Backup and Recovery Connection Profiles
The following topics describe connection profiles for backup and recovery services:
ConnectionProfile:AWS Backup
AWS Backup enables you to back up and restore your data to the Amazon cloud.
The following examples show how to define a connection profile for an AWS Backup job:
-
This JSON defines an authentication based on an AWS access key and secret:
Copy{
"AWS_BACK":
{
"Type": "ConnectionProfile:AWS Backup",
"AWS Backup URL": "https://backup.{{AWSRegion}}.amazonaws.com.",
"AWS Region": "us-east-1",
"Authentication": "Secret",
"AWS Access Key": "ZKIATY7B2LKB2JQ85I6D",
"AWS Secret": "*****",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
} -
This JSON defines an authentication based on an AWS IAM role from inside an Amazon EC2 virtual machine (instance).
Copy{
"AWS_BAK_IAM":
{
"Type": "ConnectionProfile:AWS Backup",
"AWS Backup URL": "https://backup.{{AWSRegion}}.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "NoSecret",
"IAM Role": "arn:aws:iam::122343212345:role/Amazon12SSMRoleForInstancesQuickSetup",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
}
The following table describes the AWS Backup connection profile parameters.
Parameter |
Description |
---|---|
AWS Backup URL |
Determines the authentication endpoint for AWS Backup, based on the following format: https://backup.{{AWS_Region}}.amazonaws.com For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation. |
AWS Region |
Determines the region where the AWS Backup jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the access key assigned to the account in the AWS Backup integration setup. |
AWS Secret |
Defines the secret access key assigned to the account in the AWS Backup integration setup. You can use Secrets in Code to hide this value in the code. |
IAM Role |
Defines the Identity and Access Management (IAM) role name on an Amazon EC2 virtual machine (instance) for the AWS Backup connection. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Backup before a timeout occurs. Default: 20 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. Values:
Default: false |
ConnectionProfile:AWS DataSync
AWS DataSync enables you to enables you to move large amounts of data between on-premises storage and AWS storage services, as well as between AWS storage services.
The following examples show how to define a connection profile for an AWS DataSync job:
-
This JSON defines an authentication based on an AWS access key and secret:
Copy{
"DATASYNC":
{
"Type": "ConnectionProfile:AWS DataSync",
"AWS Logs URL": "https://logs.AwsRegion.amazonaws.com",
"AWS DataSync URL": "https://datasync.AwsRegion.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "Secret",
"AWS Access Key": "ZKIATY7B2LKB2JQ85I6D",
"AWS Secret": "*****",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
} -
This JSON defines an authentication based on an AWS IAM role from inside an Amazon EC2 virtual machine (instance).
Copy{
"DATASYNC":
{
"Type": "ConnectionProfile:AWS DataSync",
"AWS Logs URL": "https://logs.AwsRegion.amazonaws.com",
"AWS DataSync URL": "https://datasync.AwsRegion.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "NoSecret",
"IAM Role": "arn:aws:iam::122343212345:role/Amazon12SSMRoleForInstancesQuickSetup",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
}
The following table describes the AWS Backup connection profile parameters.
Parameter |
Description |
---|---|
AWS Logs URL |
Defines the AWS Logs URL, based on the following format: https://logs.{{AwsRegion}}.amazonaws.com |
AWS DataSync URL |
Determines the authentication endpoint for AWS DataSync, based on the following format: https://datasync.<AWS Region>.amazonaws.com |
AWS Region |
Determines the region where the AWS DataSync jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Secret |
Defines the secret access key assigned to the account in the AWS DataSync integration setup. You can use Secrets in Code to hide this value in the code. |
AWS Access Key |
Defines the access key assigned to the account in the AWS DataSync integration setup. |
IAM Role |
Defines the Identity and Access Management (IAM) role name on an Amazon EC2 virtual machine (instance) for the AWS DataSync connection. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS DataSync before a timeout occurs. Default: 30 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. Values:
Default: false |
ConnectionProfile:Azure Backup
Azure Backup enables you to back up and restore your data in the Microsoft Azure cloud.
The following examples show how to define a connection profile for an Azure Backup job:
-
This JSON defines an authentication using an Azure service principal:
Copy{
"ABK_CCP_SERVICE_PRINCIPAL":
{
"Type": "ConnectionProfile:Azure Backup",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
"Authentication Method": "service",
"Azure Management URL": "https://management.azure.com",
"Azure Login URL": "https://login.microsoftonline.com",
"Tenant ID": "92b796c5-5839-40a6-8dd9-c1fad320c68c",
"Client Secret": "*****",
"Application ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
} -
This JSON defines an authentication using a managed identity.
Copy{
"ABK_CCP_MANAGED_IDENTITY ":
{
"Type": "ConnectionProfile:Azure Backup",
"Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1j",
"Authentication Method": "identity",
"Azure Management URL": "https://management.azure.com",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "7f477fa3-1a1f-4877-ba80-f39bb563f1b8",
"Connection Timeout": "50",
"Description": "",
"Centralized": true
}
}
Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
The following table describes the Azure Backup connection profile parameters.
Parameter |
Description |
---|---|
Subscription ID |
Defines the registered subscription ID for the Azure Backup service. You can retrieve the subscription ID from the Subscription menu in the Azure portal. |
Authentication Method |
Determines one of the following authentication types:
|
Azure Management URL |
Defines the endpoint that enables you to perform API calls and retrieve the token for authentication. Default: https://management.azure.com |
Specify Managed Identity Client ID |
(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
Managed Identity Client ID |
(Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
Azure Login URL |
(Service Principal) Defines the Azure Backup authentication endpoint base URL. Default: https://login.microsoftonline.com |
Tenant ID |
(Service Principal) Defines the Azure tenant ID, which represents your organization. |
Client Secret |
(Service Principal) Defines the password associated with the Azure user and the Azure AD application ID. You can use Secrets in Code to hide this value in the code. |
Application ID |
(Service Principal) Defines the Azure AD application ID for Azure Backup. The Service Principal must be an Azure Backup workspace user with a Contributor or Owner role. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Backup before a timeout occurs. Default: 50 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. Values:
Default: false |