Machine Learning Connection Profiles

The following topics describe connection profiles for machine learning platforms and services:

ConnectionProfile:AWS Sagemaker

AWS Sagemaker enables you to create, train, and deploy machine learning models on premises, in the cloud, and on edge devices.

The following examples show how to define an AWS SageMaker connection profile.

  • This JSON defines a connection profile that authenticates via AWS access key and secret:

    Copy
    "AWS_SAGEMAKER"
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "SECRET",
       "AWS Access key": "MYAWSACCESSKEY1234",
       "AWS Secret": "myAwsSecret12345",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates via an AWS IAM role from inside an EC2 instance:

    Copy
    "AWS_SAGEMAKER_IAM"
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "NOSECRET",
       "IAM Role": "SAGEMAKERIAMROLE",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }

The following table describes the AWS SageMaker connection profile parameters.

Parameter

Description

Authentication

Determines one of the following types of authentication for the connection with AWS SageMaker:

  • SECRET: Authenticates with an AWS access key and secret.

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure.

AWS Access Key

(SECRET Authentication) Defines the AWS SageMaker account access key.

AWS Secret

(SECRET Authentication) Defines the AWS SageMaker account secret access key. You can use Secrets in Code to not expose this value in the code.

IAM Role

(NOSECRET Authentication) Defines the Identity and Access Management (IAM) role for the AWS SageMaker connection.

AWS Region

Determines the region where the AWS SageMaker jobs are located.

SageMaker URL

Determines the authentication endpoint for AWS SageMaker, in the following format:

https://sagemaker.{{AwsRegion}}.amazonaws.com

For more information about regional endpoints, see the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SageMaker before a timeout occurs.

Default: 30

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:Azure Machine Learning

Azure Machine Learning enables you to build, train, deploy, and manage machine learning models on premises, in the cloud, and on edge devices.

The following examples show how to define a connection profile for an Azure Machine Learning job.

  • This JSON defines a connection profile that authenticates via an Azure service principal:

    Copy
    "AZURE_ML_SERVICE_PRINCIPAL"
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "PRINCIPAL",
       "Tenant ID": "82b34c5-5839-40f6-8pd9-c1fad320c69b",
       "Azure Login URL": "https://login.microsoftonline.com",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
       "Client Secret": "*****",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates via a managed identity:

    Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    Copy
    "AZURE_ML_SERVICE_IDENTITY"
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "MANAGEDID",
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }

The following table describes the Azure Machine Learning connection profile parameters.

Parameter

Description

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Machine Learning:

  • PRINCIPAL: Authenticates via a service principal.

  • MANAGEDID: Authenticates via a managed identity.

To prepare for authentication using each of these methods:

  • Grant your managed identity or service principal access to your Azure Machine Learning workspace.

  • Assign a Contributor or Owner role to the workspace that is accessed by the managed identity or service principal.

Specify Managed Identity Client ID

(Managed Identity) Determines whether your managed identity client ID is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the managed identity authentication method and you have multiple managed identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the managed identity.

This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one managed identity, it is detected automatically.

Tenant ID

(Service Principal) Defines the ID where the Azure Machine Learning is created.

Azure Login URL

(Service Principal) Defines the Azure Active Directory (AD) authentication endpoint base URL.

Default: https://login.microsoftonline.com

Azure ML URL

Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format:

https://{{location}}.api.azureml.ms/

Azure Management URL

Defines the Azure Management URL, which is used to get the token for a service principal authentication and to perform API calls.

Default: https://management.azure.com/

Subscription ID

Determines the Azure account subscription ID, which can be retrieved from the Azure portal.

Location Name

Determines the region where the Azure Machine Learning jobs are located.

Application ID

(Service Principal) Defines the Azure identity of a Service Principal that is granted access to interact with Azure Machine Learning.

Client Secret

(Service Principal) Defines the password of the Service Principal. You can use Secrets in Code to not expose this value in the code.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Azure Machine Learning before a timeout occurs.

Default: 50

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents.

You must set this parameter to true.