Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Enabling Secure Communication for the Domain in the Administrator Tool

Enabling Secure Communication for the Domain in the Administrator Tool

You can use the Administrator tool to enable secure communication for the domain. When you enable secure communication in the Administrator tool, you must also run infasetup commands to update the nodes.
When you enable the Secure Communication option in the Administrator tool, you also need to run the infasetup command to update Informatica configuration files on each node. To specify the SSL certificate files to use, specify the keystore and truststore files when you run the infasetup command.
To update the Informatica configuration files on each node, use the following commands:
infasetup UpdateGatewayNode
Use the UpdateGatewayNode command to enable secure communication for the Service Manager on a gateway node in a domain. If the domain has multiple gateway nodes, run the UpdateGatewayNode command on each gateway node.
infasetup UpdateWorkerNode
Use the UpdateWorkerNode command to enable secure communication for the Service Manager on a worker node in a domain. If the domain has multiple worker nodes, run the UpdateWorkerNode command on each worker node.
To enable secure domain communication from the Administrator tool, perform the following steps:
  1. On the Administrator tool, select the domain.
  2. In the contents panel, click the
    Properties
    view.
  3. Go to the
    General Properties
    section and click
    Edit
    .
  4. On the
    Edit General Properties
    window, select
    Enable Secure Communication
    .
  5. Click
    OK
  6. Shut down the domain.
    The domain must be shut down before you run the infasetup commands.
  7. Run infasetup with the required options and arguments.
    Enter the following command:
    • Windows:
      infasetup UpdateGatewayNode
      or
      infasetup UpdateWorkerNode
    • UNIX:
      infasetup.sh UpdateGatewayNode
      or
      infasetup.sh UpdateWorkerNode
    To configure secure communication on the nodes, run the commands with the following options:
    Option
    Argument
    Description
    -EnableTLS
    -tls
    enable_tls
    Configures secure communication for the services in the Informatica domain.
    -NodeKeystore
    -nk
    node_keystore_directory
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the keystore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain keystore files in PEM and JKS formats. The keystore files must be named infa_keystore.jks and infa_keystore.pem
    You can use the same keystore file for multiple nodes.
    -NodeKeystorePass
    -nkp
    node_keystore_password
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_keystore.jks file.
    -NodeTruststore
    -nt
    node_truststore_directory
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Directory that contains the truststore files. The Informatica domain requires the SSL certificate in PEM format and in Java Keystore (JKS) files. The directory must contain truststore files in PEM and JKS formats. The truststore files must be named infa_truststore.jks and infa_truststore.pem.
    You can use the same truststore file for multiple nodes.
    -NodeTruststorePass
    -ntp
    node_truststore_password
    Optional if you use the default SSL certificate from Informatica. Required if you use your SSL certificate. Password for the infa_truststore.jks file.
  8. Run the infasetup command on each node in the domain.
    If you have multiple gateway nodes in the domain, run infasetup UpdateGatewayNode on each gateway node. If you have multiple worker nodes, run infasetup UpdateWorkerNode on each worker node. You must use the same keystore and truststore files for all nodes in the domain.
  9. Restart the domain.
After you complete updating all nodes in the domain, you must update the machines that host the Informatica client tools. Set the location of the SSL certificates in the Informatica truststore environment variables.

0 COMMENTS

We’d like to hear from you!