Backup and Recovery

Determines the authentication endpoint for AWS Backup, based on the following format:

https://backup.<AWS Region>.amazonaws.com

Determines the AWS region where the job is located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the access key assigned to the account with the relevant permissions to the AWS service.

Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines the authentication endpoint for AWS DataSync, based on the following format:

https://datasync.<AWS Region>.amazonaws.com

Defines the AWS Logs URL, based on the following format:

https://logs.<AWS Region>.amazonaws.com

Determines the AWS region where the job is located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the access key assigned to the account with the relevant permissions to the AWS service.

Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

You can use Secrets in Code to hide this value in the code.

Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Defines the endpoint that enables you to perform API calls and retrieve the token for authentication.

Default: https://management.azure.com

Defines the Azure account ID of your organization.

Determines one of the following authentication methods:

• Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if Control-M/Agent is installed on-premises or on another (non-Azure) cloud vendor.

• Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

Determines whether the managed identity is specified by the Managed Identity Client ID attribute.

Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.

Defines the client ID of the managed identity used for access.

This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID.

Defines the Azure tenant ID for your organization.

Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Defines the password associated with the Service Principal/registered application.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Enterprise Manager Server for Veeam Backup.

You must provide the full name of the server, which includes the server name and domain name.

Determines the API URL to communicate with the Veeam Backup Server.

The server name in the URL is populated automatically.

Determines the version for the Veeam Backup REST API.

Default: latest

Defines the account name for authentication.

Defines the corresponding password for authentication.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the HTTP code that appears in the response if you want to rerun a job execution step (authentication, trigger or completion).

Multiple HTTP codes must be separated with a space.

You cannot rerun a step with HTTP codes when you perform manual execution, such as rerun from point of failure.

Default: 429

Defines the number of seconds to wait before Control-M reruns the job step.

Default: 10

Defines the number of attempts to rerun a job step.

Default: 3

Defines the primary NetBackup server.

Defines the URL of the API on the NetBackup server, in the following format:

https://<Master Server Name>:<port>

where

• Master Server Name: defines the value of the Master Server Name parameter.

• port: defines the port in the NetBackup API.

Determines one of the following authentication methods:

• API Token: Authenticates with a token defined in NetBackup.

• Username & Password: Authenticates with NetBackup user credentials.

Determines the type of domain used for authentication.

Valid Values:

• NIS

• NIS+

• NT

• vx

• unixpwd

Defines the name of the authentication domain.

Defines the account name used when the Authentication Type value is Username & Password.

Defines the password used when the Authentication Type value is Username & Password.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the token used when Authentication Type value is API Token.