Machine Learning Connection Profiles

The following topics describe the connection profile parameters for Machine Learning platforms and services:

Amazon SageMaker Connection Profile Parameters
Azure Machine Learning Connection Profile Parameters
GCP Vertex AI Connection Profile Parameters
OCI Data Science Connection Profile Parameters

Amazon SageMaker Connection Profile Parameters

Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.

For more information about this plug-in, see Control-M for Amazon SageMaker.

The following table describes the Amazon SageMaker connection profile parameters.

Parameter	Description
SageMaker URL	Defines the Amazon SageMaker API authentication endpoint in the following format: https://sagemaker.<region name>.amazonaws.com https://sagemaker.us-east-1.amazonaws.com
AWS Region	Determines the AWS region where the job is located. us-east-2
Authentication	Determines one of the following authentication methods: AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure. AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.
AWS Access Key	Defines the access key assigned to the account with the relevant permissions to the AWS service.
AWS Secret	Defines the secret access key assigned to the account with the relevant permissions to the AWS service.
IAM Role	Defines the Identity and Access Management (IAM) role name of the AWS service connection in the following format:<role-name> The IAM role must be attached to the EC2 agent that runs the job.
Use External Vault	Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.
Connection Timeout	Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30

Azure Machine Learning Connection Profile Parameters

For more information about this plug-in, see Control-M for Azure Machine Learning.

The following table describes the Azure Machine Learning connection profile parameters.

Parameter	Authentication Method	Description
Azure Login URL	Service Principal Managed Identity	Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.
Azure Management URL		Defines the Azure service endpoint that enables you to perform API calls and retrieve the token for authentication. Default: https://management.azure.com/Azure
Azure ML URL		Defines the authentication endpoint base URL for Azure Machine Learning, which is used to perform API calls, and which is based on the following format: https://<Location_Name>.api.azureml.ms/ https://eastus.api.azureml.ms/
Location Name		Determines the region where the Azure Machine Learning jobs are located. eastus
Subscription ID	Service Principal Managed Identity	Defines the Azure account ID of your organization.
Authentication Method	Service Principal Managed Identity	Determines one of the following authentication methods: Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if Control-M/Agent is installed on-premises or on another (non-Azure) cloud vendor. Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.
Specify Managed Identity Client ID	Managed Identity	Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.
Managed Identity Client ID	Managed Identity	Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID.
Tenant ID	Service Principal	Defines the Azure tenant ID for your organization.
Application ID	Service Principal	Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.
Client Secret	Service Principal	Defines the password associated with the Service Principal/registered application.
Use External Vault	Service Principal	Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.
Connection Timeout		Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50

GCP Vertex AI Connection Profile Parameters

For more information about this plug-in, see Control-M for GCP Vertex AI.

The following table describes the GCP Vertex AI connection profile parameters.

Parameter	Description
Identity Type	Determines one of the following authentication types that utilize GCP Access Control: Service Account: Authenticates with an application ID (service account) and client secret. IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.
Service Type	Determines one of the following types of Google service: Pipeline Instance
GCP Vertex AI URL	Determines the Google Cloud Platform (GCP) authentication endpoint for Vertex AI in one of the following formats: Pipeline: https://{{location}}-aiplatform.googleapis.com Notebook: https://notebooks.googleapis.com
Location	Determines the region where the job runs. us-central1
Service Account Key	(Service Account) Defines a service account that is associated with an RSA key pair.
Use External Vault	Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.
HTTP Codes	Defines the HTTP codes that trigger a rerun of a job step if detected in the response. Multiple HTTP codes must be separated with a space. You cannot rerun a step with HTTP codes when you perform manual execution, such as rerun from point of failure. Default: 429
Rerun Interval	Defines the number of seconds to wait before Control-M reruns the job step. Default: 10
Rerun Attempts	Defines the number of attempts to rerun a job step. Default: 3
Connection Timeout	Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20

OCI Data Science Connection Profile Parameters

For more information about this plug-in, see Control-M for OCI Data Science.

The following table describes the OCI Data Science connection profile parameters.

Parameter	Authentication Method	Description
OCI Instances URL	All methods	Defines the OCI Data Science URL in the following format: https://datascience.<region>.oci.oraclecloud.com/20190101
OCI Region	All methods	Determines the region where OCI Data Science is located. ap-melbourne-1 eu-madrid-1
Authentication	All methods	Determines one of the following authentication methods: Defined Parameters: Defines authentication parameters in the connection profile. Configuration File: Uses a configuration file that contains authentication credentials and is stored on the Agent. The following configuration file example defines two profiles: DEFAULT for Linux and PROFILE2 for Windows: Copy [DEFAULT] user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e region=us-phoenix-1 key_file=/home/dbauser/key.pem [PROFILE2] user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e region=us-phoenix-1 key_file=C:\\Users\\dbauser\\key.pem
User OCID	Defined Parameters	Defines an individual user within the OCI environment.
Tenancy OCID	Defined Parameters	Defines the OCI Tenacy ID in OCI Data Science, which is a global unique identifier for this account within the OCI environment.
Fingerprint	Defined Parameters	Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.
Private Key	Defined Parameters	Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources.
Use External Vault	Defined Parameters	Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.
Config File Path	Configuration File	Defines the Agent-based pathname to the configuration file that contains authentication credentials. UNIX: home/user1/config/pem.pem Windows: C:\Users\user1\config\pem.pem
Profile	Configuration File	Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.
Connection Timeout	All methods	Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20