Machine Learning Connection Profiles

The following topics describe the connection profile parameters for Machine Learning platforms and services:

AWS SageMaker Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for AWS SageMaker.

The following table describes the AWS SageMaker connection profile parameters.

Parameter

Description

SageMaker URL

Defines the AWS SageMaker API authentication endpoint.

Format: https://sagemaker.<region name>.amazonaws.com

https://sagemaker.us-east-1.amazonaws.com

AWS Region

Determines the region where the AWS SageMaker jobs are located.

us-east-1

Authentication

Determines one of the following authentication methods:

  • AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

  • AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access Key

Defines the AWS SageMaker account access key.

AWS Secret

Defines the AWS SageMaker account secret access key.

IAM Role

Defines the Identity and Access Management (IAM) role name for the AWS SageMaker connection.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SageMaker before a timeout occurs.

Default: 30

Azure Machine Learning Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for Azure Machine Learning.

The following table describes the Azure Machine Learning connection profile parameters.

Parameter

Description

Azure Login URL

(Service Principal) Defines the Azure Active Directory (AD) API authentication endpoint.

Default: https://login.microsoftonline.com

Azure Management URL

Defines the Azure Management URL, which is used to get the token for a service principal authentication and to perform API calls.

Default: https://management.azure.com/Azure

Azure ML URL

Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format:

https://<Location_Name>.api.azureml.ms/

https://eastus.api.azureml.ms/

Location Name

Determines the region where the Azure Machine Learning jobs are located.

eastus

Subscription ID

Determines the Azure account subscription ID, which can be retrieved from the Azure portal.

Authentication Method

Determines one of the following identity types to connect to Azure Machine Learning:

  • Managed Identity: Enables you to access other Azure AD-protected resources. The identity is managed by the Azure platform and does not require you to provide credentials within Control-M. Use this option if the Agent is installed on an Azure virtual machine that has an assigned Managed Identity with the required permissions.

  • Service Principal: An Azure service principal, also known as App Registration, is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, which gives the Azure Administrator control over which resources can be accessed and at which level. Use this option if the Agent is installed on-premises or on an Azure virtual machine.

Specify Managed Identity Client ID

(Managed Identity) Determines whether the client ID for your managed identity is specified by the Managed Identity Client ID parameter.

Use this option if you are using the Managed Identity authentication method and you have multiple managed identities defined on your Azure virtual machine.

Managed Identity Client ID

(Managed Identity) Determines which client ID to use as the managed identity.

This parameter requires a value only if you have multiple managed identities defined on your Azure virtual machine and you selected the Specify Managed Identity Client ID checkbox.

If you have only one managed identity, it is detected automatically.

Tenant ID

(Service Principal) Defines the ID where the Azure Machine Learning is created.

Application ID

(Service Principal) Defines the Azure identity of a Service Principal that is granted access to interact with Azure Machine Learning.

Client Secret

(Service Principal) Defines the password of the Service Principal.

Use External Vault

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to Azure Machine Learning before a timeout occurs.

Default: 50

OCI Data Science Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for OCI Data Science.

The following table describes the OCI Data Science connection profile parameters.

Parameter

Authentication Method

Description

OCI Data Science URL

All methods

Defines the OCI Data Science URL in the following format:

https://datascience.<region>.oci.oraclecloud.com/20190101

OCI Region

All methods

Determines the region where OCI Data Science is located.

ap-melbourne-1

eu-madrid-1

Authentication

All methods

Determines one of the following authentication methods:

  • Defined Parameters: Defines authentication parameters in the connection profile.

  • Configuration File: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

    The following example of a configuration file defines the DEFAULT profile for Linux and the PROFILE2 profile for Windows.

    Copy
    [DEFAULT] 
    user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
    region=us-phoenix-1
    key_file=/home/dbauser/key.pem 

    [PROFILE2] 
    user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
    tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
    fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
    region=us-phoenix-1
    key_file=C:\\Users\\dbauser\\key.pem

User OCID

Defined Parameters

Defines an individual user within the OCI environment.

Tenancy OCID

Defined Parameters

Defines the OCI Tenancy ID in OCI Data Science, which is a global unique identifier for this account within the OCI environment.

Fingerprint

Defined Parameters

Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.

Private Key

Defined Parameters

Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

Use External Vault

Defined Parameters

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Config File Path

Configuration File

Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent.

UNIX: home/user1/config/pem.pem

Windows: C:\Users\user1\config\pem.pem

Profile

Configuration File

Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.

Connection Timeout

All methods

Determines the number of seconds to wait after Control-M initiates a connection request to OCI Data Science before a timeout occurs.

Default: 20