Cloud Computing Connection Profiles

The following topics describe connection profiles for cloud computing platforms and services:

ConnectionProfile:AWS

AWS jobs enable you to define and execute AWS Lambda, AWS Step Functions, and AWS Batch services.

This feature requires Control-M/EM 9.0.21.

The following examples show how to define an AWS connection profile.

You must have the Control-M for AWS plug-in installed in your Control-M environment for this connection profile to function.

  • This JSON-based connection profile authenticates with an access and secret key:

    Copy
    "AWS_CONNECTION_ACCESSKEY"
    {
       "Type": "ConnectionProfile:AWS",
       "Centralized": true,
       "TargetAgent": "AgentHost",
       "TargetCTM": "CTMHost",
       "AuthenticationMethod": "AccessKey"
       "AccessKey": "1234",
       "SecretAccessKey": "00-200340109003001100044011700580-29001301000-410-520-250-880029",
       "Region": "ap-northeast-1",
    }
  • This JSON-based connection profile authenticates with an IAM role:

    Copy
    "AWS_CONNECTION_IAMROLE":
    {
       "Type": "ConnectionProfile:AWS",
       "Centralized": true,
       "TargetAgent": "AgentHost",
       "TargetCTM": "CTMHost",
       "AuthenticationMethod": "IAMRole"
       "IAMRole": "myRole",
       "Region": "ap-northeast-1",
       "ProxySettings"
       {
          "Host": "host",
          "Port": "12345",
          "Username": "username",
          "Password": "password"
       }
    }

The following table describes the AWS connection profile parameters.

Parameter

Description

TargetAgent

Determines the Agent where the connection profile deploys.

TargetCTM

Determines the Control-M/Server where the connection profile deploys. If there is only one Control-M/Server, it defaults to that Control-M/Server.

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

AuthenticationMethod

Determines one of the following authentication methods:

  • AccessKey

  • IAMRole

AccessKey

(AccessKey authentication) Defines the AWS account Access Key.

SecretAccessKey

(AccessKey authentication) Defines the AWS account Secret Access Key.

You can use Secrets in Code to not expose this value in the code.

IAMRole

(IAMRole authentication) Defines the name of an IAM role for authentication of the connection to AWS.

Region

Defines location of the AWS user.

ProxySettings

Defines settings of an installed proxy server:

  • Host

  • Port: 1024–65535

  • Username

  • Password

ConnectionProfile:AWS Batch

AWS Batch enables you to manage and execute batch computing workloads in AWS.

The following example shows how to define an AWS Batch connection profile.

  • This JSON-based connection profile authenticates an AWS access key and secret:

    Copy
    "AWS_BATCH":
    {
       "Type": "ConnectionProfile:AWS Batch",
       "Authentication": "SECRET"
       "AWS Secret": "myAwsSecret12345",
       "AWS Access Key": "MYAWSACCESSKEY1234",
       "AWS Region": "eu-west-2",
       "Batch URL": " https://batch.{{region}}.amazonaws.com",
       "Connection Timeout": "20",
       "Description": "",
       "Centralized": true
    }
  • This JSON-based connection profile authenticates an AWS IAM role from inside an EC2 instance:

    Copy
    "AWS_BATCH":
    {
       "Type": "ConnectionProfile:AWS Batch",
       "Authentication": "NOSECRET"
       "IAM Role": "BATCHIAMROLE"
       "AWS Region": "eu-west-2",
       "Batch URL": " https://batch.{{region}}.amazonaws.com",
       "Connection Timeout": "20",
       "Description": "",
       "Centralized": true
    }

The following table describes the AWS Batch connection profile parameters.

Parameter

Description

Authentication

Determines one of the following authentication methods:

  • SECRET: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access Key

(SECRET authentication) Defines the access key ID for connection to AWS.

AWS Secret

(SECRET authentication) Defines the secret access key for connection to AWS. You can use Secrets in Code to not expose this value in the code.

IAM Role

(NOSECRET authentication) Defines the Identity and Access Management (IAM) role for connection to AWS.

AWS Region

Determines the region where the AWS Batch resources are located.

Batch URL

Determines the URL of an AWS Batch service regional endpoint, as follows:

https://batch.<region>.amazonaws.com

For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation.

Connection Timeout

Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to AWS Batch.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:AWSEC2

AWS Elastic Compute Cloud (EC2) enables you to create virtual machines in the Amazon cloud-computing platform.

The following examples show how to define an AWS EC2 connection profile.

  • This JSON-based connection profile authenticates with an AWS access key and secret:

    Copy
    "AWSEC2"
    {
       "Type": "ConnectionProfile:AWSEC2",
       "Authentication": "SECRET"
       "AWS Access key ID": "AK***************************",
       "AWS Secret": "nw*****************************",
       "EC2 Region": "us-west-2",
       "Connection timeout": "20",
       "Description": "",
       "Centralized": true
    }
  • This JSON-based connection profile authenticates with an AWS IAM role from inside an EC2 instance:

    Copy
    "AWSEC2":
    {
       "Type": "ConnectionProfile:AWSEC2",
       "Authentication": "NOSECRET",
       "IAM Role": "GLUEEC2IAMROLE"
       "EC2 Region": "us-west-2",
       "Connection timeout": "20",
       "Description": "",
       "Centralized": true
    }

The following table describes the AWS EC2 connection profile parameters.

Parameter

Description

Authentication

Determines one of the following authentication methods:

  • SECRET: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access key ID

(SECRET authentication) Defines the Access key ID to connect to AWS.

AWS Secret

(SECRET authentication) Defines the secret access key to connect to AWS. You can use Secrets in Code to not expose this value in the code.

IAM Role

(NOSECRET authentication) Defines the IAM Role to connect to AWS.

EC2 Region

Determines the location of the AWS user.

us-east-1

Connection Timeout

Determines the number of seconds to wait for the trigger call made by Control-M to AWS EC2 before timing out.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:AWS Lambda

AWS Lambda is a cloud compute service that enables you to execute code in multiple computer languages on a virtual cluster.

The following example shows how to define an AWS Lambda connection profile that authenticates with an AWS access key and secret:

Copy
"LAMBDA"
{
   "Type": "ConnectionProfile:AWS Lambda",
   "Authentication": "SECRET",
   "AWS Access key ID": "ABCDEFGHIJKLMNOPQRST",
   "AWS Secret": "*****",
   "AWS Region": "eu-west-2",
   "Lambda URL": "https://lambda.{{region}}.amazonaws.com",
   "Connection Timeout": "1800",
   "Description": "",
   "Centralized": true
}

The following table describes the AWS Lambda connection profile parameters.

Parameter

Description

Authentication

Determines one of the following authentication methods:

  • SECRET: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access key ID

(SECRET authentication) Defines the Access key ID to connect to AWS.

AWS Secret

(SECRET authentication) Defines the secret access key to connect to AWS. You can use Secrets in Code to not expose this value in the code.

IAM Role

(NOSECRET authentication) Defines the IAM Role to connect to AWS.

AWS Region

Determines the region where the AWS Lambda resources are located.

eu-west-2

Lambda URL

Defines the authentication endpoint for AWS Lambda, based on the following format:

https://lambda.<AWS_Region>.amazonaws.com

https://lambda.eu-west-2.amazonaws.com

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS Lambda before a timeout occurs.

The connection timeout in Control-M must be longer than the connection timeout that is set in AWS Lambda.

Default: 1,800

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:Azure

Azure job enables you to execute the Azure Functions, Azure Logic Apps, and Azure Batch Account services.

The following example shows how to define an Azure connection profile:

For this type of connection profile, you must have the Control-M for Azure plug-in installed in your Control-M environment.

Copy
"AZURE_CONNECTION":
{
   "Type": "ConnectionProfile:Azure",
   "TargetAgent": "AgentHost",
   "TargetCTM": "CTMHost",
   "ActiveDirectoryDomainName": "bmc.onmicrosoft.com",
   "SubscriptionID": "bcde-fgh-ijk-lmnopq",
   "ApplicationID": "abcd-efg-hij-klmnop",
   "User": "user1@bmc.onmicrosoft.com",
   "Password": "*****"
   "Batch"
   {
      "BatchAccountName": "myFirstBatch",
      "BatchAccountKey": "aaaaaabbbbbbbccccccc",
      "Location": "centralus"
   } 
}

The following table describes the Azure connection profile parameters.

Parameter

Description

TargetAgent

Determines the Agent where the connection profile deploys.

TargetCTM

Determines the Control-M/Server where the connection profile deploys. If there is only one Control-M/Server, it defaults to that Control-M/Server.

ActiveDirectoryDomainName

(Optional) Defines the Azure active directory, as follows:

<Company_Name>.onmicrosoft.com

SubscriptionID

Defines the Azure account subscription ID.

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

ApplicationID

Defines the Azure application ID.

User

Defines the name of the user to connect to the Azure server.

Password

Defines a password of the username that connects to the Azure server.

You can use Secrets in Code to not expose this value in the code.

Batch

(Optional) Enables the use of a batch account service.

By default, a batch account is not used. If you want to use a batch account, you must define the following parameters:

BatchAccountName

Defines the name of the batch account.

BatchAccountKey

Defines the primary access key for the batch account.

This key can be retrieved from the Azure portal.

Location

Determines the batch account location, as defined in the batch account properties.

The batch account name and batch account location are used to define the batch URI.

ConnectionProfile:Azure Batch Accounts

Azure Batch Accounts enables you to efficiently execute large-scale, parallel, computer-intensive tasks in the cloud.

The following example shows how to define an Azure Batch Accounts connection profile.

  • This JSON-based connection profile authenticates with an Azure service principal:

    Copy
    "AZURE_BATCH":

       "Type": "ConnectionProfile:Azure Batch Accounts",
       "Authentication Method": "PRINCIPAL"
       "Tenant ID": "tenantId"
       "Azure AD url": "https://login.microsoftonline.com",
       "App ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",  
       "Batch Account Name": "abc_batch",
       "Batch Region ID": "uksouth",
       "Batch Resource url": "https://batch.core.windows.net/"
       "Client Secret": "*********",   
       "Connection Timeout": "50"
       "Description": ""
       "Centralized": true 
    }
  • This JSON-based connection profile authenticates with a managed identity:

    Managed identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    Copy
    "AZURE_BATCH":

       "Type": "ConnectionProfile:Azure Batch Accounts",
       "Authentication Method": "MANAGEDID",  
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16"
       "Batch Account Name": "abc_batch",
       "Batch Region ID": "uksouth",
       "Batch Resource url": "https://batch.core.windows.net/"
       "Connection Timeout": "50",
       "Description": ""
       "Centralized": true 
    }

The following table describes the Azure Batch Accounts connection profile parameters.

Parameter

Description

Authentication Method

Defines one of the following types of authentication to use for the connection with Azure Batch:

  • PRINCIPAL: Authentication using a service principal.

  • MANAGEDID: Authentication using a managed identity.

Tenant ID

(Service principal authentication) Defines the Azure Tenant ID in Azure AD.

Specify Managed Identity Client ID

Determines whether the client ID for your managed identity is specified by the Specify Managed Identity Client ID parameter. This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one managed identity, it is detected automatically.

Include this parameter only if you are using the managed identity authentication method and you have multiple managed identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed identity) Determines whether the client ID for your managed identity is specified by the Managed Identity Client ID parameter.

(Managed identity) Determines which client ID to use as the managed identity.

Azure AD url

(Service principal authentication) Defines the Azure AD authentication endpoint base URL.

App ID

Defines the application (service principal) ID of the registered application for the Azure Batch service.

The service principal must be for an Azure Batch account with a Contributor role.

Batch Account Name

Defines the name of the batch account created in Azure Portal.

Batch Region ID

Defines the region ID associated with the Batch account in Azure Portal.

Batch Resource url

Defines the identifier for the Azure Batch account for login with Azure AD, as follows:

https://batch.core.windows.net/

Client Secret

(Service principal authentication) Defines the client secret (password) associated with the Azure user and the application.

Connection Timeout Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts.

Default: 50

You can use Secrets in Code to not expose this value in the code.

Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to Azure Batch Accounts.

Default: 50

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:AzureFunctions

Azure Functions enables you to develop, test, and run applications in the cloud for serverless application development.

The following example shows how to define an Azure Functions connection profile.

  • This JSON-based connection profile authenticates with an Azure Functions service principal:

    Copy
    "AZUREFUNCTIONS":

       "Type": "ConnectionProfile:AzureFunctions"
       "Subscription ID": "bcde-fgh-ijk-lmnopq"
       "Identity Type": "PRINCIPAL"
       "Tenant ID": "tenantId"
       "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1"
       "Client Secret": "*********"
       "Azure Login url": "https://login.microsoftonline.com"
       "Resource Group": "resourceGroup",  
       "Description": ""
       "Centralized": true 
    }
  • This JSON-based connection profile authenticates with an Azure Functions managed identity:

    Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    Copy
    "AZUREFUNCTIONS":

       "Type": "ConnectionProfile:AzureFunctions"
       "Subscription ID": "bcde-fgh-ijk-lmnopq"
       "Identity Type": "MANAGEDID"
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16"
       "Resource Group": "resourceGroup",  
       "Description": ""
       "Centralized": true 
    }
  • This JSON-based connection profile authenticates with an Azure Function App ID:

    Copy
    "ZFAAPPIDNEW"
    {
       "Type": "ConnectionProfile:Azure Functions",
       "Tenant ID": "<Tenant ID>",
       "Application ID": "<Application ID>",
       "Client Secret": "*****",
       "Azure Login url": " https://login.microsoftonline.com",   
       "Function App Web Site": "azurewebsites.net",
       "Custom App Key": "*****",   
       "Identity Type": "FUNCTION_APPID",
       "Description": "",
       "Centralized": true
    }

The following table describes the Azure Functions connection profile parameters.

Parameter

Identity Type

Description

Subscription ID

  • Service Principal

  • Managed Identity

Defines the Azure account subscription ID.

The subscription ID can be retrieved from the Azure portal by selecting the Subscription menu.

Identity Type

NA

Determines the type of authentication to use for the connection with Azure Functions:

  • PRINCIPAL: Authentication using a service principal.

  • MANAGEDID: Authentication using a managed identity.

Specify Managed Identity Client ID

Managed Identity

Determines whether the client ID for your managed identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the managed identity authentication method and you have multiple managed identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

Managed Identity

Determines which client ID to use as the managed identity.

This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one managed identity, it is detected automatically.

Tenant ID

  • Service Principal

Defines the Azure Tenant ID in Azure AD.

Application ID

  • Service Principal

The application ID of the registered application.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated.

Client Secret

  • Service Principal

Defines he client secret (password) associated with the Azure user and the application. You can use Secrets in Code to not expose this value in the code.

Azure Login url

  • Service Principal

The Azure AD authentication endpoint base URL.

Resource Group

  • Service Principal

  • Managed Identity

Defines the name of the resource group that holds your application.

Centralized

 

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:Azure VM

Azure Virtual Machine (VM) enables you to create, manage, and delete virtual machines in the Azure cloud.

The following examples show how to define an Azure VM connection profile:

  • This JSON-based connection profile authenticates with an Azure service principal.

    Copy
    "AZUREVM":
    {
       "Type": "ConnectionProfile:Azure VM",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f"
       "Auth_Method": "service_account"
       "Resource Group": "tb-resourcegroup",
       "Tenant ID": "81b796g5-5839-40a6-8dd9-c1fam320c69b",
       "Client Secret": "*****",
       "Application ID": "7f499fc3-1a1f-4847-ba80-f39bb563f1b5",
       "Azure Login url": "https://login.microsoftonline.com",
       "Connection timeout": "20",
       "Description": "",
       "Centralized": true
    }
  • This JSON-based connection profile authenticates with a managed identity.

    Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    Copy
    "AZUREVM":
    {
       "Type": "ConnectionProfile:Azure VM",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Auth_Method": "managed_id"
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
       "Resource Group": "tb-resourcegroup"
       "Connection timeout": "20",
       "Description": "Azure VM connection profile",
       "Centralized": true
    }

The following table describes the Azure VM connection profile parameters.

Parameter

Description

Subscription ID

Determines the Azure account subscription ID.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Auth_Method

Determines one of the following authentication types:

  • managed_id: Authenticates using an Azure Active Directory token, which removes the need to provide additional credentials.

  • service_account: Authenticates using an application ID (service account) and client secret.

Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your managed identity is specified by the Managed Identity Client ID parameter.

Include this parameter only if you are using the managed identity authentication method and you have multiple managed identities defined on your Azure virtual machine. Set its value to &client_id=.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the managed identity.

This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter.

If you have only one managed identity, it is detected automatically.

Tenant ID

(Service principal) Defines the Azure Tenant ID in the Azure Virtual Machine.

Resource Group

Defines the name of the resource group where the function app is located.

Application ID

(Service principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated.

Client Secret

(Service principal) Defines the client secret (password) associated with the Azure user and the application. You can use Secrets in Code to not expose this value in the code.

Azure Login URL

(Service principal) Defines the Azure VM authentication endpoint base URL.

Connection Timeout

Defines a timeout value, in seconds, for the trigger call made by Control-M to the Azure VM.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:GCP Batch

Google Cloud Platform (GCP) Batch enables you to manage, schedule, and execute batch computing workloads on a virtual machine that is provisioned to accommodate your resource and capacity needs.

The following example shows how to define a GCP Batch connection profile that authenticates based on a service account:

Copy
"GCP_BATCH":
{
      "Type": "ConnectionProfile:GCP Batch",
      "Identity Type": "service_account",
      "Batch URL": "https://batch.googleapis.com",
      "Service Account Key": "*****",
      "Connection Timeout": "20",
      "Description": "",
      "Centralized": true
}

The following table describes the GCP Batch connection profile parameters.

Parameter

Description

Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.

  • os_user: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Batch URL

Defines the Google Cloud Platform (GCP) authentication endpoint for GCP Batch, as follows:

Default: https://batch.googleapis.com

Service Account Key

(Service Account) Defines a service account that is associated with an RSA key pair. You can use Secrets in Code to not expose this value in the code.

Connection timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Batch before a timeout occurs.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:GCP Functions

Google Cloud Platform (GCP) Functions enables you to develop, test, and run applications in the cloud.

The following example shows how to define a GCP Functions connection profile that authenticates based on a service account:

Copy
"GCPFUNCTIONS":
{
   "Type": "ConnectionProfile:GCP Functions",
   "Identity Type": "service_account",
   "GCP API URL": "https://cloudfunctions.googleapis.com",
   "Service Account Key": "*****",
   "Connection Timeout": "60",
   "Description": "",
   "Centralized": true
}

The following table describes the GCP Functions connection profile parameters.

Parameter

Description

Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.

  • os_user: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

GCP API URL

Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Functions.

Service Account Key

(Service account) Defines a service account that is associated with an RSA key pair. You can use Secrets in Code to not expose this value in the code.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Functions before a timeout occurs.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:GCP VM

Google Cloud Platform (GCP) Virtual Machine (VM) enables you to create, manage, and delete virtual machines on the Google Compute Engine (GCE).

The following example shows how to define a GCP VM connection profile that authenticates based on a service account:

Copy
"GCPVM":
{
   "Type": "ConnectionProfile:GCP VM",
   "Identity Type": "service_account",
   "GCP API URL": "https://compute.googleapis.com/compute"
   "Service Account Key": "*****",
   "Connection timeout": "20",
   "Description": "",
   "Centralized": true
}

The following table describes the GCP VM connection profile parameters.

Parameter

Description

Identity Type

Determines one of the following authentication types using GCP Access Control:

  • service_account: Authenticates using an application ID (service account) and client secret.

  • os_user: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

GCP API URL

Defines the Google Cloud Platform (GCP) authentication endpoint.

Default: https://compute.googleapis.com/compute

Service Account Key

(Service Account) Defines a service account that is associated with an RSA key pair. You can use Secrets in Code to not expose this value in the code.

Connection timeout

Determines the number of seconds to wait for the trigger call made by Control-M to GCP before timing out.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

Connection Profile:OCI VM

Oracle Cloud Infrastructure Virtual Machine (OCI VM) plug-in enables you to create, manage, and delete virtual machines in the Oracle cloud.

The following examples show how to define an OCI VM connection profile that authenticates based on a service account.

  • This JSON defines a connection profile that authenticates with defined parameters:

    Copy
    "OCI_VM"
    {
       "Type": "ConnectionProfile:OCI VM",
       "OCI Instances URL": "https://iaas.us-phoenix-1.oraclecloud.com/20160918",
       "OCI Region": "us-phoenix-1",
       "Authentication": "DefineParameters",
       "User OCID": "ocid1.user.oc1..aaaaaaaatcnn2lw4tjcoemgnm4*********",
       "Tenancy OCID": "ocid1.tenancy.oc1..aaaaaaaaxzv5ies3pwo7s5it******",
       "Fingerprint": "c6:d6:28:82:b3:2d:5f:***********",
       "Private Key": "*****",
       "Connection Timeout": "30",
       "Description": "",
       "Centralized": true
    }
  • This JSON defines a connection profile that authenticates with a configuration file:

    Copy
    "OCI_VM"
    {
      "Type": "ConnectionProfile:OCI VM",
      "OCI Instances URL": "https://iaas.us-phoenix-1.oraclecloud.com/20160918",
      "OCI Region": "us-phoenix-1",
      "Authentication": "ConfigurationFile",
      "Config File Path": "\home\dbauser\config.example",
      "Profile": "DEFAULT",
      "Connection Timeout": "30",
      "Description": "",
      "Centralized": true
    }

The following table describes the OCI VM connection profile parameters.

Parameter

Description

OCI Instances URL

Defines the OCI Instances URL, in the following format:

https://iaas.{{Region}}.oraclecloud.com/20160918

OCI Region

Determines the region where the OCI Virtual Machine is located.

us-phoenix-1

Authentication

Determines one of the following authentication methods:

  • DefineParameters: Defines authentication parameters in the connection profile.

  • ConfigurationFile: Uses a Control-M/Agent configuration file that contains authentication information.

    The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

    Copy
    [DEFAULT] 
    user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
    region=us-phoenix-1
    key_file=/home/dbauser/key.pem 

    [PROFILE2] 
    user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
    region=us-phoenix-1
    key_file=C:\\Users\\dbauser\\key.pem

User OCID

(Defined Parameters) Defines an individual user within the OCI environment.

Tenancy OCID

(Defined Parameters) Defines the OCI Tenacy ID in the OCI VM, which is a global unique identifier for this account within the OCI environment.

Fingerprint

(Defined Parameters) Defines fingerprint to uniquely identify and verify the integrity of the associated certificate or key.

Private Key

(Defined Parameters) Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources. You can use Secrets in Code to not expose this value in the code.

Config File Path

(Configuration File) Defines the path to the Control-M/Agent configuration file that contains authentication information, in the following format:

UNIX: home/user/config

Windows: C:\Users\user1\config

Profile

(Configuration File) Defines the name of a specific section in the configuration file, for example, DEFAULT and PROFILE2 in the code sample above.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to OCI VM before a timeout occurs.

Default: 20

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M database and is available to all Agents, versions 9.0.20 or higher.

You must set this parameter to true.

Valid Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false