MFT Connection Profile Parameters

The following table describes Control-M MFT connection profile parameters that are relevant to all types of MFT connection profiles.

Parameter

Description

MFT Connection Profile Type

Determines one of the following connection profile types:

  • File Transfer Single Endpoint: Transfers files from the host defined in this connection profile to hosts defined in multiple connection profiles. Select this option if you want to reuse this connection profile to transfer files to different hosts.

  • File Transfer Group: Transfers a file from one host to multiple hosts in one transfer.

Connect To

Transfers files using one of the following protocols:

Manual Additional Parameters

Enables you to add parameters for further connection profile configuration, as described in Connection Profile Manual Additional Parameters.

File System Parameters

The following table lists the MFT file system parameters.

Parameter

Description

Host Name

Defines the name of the host computer.

OS Type

Determines which platform the host resides.

User Name

Defines the username of each host, as follows:

If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.

Password

Defines the password for each user connection profile.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Home Directory

Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT Properties pane.

(OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used.

To retrieve the home directory from the remote server or local computer, click Get Home Directory—this feature is not available for Unisys OS2200.

FTP Protocol Parameters

The following table lists the FTP protocol parameters.

Parameter

Description

Host Name

Defines the hostname.

Port

Determines the port used to communicate for each host.

Default: 21

OS Type

Determines which platform the host resides.

User Name

Defines the username of each host.

If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.

Password

Defines the password for each user connection profile

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Home Directory

Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane.

(OS/400 platforms only) Control-M MFT supports both Name Format 0 and Name Format 1. The syntax of the home directory determines which format is used.

To retrieve the home directory from the remote server or local computer, click Get Home Directory—this feature is not available for Unisys OS2200.

FTP Connection Modes

Determines one of the following connection modes for FTP:

  • FTP Passive (PASV): Initiates the data and control connections from the FTP client to the FTP server, which solves firewall issues.
  • Extended Passive (EPSV): Determines whether to use the Extended Passive Mode, where the FTP client uses the same IP address to open a data channel. This is mainly used for IPV6 environments.
  • Active: Initiates the data channel from the FTP server to the FTP client random port. This mode can encounter issues when the server attempts to open the data channel, due to Firewall rules. BMC recommends that you choose a passive mode.

Substitute IP address

Forces passive connections to use the host address.

FTP over SSL/TLS (FTPS)

Defines the communication protocol as FTP over SSL/TLS.

SSL Implicit

Automatically creates an SSL connection between the MFT client and the FTP server (Default Port: 990).

In SSL Explicit mode, the MFT client connects to the FTP server and then changes the connection to SSL mode (FTP over SSL/TLS).

Clear Command Channel

Sets the transmission mode in a control connection from an encrypted mode to clear text mode. You can secure sensitive information, including your user name and password, by sending them in an encrypted mode, and then use the CCC sub-command to change the transmission mode back to clear text mode to send the port and IP information (FTP over SSL/TLS).

Clear Data Channel

Encrypts the connection process while files are transferred without encryption.

You can select this option if you want your login information encrypted and your files transferred without encryption.

SSL Security Level

Determines one of the following SSL security levels of encrypted communication for the host:

  • 2: SSL is used for data encryption only.
  • 3: Server Authentication.
  • 4: Both server and client authentication.

SFTP (SSH) Protocol Parameters

The following table lists the SFTP (SSH) protocol parameters.

Password and Key authentication must be used if the remote SFTP server both Password and Key (AuthenticationMethod = "publickey,password").

Parameter

Description

Host Name

Defines the hostname.

Port

Determines the port used to communicate for each host.

Default: 22

OS Type

Determines which platform the host resides.

User Name

Defines the username of each host.

If it is a local host on Windows, the domain name must be specified. If it is a remote host on Windows, the domain name might need to be specified if required by the server.

Password

Defines the password for each user connection profile

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Home Directory

Determines the home directory for each host that appears in the File Selection dialog box in the Control-M MFT properties pane.

Key Authentication

Uses Key Authentication to access the SFTP server.

To generate SSH keys, see Generating SSH Keys.

Private Key Name

Defines the path and file name of the private key.

Key Passphrase

Defines the password of the private key file.

Password

Defines the password of the SFTP server.

Compression

Compresses the file before the transfer.

S3 Protocol Parameters

The following table describes S3 protocol parameters.

You might need to import the cloud vendor public certificate into your JRE trust-store located in <JRE>/lib/security/cacerts. For more information, see 000378358.

Parameter

Storage Type

Description

Storage Type

N/A

Determines one of the following S3 storage types:

  • Amazon S3 Storage: Amazon Simple Storage solution.

  • S3 Compatible Storage: A storage solution that allows you to access and manage the data it stores over an S3 compliant interface.

  • AWS PrivateLink for Amazon S3: A storage that resides in the virtual private cloud (VPC) endpoint.

REST Endpoint

  • S3-Compatible

  • AWS PrivateLink

Defines the network address where the storage is located.

Access Key

  • AWS S3

  • S3 Compatible

  • AWS PrivateLink

Determines which access key is used to access the storage.

If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Access Key value, even though it is a required field.

Secret Access Key

  • AWS S3

  • S3-Compatible

  • AWS PrivateLink

Determines which secret access key is used to access the storage.

If the s3.useDefaultCredentialProviderChain parameter is set to true, the File Transfer job does not use the Secret Access Key value even though it is a required field.

Use External Vault

  • AWS S3

  • S3-Compatible

  • AWS PrivateLink

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Region

  • AWS S3

  • AWS PrivateLink

Determines the default region to perform the Amazon S3 requests.

For better performance, select the region where the bucket is located.

Azure Storage Protocol Parameters

The following table describes the Azure Storage protocol parameters.

You might need to import the cloud vendor public certificate into your JRE trust-store located in <JRE>/lib/security/cacerts. For more information, see 000378358.

Parameter

Description

Account Name

Defines the name of the Azure Storage account.

Storage Type

Determines whether to connect to one of following Azure Storage types:

  • Blob Storage

  • Data Lake Storage Gen2

Endpoint URL

Determines whether the endpoint URL, where the storage is located, appears.

Defaults:

  • Blob: https://<account name>.blob.core.windows.net

  • Data Lake: https://<account name>.dfs.core.windows.net

Overwrite Endpoint URL

Overwrites the default Endpoint URL and allows you to connect to a different URL.
Authentication Method

Determines one of the following authentication methods:

  • Azure AD (Active Directory): Authenticates with Azure Active Directory IAM service.

  • Shared Key: Authenticates using an Access Key

  • Shared Access Signature (SAS): Delegates access with specific permissions over a limited time interval.

  • Managed Identity Service Uses a predefined Managed Identity to access the Azure storage services that do not require credentials.

    You can only use this option when Agent is installed on an Azure virtual machine.
Using

Determines whether to connect to the Azure account with one of the following based on the Authentication Method:

  • Azure AD

    • User & Password: Authenticates a user in the Active Directory.

    • Client Secret: Authenticates via an application secret.

    • Certificate File:Authenticates a user with a certificate file.

      You can upload or create the certificate or secret for your application in the Azure Portal > Azure AD > App Registration.

  • Shared Key

    • Access Key: Defines the account access key that is used to connect to Azure.

    • Connection String: Defines the entire connection string used to connect to Azure.

Tenant ID

Defines the ID of the Azure Active Directory instance where your application is located.

Client ID

Defines the ID of your application in Azure Active Directory.

Client Secret

Defines the name of the application secret.

Certificate File Type

Determines whether to use PEM or PFX as the certificate file.

Certificate File Path

Defines the location of the certificate file.

Certificate Password

Defines the password of the certificate.

SAS Token

Defines the SAS token that is created for Azure limited access.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

SharePoint Online Parameters

The following table describes the SharePoint Online Connection Profile Parameters. To enable connection profiles in SharePoint, set the required permissions in Microsoft Graph API in Azure, as described in 000430757.

Parameter

Description

SharePoint Host

Defines the SharePoint host URL where the storage is located.
Authentication Method

Determines one of the following authentication methods:

  • Azure AD (Active Directory): Authenticates with Azure Active Directory IAM service.

  • Managed Identity Service: Uses a predefined Managed Identity to access the Azure storage services that do not require credentials.

    You can only use this option when Agent is installed on an Azure virtual machine.
Using

Determines whether to connect to the Azure account with one of the following based on the Authentication Method:

  • Azure AD

    • User & Password: Authenticates a user in the Active Directory.

    • Client Secret: Authenticates via an application secret.

    • Certificate File: Authenticates a user with a certificate file.

      You can upload or create the certificate or secret for your application in the Azure Portal > Azure AD > App Registration.

  • Managed Identity Service: Authenticates with a Client ID.

Tenant ID

Defines the ID of the Azure Active Directory instance where your application is located.

Client ID

Defines the ID of your application in Azure Active Directory.

Client Secret

Defines the name of the application secret.

Certificate File Type

Determines whether to use PEM or PFX as the certificate file.

Certificate File Path

Defines the location of the certificate file.

Certificate Password

Defines the password of the certificate.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Google Cloud Storage Parameters

The following table describes Google Cloud Storage parameters.

You might need to import the cloud vendor public certificate into your JRE trust-store located in <JRE>/lib/security/cacerts. For more information, see 000378358.

Parameter

Description

Service Account Key

Defines a JSON file that contains the required service account credentials to access the Google Cloud Storage account.

The following example defines a service account in JSON format:

Copy 
{
   "type": "service_account",
   "project_id": "project-id",
   "private_key_id": "key-id",
   "private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n",
   "client_email": "service-account-email",
   "client_id": "client-id",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://accounts.google.com/o/oauth2/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
}

Oracle Object Storage Parameters

The following table describes Oracle Object Storage parameters.

You might need to import the cloud vendor public certificate into your JRE trust-store located in <JRE>/lib/security/cacerts. For more information, see 000378358.

Parameter

Description

Namespace

Determines the Object Storage Namespace, which is the top level container for all buckets and objects.

At account creation time, each Oracle Cloud Infrastructure tenant is assigned one unique system-generated and immutable Object Storage namespace name.

Tenancy ID

Defines the OCID of your Tenancy, which is a secure and isolated partition in Oracle Object Storage.

Compartment ID

Determines the Compartment ID, which is a collection of related cloud resources.

By default, your tenancy ID acts as the root compartment.

The field is disabled by default (root compartment is used). You must enter all the Connection Details to list the available Compartment IDs in your account.

Region

Determines the default region to perform the Oracle Object Storage requests. For better performance, select the region where the bucket is located.

User ID

Defines the user ID that connects to Oracle Object Storage.

User Private Key

Determines the RSA private key in PEM format. After you generate an API Signing Key pair from the OCI Console, you must download the private key to your file system.

User Private Key Passphrase

(Optional) Determines the private key passphrase.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

User Public Key Fingerprint

Determines the API public key fingerprint.

MFT Connection Profile Additional Parameters

The following table lists the connection profile additional parameters.

Parameter

Description

Verify Destination File Size

Verifies the size of the file after a successful transfer.

  • If a file transfer has spaces in the file name and it fails during this verification, you must not select this option, as some FTP servers do not list file names with spaces.

  • This option is only available when the source and destination servers are Windows, Linux, or UNIX.

  • This option is not available for AS2.

  • This option is only relevant for Binary mode transfer.

Verify Total Bytes Sent

Determines whether to verify, after a successful transfer, if the actual number of bytes sent to destination is the same as the size of the file on the source.

If it is not the same size, the transfer fails.

  • This option is only available when the source and destination servers are Windows, Linux, or UNIX.

  • This option is not available for AS2.

  • This option is only relevant for Binary mode transfer.

Verify Checksum

Verifies that the file transferred correctly by checking the unique fingerprint (checksum) for the file.

  • This option is only available on FTP, File System, and SFTP.

  • This option is only available when it is selected in the source and destination connection profiles.

  • On FTP, note the following:

    • This option is only available on FTP servers that support the MD5, XMD5, or SITE CHECKSUM checksum commands.

    • On UNIX FTP servers, you must ensure that the md5sum program is installed on the FTP server search path to enable the SITE CHECKMETHOD MD5 and SITE CHECKSUM commands to run.

  • On SFTP, by default, the checksum verification is performed only on SFTP servers that support the md5-hash SFTP extension. To change the default behavior, update the com.bmc.aft.configurable.sftp.checkSumMethod parameter, as described in aft_configurable.properties File Parameters.

Connection Profile Manual Additional Parameters

The following table describes the connection profile manual additional parameters.

Parameter

Connection Type

Description

as2.compressMessageBeforeSign

AS2

Determines whether to compress AS2 message before signing the message.

azure.proxy.scheme

Azure

Determines which proxy scheme to use when connecting to Azure via a Web Proxy.

Valid Values:

  • https

  • http

  • azure.proxy.host

  • azure.proxy.port

Azure

Defines the proxy host and port when you connect to Azure via a proxy.

azure.proxy.nonProxyHosts

Azure

Defines the list of hosts to access directly, and bypass the proxy, when you connect to Azure via the Web Proxy.

This parameter is useful if certain hosts are within the local network, and do not require a proxy for access.

Use the | character to separate values.

localhost|127.0.0.1|*.local|*.my-co.com

azure.useMultipartDownloadOnDownloadToLocal

Azure

Determines whether to download large files from Azure Storage to the local file system in multipart.

Valid Values:

  • true

  • false

Default: true

azure.skipContainerExistCheck

Azure

Determines whether to skip the verification process if the specified Azure container exists.

Valid Values:

  • true

  • false

Default: false

azure.skipAccountDetailsCheck

Azure

Determines whether to skip the verification process of the Connection Profile details.

Valid Values:

  • true

  • false

Default: false

azure.enableDirectoryAsFileSeparator

Azure

Determines whether to use file separator for a directory in Azure Storage.

Valid Values:

  • true

  • false

Default: false

errorStringsToFailTransfer

  • SFTP

  • FTP

  • File System

Determines the list of error message patterns received from the server specified in the connection profile. The error message patterns indicate what causes the job to fail.

Default: broken|socket write error

failJobIfNoFilesMatchTheSourcePattern

All

Determines whether to fail the job if none of the files match the source pattern, and none of the files are transferred. The job exit code in this scenario is 7.

Valid Values:

  • true

  • false

Default: false

file.stream.operations.retry

  • SFTP

  • FTP

  • File System

Determines whether to perform retries during transfer when write/read to/from file streams fail.

Valid Values:

  • true

  • false

Default: false

  • forceRestartOnDisconnectionDuringDownload

  • forceRestartOnDisconnectionDuringUpload

All

Determines whether to restart the file transfer from the beginning of the file upon reconnection.

Valid Values:

  • true

  • false

Default: false

format.detectLittleEndianEncoding

  • SFTP

  • FTP

  • File System

Determines whether to perform endianness verification. The job treats the system as big-endian if you do not verify endianness.

Valid Values:

  • true

  • false

Default: false

ftp.charset

FTP

Defines a different character set when connecting to a remote FTP server.

Default: UTF-8

ISO-8859-1

ftp.disableSessionResumption

FTP

Determines whether to disable FTP session resumption for the connection profile server.

Valid Values:

  • true

  • false

Default: false

ftp.doNotCheckForFileExistenceOnAppend

  • SFTP

  • FTP

  • File System

Determines whether to check if the remote file exists before performing an Append operation on transfer.

Valid Values:

  • true

  • false

Default: false

ftp.enableSmartWildcardDirectoryListing

FTP

Determines the method to list the remote directory when the source patterns contain wildcards.

Valid Values:

  • true: The server filters the results, if supported. The directory listing uses wildcards, such as list /dir/a*.pdf.

  • false: The client filters the results. The directory listing is performed on the parent folder, such as list /dir/, and then filtered locally.

ftp.openVMSEnableVersioning

FTP

Determines whether to enable file versioning when files are transferred from or to OpenVMS.

Valid Values:

  • true

  • false

Default: false

  • ftp.openvms.purgeOldVersionOnFileDelete

  • ftp.openvms.purgeOldVersionOnFileMove

FTP

Determines whether to purge old file versions when files are deleted or moved from a file in OpenVMS.

Valid Values:

  • true

  • false

Default: false

ftp.path.with.spaces.improved.directory.listing

FTP

Determines whether the FTP client performs a directory listing on the whole directory when the system transfers a specific file path with spaces, such as /aaa/bbb/ccc ddd.txt or [ ].

This property does not impact the transfer of a path without spaces, a directory or a pattern.

This property is supported only if the connection profile is created on a Windows or Linux operating system. It does not support AIX.

Valid Values:

  • true

  • false

Default: false

ftp.protocolJobOutputDebugLevel

FTP

Determines the verbose level of FTP requests and responses displayed in the job output.

Valid values:

  • OFF: Requests and responses are not displayed.

  • ERROR: Only FTP error codes in the range of 500-699 are displayed.

  • WARN: Only FTP errors or warnings with codes in the range of 400-599 are displayed.

  • INFO: All FTP responses, except normal codes in the range of 200-299, are displayed.

  • DEBUG: All FTP requests and responses are displayed in the job output.

Default: DEBUG

ftp.remoteVerificationControlVsDataEnabled

FTP

Determines whether to verify if the FTP server address in the data channel is similar to the one used in the control channel.

Valid Values:

  • true

  • false

Default: true

ftp.search.file.using.directory.listing

FTP

Determines whether to locate the remote file by performing a directory listing for the parent directory, or by accessing the file directly.

Valid Values:

  • true

  • false

Default: false

ftp.timezone.offset

FTP

Defines the timezone offset of the remote FTP server. Use this if the FTP server timezone is different than the Agent timezone.

Format: +/-HH:MM.

+04:00
  • ftp.performChangeDirectoryBeforeAction
  • sftp.performChangeDirectoryBeforeAction

FTP

Determines whether to change the working directory to the target FTP or SFTP path before writing a file.

Valid Values:

  • true

  • false

Default: false

files.order.by

All

Determines whether files are watched or transferred by name, timestamp, or size on the source host.

Valid Values:

  • none

  • name

  • timestamp

  • size

Default: none

The value of this parameter overrides the value defined in the aft_configurable.properties file.

files.order.direction

All

Determines whether files are watched or transferred by the latest or oldest files on the source host.

Valid Values:

  • ascending
  • descending

Default: ascending

The value of this parameter overrides the value defined in the aft_configurable.properties file.

gcs.impersonatedServiceAccountEmail

Google Cloud

Determines the service account email for impersonation.

gcs.proxy.scheme

Google Cloud

Determines the proxy scheme to connect to Google Cloud via Web Proxy.

Valid Values:

  • https

  • http

Default: https

  • gcs.proxy.host

  • gcs.proxy.port

Google Cloud

Defines the proxy host and port to connect to the Google Cloud via a proxy.

gcs.role.session.duration.seconds

Google Cloud

Defines the duration in seconds of the temporary access to Google Cloud Storage.

gcs.sse.kms.key.id

Google Cloud

Defines the GCS KMS Key ID to use for encryption.

This parameter is mandatory if gcs.sse.type is set to SSE-KMS.

gcs.sse.type

Google Cloud

Determines whether to use Customer-managed encryption keys in server-side encryption, as follows

  • (No Value): The default encryption without key management.

  • SSE-KMS: Server-Side Encryption with Customer Keys Stored in GCS-KMS .

gcs.useApplicationDefaultCredential

Google Cloud

Determines whether Google Cloud Application Default Credentials (ADC) authentication strategy is enabled.

Valid Values:

  • true

  • false

Default: false

oracle.enableDirectoryAsFileSeparator

Oracle Cloud

Determines whether to use file separator for a directory in Oracle Object Storage.

Valid Values:

  • true

  • false

Default: false

  • oracle.proxy.host

  • oracle.proxy.port

Oracle Cloud

Determines the proxy host and port when you connect to the Oracle Cloud Object Storage via a proxy.

oracle.proxy.scheme

Oracle Cloud

Determines the proxy scheme to connect to Oracle Cloud via a Web Proxy.

Valid Values:

  • https

  • http

Default: https

oracle.useMultipartDownloadOnDownloadToLocal

Oracle Cloud

Determines whether to download large files from Oracle Object Storage to the local file system in multipart.

Valid Values:

  • true

  • false

Default: true

resumeConnectionFromDestinationFileOffset

  • SFTP

  • FTP

  • File System

Determines whether to continue to retrieve the destination file size from the point of failure, after the system reconnects to the remote host. This is only for binary transfers to distributed systems.

Valid Values:

  • true

  • false

Default: true

sftp.action.adjust.incomplete.relative.path.prefix

SFTP

Determines whether to add a . (period) to relative paths, defined in the Move File or Rename File option in the Source File Action After Successful Completion attribute of a File Transfer job, when it is missing.

Valid Values:

  • true

  • false

Default: false

sftp.charset

SFTP

Defines a different character set when connecting to a remote SFTP server.

Default: UTF-8

ISO-8859-1

sftp.check.ciphers

SFTP

Determines the list of ciphers to omit from the default ciphers proposed by the client, and listed in sftp.ciphers

The sftp.ignore.check.ciphers parameter must be false.

sftp.check.kexes

SFTP

Determines the list of key exchange algorithms to omit from the default kex algorithms proposed by the client, and listed in sftp.kex.

The sftp.ignore.check.kexes parameter must be false.

sftp.check.macs

SFTP

Determines the list of MAC algorithms to omit from the default MAC algorithms proposed by the client, and listed in sftp.mac.

The sftp.ignore.check.macs parameter must be false

sftp.check.signatures

SFTP

Determines the list of signatures (host keys) to omit from the default signatures proposed by the client, and listed in sftp.signatures.

The sftp.ignore.check.signatures parameter must be false

sftp.checkSumMethod

SFTP

Determines the method to calculate the file checksum on remote SFTP servers.

Valid Values

  • MD5_HASH: Runs the SSH_FXP_EXTENDED ‘md5-hash’ SFTP extension.

  • DIGEST: Rereads the file from the server. This increases the total transfer activity time.

  • EXEC: Runs a remote execution on the SFTP server. The SFTP server must permit running remote SSH commands.

Default: MD5_HASH

sftp.ciphers

SFTP

Defines the ciphers to override the SFTP ciphers that are used when connecting to the SFTP server. The list must be specified with comma separated values.

aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr

sftp.enableSmartWildcardDirectoryListing

SFTP

Determines whether to enable the method to list the remote directory if the source patterns contain wildcards.

Valid Values:

  • true: The server filters the results, if supported. The directory listing uses wildcards, such as list /dir/a*.pdf.

  • false: The client filters the results. The directory listing is performed on the parent folder, such as list /dir/, and then filtered locally.

Default: false

sftp.flush

SFTP

Determines whether to ask SFTP server to flush any buffer than was sent (to verify the target file was updated in case of disconnections).

If set to true, performance might be affected.

Valid Values:

  • true

  • false

Default: false

sftp.ignore.check.ciphers

SFTP

Determines whether to omit ciphers listed in sftp.check.ciphers from the default ciphers proposed by the client, and listed in sftp.ciphers.

Valid Values:

  • true: sftp.ciphers is sent without changes.

  • falsesftp.ciphers is sent with changes.

Default: true

sftp.ignore.check.kexes

SFTP

Determines whether to omit ciphers listed in sftp.check.kexes from the default ciphers proposed by the client, and listed in sftp.kex.

Valid Values:

  • true: sftp.kex is sent without changes.

  • false: sftp.kex is sent with changes.

Default: true

sftp.ignore.check.macs

SFTP

Determines whether to omit ciphers listed in sftp.check.macs from the default ciphers proposed by the client, and listed in sftp.mac.

Valid Values:

  • true: sftp.mac is sent without changes.

  • false: sftp.mac is sent with changes.

Default: true

sftp.ignore.check.signatures

SFTP

Determines whether to omit ciphers listed in sftp.check.signatures from the default ciphers proposed by the client, and listed in sftp.signatures.

If set to true, sftp.signatures is sent without changes.

Valid Values:

  • true: sftp.signatures is sent without changes.

  • false: sftp.signatures is sent with changes.

Default: true

sftp.ignore.PreferredAuthentications

SFTP

Determines whether to ignore the preferred authentication list for the SFTP server.

sftp.ignoreIsRemoteDirCheckingWhenStoreFile

SFTP

Determines whether to skip checking the existence of the destination directory before a file is stored.

Valid Values:

  • true

  • false

Default: true

sftp.ignore.StrictHostKeyChecking

SFTP

Determines whether to perform the strict HostKey checking for the SFTP server.

Valid Values:

  • true

  • false

Default: false

sftp.StrictHostKeyChecking

SFTP

Determines the behavior when performing SFTP server strict HostKey checking.

Valid Values:

  • ask: Accepts new host keys, verify if the key exists and matching in the known_hosts file.

  • yes: Verifies if the key exists & matching in the known_hosts file.

  • no: Does not verify if the key exists and matching in the known_hosts file.

Default: ask

sftp.ignore.verify.signature

SFTP

Determines whether to perform the signature verification for the SFTP server.

Valid Values:

  • true

  • false

Default: false

sftp.kex

SFTP

Overrides the SFTP key exchange algorithms that are used when connecting to the SFTP server (comma-separated values).

ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1

sftp.mac

SFTP

Overrides the SFTP mac algorithms that are used when connecting to the SFTP server, with comma-separated values.

hmac-md5,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5-96

sftp.newline

SFTP

Defines CRLF or LF to override the ASCII End of Line control character abbreviation, when transferring with SFTP protocol and ASCII mode.

By default, End of Line is based on the Connection Profile OS type (Windows = CRLF, UNIX = LF).

Valid Values:

  • CRLF

  • LF

Default: Based on the OS type

sftp.pubkeyAcceptedAlgorithms

SFTP

Determines the list of accepted key algorithms.

sftp.signatures

SFTP

Determines the list of host key signature algorithms.

sftp.verbose

SFTP

Determines the SFTP connection detail level displayed in the job output.

The parameter is relevant only if you want to include additional information to the details that already appear in the job output.

Valid Values

  • info: Only the chosen key exchange, host key type, ciphers, and MAC and compression algorithms are printed.

  • debug: The chosen algorithms, and the client and server proposals are printed in the job output.

Default: No verbose information is printed.

sftp.remove.directory.trailing.slash

SFTP

Determines whether the remote SFTP server enforces omitting a trailing slash when running directory operations, such as mkdir and rmdir.

Default: Trailing slash

true or false

slowdown.rate.millisecond

  • SFTP

  • FTP

  • File System

Determines the number of milliseconds to wait between each read and write operation during transfer when the remote server is very slow.

300

s3.enable.global.bucket.access

S3

Forces global bucket access on the MFT S3 client for that connection profile.

Valid Values:

  • true

  • false

Default

  • false: If you enable access to an S3-compatible storage.

  • true: If you enable access to AWS.

s3.compatible.storage.region

S3

Determines which region to use when connecting to a compatible S3 storage server.

s3.disable.chunked.encoding

S3

Disables chunked transfer encoding for object writes and reads.

Valid Values:

  • true

  • false

Default: false

s3.disable.multipart.upload

S3

Determines whether to disable multipart uploads for files size range of 16 MB–5 GB.

Valid Values:

  • true

  • false

Default: false

s3.proxy.host

S3

Determines the hostname or IP address of the web proxy server.

The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters).

s3.proxy.port

S3

Determines the port number of the web proxy server.

The Connection Profile web proxy server settings override the Configuration Management web proxy server settings (see MFT Client Configuration Parameters).

s3.role.arn

S3

Defines the Amazon Resource Name of the role, which provides temporary access credentials when you assume the role.

s3.role.mfa.serial

S3

Determines the serial number of the MFA device of the S3 role.

s3.role.session.duration.seconds

S3

Determines the duration of the temporary access defined in s3.role.arn.

s3.role.external.id

S3

Determines the external ID of the S3 role.

s3.set.api.version

S3

Determines which REST API version to use .

Default: 2

s3.set.bucket.owner.full.control.canned.acl

S3

Determines whether to provide full access to objects uploaded to any bucket in this connection profile.

Valid Values:

  • true

  • false

Default: false

s3.set.http.connection.protocol

S3

Determines whether to use HTTP instead of HTTPS for S3 connections.

Valid Values:

  • true

  • false

Default: false

s3.addChecksumForLocalFiles

S3

Determines whether the file upload request includes the MD5 checksum of the file when it transfers from a local or network file system to S3.

Valid Values:

  • true

  • false

Default: false

s3.handle.content.type

S3

Determines whether to adjust the file content-type based on the file type or extension when files upload to S3.

Valid Values:

  • true

  • false

Default: false

s3.skip.bucket.exist.check

S3

Determines whether to skip the verification process that checks if a specified S3 bucket exists before the files transfer.

Valid Values:

  • true

  • false

Default: false

s3.useDefaultCredentialProviderChain

S3

Determines whether to use the Instance profile credentials delivered through the Amazon EC2 metadata service.

Valid Values:

  • true

  • false

Default: false

This option only works when Control-M MFT and the Agent are running on an EC2 instance.

s3.useMultipartDownloadOnDownloadToLocal

S3

Determines whether to perform multipart download for large files from S3 Storage to the local file system.

Valid Values:

  • true

  • false

Default: false

s3.useTransferManagerWhenSinglePartUpload

S3

Determines whether to perform single-part file uploads with the Transfer Manager instead of streamed buffers.

Valid Values:

  • true

  • false

Default: false

s3.use.virtual.hosted.style

S3

Determines whether to use the virtual-hosted style, such as mybucket1.s3-eu-west-1.amazonaws.com, for S3 buckets on S3 API calls.

Valid Values:

  • true

  • false

Default: false

s3.sse.type

S3

Determines one of the following server-side encryption methods:

  • SSE-S3: Server-Side Encryption with Amazon S3 Managed Keys.

  • SSE-KMS: Server-Side Encryption with Customer Keys Stored in AWS KMS.

s3.sse.kms.key.id

S3

Defines the AWS KMS Key ID to use for encryption.

If this parameter is not defined, the AWS managed key is used.

This parameter is only relevant when s3.sse.type is set to SSE-KMS.

source.filename.pattern.date.format

All

Determines the date format when you search for files that contain a date pattern, such as <TODAY>, in the File Transfer job source path.

Default: YYYYMMDD

destination.filename.pattern.date.format

All

Determines the date format when you define a date pattern, such as <TODAY>, in the destination filename in the File Transfer job destination path.

Default: YYYYMMDD

spo.proxy.scheme

SharePoint

Determines which proxy scheme to use when connecting to SharePoint via the Web Proxy.

Valid Values:

  • https

  • http

Default: https

  • spo.proxy.host

  • spo.proxy.port

SharePoint

Defines the proxy host and port to connect to the SharePoint Online via the Web Proxy.

spo.proxy.nonProxyHosts

SharePoint

Defines the list of hosts to access directly, and bypass the proxy, when you connect to SharePoint Online via the Web Proxy.

This parameter is useful if certain hosts are within the local network, and do not require a proxy for access.

Use the | character as a separator.

localhost|127.0.0.1|*.local|*.my-co.com

spo.root.site.id

SharePoint

Defines the ID of the site configured to be the root site. This site is considered a root site for Control-M only. It is not changed in SharePoint.

spo.ignoreFailureWhenUploadingFileInParts

SharePoint

Determines whether to ignore SharePoint errors when files are uploaded with multipart uploads.

Valid Values:

  • true

  • false

Default: false

  • spo.listSites.displayAllSitesInTenant

  • spo.listSites.displayAllSubSitesInTenant

SharePoint

Determines whether to display a list of all sites and sub-sites for a specific tenant via the UI.

spo.listSites.useSearchQuery

SharePoint

Determines whether to list sites generated from an alternative search query method.

Valid Values:

  • true

  • false

Default: false

spo.listSites.searchQuery.enablePrivateContent

SharePoint

Determines whether to enable private site content generated from an alternative search query method.

Valid Values:

  • true

  • false

Default: false

spo.listSites.searchQuery.regionCode

SharePoint

Determines the Microsoft regional code for an alternative search query method.

Valid Values:

APC,AUS,BRA,CAN,EUR,FRA,DEU,IND,ISR,ITA,JPN,KOR,NAM,NOR,POL,QAT,ZAF,SWE,CHE,ARE,GBR,US

Default: EUR

spo.listSites.useSiteDisplayName

SharePoint

Determines whether the list should contain the site display name or site physical name in the UI.

Valid Values:

  • true

  • false

Default: true

  • spo.pageSizeInSearchFiles

  • spo.pageSizeInSearchItems

SharePoint

Defines the number of files or items per page in SharePoint Online.

Default:

  • 1,000 files

  • 500 items

spo.requestMaxAttempts

SharePoint

Defines the maximum number of retries when a request to SharePoint Online fails.

Default: 3

spo.useMultipartDownloadOnDownloadToLocal

SharePoint

Determines whether to perform multipart download of large files from SharePoint Online to the local file system.

Valid Values:

  • true

  • false

Default: true

ssl.keystore.keyalias

FTPS

Overrides the keystore alias.

ssl.provider.options.tlsciphersuite

FTPS

Overrides the enabled cipher suites.

ssl.provider.options.sslprotocol

FTPS

Overrides the enabled SSL protocols such as, SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

If you want to work with SSLv3, mark the jdk.tls.disabledAlgorithms=SSLv3 attribute with #, and then restart the container.

This parameter affects only the connection to the host which is defined in the connection profile. To limit the whole MFT module to specific TLS versions, you can configure the tls_protocols parameter in mft_startup.properties and hub_startup.properties file, and then restart the Agent.

Valid Values:

  • TLSv1.3

  • TLSv1.2

Default:

  • TLSv1.3, TLSv1.2: TLSv1.3 and TLSv1.2 are both enabled but TLSv1.3 takes precedence

transfer.bufferSize

  • SFTP

  • FTP

  • File System

Defines the buffer size for every chunk sent during a file transfer. This parameter overrides the following parameters in aft_configurable.properties:

  • com.bmc.aft.configurable.ftp.bufferSize

  • com.bmc.aft.configurable.localBufferSize .

Default: 32,768

transfer.fail.job.file.count

All

Defines the maximum file count allowed for an MFT job to transfer in a single transfer. The job fails when the total count exceeds this amount.

Default: 500,000

transfer.fail.job.file.volume.MB

All

Defines the maximum file volume allowed for an MFT job to transfer in a single transfer. The job fails when the size of the files exceeds the volume. Set the value to 0 for unlimited volume.

Default: 0

transfer.max.files.to.transfer

All

Defines the maximum file count to transfer from the source directory in a single transfer. The minimum value is one.

ui.max.records.in.list

All

Limits or extends the number of records returned to the File Transfer browser dialog.

10,000 records are returned be default.

20000

useDefaultSearchFilesForLocal

File System

Determines whether to search for local files with the default search algorithm.

Valid Values:

  • true: Searches with the default search algorithm.

  • false: Searches with an updated search algorithm that uses file streams to list directories (introduced in Control-M MFT 9.0.20).

Default: false

use.proxy

  • SFTP

  • FTP

  • File System

 

Determines whether to connect to the SFTP, FTP, or S3 server via Web Proxy, if enabled in the Configuration Management window.

Valid Values:

  • true

  • false

Default: true