MFT Connection Profile Parameters

The following table describes MFT connection profile parameters that are relevant to all types of MFT connection profiles:

Parameter	Description
MFT Connection Profile Type	Determines one of the following connection profile types: File Transfer Single Endpoint: Transfers files from the host defined in this connection profile to hosts defined in multiple connection profiles. Select this option if you want to reuse this connection profile to transfer files to different hosts. File Transfer Group: Transfers a file from one host to multiple hosts in one transfer.
Connect to	Transfers files using one of the following protocols: File System: Local host (Agent) computer, File System Parameters FTP Server: FTP Protocol Parameters SFTP Server (SSH): SFTP (SSH) Protocol Parameters S3: S3 Protocol Parameters Azure Storage: Azure Storage Protocol Parameters SharePoint Online: MFT Connection Profile Parameters Google Cloud Storage: Google Cloud Storage Parameters Oracle Object Storage: Oracle Object Storage Parameters
Manual Additional Parameters	Enables you to add parameters for further connection profile configuration, as described in Connection Profile Manual Additional Parameters

Parameter

Description

MFT Connection Profile Type

Determines one of the following connection profile types:

File Transfer Single Endpoint: Transfers files from the host defined in this connection profile to hosts defined in multiple connection profiles. Select this option if you want to reuse this connection profile to transfer files to different hosts.
File Transfer Group: Transfers a file from one host to multiple hosts in one transfer.

Connect to

Transfers files using one of the following protocols:

File System: Local host (Agent) computer, File System Parameters
FTP Server: FTP Protocol Parameters
SFTP Server (SSH): SFTP (SSH) Protocol Parameters
S3: S3 Protocol Parameters
Azure Storage: Azure Storage Protocol Parameters
SharePoint Online: MFT Connection Profile Parameters
Google Cloud Storage: Google Cloud Storage Parameters
Oracle Object Storage: Oracle Object Storage Parameters

Manual Additional Parameters

Enables you to add parameters for further connection profile configuration, as described in Connection Profile Manual Additional Parameters

File System Parameters

The following table lists the File System parameters:

Parameter	Description
Host Name	Defines the name of the host computer.
OS Type	Determines which platform the host resides.
User Name	Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.
Password	Defines the password for each user connection profile
Home Directory	Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane. (OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used. To retrieve the home directory from the remote server or local computer, click Get Home Directory. (This feature is not available for Unisys OS2200).

FTP Protocol Parameters

The following table lists the FTP protocol parameters.

Parameter	Description
Host Name	Defines the name of the host computer.
Port	Determines the port used to communicate for each host. Default: 21
OS Type	Determines which platform the host resides.
User Name	Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.
Password	Defines the password for each user connection profile
Home Directory	Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane. (OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used. To retrieve the home directory from the remote server or local computer, click Get Home Directory. (This feature is not available for Unisys OS2200).
FTP Connection Modes	Determines one of the following connection modes for FTP: FTP Passive (PASV): Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues. Extended Passive (EPSV): Determines whether to use the Extended Passive Mode, where the FTP client uses the same IP address to open a data channel. This is mainly used for IPV6 environments. Active: Initiates the data channel from the FTP server to the FTP client random port. This mode can encounter issues when the server attempts to open the data channel, due to Firewall rules. BMC recommends that you choose a passive mode.
Substitute IP address	Forces passive connections to use the host address.
FTP over SSL/TLS (FTPS)	Defines the communication protocol as FTP over SSL/TLS.
SSL Implicit	Automatically creates an SSL connection between the MFT client and the FTP server (Default Port: 990). In SSL Explicit mode, the MFT client connects to the FTP server and then changes the connection to SSL mode (FTP over SSL/TLS).
Clear Command Channel	Sets the transmission mode in a control connection from an encrypted mode to clear text mode. You can secure sensitive information, including your user name and password, by sending them in an encrypted mode, and then use the CCC sub-command to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).
Clear Data Channel	Encrypts the connection process while files are transferred without encryption. You can select this option if you want your login information encrypted and your files transferred without encryption.
SSL Security Level	Defines the SSL security levels of encrypted communication for the host, as follows: 2: SSL is used for data encryption only 3: Server Authentication 4: Both server and client authentication

SFTP (SSH) Protocol Parameters

The following table lists the SFTP (SSH) protocol parameters.

Password and Key authentication must be used if the remote SFTP server both Password and Key. (AuthenticationMethod = "publickey,password")

Parameter	Description
Host Name	Defines the name of the host computer.
Port	Determines the port used to communicate for each host. Default: 22
OS Type	Determines which platform the host resides.
User Name	Defines the username of each host. If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.
Password	Defines the password for each user connection profile
Home Directory	Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane.
Key Authentication	Uses Key Authentication to access the SFTP server. To generate SSH keys, see Generating SSH Keys.
Private Key Name	Defines the path and file name of the private key.
Key Passphrase	Defines the password of the private key file.
Password	Defines the password of the SFTP server.
Compression	Compresses the file before the transfer.

S3 Protocol Parameters

The following table describes S3 protocol parameters.

Parameter	Storage Type	Description
Storage Type	N/A	Determines one of the following S3 storage types: Amazon S3 Storage: Amazon Simple Storage solution. S3 Compatible Storage: A storage solution that allows you to access and manage the data it stores over an S3 compliant interface. AWS PrivateLink for Amazon S3: A storage that resides in the virtual private cloud (VPC) endpoint.
REST Endpoint	S3-Compatible AWS PrivateLink	Defines the network address where the storage is located.
Access Key	AWS S3 S3 Compatible AWS PrivateLink	Determines which access key is used to access the storage. If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Access Key value, even though it is a required field.
Secret Access Key	AWS S3 S3-Compatible AWS PrivateLink	Determines which secret access key is used to access the storage. If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Secret Access Key value even though it is a required field.
Region	AWS S3 AWS PrivateLink	Determines the default region to perform the Amazon S3 requests. For better performance, select the region where the bucket is located.

Azure Storage Protocol Parameters

The following table describes the SharePoint Connection Profile Parameters.

Parameter	Description
Account Name	Defines the name of the Azure Storage account.
Storage Type	Determines whether to connect to one of following Azure Storage types: Blob Storage Data Lake Storage Gen2
Endpoint URL	Shows the URL of Blob Storage or Data Lake Storage where the storage is located. Defaults: Blob: https://<account name>.blob.core.windows.net Data Lake: https://<account name>.dfs.core.windows.net
Overwrite Endpoint URL	Overwrites the default Endpoint URL and allows you to connect to a different URL.
Authentication Method	Determines one of the following authentication methods: Azure AD (Active Directory): Authenticates with Azure Active Directory IAM service. Shared Key: Authenticates using an Access Key Shared Access Signature (SAS): Delegates access with specific permissions over a limited time interval. Managed Identity Service Uses a predefined Managed Identity to access the Azure storage services that do not require credentials. You can only use this option when Agent is installed on an Azure virtual machine.
Using	Determines whether to connect to the Azure account with one of the following based on the Authentication Method: Azure AD User & Password: Authenticates a user in the Active Directory. Client Secret: Authenticates via an application secret. Certificate File:Authenticates a user with a certificate file. You can upload or create the certificate or secret for your application in the Azure Portal > Azure AD > App Registration. Shared Key Access Key: Defines the account access key that is used to connect to Azure. Connection String: Defines the entire connection string used to connect to Azure.
Tenant ID	Defines the ID of the Azure Active Directory instance where your application is located.
Client ID	Defines the ID of your application in Azure Active Directory.
Client Secret	Defines the name of the application secret.
Certificate File Type	Determines whether to use PEM or PFX as the certificate file.
Certificate File Path	Defines the location of the certificate file.
Certificate Password	Defines the password of the certificate.
SAS Token	Defines the SAS token that is created for Azure limited access.

Google Cloud Storage Parameters

The following table describes Google Cloud Storage parameters.

Parameter	Description
Service Account Key	Defines a JSON file that contains the required service account credentials to access the Google Cloud Storage account.

Service account JSON format:

Copy

{
   "type": "service_account",
   "project_id": "project-id",
   "private_key_id": "key-id",
   "private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n",
   "client_email": "service-account-email",
   "client_id": "client-id",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://accounts.google.com/o/oauth2/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
}

Oracle Object Storage Parameters

The following table describes Oracle Object Storage parameters.

Parameter	Description
Namespace	Determines the Object Storage Namespace, which is the top level container for all buckets and objects. At account creation time, each Oracle Cloud Infrastructure tenant is assigned one unique system-generated and immutable Object Storage namespace name.
Tenancy ID	Defines the OCID of your Tenancy, which is a secure and isolated partition in Oracle Object Storage.
Compartment ID	Determines the Compartment ID, which is a collection of related cloud resources. By default, your tenancy ID acts as the root compartment. The field is disabled by default (root compartment is used). You must enter all the Connection Details to list the available Compartment IDs in your account.
Region	Determines the default region to perform the Oracle Object Storage requests. For better performance, select the region where the bucket is located.
User ID	Defines the user ID that connects to Oracle Object Storage.
User Private Key	Determines the RSA private key in PEM format. After you generate an API Signing Key pair from the OCI Console, you must download the private key to your file system.
User Private Key Passphrase	(Optional) Determines the private key passphrase.
User Public Key Fingerprint	Determines the API public key fingerprint.

MFT Connection Profile Additional Parameters

The following table lists the connection profile additional parameters.

Parameter	Description
Verify Destination File Size	Verifies the size of the file after a successful transfer. If a file transfer has spaces in the file name and it fails during this verification, you must not select this option, as some FTP servers do not list file names with spaces. This option is only available when the source and destination servers are Windows, Linux, or UNIX. This option is not available for AS2. This option is only relevant for Binary mode transfer.
Verify Total Bytes Sent	Determines whether to verify, after a successful transfer, if the actual number of bytes sent to destination is the same as the size of the file on the source. If it is not the same size, the transfer fails. This option is only available when the source and destination servers are Windows, Linux, or UNIX. This option is not available for AS2. This option is only relevant for Binary mode transfer.
Verify Checksum	Verifies that the file transferred correctly by executing the MD5 checksum on the FTP server. This option is available only for FTP servers that support either the MD5, XMD5, or the SITE CHECKSUM checksum commands. For UNIX FTP servers, ensure that the md5sum program is installed on the FTP server search path, to enable the SITE CHECKMETHOD MD5 and SITE CHECKSUM commands to work properly.

Parameter

Description

Verify Destination File Size

Verifies the size of the file after a successful transfer.

If a file transfer has spaces in the file name and it fails during this verification, you must not select this option, as some FTP servers do not list file names with spaces.
This option is only available when the source and destination servers are Windows, Linux, or UNIX.
This option is not available for AS2.
This option is only relevant for Binary mode transfer.

Verify Total Bytes Sent

Determines whether to verify, after a successful transfer, if the actual number of bytes sent to destination is the same as the size of the file on the source.

If it is not the same size, the transfer fails.

This option is only available when the source and destination servers are Windows, Linux, or UNIX.
This option is not available for AS2.
This option is only relevant for Binary mode transfer.

Verify Checksum

Verifies that the file transferred correctly by executing the MD5 checksum on the FTP server.

This option is available only for FTP servers that support either the MD5, XMD5, or the SITE CHECKSUM checksum commands.

For UNIX FTP servers, ensure that the md5sum program is installed on the FTP server search path, to enable the SITE CHECKMETHOD MD5 and SITE CHECKSUM commands to work properly.

Connection Profile Manual Additional Parameters

The following table describes the Connection profile manual additional parameters.

Parameter	Description
as2.compressMessageBeforeSign	Determines whether to compress AS2 message before signing the message. true or false
azure.proxy.scheme	Determines which proxy scheme (https/http) to use when connecting to Azure via Web Proxy
ftp.charset	Uses a different character set when connecting to a remote FTP server (if not specified, UTF-8 is the default charset). ISO-8859-1
ftp.path.with.spaces.improved.directory.listing	Determines whether the FTP client performs a directory listing on the whole directory when transferring specific file path that includes spaces such as, /aaa/bbb/ccc ddd.txt or [ ]. This property has no affect if transferring a path without spaces or transferring directory or pattern. Use this property only if the Connection Profile is Windows or Linux (not supported on AIX). true or false
ftp.timezone.offset	Defines the timezone offset of the remote FTP server. Use this if the FTP server timezone is different than the Agent timezone. Format: +/-HH:MM. +04:00
ftp.performChangeDirectoryBeforeAction sftp.performChangeDirectoryBeforeAction	Determines whether to change the working directory to the target FTP or SFTP path before writing a file. true or false
files.order.by	Determines whether files are watched or transferred by name, timestamp, or size on the source host. Valid Values: none name timestamp size Default: none The value of this parameter overrides the value defined in the aft_configurable.proeprties file.
files.order.direction	Determines whether files are watched or transferred by the latest or oldest files on the source host. Valid Values: ascending descending Default: ascending The value of this parameter overrides the value defined in the aft_configurable.proeprties file.
sftp.charset	Uses a different character set when connecting to a remote SFTP server (if not specified, UTF-8 is the default charset). ISO-8859-1
sftp.ciphers	Overrides the SFTP ciphers that are used when connecting to the SFTP server (commas separated values). aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
sftp.flush	Determines whether to ask SFTP server to flush any buffer than was sent (to verify the target file was updated in case of disconnections). If set to true, performance might be affected. true or false
sftp.ignore.PreferredAuthentications	Determines whether to ignore the preferred authentication list for the SFTP server.
sftp.ignoreIsRemoteDirCheckingWhenStoreFile	Enables you to upload files to a specific server. Default: true
sftp.ignore.StrictHostKeyChecking	Determines whether to perform the strict HostKey checking for the SFTP server. Valid Values: false true Default: false
sftp.StrictHostKeyChecking	Determines the behavior when performing SFTP server’s strict HostKey checking. Valid Values: ask: Accepts new host keys, verify if the key exists and matching in the known_hosts file. yes: Verifies if the key exists & matching in the known_hosts file. no: Does not verify if the key exists and matching in the known_hosts file. Default: ask
sftp.ignore.verify.signature	Determines whether to perform the signature verification for the SFTP server.
sftp.kex	Overrides the SFTP key exchange algorithms that are used when connecting to the SFTP server (comma-separated values). ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1
sftp.mac	Overrides the SFTP mac algorithms that are used when connecting to the SFTP server (commas separated values). hmac-md5,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5-96
sftp.newline	Defines CRLF or LF to override the ASCII End of Line control character abbreviation, when transferring with SFTP protocol and ASCII mode. By default, End of Line is based on the Connection Profile OS type (Windows = CRLF, UNIX = LF). CRLF or LF
sftp.remove.directory.trailing.slash	Determines whether the remote SFTP server enforces omitting a trailing slash when running directory operations (such as, mkdir and rmdir). Default: Trailing slash true or false
slowdown.rate.millisecond	Determines the number of milliseconds to wait between each read and write operation during transfer when the remote server is very slow. 300
s3.enable.global.bucket.access	Forces global bucket access on the MFT S3 client for that connection profile.
s3.compatible.storage.region	Determines which region to use when connecting to a compatible S3 storage server.
s3.disable.chunked.encoding	Disables chunked transfer encoding for object writes and reads.
s3.disable.multipart.upload	Determines whether to disable multipart uploads for files size range of 16 MB–5 GB.
s3.proxy.host	Determines the hostname or IP of the web proxy server. The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters).
s3.proxy.port	Determines the port number of the web proxy server. The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters).
s3.role.arn	Defines the Amazon Resource Name of the role, which provides temporary access credentials when you assume the role.
s3.role.mfa.serial	Determines the serial number of the MFA device of the S3 role.
s3.role.session.duration.seconds	Determines the duration of the temporary access defined in s3.role.arn.
s3.role.external.id	Determines the external ID of the S3 role.
s3.set.api.version	Determines which REST API version to use . Default: 2
s3.set.bucket.owner.full.control.canned.acl	Determines whether to provide full access to objects uploaded to any bucket in this connection profile.
s3.set.http.connection.protocol	Determines whether to use HTTP instead of HTTPS for S3 connections. true or false
s3.useDefaultCredentialProviderChain	Determines whether to use the Instance profile credentials delivered through the Amazon EC2 metadata service. true or false This option only works when Control-M MFT and the Agent are running on an EC2 instance.
s3.use.virtual.hosted.style	Determines whether to use the virtual-hosted style (mybucket1.s3-eu-west-1.amazonaws.com) for S3 buckets on S3 API calls. true or false
s3.sse.type	Determines one of the following server-side encryption methods: SSE-S3: Server-Side Encryption with Amazon S3 Managed Keys. SSE-KMS: Server-Side Encryption with Customer Keys Stored in AWS KMS.
s3.sse.kms.key.id	Defines the AWS KMS Key ID to use for encryption. If this parameter is not defined or left empty, the AWS managed key is used. This parameter is only relevant when s3.sse.type is set to SSE-KMS.
gcs.sse.type	Determines whether to use Customer-managed encryption keys in server-side encryption, as follows (No Value): The default encryption without key management. SSE-KMS: Server-Side Encryption with Customer Keys Stored in GCS-KMS .
gcs.sse.kms.key.id	Defines the GCS KMS Key ID to use for encryption. This parameter is mandatory if gcs.sse.type is set to SSE-KMS.
ssl.keystore.keyalias	Overrides the keystore alias
ssl.provider.options.tlsciphersuite	Overrides the enabled cipher suites
ssl.provider.options.sslprotocol	Overrides the enabled SSL protocols such as, SSLv3, TLSv1, TLSv1.1, and TLSv1.2. If you want to work with SSLv3, mark the jdk.tls.disabledAlgorithms=SSLv3 attribute with #, and then restart the container. This parameter affects only the connection to the host which is defined in the connection profile. To limit the whole MFT module to specific TLS versions, you can configure the tls_protocols parameter in mft_startup.properties and hub_startup.properties file, and then restart the Agent. TLSv1.2
ui.max.records.in.list	Limits or extends the number of records returned to the File Transfer browser dialog. 10,000 records are returned be default. 20000
use.proxy	Determines whether to connect to the SFTP, FTP, or S3 server via Web Proxy, if enabled in the Configuration Management window. Default: true
oracle.useMultipartDownloadOnDownloadToLocal	Determines whether to download large files from Oracle Object Storage to the local file system in multipart.
oracle.enableDirectoryAsFileSeparator	Determines whether to use file separator for a directory in Oracle Object Storage.
oracle.proxy.host oracle.proxy.port	Determines the proxy host and port when you connect to the Oracle Cloud Object Storage via a proxy.