Machine Learning Connection Profiles

The following topics describe connection profiles for machine learning platforms and services:

ConnectionProfile:AWS SagemakerLink copied to clipboard

AWS Sagemaker enables you to create, train, and deploy machine learning models on premises, in the cloud, and on edge devices.

For more information about this plug-in, see Control-M for Amazon SageMaker.

The following examples show how to define an AWS SageMaker connection profile.

  • This JSON defines a connection profile that authenticates via AWS access key and secret:

    CopyCopied to clipboard 
    "AWS_SAGEMAKER": 
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "SECRET",
       "AWS Access key": "MYAWSACCESSKEY1234",
       "AWS Secret": "myAwsSecret12345",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }

  • This JSON defines a connection profile that authenticates via an AWS IAM role from inside an EC2 instance:

    CopyCopied to clipboard 
    "AWS_SAGEMAKER_IAM": 
    {
       "Type": "ConnectionProfile:AWS Sagemaker",
       "SageMaker URL": "https://sagemaker.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication": "NOSECRET",
       "IAM Role": "SAGEMAKERIAMROLE",
       "Connection Timeout": "100",
       "Description": "",
       "Centralized": true
    }

The following table describes the AWS SageMaker connection profile parameters.

Parameter

Description

Authentication

Determines one of the following authentication methods:

  • SECRET: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

  • NOSECRET: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access Key

(SECRET Authentication) Defines the access key assigned to the account with the relevant permissions to the AWS service.

AWS Secret

(SECRET Authentication) Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

You can use Secrets in Code to hide this value in the code.

IAM Role

(NOSECRET Authentication) Defines the Identity and Access Management (IAM) role name for the AWS service connection.

AWS Region

Determines the AWS region where the job is located.

us-east-2

SageMaker URL

Determines the authentication endpoint for AWS SageMaker, in the following format:

https://sagemaker.{{AwsRegion}}.amazonaws.com

For more information about regional endpoints, see the AWS documentation.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs.

Default: 30

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

ConnectionProfile:Azure Machine LearningLink copied to clipboard

Azure Machine Learning enables you to build, train, deploy, and manage machine learning models on premises, in the cloud, and on edge devices.

For more information about this plug-in, see Control-M for Azure Machine Learning.

The following examples show how to define a connection profile for an Azure Machine Learning job.

  • This JSON defines a connection profile that authenticates via an Azure service principal:

    CopyCopied to clipboard 
    "AZURE_ML_SERVICE_PRINCIPAL": 
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "PRINCIPAL",
       "Tenant ID": "82b34c5-5839-40f6-8pd9-c1fad320c69b",
       "Azure Login URL": "https://login.microsoftonline.com",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Application ID": "4f477fa3-1a1g-4877-ca92-f39bb563f3b1",
       "Client Secret": "*****",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }

  • This JSON defines a connection profile that authenticates via a managed identity:

    Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

    CopyCopied to clipboard 
    "AZURE_ML_SERVICE_IDENTITY": 
    {
       "Type": "ConnectionProfile:Azure Machine Learning",
       "Authentication Method": "MANAGEDID",
       "Specify Managed Identity Client ID": "&client_id=",
       "Managed Identity Client ID": "72d448f0-ac32-45ea-9158-f8653e4ee16",
       "Azure ML  URL": "https://{{location}}.api.azureml.ms/",
       "Azure Management URL": "https://management.azure.com/",
       "Subscription ID": "e76056e0-70de-4da8-b02e-61263a150b1f",
       "Location Name": "centralus",
       "Connection Timeout": "50",
       "Description": "",
       "Centralized": true
    }

The following table describes the Azure Machine Learning connection profile parameters.

Parameter

Description

Authentication Method

Determines one of the following authentication methods:

  • PRINCIPAL: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor.

  • MANAGEDID: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

To prepare for authentication using each of these methods:

  • Grant your managed identity or service principal access to your Azure Machine Learning workspace.

  • Assign a Contributor or Owner role to the workspace that is accessed by the managed identity or service principal.

Specify Managed Identity Client ID

(Managed identity authentication) Determines whether the managed identity is specified by the Managed Identity Client ID parameter.

This parameter must be included when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.

Valid Values:

  • "&client_id=": The Managed Identity Client ID parameter contains the managed identity used for authentication. You must specify this value when your Azure VM has multiple managed identities.

  • "": The Managed Identity Client ID parameter does not contain a managed identity value. The managed identity is automatically retrieved from the Azure VM.

Managed Identity Client ID

(Managed identity authentication) Defines the client ID of the managed identity used for access.

This parameter requires a value only if there are multiple managed identities defined on your Azure VM and you included the Specify Managed Identity Client ID parameter.

If there is only one managed identity, it is detected automatically.

Tenant ID

(Service Principal) Defines the Azure tenant ID for your organization.

Azure Login URL

(Service Principal) Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Default: https://login.microsoftonline.com

Azure ML URL

Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format:

https://{{location}}.api.azureml.ms/

Azure Management URL

Defines the Azure service endpoint that enables you to perform API calls and retrieve the token for authentication.

Default: https://management.azure.com/

Subscription ID

Defines the Azure account ID of your organization.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Location Name

Determines the region where the Azure Machine Learning jobs are located.

Application ID

(Service Principal) Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Client Secret

(Service Principal) Defines the password associated with the Service Principal/registered application.

You can use Secrets in Code to hide this value in the code.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs.

Default: 50

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

Connection Profile:OCI Data ScienceLink copied to clipboard

OCI Data Science is an Oracle Cloud Infrastructure (OCI) platform, that enables you to build, train, deploy, and manage machine learning (ML) models using Python and open source tools.

For more information about this plug-in, see Control-M for OCI Data Science.

The following examples show how to define a connection profile for an OCI Data Science job.

  • This JSON defines a connection profile that authenticates with Define Parameters method:

    CopyCopied to clipboard 
    "OCI_DATA_SCIENCE": 
    {
       "Type": "ConnectionProfile:OCI Data Science",
       "OCI Data Science URL": "https://datascience.us-phoenix-1.oci.oraclecloud.com/20190101",
       "OCI Region": "us-phoenix-1",
       "Authentication": "DefineParameters",
       "User OCID": "ocid1.user.oc1..aaaaaaaatcnn2lw4tjcoemgnm4*********",
       "Tenancy OCID": "ocid1.tenancy.oc1..aaaaaaaaxzv5ies3pwo7s5it******", 
       "Fingerprint": "c6:d6:28:82:b3:2d:5f:***********",
       "Private Key": "*****",
       "Connection Timeout": "30",
       "Description": "",
       "Centralized": true
    }

  • This JSON defines a connection profile that authenticates with a Configuration File:

    CopyCopied to clipboard 
    " OCI_DATA_SCIENCE ": 
    {
       "Type": "ConnectionProfile: OCI Data Science",
       "OCI Data Science URL": " https://datascience.us-phoenix-1.oci.oraclecloud.com/20190101",
       "OCI Region": "us-phoenix-1",
       "Authentication": "ConfigurationFile",
       "Config File Path": "\home\dbauser\config.example", 
       "Profile": "Default", 
       "Connection Timeout": "30", 
       "Description": "", 
       "Centralized": true
    }

The following table describes the OCI Data Science connection profile parameters.

Parameter

Authentication Method

Description

OCI Data Science URL

All methods

Defines the OCI Data Science URL in the following format:

https://datascience.<region>.oci.oraclecloud.com/20190101

OCI Region

All methods

Determines the region where OCI Data Science is located.

Authentication

All methods

Determines one of the following authentication methods:

  • DefineParameters: Defines authentication parameters in the connection profile.

  • ConfigurationFile: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

    The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

    CopyCopied to clipboard 
    [DEFAULT] 
    user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
    region=us-phoenix-1
    key_file=/home/dbauser/key.pem 

    [PROFILE2] 
    user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
    region=us-phoenix-1
    key_file=C:\\Users\\dbauser\\key.pem

User OCID

Defined Parameters

Defines an individual user within the OCI environment.

Tenancy OCID

Defined Parameters

Defines the OCI Tenacy ID in OCI Data Science, which is a global unique identifier for this account within the OCI environment.

Fingerprint

Defined Parameters

Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.

Private Key

Defined Parameters

Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

You can use Secrets in Code to hide this value in the code.

Config File Path

Configuration File

Defines the path to the configuration file that contains authentication information.

This file is stored on the Control-M/Agent.

UNIX: home/user1/config/pem.pem

Windows: C:\Users\user1\config\\pem.pem

Profile

Configuration File

Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.

Connection Timeout

All methods

Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs.

Default: 20

Centralized

All methods

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.