README.md

Use Case 1 - Getting Data from an External Third Party

This use case demonstrates how RAD Cycles can orchestrate their data workflows using Control-M MFT/MFTE.

RAD Cycles receives raw order material from authorized third-party providers across multiple countries. This data needs to be sent to AWS S3 for analysis.

Approach: We will use Control-M MFTE to retrieve data from the external third party. Then, Control-M MFT will automatically transfer the data to AWS S3. Finally, the order data will be processed, generating an order bill, which will be sent back to the user via an MFT Job.

MFT/E Tech Day - Accesses

RAD Cycles utilizes an AWS environment for its data pipeline and analysis through various AWS services.

The following use cases highlight some current challenges faced by RAD Cycles and how Control-M MFT/E capabilities—including native integrations and governance controls—help resolve these challenges.

Use the links below to proceed to the next use cases:

Control-M Web: https://ec2-13-38-25-95.eu-west-3.compute.amazonaws.com:8446/ControlM/

Control-M Web Configuration: https://ec2-13-38-25-95.eu-west-3.compute.amazonaws.com:8446/Configuration

Control-M MFTE Environment: https://ec2-13-38-25-95.eu-west-3.compute.amazonaws.com:8446/mfte/environment

MFT Gateway Exchange: https://ec2-13-37-217-250.eu-west-3.compute.amazonaws.com:9443/

Note: Each of you will have a user name that will be provided by the instructor during the technical session.

Step 1 - MFTE Configuration

1. Access MFTE Enterprise Configuration:

   • In Control-M Web, click the three dots in the upper-right corner.
   • Select MFT Enterprise.

   

2. Create Your MFTE User:

   • Navigate to the Users tab and click Add User.
   • Enter your student ID as the username (e.g., student01).

   

   • Check “Generate Password” (you will receive the password via email once the user is created).

   

   • Ensure “User must log in to File Exchange and change password” is selected.
   • Finally click on Add

3. Log in to File Exchange:

   • Check your email for the password.

   

   • Click the File Exchange link received via email or, alternatively, click this link and change your password during your first login: https://ec2-13-37-217-250.eu-west-3.compute.amazonaws.com:9443/

   

   • Once the password is changed, you will receive an email notifying it.

   

4. Create a Virtual Folder:

   • Navigate back to the MFT Enterprise Configuration page.
   • Click on Virtual Folders and select Add Virtual Folder.

   

   • Name it the same as your user ID.
   • Observe the permissions for virtual folders and sub-folders—these restrict external trading partners to only necessary access.

   

   • Update the Policy Section accordingly, then click Add.

   

5. Modify MFTE Rules:

   • Navigate to the Rules section.
   • Search for the rule named TechDayRule.
   • Select the rule and click Duplicate.

   

   • Rename it by appending your student ID (e.g., TechDayRule_student01).

   

   • Update the Condition:
     • Go to to If file arrives in a specific virtual folder
       • Replace the admin Virtual Folder and search for and update the condition with your Virtual Folder name e.g. student99
     • Keep the condition “If file pattern is orderID*.csv” as is.
   • Click Duplicate.

Step 2 - Centralized Conection Profile and Workflow Creation

1. Open Control-M Web:

   • Go to Planning Domain.
   • In Folders and Jobs, filter by folder name MFT_Sales_Analysis-student00.

   

   • Open the workspace do not modify it, and click on (New dialog will be opened).

   • Under Name provide your studentID e.g. student99 and click on Duplicate (new tab) will be opened

   

2. On the new workspace select the folder and rename it with the following definition.

   Parameter	Value
   Folder Name	MFT_Sales_Analysis-<YOUR_studentID>
   Run Method	Manual
   Application	MFT
   Sub Application	MFT
   Site Standard	MFT-TechDay

   • Your folder should have the definition like the image below.

   

3. Check Connection Profile in job get-order-data-to-S3:

   

   • Click the three dots in the upper-right corner and select Configuration.

   

   • Click the orange arow and select Centralized Connection Profiles.

   

   • Filter by File Transfer Plugin and search for AWS.

   

4. Update Connection Profile:

   • There are two highlighted Connection Profiles:
     • DAV_AWS (uses Access Key & Secret Key for S3 access).
     • AWS_IAM_ROLE (uses an IAM Role instead of access keys).

   

   Note: The difference here is that the DAV_AWS CCP connects to AWS S3 using only the Access Key and Secret Access Key method. This means that any policies linked to that Access Key will apply, granting access to everything specified in those policies. In this case, it allows access to all S3 buckets.

   Now, imagine a scenario where you don’t want to use Access Keys for authorization but prefer using an IAM role instead. This is where a new Connection Profile Parameter called s3.role.arn comes in.

   If you check the other Connection Profile highlighted, you’ll see an extra parameter added with the value arn:aws:iam::390426403709:role/drc-dba-mft-tech-day. This means that an AWS IAM role is being used for authorization instead of Access Keys.

   

   • If we take a look at AWS for permissions associated with this role, it is restricted only to one S3 bucket.
   • Here is the associated policy with the role restricted to S3 Bucket: drc-dba-mft-tech-day

   

   • To enhance security, switch to AWS_IAM_ROLE, which restricts access to a specific S3 bucket.

   • In the get-order-data-to-S3 job:

     • Navigate to the Connection Profile.
     • Click the three dots and replace DAV_AWS with AWS_IAM_ROLE.

     

     • Click Select.

     

     • You will notice the bucket definition is empty

     

     • Now if you try to browse through buckets, the associated IAM Role policy limits access.

     

     • Hence you need to manually enter Bucket name as drc-dba-mft-tech-day

     

     • Under the file transfer definition include the following definition: Left side:

       /b2bhome/%%user/incoming/orderID_%%user..csv

       Right side:

       /orders/provider_id=%%user/

   • The defition should be as the image below:

   

   Note: We are using variables on the file transfer definition, which comes from the Rule defined on the MFTE Section (we will see it on the following steps).

• Once changes are done, save and check-in the folder.

Step 3 - Updating MFTE Rule

1. Locate Your Rule:

   • Navigate to the rule you created earlier (e.g., TechDayRule_student01).

2. Modify Actions:

   • Under Run Folder, replace with:
     MFT_Sales_Analysis-Your_student_ID (e.g., MFT_Sales_Analysis-student01).

     

   • Observe the email notification action—this should remain unchanged.

   

   • Once the file is uploaded, you will receive an email confirmation with details of the received file.

3. Save Changes:

   • Click Save.

Summary

Congratulations! You have successfully:

✅ Configured MFTE users and virtual folders.

✅ Defined and modified MFTE rules.

✅ Created a Control-M MFT workflow.

✅ Integrated AWS IAM Roles for secure file transfers.

You now have the basic knowledge to leverage **Control-M MFTE** for automated and secure data exchanges.

Continue to Use Case 2, where we will automatically process the received data