePointClientSecret

Defines the name of the application secret.

Use Secrets in Code to not expose this secret in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:SharePoint:AdCertificate

The ConnectionProfile:FileTransfer:SharePoint:AdCertificate type creates a connection profile for a file transfer to or from a SharePoint Storage service with authentication based on a certificate file for the Azure Active Directory (AD) IAM service.

The following example shows how to define a ConnectionProfile:FileTransfer:SharePoint:AdCertificate connection profile.

Copy
"SPO_CCP4"
{
   "Type": "ConnectionProfile:FileTransfer:SharePoint:AdCertificate",
   "SharePointEndpoint":"my.sharepoint.com",
   "SharePointTenantId": "ce508ef6-757c-46be-8e8e-0778h37b4q12",
   "SharePointClientId": "6902af15-be7f-4bca-926f-w18d68ip5426",
   "SharePointClientCertificateFormat": "PFX",
   "SharePointClientCertificatePassword": "password",
   "SharePointClientCertificatePath": "C:\\ctm_mft_sample.pfx",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:SharePoint:AdCertificate connection profile parameters.

Parameter

Description

SharePointEndpoint

Defines the URL where the SharePoint Storage is located.

SharePointTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

SharePointClientId

Defines the ID of your application in Azure Active Directory.

SharePointClientCertificateFormat

Determines whether to use PEM or PFX as the certificate file.

SharePointClientCertificatePath

Defines the location of the certificate file.

SharePointClientCertificatePassword

Defines the password of the certificate.

Use Secrets in Code to not expose this password in the code.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:SharePoint:ManagedIdentity

The ConnectionProfile:FileTransfer:SharePoint:ManagedIdentity type creates a connection profile for file transfers to or from a SharePoint Storage service using a predefined Managed Identity that does not require credentials. You can define such a connection profile only when Control-M/Agent is installed on an Azure virtual machine.

The following example shows how to define ConnectionProfile:FileTransfer:SharePoint:ManagedIdentity connection profile:

Copy
"SPO_CCP5"
{
   "Type": "ConnectionProfile:FileTransfer:SharePoint:ManagedIdentity",
   "SharePointEndpoint":"my.sharepoint.com",
   "SharePointTenantId": "ce508ef6-757c-46be-8e8e-0778h37b4q12",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:SharePoint:ManagedIdentity connection profile parameters.

Parameter

Description

SharePointEndpoint

Defines the URL where the SharePoint Storage is located.

SharePointTenantId

Defines the ID of the Azure Active Directory instance where your application is located.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:GCS

The ConnectionProfile:FileTransfer:GCS type creates a connection profile for file transfers to or from a Google Cloud Storage (GCS) service.

The following example shows how to define a ConnectionProfile:FileTransfer:GCS connection profile:

Copy
"GCS_CCP1":
{
   "Type": "ConnectionProfile:FileTransfer:GCS",
   "GCSServiceAccountKey": "{\"type\":\"service_account\",\"project_id\":\"sso-gcp-dba-ctm5-priv-cc30914\",\"private_key_id\":\"5197d05c5b8215irw944985cec74a34d6c1868aa\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nprivate-key\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\",\"client_id\":\"116650586827623521335\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",  \"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/bmc-wla-svc-10@sso-gcp-dba-ctm5-priv-cc30914.iam.gserviceaccount.com\"}",
   "GCSServiceAccountKeyFileName": "itay.json",
   "Centralized": true
}

The following table describes the ConnectionProfile:FileTransfer:GCS connection profile parameters.

Parameter

Description

GCSServiceAccountKey

Defines a JSON body that contains the required service account credentials to access the Google Cloud Storage account.

GCSServiceAccountKeyFileName

Defines the name of the file that contains the service account credentials.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:DualEndPoint

For more flexible connections, BMC recommends using single-endpoint connection profiles.

The ConnectionProfile:FileTransfer:DualEndPoint type creates a connection profile where you specify connection details for the source host and for the destination host of the file transfer. Connection details can be based on the FTP, SFTP, or FTPS communication protocols or can be to a local file system.

The following example shows how to define a ConnectionProfile:FileTransfer:DualEndPoint connection profile. One endpoint uses the FTP communication protocol and the other endpoint uses the SFTP communication protocol:

Copy
"DualEpConn"
{
   "Type" : "ConnectionProfile:FileTransfer:DualEndPoint",
   "Centralized" : true,
   "src_endpoint"
   {
      "Type" : "Endpoint:Src:FTP",
      "User" : "controlm",
      "Port" : "10023",
      "HostName" : "localhost",
      "Password" : "password",
      "HomeDirectory" : "/home/controlm/"
   },
   "dest_endpoint"
   {
      "Type" : "Endpoint:Dest:SFTP",
      "User" : "controlm",
      "Port" : "10023",
      "HostName" : "host2",
      "Password" : "password",
      "HomeDirectory" : "/home/controlm/"
   }
}

The following table describes the ConnectionProfile:FileTransfer:DualEndPoint connection profile parameters.

Parameter

Description

VerifyChecksum

(Optional) Determines whether to enable or disable error detection on file transfer.

Valid Values:

  • true

  • false

Default: false

VerifyDestination

(Optional) Determines whether to verify the size of the file at the destination after a successful binary-mode transfer.

Valid Values:

  • true

  • false

Default: true

VerifyBytes

(Optional) Determines whether to verify that the number of bytes sent to the destination during a successful binary-mode transfer is the same as the source file. If it is not the same size, the transfer fails.

Valid Values:

  • true

  • false

Default: false

Endpoint

Determines two endpoint objects, one for the source host and one for the destination host. Each endpoint can be based on FTP, SFTP, FTPS, or local file system.

Valid Values:

  • Endpoint:Src:FTP

  • Endpoint:Src:SFTP

  • Endpoint:Src:FTPS

  • Endpoint:Src:Local

  • Endpoint:Dest:FTP

  • Endpoint:Dest:SFTP

  • Endpoint:Dest:FTPS

  • Endpoint:Dest:Local

Determines whether the parameters under the Endpoint object are the same as the remaining parameters for a single-endpoint connection profile, depending on type of connection:

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:FileTransfer:Group

The ConnectionProfile:FileTransfer:Group type creates a connection profile which enables you to transfer a file from one host to multiple hosts in one transfer. In each group connection profile, you include a variety of previously defined connection profiles for file transfers:

The following example shows how to define a ConnectionProfile:FileTransfer:Group connection profile:

Copy
"GROUP_CP"
{
   "Type": "ConnectionProfile:FileTransfer:Group",
   "Centralized": true,
   "GroupAccounts": ["FTPConn", "sFTPconn", "LocalConn", "AS2_Conn_1"
}

The following table describes the ConnectionProfile:FileTransfer:Group connection profile parameters.

Parameter

Description

GroupAccounts

Determines the list of file transfer connection profiles included in the group.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.