Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Enabling Secure Communication for the Domain from the Command Line

Enabling Secure Communication for the Domain from the Command Line

Use the infacmd and infasetup commands to enable secure communication for the domain. After you enable secure communication, you must restart the domain for the change to take effect.
To use your SSL certificate files, specify the keystore and truststore files when you run the infasetup command.
To configure secure domain communication from the command line, use the following commands:
infacmd isp UpdateDomainOptions
Use the UpdateDomainOptions command to set the secure communication mode for the domain.
infasetup UpdateGatewayNode
Use the UpdateGatewayNode command to enable secure communication for the Service Manager on a gateway node in a domain. If the domain has multiple gateway nodes, run the UpdateGatewayNode command on each gateway node.
infasetup UpdateWorkerNode
Use the UpdateWorkerNode command to enable secure communication for the Service Manager on a worker node in a domain. If the domain has multiple worker nodes, run the UpdateWorkerNode command on each worker node.
  1. Verify that the domain you want to secure is running.
  2. Update the domain.
    Run the following command with the required options and arguments:
    • Windows:
      infacmd isp UpdateDomainOptions
    • UNIX:
      infacmd.sh isp UpdateDomainOptions
    To configure secure communication for the domain, include the following option when you run the infacmd command:
    Option
    Argument
    Description
    -DomainOptions
    -do
    option_name=value
    Set the following option to configure secure communication for the domain:
    TLSMode=True
  3. Shut down the domain.
    The domain must be shut down before you run the infasetup commands.
  4. Run infasetup with the required options and arguments.
    Enter the following command:
    • Windows:
      infasetup UpdateGatewayNode
      or
      infasetup UpdateWorkerNode
    • UNIX:
      infasetup.sh UpdateGatewayNode
      or
      infasetup.sh UpdateWorkerNode
    To configure secure communication on the nodes, run the commands with the following options:
    Option
    Argument
    Description
    -EnableTLS
    -tls
    enable_tls
    Configures secure communication for the services in the Informatica domain.
    -NodeKeystore
    -nk
    node_keystore_directory
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the keystore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain keystore files in PEM and JKS formats. The keystore files must be named infa_keystore.jks and infa_keystore.pem
    You can use the same keystore file for multiple nodes.
    -NodeKeystorePass
    -nkp
    node_keystore_password
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_keystore.jks file.
    -NodeTruststore
    -nt
    node_truststore_directory
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the truststore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain truststore files in PEM and JKS formats. The truststore files must be named infa_truststore.jks and infa_truststore.pem.
    You can use the same truststore file for multiple nodes.
    -NodeTruststorePass
    -ntp
    node_truststore_password
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_truststore.jks file.
  5. Run the infasetup command on each node in the domain.
    If you have multiple gateway nodes in the domain, run infasetup UpdateGatewayNode on each gateway node. If you have multiple worker nodes, run infasetup UpdateWorkerNode on each worker node. You must use the same keystore and truststore files for all nodes in the domain.
  6. Restart the domain.
After you complete updating all nodes in the domain, you must update the machines that host the Informatica client tools. Set the location of the SSL certificates in the Informatica truststore environment variables.

0 COMMENTS

We’d like to hear from you!