Machine Learning Connection Profiles

The following topics describe connection profiles for machine learning platforms and services:

ConnectionProfile:AWS Sagemaker

AWS Sagemaker enables you to create, train, and deploy machine learning models on premises, in the cloud, and on edge devices.

The following examples show how to define an AWS SageMaker connection profile.

  • This JSON defines a connection profile that authenticates via AWS access key and secret:

    Copy
    "AWS_SAGEMAKER"
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "SECRET",
       "AWS Access key": "MYAWSACCESSKEY1234",
       "AWS Secret": "myAwsSecret12345",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates via an AWS IAM role from inside an EC2 instance:

    Copy
    "AWS_SAGEMAKER_IAM"
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "NOSECRET",
       "IAM Role": "SAGEMAKERIAMROLE",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }

The following table describes the AWS SageMaker connection profile parameters.

Parameter

Description

Authentication

Determines one of the following types of authentication for the connection with AWS SageMaker:

  • SECRET: Authenticates with an AWS access key and secret.

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure.

AWS Access Key

(SECRET Authentication) Defines the AWS SageMaker account access key.

AWS Secret

(SECRET Authentication) Defines the AWS SageMaker account secret access key. You can use Secrets in Code to not expose this value in the code.

IAM Role

(NOSECRET Authentication) Defines the Identity and Access Management (IAM) role for the AWS SageMaker connection.

AWS Region

Determines the region where the AWS SageMaker jobs are located.

SageMaker URL

Determines the authentication endpoint for AWS SageMaker, in the following format:

https://sagemaker.{{AwsRegion}}.amazonaws.com

For more information about regional endpoints, see the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SageMaker before a timeout occurs.

Default: 30

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:Azure Machine Learning

Azure Machine Learning enables you to build, train, deploy, and manage machine learning models on premises, in the cloud, and on edge devices.

The following examples show how to define a connection profile for an Azure Machine Learning job.

  • This JSON defines a connection profile that authenticates via an Azure service principal:

    Copy
    "AZURE_ML_SERVICE_PRINCIPAL"
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "PRINCIPAL",
       "Tenant ID": "82b34c5-5839-40f6-8pd9-c1fad320c69b",
       "Azure Login URL": "https://login.microsoftonline.com",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
       "Client Secret": "*****",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates via a managed identity:

    Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    Copy
    "AZURE_ML_SERVICE_IDENTITY"
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "MANAGEDID",
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }

The following table describes the Azure Machine Learning connection profile parameters.

Parameter

Description

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Machine Learning:

  • PRINCIPAL: Authenticates via a service principal.

  • MANAGEDID: Authenticates via a managed identity.

To prepare for authentication using each of these methods:

  • Grant your managed identity or service principal access to your Azure Machine Learning workspace.

  • Assign a Contributor or Owner role to the workspace that is accessed by the managed identity or service principal.

Specify Managed Identity Client ID

(Managed Identity) Determines whether your managed identity client ID is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the managed identity authentication method and you have multiple managed identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the managed identity.

This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one managed identity, it is detected automatically.

Tenant ID

(Service Principal) Defines the ID where the Azure Machine Learning is created.

Azure Login URL

(Service Principal) Defines the Azure Active Directory (AD) authentication endpoint base URL.

Default: https://login.microsoftonline.com

Azure ML URL

Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format:

https://{{location}}.api.azureml.ms/

Azure Management URL

Defines the Azure Management URL, which is used to get the token for a service principal authentication and to perform API calls.

Default: https://management.azure.com/

Subscription ID

Determines the Azure account subscription ID, which can be retrieved from the Azure portal.

Location Name

Determines the region where the Azure Machine Learning jobs are located.

Application ID

(Service Principal) Defines the Azure identity of a Service Principal that is granted access to interact with Azure Machine Learning.

Client Secret

(Service Principal) Defines the password of the Service Principal. You can use Secrets in Code to not expose this value in the code.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Azure Machine Learning before a timeout occurs.

Default: 50

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents.

You must set this parameter to true.

Connection Profile:OCI Data Science

OCI Data Science is an Oracle Cloud Infrastructure (OCI) platform, that enables you to build, train, deploy, and manage machine learning (ML) models using Python and open source tools.

The following examples show how to define a connection profile for an OCI Data Science job.

  • This JSON defines a connection profile that authenticates with Define Parameters method:

    Copy
    "OCI_DATA_SCIENCE"
    {
       "Type": "ConnectionProfile:OCI Data Science",
       "OCI Data Science URL": "https://datascience.us-phoenix-1.oci.oraclecloud.com/20190101",
       "OCI Region": "us-phoenix-1",
       "Authentication": "DefineParameters",
       "User OCID": "ocid1.user.oc1..aaaaaaaatcnn2lw4tjcoemgnm4*********",
       "Tenancy OCID": "ocid1.tenancy.oc1..aaaaaaaaxzv5ies3pwo7s5it******"
       "Fingerprint": "c6:d6:28:82:b3:2d:5f:***********",
       "Private Key": "*****",
       "Connection Timeout": "30",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates with a Configuration File:

    Copy
    " OCI_DATA_SCIENCE "
    {
       "Type": "ConnectionProfile: OCI Data Science",
       "OCI Data Science URL": " https://datascience.us-phoenix-1.oci.oraclecloud.com/20190101",
       "OCI Region": "us-phoenix-1",
       "Authentication": "ConfigurationFile",
       "Config File Path": "\home\dbauser\config.example"
       "Profile": "Default"
       "Connection Timeout": "30"
       "Description": ""
       "Centralized": true
    }

The following table describes the OCI Data Science connection profile parameters.

Parameter

Authentication Method

Description

OCI Data Science URL

All methods

Defines the OCI Data Science URL in the following format:

https://datascience.<region>.oci.oraclecloud.com/20190101

OCI Region

All methods

Determines the region where OCI Data Science is located.

Authentication

All methods

Determines one of the following authentication methods:

  • DefineParameters: Defines authentication parameters in the connection profile.

  • ConfigurationFile: Uses a Control-M/Agent configuration file that contains authentication information.

    The following example of a configuration file defines the DEFAULT profile for Linux and the PROFILE2 profile for Windows.

    Copy
    [DEFAULT] 
    user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
    region=us-phoenix-1
    key_file=/home/dbauser/key.pem 

    [PROFILE2] 
    user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
    region=us-phoenix-1
    key_file=C:\\Users\\dbauser\\key.pem

User OCID

Defined Parameters

Defines an individual user within the OCI environment.

Tenancy OCID

Defined Parameters

Defines the OCI Tenacy ID in OCI Data Science, which is a global unique identifier for this account within the OCI environment.

Fingerprint

Defined Parameters

Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.

Private Key

Defined Parameters

Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

You can use Secrets in Code to not expose this value in the code.

Config File Path

Configuration File

Defines the path to the Control-M/Agent configuration file that contains authentication information.

UNIX: home/user1/config/pem.pem

Windows: C:\Users\user1\config\\pem.pem

Profile

Configuration File

Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.

Connection Timeout

All methods

Determines the number of seconds to wait after Control-M initiates a connection request to OCI Data Science before a timeout occurs.

Default: 20

Centralized

All methods

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents.

You must set this parameter to true.