If the Hadoop cluster uses Kerberos authentication or SSL/TLS, you must configure the Informatica domain to access the cluster. If the cluster uses transparent encryption, you must configure the Key Management Server (KMS) for Informatica user access.
Depending on the security implementation on the cluster, you must perform the following tasks:
Cluster uses Kerberos authentication.
You must configure the Kerberos configuration file on the Data Integration Service machine to match the Kerberos realm properties of the Hadoop cluster. Verify that the Hadoop Kerberos properties are configured in the Data Integration Service and the Metadata Access Service.
Cluster uses SSL/TLS.
You must import security certificates to the Data Integration Service and the Metadata Access Service machines.
Cluster uses transparent encryption.
If the transparent encryption uses Cloudera Java KMS, Cloudera Navigator KMS, or Apache Ranger KMS, you must configure the KMS for Informatica user access.
Cluster uses Enterprise Security Package.
If an Azure HDInsight cluster uses Enterprise Security Package and ADLS storage, perform the following tasks:
Create a keytab file on any one of the cluster nodes for the specific user. To create a keytab file, use the ktutil command.
In the Azure portal, assign the Owner role to the Azure HDInsight cluster service principal display name.
Log in to Ambari Web UI with the Azure Active Directory user credentials to generate the OAuth token for authentication for the following users:
Keytab user
Hadoop impersonation user
Hadoop staging user
Blaze user
Operating system profile user
For more information, see the
Informatica Big Data Management Administrator Guide