Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Enabling Secure Communication for the Domain in the Administrator Tool

Enabling Secure Communication for the Domain in the Administrator Tool

You can use the Administrator tool to enable secure communication for the domain. When you enable secure communication in the Administrator tool, you must also run infasetup commands to update the nodes.
When you enable the Secure Communication option in the Administrator tool, you also need to run the infasetup command to update Informatica configuration files on each node. To specify the SSL certificate files to use, specify the keystore and truststore files when you run the infasetup command.
To update the Informatica configuration files on each node, use the following commands:
infasetup UpdateGatewayNode
Use the UpdateGatewayNode command to enable secure communication for the Service Manager on a gateway node in a domain. If the domain has multiple gateway nodes, run the UpdateGatewayNode command on each gateway node.
infasetup UpdateWorkerNode
Use the UpdateWorkerNode command to enable secure communication for the Service Manager on a worker node in a domain. If the domain has multiple worker nodes, run the UpdateWorkerNode command on each worker node.
To enable secure domain communication from the Administrator tool, perform the following steps:
  1. On the Administrator tool, select the domain.
  2. In the contents panel, click the Properties view.
  3. Go to the General Properties section and click Edit.
  4. On the Edit General Properties window, select Enable Secure Communication.
  5. Click OK
  6. Shut down the domain.
    The domain must be shut down before you run the infasetup commands.
  7. Run infasetup with the required options and arguments.
    Enter the following command:
    • Windows: infasetup UpdateGatewayNode or infasetup UpdateWorkerNode
    • UNIX: infasetup.sh UpdateGatewayNode or infasetup.sh UpdateWorkerNode
    To configure secure communication on the nodes, run the commands with the following options:
    Option Argument Description
    -EnableTLS
    -tls
    enable_tls Configures secure communication for the services in the Informatica domain.
    -NodeKeystore
    -nk
    node_keystore_directory Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the keystore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain keystore files in PEM and JKS formats. The keystore files must be named infa_keystore.jks and infa_keystore.pem
    You can use the same keystore file for multiple nodes.
    -NodeKeystorePass
    -nkp
    node_keystore_password Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_keystore.jks file.
    -NodeTruststore
    -nt
    node_truststore_directory Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the truststore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain truststore files in PEM and JKS formats. The truststore files must be named infa_truststore.jks and infa_truststore.pem.
    You can use the same truststore file for multiple nodes.
    -NodeTruststorePass
    -ntp
    node_truststore_password Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_truststore.jks file.
  8. Run the infasetup command on each node in the domain.
    If you have multiple gateway nodes in the domain, run infasetup UpdateGatewayNode on each gateway node. If you have multiple worker nodes, run infasetup UpdateWorkerNode on each worker node. You must use the same keystore and truststore files for all nodes in the domain.
  9. Restart the domain.
After you complete updating all nodes in the domain, you must update the machines that host the Informatica client tools. Set the location of the SSL certificates in the Informatica truststore environment variables.


Updated October 10, 2019


Explore Informatica Network