Informatica®

10.5.2

Installation for Data Privacy

Management
Informatica Installation for Data Privacy Management
10.5.2
© Copyright Informatica LLC 1998, 2022

This software and documentation are provided only under a separate license agreement containing restrictions on use and disclosure. No part of this document may be
reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC.

Informatica, the Informatica logo, PowerCenter, and PowerExchange are trademarks or registered trademarks of Informatica LLC in the United States and many
jurisdictions throughout the world. A current list of Informatica trademarks is available on the web at https://www.informatica.com/trademarks.html. Other company
and product names may be trade names or trademarks of their respective owners.

Subject to your opt-out rights, the software will automatically transmit to Informatica in the USA information about the computing and network environment in which the
Software is deployed and the data usage and system statistics of the deployment. This transmission is deemed part of the Services under the Informatica privacy policy
and Informatica will use and otherwise process this information in accordance with the Informatica privacy policy available at https://www.informatica.com/in/
privacy-policy.html. You may disable usage collection in Administrator tool.

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial
computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such,
the use, duplication, disclosure, modification, and adaptation is subject to the restrictions and license terms set forth in the applicable Government contract, and, to the
extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License.

The product includes ACE(TM) and TAO(TM) software copyrighted by Douglas C. Schmidt and his research group at Washington University, University of California,
Irvine, and Vanderbilt University, Copyright (©) 1993-2006, all rights reserved.

This product includes Curl software which is Copyright 1996-2013, Daniel Stenberg, <[email protected]>. All Rights Reserved. Permissions and limitations regarding this
software are subject to terms available at http://curl.haxx.se/docs/copyright.html. Permission to use, copy, modify, and distribute this software for any purpose with or
without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

This product includes ICU software which is copyright International Business Machines Corporation and others. All rights reserved. Permissions and limitations
regarding this software are subject to terms available at http://source.icu-project.org/repos/icu/icu/trunk/license.html.

This product includes OSSP UUID software which is Copyright © 2002 Ralf S. Engelschall, Copyright © 2002 The OSSP Project Copyright © 2002 Cable & Wireless
Deutschland. Permissions and limitations regarding this software are subject to terms available at http://www.opensource.org/licenses/mit-license.php.

This software and documentation contain proprietary information of Informatica LLC and are provided under a license agreement containing restrictions on use and
disclosure and are also protected by copyright law. Reverse engineering of the software is prohibited. No part of this document may be reproduced or transmitted in any
form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC. This Software may be protected by U.S. and/or
international Patents and other Patents Pending.

See patents at https://www.informatica.com/legal/patents.html.

The information in this documentation is subject to change without notice. If you find any problems in this documentation, report them to us at
[email protected].

Informatica products are warranted according to the terms and conditions of the agreements under which they are provided. INFORMATICA PROVIDES THE
INFORMATION IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT.

Portions of this software and/or documentation are subject to copyright held by third parties. Required third party notices are included with the product.

Publication Date: 2022-10-11

Table of Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Informatica Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Informatica Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Informatica Knowledge Base. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Informatica Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Informatica Product Availability Matrices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Informatica Velocity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Informatica Marketplace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Informatica Global Customer Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Part I: Installation Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 1: Installation Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Checklist to Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installation Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installation Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Plan the Installation Option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Plan the Installation Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Service Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Secure Data Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Domain Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Informatica Client Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Part II: Before You Install the Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 2: Before You Install the Services on UNIX or Linux. . . . . . . . . . . . . . . 21

Before You Begin Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Read the Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Verify System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Verify Temporary Disk Space and Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Verify Sizing Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Review Patch Requirements on UNIX or Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Verify Port Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Verify the File Descriptor Limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Update the /etc/sudoers File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Review the Environment Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Table of Contents 3
 Create a System User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Set Up a Keystore File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Extract the Installer Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Installer Code Signing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Verify Installer Package Checksum on UNIX and Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Prepare to Install Binaries for Informatica Platform Resources. . . . . . . . . . . . . . . . . . . . . . . . . 32
Verify the License Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Prepare for Cluster Import. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 3: Prepare for Application Services and Databases. . . . . . . . . . . . . . . 35

Checklist to Prepare for Application Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Prepare for Application Services and Databases Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Set Up Database User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Identify Application Services by Product. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Domain Configuration Repository Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . 37
IBM DB2 Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Microsoft SQL Server Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Microsoft Azure SQL Database Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Oracle Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
PostgreSQL Database Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Catalog Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Data Asset Analytics Repository Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . 41
Data Flow Analytics Repository Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . 42
Content Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Reference Data Warehouse Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Data Integration Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Data Object Cache Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Profiling Warehouse Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Data Privacy Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Data Privacy Management Repository Database Requirements. . . . . . . . . . . . . . . . . . . . . 50
Informatica Cluster Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Model Repository Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Model Repository Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
IBM DB2 Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Microsoft Azure SQL Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Microsoft SQL Server Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Oracle Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
PostgreSQL Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Monitoring Model Repository Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configure Native Connectivity on Service Machines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Install Database Client Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configure Database Client Environment Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4 Table of Contents
Chapter 4: Prepare for Enterprise Data Catalog Deployment. . . . . . . . . . . . . . . 62
Checklist to Prepare for Enterprise Data Catalog Deployment. . . . . . . . . . . . . . . . . . . . . . . . . 62
Deployment Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Informatica Cluster Service and Associated Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Common Operating System Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Operating System Prerequisites for Red Hat Enterprise Linux. . . . . . . . . . . . . . . . . . . . . . . . . . 68
Operating System Prerequisites for SUSE Linux Enterprise Server . . . . . . . . . . . . . . . . . . . . . . 68
Node Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Host Node Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Cluster Node Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Chapter 5: Record Information for Installer Prompts. . . . . . . . . . . . . . . . . . . . . 70

Checklist to Record Installer Prompts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Record Information for Installer Prompts Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Connection String to a Secure Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Cluster Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Secure Data Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Chapter 6: Configure Custom SSL Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configure Custom SSL Certificates (Optional). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Generate CA-signed Custom SSL Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Validate the CA-signed Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Generate Self-signed Custom SSL Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Chapter 7: Introduction to the Services Installer. . . . . . . . . . . . . . . . . . . . . . . . 87

Services Installer Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Secure Files and Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Pre-install Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Run the Pre-Installation (i10Pi) System Check Tool in Console Mode. . . . . . . . . . . . . . . . . . . . . 88
Run the Pre-Installation (i10Pi) System Check Tool in Silent Mode. . . . . . . . . . . . . . . . . . . . . . 91

Part III: Run the Services Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog

and Data Privacy Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Begin the Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Run the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Welcome - Accept Terms and Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Table of Contents 5
 Product Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Tune the Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Specify the Installation Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Prepare the Pre-validation Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configure the Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configure the Domain Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Domain Security - Secure Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Domain Configuration Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Domain Security - Encryption Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Domain and Node Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Model Repository Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Model Repository Database for Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Data Integration Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Content Management Service Parameters and Database. . . . . . . . . . . . . . . . . . . . . . . . 117
Profiling Warehouse Connection Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Create and Configure the Informatica Cluster Service. . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Catalog Service Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Data Privacy Management Service Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog

and Data Privacy Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Begin the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Run the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Welcome - Accept Terms and Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Component Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Tune the Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Specify the Installation Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Prepare the Pre-validation Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configure the Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Domain Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Domain Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Domain Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Domain Security - Encryption Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Join Domain Node Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Port Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Chapter 10: Install Data Privacy Management in an Existing Domain. . . . . . . 142

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Install Data Privacy Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Data Privacy Management Service Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

6 Table of Contents
Chapter 11: Run the Silent Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Installing in Silent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Configure the Properties File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Run the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Encrypting Passwords in the Properties File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Chapter 12: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Installation Troubleshooting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Resuming a Failed Installer Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Before You Resume the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Resume the Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Troubleshooting with Installation Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Debug Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
File Installation Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Service Manager Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Troubleshooting Domains and Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Creating the Domain Configuration Repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Creating or Joining a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Starting Informatica. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Pinging the Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Adding a License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Troubleshooting Informatica Developer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Part IV: After You Install the Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Chapter 13: Complete the Domain Configuration. . . . . . . . . . . . . . . . . . . . . . . 159

Checklist to Complete the Domain Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Complete the Domain Configuration Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Integrate the Domain with the Hadoop Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Verify Locale Settings and Code Page Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Configure Locale Environment Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Configure Environment Variables on UNIX or Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Configure Informatica Environment Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Configure Library Path Environment Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Copy the SiteKey to the Remote Test Data Management Domain. . . . . . . . . . . . . . . . . . . . . . 163

Chapter 14: Install the Informatica Discovery Agent. . . . . . . . . . . . . . . . . . . . 165

Informatica Discovery Agent Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Install the Informatica Discovery Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Configure the Informatica Discovery Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Starting and Stopping the Informatica Discovery Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Table of Contents 7
 Chapter 15: Prepare to Create the Application Services. . . . . . . . . . . . . . . . . 168
Checklist for Preparing to Create Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Create a Keystore for a Secure Connection to a Web Application Service. . . . . . . . . . . . . . . . . 169
Log In to Informatica Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Create Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
IBM DB2 Connection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Microsoft Azure SQL Database Connection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . 171
Microsoft SQL Server Connection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Oracle Connection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
PostgreSQL Connection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Creating a Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Chapter 16: Create and Configure Application Services. . . . . . . . . . . . . . . . . 176

Checklist to Create and Configure Application Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Create and Configure the Application Services Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Create and Configure the Model Repository Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Create the Model Repository Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
After You Create the Model Repository Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Create and Configure the Data Integration Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Create the Data Integration Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
After You Create the Data Integration Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Create and Configure the Content Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Create the Content Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Create and Configure the Informatica Cluster Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
After You Create the Informatica Cluster Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Create and Configure the Catalog Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Configure the Advanced Scanners Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Create and Configure the Data Privacy Management Service. . . . . . . . . . . . . . . . . . . . . . . . . 197
Create the Data Privacy Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Part V: Informatica Client Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Chapter 17: Install Informatica Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Before You Install Informatica Developer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Verify Installer Package Checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Verify System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Verify Third-party Requirements for Informatica Developer. . . . . . . . . . . . . . . . . . . . . . . 204
Install the Developer tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
After You Install Informatica Developer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Install Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Configure the Client for a Secure Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Configure the Developer Tool Workspace Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

8 Table of Contents
Starting the Developer Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Chapter 18: Install in Silent Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Overview of Install in Silent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Configure the Properties File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Run the Silent Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Part VI: Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Chapter 19: Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Informatica Uninstallation Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Rules and Guidelines for Uninstallation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Uninstalling the Informatica Server in Console Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Uninstalling Informatica Server in Silent Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Appendix A: Starting and Stopping Informatica Services. . . . . . . . . . . . . . . . . . . . 214

Starting and Stopping Informatica Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Starting and Stopping the Informatica Services from the Console. . . . . . . . . . . . . . . . . . . . . . 214
Stopping Informatica in Informatica Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Rules and Guidelines for Starting or Stopping Informatica. . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Appendix B: Connecting to Databases from UNIX or Linux. . . . . . . . . . . . . . . . . . 216

Connecting to Databases from UNIX or Linux Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Connecting to an IBM DB2 Universal Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Configuring Native Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Connecting to a Microsoft SQL Server Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Configuring SSL Authentication through ODBC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Connecting to an Oracle Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Configuring Native Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Connecting to a Sybase ASE Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Configuring Native Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Connecting to a Teradata Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Configuring ODBC Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Connecting to a JDBC Data Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Connecting to an ODBC Data Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Sample odbc.ini File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table of Contents 9
Preface
Follow the instructions in Installation for Data Privacy Management to install Data Privacy Management. You
can install Data Privacy Management and Informatica clients on one or more machines. The guide includes
pre- and post-requisite tasks and steps to install Data Privacy Management and Informatica clients for the
Informatica domain. Prerequisite tasks include planning the environment, setting up databases, and verifying
system requirements. Post-requisite tasks include additional application services and configuring
environment variables.

Informatica Resources
Informatica provides you with a range of product resources through the Informatica Network and other online
portals. Use the resources to get the most from your Informatica products and solutions and to learn from
other Informatica users and subject matter experts.

Informatica Network
The Informatica Network is the gateway to many resources, including the Informatica Knowledge Base and
Informatica Global Customer Support. To enter the Informatica Network, visit
https://network.informatica.com.

As an Informatica Network member, you have the following options:

• Search the Knowledge Base for product resources.

• View product availability information.
• Create and review your support cases.
• Find your local Informatica User Group Network and collaborate with your peers.

Informatica Knowledge Base

Use the Informatica Knowledge Base to find product resources such as how-to articles, best practices, video
tutorials, and answers to frequently asked questions.

To search the Knowledge Base, visit https://search.informatica.com. If you have questions, comments, or
ideas about the Knowledge Base, contact the Informatica Knowledge Base team at
[email protected].

10
Informatica Documentation
Use the Informatica Documentation Portal to explore an extensive library of documentation for current and
recent product releases. To explore the Documentation Portal, visit https://docs.informatica.com.

If you have questions, comments, or ideas about the product documentation, contact the Informatica
Documentation team at [email protected].

Informatica Product Availability Matrices

Product Availability Matrices (PAMs) indicate the versions of the operating systems, databases, and types of
data sources and targets that a product release supports. You can browse the Informatica PAMs at
https://network.informatica.com/community/informatica-network/product-availability-matrices.

Informatica Velocity
Informatica Velocity is a collection of tips and best practices developed by Informatica Professional Services
and based on real-world experiences from hundreds of data management projects. Informatica Velocity
represents the collective knowledge of Informatica consultants who work with organizations around the
world to plan, develop, deploy, and maintain successful data management solutions.

You can find Informatica Velocity resources at http://velocity.informatica.com. If you have questions,
comments, or ideas about Informatica Velocity, contact Informatica Professional Services at
[email protected].

Informatica Marketplace
The Informatica Marketplace is a forum where you can find solutions that extend and enhance your
Informatica implementations. Leverage any of the hundreds of solutions from Informatica developers and
partners on the Marketplace to improve your productivity and speed up time to implementation on your
projects. You can find the Informatica Marketplace at https://marketplace.informatica.com.

Informatica Global Customer Support

You can contact a Global Support Center by telephone or through the Informatica Network.

To find your local Informatica Global Customer Support telephone number, visit the Informatica website at
the following link:
https://www.informatica.com/services-and-training/customer-success-services/contact-us.html.

To find online support resources on the Informatica Network, visit https://network.informatica.com and
select the eSupport option.

Preface 11
Part I: Installation Getting Started
This part contains the following chapter:

• Installation Getting Started, 13

12
Chapter 1

Installation Getting Started

This chapter includes the following topics:

• Checklist to Getting Started , 13

• Installation Overview, 13
• Installation Process, 14
• Plan the Installation Option, 15
• Plan the Installation Components, 16

Checklist to Getting Started

This chapter contains high-level concepts and planning information related to installation. Use this checklist
to track the completion of preliminary tasks.

 Understand high-level concepts:

• The installer description and process.
• Informatica domain terminology and components.

 Start high-level planning:

• Installation options. Review the installation options to know the product and options for installation.
• Installation components. Review the description of the installation components and the planning notes.

Installation Overview
Welcome to the Informatica installer Informatica domain services and clients. The Informatica domain
services consist of core services to support the domain and application services. The Informatica clients
consist of thick and web client applications.

When you install the Informatica domain services, you are prompted to create a domain or to join a domain.
The domain is a collection of nodes that represent the machines on which the application services run. The
first time you run the installer, you must create the domain. If you install on a single machine, you create the
Informatica domain and a gateway node on the machine. If you install on multiple machines, you create an
Informatica domain and a gateway node during the first installation. During the installation on the additional
machines, you create gateway or worker nodes that you join to the domain.

13
 If you have other Informatica products installed, verify that the installed version is compatible with the
version of the product that you are installing.

If you already installed Data Engineering and Enterprise Data Catalog, you can run the installer to install Data
Privacy Management on a node in the domain.

Installation Process
The installation of the Informatica domain services and Informatica clients consists of multiple phases.

The installation process varies based on the products that you install. Consider the following high-level tasks
of the installation process:

Perform pre-installation tasks.

1. Plan the Informatica installation. Determine the products that you want to run in your environment.
If you are creating a domain, consider the number of nodes in the domain, the application services
that will run on each node, the system requirements, and the type of user authentication that the
domain will use.
2. Prepare the databases required for repositories, warehouses, and catalogs. Verify the database
requirements and set up the databases.
3. Set up the machines to meet system requirements to ensure that you can successfully install and
run the Informatica services.
4. Determine security requirements for the domain, services, and databases.

Run the installer.

When you run the installer, you can choose from different options based on your requirements.

Complete the configuration.

1. Verify code page compatibility.

2. Configure environment variables.
3. Complete tasks required by the type of user authentication used by the domain.
4. Optionally, configure secure communication for the domain.
5. Create and configure application services.
6. Configure connections required by the application services.
7. Create the users and connections required by the application services.

Install the Informatica client tools.

1. Verify the installation and third-party software requirements for the clients.
2. Use the client installer to install on Windows machines.
3. Configure required environment variables, and optionally install additional languages.

14 Chapter 1: Installation Getting Started

Plan the Installation Option
Before you begin the planning and preparation for install, determine the type of installation that you want to
run.

When you run the installer, you can choose from options in the Welcome panel based on the product or
products that you want to install. The Components panel appears based on your product selection so you can
choose product components.

The following image shows the products that you can install based on the installation options:

Consider the different options available when you run the installer:
Informatica domain services

To install the Informatica domain services, you can select the installation option 1 in the Components
panel to install and configure Informatica domain services.

With the Informatica domain services installation, install from one of the following product options:

• Only the Data Engineering products for Integration, Quality, and Streaming
• Traditional products and the aforementioned Data Engineering products
• Only traditional products such as PowerCenter and Informatica Data Quality

When you install Informatica domain services, you can choose to create a domain or join a domain. Test
Data Management is installed with both traditional and Data Engineering products.

Enterprise Data Catalog

To install Enterprise Data Catalog, you can select the installation option 2 in the Components panel to
install and configure Enterprise Data Catalog.

When you install Enterprise Data Catalog, choose from one of the follow options:

• Domain services, Data Engineering products, and Enterprise Data Catalog.

• Domain services and Enterprise Data Catalog.
• Only Enterprise Data Catalog binaries in an existing domain. After you install the binaries, you can run
the installer again to configure the services.

Enterprise Data Preparation

To install Enterprise Data Preparation, you can select the following installation option 3 in the
Components panel to install and configure Enterprise Data Preparation.

Plan the Installation Option 15

 When you install Enterprise Data Preparation, choose from one of the follow options:

• Data Engineering products, Enterprise Data Catalog, and Enterprise Data Preparation.
• Enterprise Data Catalog and Enterprise Data Preparation binaries in an existing domain. After you
install the binaries, you can run the installer again to configure the services.
• Only Enterprise Data Preparation binaries in an existing domain with Enterprise Data Catalog. After
you install the binaries, you can run the installer again to configure the services.

Data Privacy Management

To install Data Privacy Management, you can select the following installation option 4 in the
Components panel to install and configure Data Privacy Management.
When you install Data Privacy Management, choose from one of the follow options:

• Data Engineering products, Enterprise Data Catalog, and Data Privacy Management.
• Data Privacy Management in an existing domain with Enterprise Data Catalog.

Plan the Installation Components

An Informatica domain is a collection of nodes and services. A node is the logical representation of a
machine in a domain. Services include the Service Manager that manages all domain operations and a set of
application services that represent server-based functionality. The domain and some services require
databases to write metadata and run-time results.

The following image shows a high-level architecture of a domain on multiple nodes:

Nodes
The first time that you install the domain services, you create the Informatica domain and a gateway node.
When you install the domain services on other machines, you create additional nodes that you join to the
domain.

The domain has the following types of nodes:

• Gateway node. A gateway node is any node that you configure to serve as a gateway for the domain. A
gateway node can run application services and it can serve as a master gateway node. The master
gateway node is the entry point to the domain. You can configure more than one node as a gateway node,
but only gateway node acts as the master gateway node at any given time.

16 Chapter 1: Installation Getting Started

 • Worker node. A worker node is any node that you do not configure to serve as a gateway for the domain. A
worker node can run application services, but it cannot serve as a gateway.

When you plan the installation: You need to plan the number and type of nodes that you need based on your
service and processing requirements. If you have high availability, you will want to create more than one
gateway node for fail-over functionality.

Service Manager
The Service Manager is a service that manages all domain operations. The Service Manager runs on each
node in the domain and performs domain functions, such as authentication, logging and application service
management. The Service Manager on a gateway node performs more tasks than the Service Manager on a
worker node.

When you plan the installation: Note that the Service Manager functionality is associated with the type of
node.

Application Services
Application services represent server-based functionality. An application service might be required or
optional, and it might require access to a database.

When you run the installer, you can choose to create some services. After you complete the installation, you
create other application services based on the license key generated for your organization.

When you plan the installation: When you plan the application services, you must account for the associated
services that connect to the application service. You also must plan the relational databases that are
required to create the application service.

Databases
Some application services require databases to store metadata and to write run-time results. You need to
create databases for the application services in the domain.

You can create the following databases:

Domain configuration repository database

The domain configuration repository stores configuration and user information from a domain.

Data asset analytics repository database

The data asset analytics repository stores the analytical information collected from the catalog. You can
view reports and statistical data on the Analytics tab in Enterprise Data Catalog.

Reference data warehouse database

The reference data warehouse stores the data values for reference table objects that you define in a
Model repository. Configure a Content Management Service to identify the reference data warehouse
and the Model repository.

Data object cache database

The data object cache stores cached logical data objects and virtual tables for the Data Integration
Service. Data object caching enables the Data Integration Service to access pre-built logical data objects
and virtual tables.

Plan the Installation Components 17

 Profiling warehouse database

The profiling warehouse stores profiling and scorecard results. You need a profiling warehouse to
perform profiling and data discovery.

Data Privacy Management repository database

The Data Privacy Management repository stores data and metadata, such as data stores and scans
using Data Privacy Management.

Model repository database

The Model repository stores data and metadata from the Informatica services and clients. Informatica
client tools, such as Analyst tool and the Developer tool stores the data into the Model repository.

Monitoring Model repository database

The Monitoring Model repository stores statistics for ad hoc jobs, applications, logical data objects, SQL
data services, web services, and workflows created by Informatica clients and application services.

When you plan the installation: You need to create databases and database users required by application
services.

User Authentication
When you run the installer, you can choose the authentication to use for the domain.

The Informatica domain can use the following types of authentication to authenticate users in the domain:

• Native. Native user accounts are stored in the domain and can only be used within the domain. Native
authentication is default.
• LDAP. LDAP user accounts are stored in an LDAP directory service and are shared by applications within
the enterprise. You can configure LDAP authentication after you run the installer.
• SAML. You can configure Security Assertion Markup Language (SAML) authentication for the
Administrator tool, the Analyst tool, and the Monitoring tool. You can configure SAML authentication after
you run the installer.

When you plan the installation: You need to plan the type of authentication that you want to use in the
domain.

Secure Data Storage

Informatica encrypts sensitive data before it stores the data in the Informatica repositories.

When you create a domain, you must specify the encryption key directory. The installer generates an
encryption key file named siteKey and stores it in a default directory or the directory you specify. All nodes in
a domain must use the same encryption key.

Important: The installer also generates a unique site key. If you lose the site key, you cannot generate the site
key again. Make sure that you save a copy of this key and do not share the unique site key with others.

Domain Security
When you create a domain, you can enable options to configure security in the domain.

You can configure secure communication for the following domain components:

• Administrator tool. Configure a secure HTTPS connection for the Administrator tool. During installation,
you can provide the keystore file to use for the HTTPS connection.

18 Chapter 1: Installation Getting Started

 • Service Manager. Configure a secure connection between the Service Manager and other domain
services. During installation, you can provide keystore and truststore files containing SSL certificates that
you want to use.
• Domain configuration repository. You can secure the domain configuration repository with SSL protocol.
During installation, you can provide the truststore file containing the SSL certificate that you want to use.

When you plan the installation: Determine the level of security that you want to configure for the domain
components. If you decide to configure security for the domain, you must know the location and password
for the keystore and truststore files.

Informatica Client Tools

You use Informatica clients to access underlying Informatica functionality in the domain. The clients make
requests to the Service Manager and to application services.

The Informatica clients consist of thick client applications and thin or web client applications that you use to
access services and repositories in the domain.

The following table describes the client tools for Enterprise Data Catalog:

Informatica Client Description

Informatica Developer (the Developer A thick client application to create, import, and export data domains.
tool)

Informatica Administrator (the A web application to manage the domain and application services.
Administrator tool)

Informatica Catalog Administrator A web application to administer resources, scanners, schedules, attributes,
and connections.

Enterprise Data Catalog A web application that displays a comprehensive view of metadata from
configured data assets.

When you plan the installation: Determine how many instances of the Developer tool you want to install. You
do not need to plan for the web client applications.

The following table describes the tools for Data Privacy Management:

Informatica Client Description

Data Privacy Management A web application to create and work with Data Privacy Management repository
data and objects. You run scans and analyze sensitive data from the application.

Informatica Developer (the A thick client application to create and run data objects, mappings, profiles, and
Developer tool) workflows.

Informatica Administrator (the A web application to manage the domain and application services.
Administrator tool)

When you plan the installation: Determine how many instances of the Developer tool you want to install. You
do not need to plan for the web client applications.

Plan the Installation Components 19

Part II: Before You Install the
Services
This part contains the following chapters:

• Before You Install the Services on UNIX or Linux, 21

• Prepare for Application Services and Databases, 35
• Prepare for Enterprise Data Catalog Deployment, 62
• Record Information for Installer Prompts, 70
• Configure Custom SSL Certificates, 79
• Introduction to the Services Installer, 87

20
Chapter 2

Before You Install the Services on

UNIX or Linux
This chapter includes the following topics:

• Before You Begin Checklist , 21

• Read the Release Notes, 22
• Verify System Requirements, 22
• Update the /etc/sudoers File, 28
• Review the Environment Variables, 28
• Create a System User Account, 29
• Set Up a Keystore File, 29
• Extract the Installer Files, 31
• Prepare to Install Binaries for Informatica Platform Resources, 32
• Verify the License Key, 33
• Prepare for Cluster Import, 33

Before You Begin Checklist

This chapter contains preliminary tasks that you must complete. Use this checklist to track preliminary tasks
before you prepare for services.

 Read the Informatica Release Notes for updates to the installation and upgrade process.

 Verify system requirements:

• Verify sizing requirements based upon your processing and concurrency requirements.
• Review the patch requirements to verify that the machine has the required operating system patches
and libraries.
• Verify
that the port numbers to use for application service processes are available on the machines
where you install the Informatica services.
• Verify that the operating system meets the file descriptor limit.

 Review system environment variables.

 Create a system user account to run the installer.

21
  Set up keystore and truststore files if you want to use custom SSL certificates to secure communication
for the domain.

 Extract the installer files.

 Verify the license key.

Read the Release Notes

Read the Release Notes for updates to the installation and upgrade process. You can also find information
about known and fixed issues for the release.

Find the Release Notes on the Informatica documentation portal.

Verify System Requirements

Verify that your environment meets the minimum system requirements for the installation process, temporary
disk space, port availability, databases, and application service hardware.

For more information about product requirements and supported platforms, see the
Product Availability Matrix on Informatica Network.

Enterprise Data Catalog System Requirements

Verify that your machine meets the minimum system requirements to install the Enterprise Data Catalog
services.

The system requirements differ based on the following conditions:

If the Informatica Domain, data nodes, and processing nodes are on the same machine with two million assets in the
catalog

The minimum memory requirement for the Linux operating system is 56 GB RAM. The minimum disk
space required is 185 GB. The number of CPU cores required is 24.

If the Informatica Domain, data nodes, and processing nodes are on different machines

The minimum memory requirement for the Linux operating system is 24 GB for a cluster node and 32 GB
for the machine on which Informatica domain runs. The minimum disk space required is 125 GB. The
number of CPU cores required is 8 cores for a cluster node and 16 cores for the machine on which the
Informatica domain runs.

Data Asset Analytics Repository Database Server System Requirements

The minimum system requirements for the machine that hosts the Data Asset Analytics repository
database is based on the number of assets in the catalog and the database type. For information about
the hardware requirements such as the number of CPU cores and the memory, see the Performance
Tuning Parameters for Data Asset Analytics section of the Enterprise Data Catalog Performance Tuning
Guide.

MetaDex Requirements

Effective in version 10.5.2, the Advanced Scanners tool is renamed to the MetaDex tool. The installer
panels and the install and upgrade guides still refer to Advanced Scanners.

22 Chapter 2: Before You Install the Services on UNIX or Linux

 Before you generate PNG visualizations, perform the following steps to install the additional libraries and
rebuild the fonts cache on the machine:

1. Run the following command:

# install required fonts
sudo yum install fontconfig dejavu-sans-fonts dejavu-serif-fonts
to install the following libraries:
• fontconfig
• dejavu-sans-fonts
• dejavu-serif-fonts
2. Run the following command:
# rebuild fonts cache
fc-cache -f -v
to rebuild the fonts cache.

The default MetaDex server memory is 4 GB.

Data Privacy Management System Requirements

Verify that your machine meets the minimum system requirements to install the Data Privacy Management
services.

The system requirements differ based on the following conditions:

The Informatica Domain, data nodes, and processing nodes are on the same machine

The minimum memory requirement for the Linux operating system is 56 GB RAM. The minimum disk
space required is 185 GB. The number of CPU cores required is 24.

The data nodes and processing nodes are not on the Informatica Domain machine

The minimum memory requirement for the Linux operating system is 32 GB RAM. The minimum disk
space required is 125 GB. The number of CPU cores required is 16.

Verify Temporary Disk Space and Permissions

Verify that your environment meets the minimum system requirements for the temporary disk space,
permissions for the temporary files, and the Informatica client tools.

Disk space for the temporary files

The installer writes temporary files to the hard disk. Verify that you have 1 GB disk space on the machine
to support the installation. When the installation completes, the installer deletes the temporary files and
releases the disk space.

Permissions for the temporary files

Verify that you have read, write, and execute permissions on the /tmp directory.

For more information about product requirements and supported platforms, see the
Product Availability Matrix on Informatica Network.

Verify System Requirements 23

 Verify Sizing Requirements
Allocate resources for installation and deployment of services based on the expected deployment type of
your environment.

Before you allocate resources, you need to identify the deployment type based on your requirements for the
volume of processing and the level of concurrency. Based on the deployment type, you can allocate
resources for disk space, cores, and RAM. You can also choose to tune services when you run the installer.

Determine the Installation and Service Deployment Type

The following table describes the environment for the different deployment types:

Deployment Type Environment Description

Sandbox Used for proof of concepts or as a sandbox with minimal users.

Basic Used for low volume processing with low levels of concurrency.

Standard Used for high volume processing with low levels of concurrency.

Advanced Used for high volume processing with high levels of concurrency.

Identify Sizing Requirements

The following table provides the minimum sizing requirements for the Informatica domain node:

Deployment Type Disk Space per Node Total Virtual Cores RAM per Node

Sandbox 140 GB 16 32 GB

Basic 140 GB 24 64 GB

Standard 140 GB 48 64 GB

Advanced 140 GB 96 128 GB

The following table provides the minimum sizing requirements for Data Privacy Management:

Deployment Type Disk Space per Node Total Virtual Cores RAM per Node

Sandbox 140 GB 16 32 GB

Basic 140 GB 24 64 GB

Standard 140 GB 48 64 GB

Advanced 140 GB 96 128 GB

The sizing requirements account for the following factors:

• Disk space required to extract the installer

• Temporary disk space to run the installer
• Disk space required to install the services and components

24 Chapter 2: Before You Install the Services on UNIX or Linux

 • Disk space required for log directories
• Requirements to run the application services

The sizing numbers do not account for operational data processing and object caching requirements for
native mode of execution.

Note: For cloud deployments, choose machines with a configuration that is closest to the sizing
requirements.

Tune During Installation

When you run the installer, you can choose to tune the services based on the deployment size. If you create a
Model Repository Service, a Data Integration Service, or a Content Management Service during installation,
the installer can tune the services based on the deployment type that you enter. The installer configures
properties such as maximum heap size and execution pool size.

You can tune services at any time after you install the services by using the infacmd autotune command.
When you run the command, you can tune properties for other services as well as the Hadoop run-time
engine properties.

Review Patch Requirements on UNIX or Linux

Before you install the Informatica services, verify that the machine has the required operating system
patches and libraries.

Data Engineering on Linux

The following table lists the patches and libraries that the Informatica services require on Linux:

Platform Operating System Operating System Patch

AWS Linux Linux 2 - 2.0.20220207.1 All of the following packages:

- e2fsprogs-libs-1.42.9-12.amzn2.0.2.x86_64
- keyutils-libs-1.5.8-3.amzn2.0.2.x86_64
- libselinux-2.5-12.amzn2.0.2.x86_64
- libsepol-2.5-8.1.amzn2.0.2.x86_64

Ubuntu 20.04.1 All of the following packages:

- e2fsprogs/focal,now 1.45.5-2ubuntu1 amd64 [installed]
- libkeyutils1/focal,now 1.6-6ubuntu1 amd64 [installed,automatic]
- libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic]
- libsepol1/focal,now 3.0-1 amd64 [installed,automatic]

Ubuntu 18.04 All of the following packages:

- e2fsprogs/focal,now 1.45.5-2ubuntu1 amd64 [installed]
- libkeyutils1/focal,now 1.5.9-9.2ubuntu2 amd64 [installed,automatic]
- libselinux1/focal,now 2.7-2build2 amd64 [installed,automatic]
- libsepol1/focal,now 2.7-1ubuntu0.1 amd64 [installed,automatic]

Linux-x64 Red Hat Enterprise Linux All of the following packages, where <version> is any version of the
6.7 package:
- e2fsprogs-libs-<version>.el6
- keyutils-libs-<version>.el6
- libselinux-<version>.el6
- libsepol-<version>.el6

Verify System Requirements 25

 Platform Operating System Operating System Patch

Linux-x64 Red Hat Enterprise Linux All of the following packages, where <version> is any version of the
7.3 package:
- e2fsprogs-libs-<version>.el7
- keyutils-libs-<version>.el7
- libselinux-<version>.el7
- libsepol-<version>.el7

Linux-x64 Red Hat Enterprise Linux All of the following packages, where <version> is any version of the
8 package:
- e2fsprogs-libs-<version>.el8
- keyutils-libs-<version>.el8
- libselinux-<version>.el8
- libsepol-<version>.el8

Linux-x64 SUSE Linux Enterprise Service Pack 2

Server 12

Linux-x64 SUSE Linux Enterprise Service Pack 0 and Service Pack 1.

Server 15

Verify Port Requirements

The installer sets up the ports for components in the Informatica domain, and it designates a range of
dynamic ports to use for some application services.

You can specify the port numbers to use for the components and a range of dynamic port numbers to use for
the application services. Or you can use the default port numbers provided by the installer. Verify that the
port numbers are available on the machines where you run the installer.

Note: Services and nodes can fail to start if there is a port conflict.

The following table describes the port requirements for installation:

Port Description

Node port Port number for the node created during installation. Default is 6005.

Service Manager port Port number used by the Service Manager on the node. The Service Manager listens for
incoming connection requests on this port. Client applications use this port to communicate
with the services in the domain. The Informatica command line programs use this port to
communicate to the domain. This is also the port for the SQL data service JDBC/ODBC driver.
Default is 6006.

Service Manager Port number that controls server shutdown for the domain Service Manager. The Service
Shutdown port Manager listens for shutdown commands on this port. Default is 6007.

Informatica Port number used by Informatica Administrator. Default is 6008.

Administrator port

Informatica Port number that controls server shutdown for Informatica Administrator. Informatica
Administrator Administrator listens for shutdown commands on this port. Default is 6009.
shutdown port

Minimum port Lowest port number in the range of dynamic port numbers that can be assigned to the
number application service processes that run on this node. Default is 6014.

26 Chapter 2: Before You Install the Services on UNIX or Linux

 Port Description

Maximum port Highest port number in the range of dynamic port numbers that can be assigned to the
number application service processes that run on this node. Default is 6114.

Range of dynamic Range of port numbers that can be dynamically assigned to application service processes as
ports for application they start up. When you start an application service that uses a dynamic port, the Service
services Manager dynamically assigns the first available port in this range to the service process. The
number of ports in the range must be at least twice the number of application service
processes that run on the node. Default is 6014 to 6114.
The Service Manager dynamically assigns port numbers from this range to the Model
Repository Service.

Static ports for Static ports have dedicated port numbers assigned that do not change. When you create the
application services application service, you can accept the default port number, or you can manually assign the
port number.
The following services use static port numbers:
- Data Privacy Management Service. Default is 18295 for HTTPS.
- Catalog Service. Default is 9085 for HTTP.
- Content Management Service. Default is 8105 for HTTP.
- Data Integration Service. Default is 8095 for HTTP.
- Informatica Cluster Service. Default is 9075 for HTTP.

Guidelines for Port Configuration

The installer validates the port numbers that you specify to ensure that there will be no port conflicts in the
domain.

Use the following guidelines to determine the port numbers:

• The port number you specify for the domain and for each component in the domain must be unique.
• The port number for the domain and domain components cannot be within the range of the port numbers
that you specify for the application service processes.
• The highest number in the range of port numbers that you specify for the application service processes
must be at least three numbers higher than the lowest port number. For example, if the minimum port
number in the range is 6400, the maximum port number must be at least 6403.
• The port numbers that you specify cannot be lower than 1025 or higher than 65535.

Verify the File Descriptor Limit

Verify that the operating system meets the file descriptor requirement.

Informatica service processes can use a large number of files. To prevent errors that result from the large
number of files and processes, you can change system settings with the limit command if you use a C shell,
or the ulimit command if you use a Bash shell.

List Operating System Settings

To get a list of the operating system settings, including the file descriptor limit, run the following command:

With C shell, run limit

With Bash shell, run ulimit -a

Verify System Requirements 27

 Set the File Descriptor Limit
Informatica service processes can use a large number of files. Set the file descriptor limit per process to
16,000 or higher. The recommended limit is 32,000 file descriptors per process.

To change system settings, run the limit or ulimit command with the pertinent flag and value. For example, to
set the file descriptor limit, run the following command:

With C shell, run limit -h filesize <value>

With Bash shell, run ulimit -n <value>

Set Max User Processes

Informatica services use a large number of user processes. Use the ulimit -u command to adjust the max
user processes setting to a level that is high enough to account for all the processes required by the Blaze
engine.

To set the max user processes, run the following command: Run the following command to set the max user
processes setting:

With C shell, run limit -u processes <value>

With Bash shell, run ulimit -u <value>

Update the /etc/sudoers File

Before you install or upgrade on UNIX or Linux, update the NOPASSWD entry in the /etc/sudoers file based on
the user that runs the installer. You can run the installer as an operating system user or as a user that
belongs to the wheel group.

If you are an operating system user, set the following NOPASSWD entry:

<Operating system user> ALL=(ALL) NOPASSWD: ALL

If you belong to the wheel group, set the following NOPASSWD entry:

%wheel ALL=(ALL) NOPASSWD:ALL

Review the Environment Variables

Configure environment variables for the Informatica installation.

28 Chapter 2: Before You Install the Services on UNIX or Linux

 The following table describes the environment variables to review:

Variable Description

IATEMPDIR Location of the temporary files created during installation. Informatica requires 1 GB disk space for
temporary files.
Configure the environment variable if you do not want to create temporary files in the /tmp directory.
If you want to change the default /tmp directory, you must set IATEMPDIR and _JAVA_OPTIONS
environment variables to the new directory.
For example, set the variable to export IATEMPDIR=/home/user.
Note: Unset the IATEMPDIR variable after the installation.

_JAVA Configure the environment variable to change the temporary directory.

_OPTIONS If you want to change the default /tmp directory, you must set IATEMPDIR and _JAVA_OPTIONS the
environment variables to the new directory.
For example, set the variable to export _JAVA_OPTIONS=-Djava.io.tmpdir=/home/user.
Note: Unset the _JAVA _OPTIONS variable after the installation.

LANG and Change the locale to set the appropriate character encoding for the terminal session. For example,
LC_ALL set the encoding to Latin1 or ISO-8859-1 for French, EUC-JP or Shift JIS for Japanese, or
UTF-8 for Chinese or Korean. The character encoding determines the types of characters that
appear in the UNIX terminal.

DISPLAY Unset the DISPLAY environment before you run the installer. Installation might fail if the DISPLAY
environment variable has some value.

Note: Make sure that the NOEXEC flag is not set for the file system mounted on the /tmp directory.

Create a System User Account

Create a user account specifically to run the Informatica service.

Verify that the user account you use to install Informatica has write permission on the installation directory.

Verify that the user account that installs the Informatica service does not have any privileges and
permissions to access sensitive files on the machine where you install the Informatica services.

Set Up a Keystore File

When you install the Informatica services, you configure secure communication for the domain and set up a
secure connection to Informatica Administrator (the Administrator tool). You can choose to use custom SSL
certificates to configure secure configuration. If you choose to use custom certificates, you must set up
keystore and truststore files.

Before you install the Informatica services, set up the files for secure communication within the Informatica
domain or for a secure connection to the Administrator tool. To create the required files, you can use the
following programs:

Create a System User Account 29

 keytool

You can use keytool to create an SSL certificate or a Certificate Signing Request (CSR) as well as
keystores and truststores in JKS format.

OpenSSL

You can use OpenSSL to create an SSL certificate or CSR as well as convert a keystore in JKS format to
PEM format.

For more information about OpenSSL, see the documentation on the following website:
https://www.openssl.org/docs/

For a higher level of security, send your CSR to a Certificate Authority (CA) to get a signed certificate.

The software available for download at the referenced links belongs to a third party or third parties, not
Informatica. The download links are subject to the possibility of errors, omissions or change. Informatica
assumes no responsibility for such links and/or such software, disclaims all warranties, either express or
implied, including but not limited to, implied warranties of merchantability, fitness for a particular purpose,
title and non-infringement, and disclaims all liability relating thereto.

Secure Communication Within the Informatica domain

Before you enable secure communication within the Informatica domain, verify that the following
requirements are met:

You created a certificate signing request (CSR) and private key.

You can use keytool or OpenSSL to create the CSR and private key.

If you use RSA encryption, you must use more than 512 bits.

You have a signed SSL certificate.

The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate.

You imported the certificate into keystores.

You must have a keystore in PEM format named infa_keystore.pem and a keystore in JKS format
named infa_keystore.jks.

The keystore files must contain the root and intermediate SSL certificates.

Note: The password for the keystore in JKS format must be the same as the private key pass phrase
used to generate the SSL certificate.

You imported the certificate into truststores.

You must have a truststore in PEM format named infa_truststore.pem and a truststore in JKS format
named infa_truststore.jks.

The truststore files must contain the root, intermediate, and end user SSL certificates.

The keystores and truststores are in the correct directory.

The keystore and truststore must be in a directory that is accessible to the installer.

The keystore type used for the domain determines the keystore types for the Content Management Service.

If you used the default keystore certificate for the domain, you can use either the default or a custom
keystore certificate for the Content Management Service.

If you used a custom keystore certificate for the domain, you must use a custom keystore certificate for
the Content Management Service.

30 Chapter 2: Before You Install the Services on UNIX or Linux

 For more information about how to create a custom keystore and truststore, see the
Informatica How-To Library article "How to Create Keystore and Truststore Files for Secure Communication
in the Informatica Domain".

Secure Connection to the Administrator tool

Before you secure the connection to the Administrator tool, verify that the following requirements are met:

You created a certificate signing request (CSR) and private key.

You can use keytool or OpenSSL to create the CSR and private key.

If you use RSA encryption, you must use more than 512 bits.

You have a signed SSL certificate.

The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate.

You imported the certificate into a keystore in JKS format.

A keystore must contain only one certificate. If you use a unique certificate for each web application
service, create a separate keystore for each certificate. Alternatively, you can use a shared certificate
and keystore.

If you use the installer-generated SSL certificate for the Administrator tool, you do not need to import the
certificate into a keystore in JKS format.

The keystore is in the correct directory.

The keystore must be in a directory that is accessible to the installer.

Extract the Installer Files

The installer files are compressed and distributed as a compressed file.

You can get the installation file from the FTP link contained in your fulfillment email. Download the
Informatica installation tar file from the Informatica Electronic Software Download site to a directory on your
machine and then extract the installer files.

Extract the installer files to a directory on your machine. The user that runs the installer must have read and
write permissions on the installer files directory and execute permissions on the executable file.

Note: Make sure that you download the file to a local directory or a shared network drive that is mapped on
your machine. You can then extract the installer files. However, you cannot run the installer from a mapped
file. Copy the extracted files to a local drive and then run the installer.

Installer Code Signing

You can verify the signature of the Informatica software code.

Informatica uses a certificate based digital signature to sign the Informatica software code. The code signing
helps to validate the authenticity of the code and ensures that there has been no changes or corruptions to
the code after Informatica signs the code. You can determine whether to trust the software based on whether
the code sign is present or not.

You can request a code signing certificate that contains information that fully identifies Informatica LLC and
a Certificate Authority (CA) that issues the certificate. The digital certificate binds the identity of Informatica
to a public key and to a private key.

Extract the Installer Files 31

 Digital signing of software begins with the creation of a cryptographic hash, or a digest. The digest has a one
to one correspondence with the original data. Use the digest as there are no hints on how to recreate the
original data, and even a small change in the original data results in a change in the hash value. Informatica
uses its private key to sign the digest, or generates a signature in the form of a string of bits. Good digital
signature algorithms allow a user with the public key to verify the creator of the signature.

To Verify the Signed Code is Authentic

After Informatica signs the software bundle, you can contact Informatica Global Customer Support to access
the code signing certificate. Informatica ships the installer along with the signature file that contains the
hash of the installer binary encrypted with Informatica's private key. You can validate the integrity of digitally
signed binaries using any available tools, such as OpenSSL.

For instance, if you have to verify the package authentication and confirm the code security, enter the
following OpenSSL commands:
openssl base64 -d -in $signature -out /tmp/sign.sha256
openssl dgst -sha256 -verify <(openssl x509 -in <cert> -pubkey -noout) -signature /tmp/
sign.sha256 <file>
Where <signature> is the file containing the signature in Base64, <cert> is the code signing certificate, and
<file> is the file to verify.

Based on verification process, OpenSSL displays a success or error message to validate if the installer code
is genuine or not. Note that the verification for the installer might take around two minutes.

Verify Installer Package Checksum on UNIX and Linux

Before you run the services installer, verify the install package integrity through the cksum command. The
cksum command calculates the checksum value for the installers.

Verify the checksum for the specific installer files against the checksum of the installation files downloaded
from Akamai.

The following table lists the checksum and file size for the Informatica services installer for UNIX and Linux:

File Checksum Value File Size

informatica_1052_server_linux-x64.tar 2922767015 14217236480

A checksum mismatch can occur when there are data errors during download due to network issues or when
data corruption occurs in the file on disk. For more information about the checksum errors, see
HOW TO: Identify file errors after downloading Informatica installation files.

Prepare to Install Binaries for Informatica Platform

Resources
If you want to run Informatica Platform resources, download and install the binaries.

Informatica provides ZIP files containing the scanner binaries and extended scanner binaries. The scanner
binaries ZIP file includes the Informatica Platform resource binary files for version 10.5.2. The extended
scanner binaries ZIP file includes the Informatica Platform resource binary files from version 10.2 through
10.5.1.

32 Chapter 2: Before You Install the Services on UNIX or Linux

 Perform the following steps to prepare the binaries for Informatica Platform resources:

1. Download the ScannerBinaries.zip file or the ExtendedScannerBinaries.zip file from Akamai Download
Manager.
2. Copy the ZIP file to the following location: <Installer directory>/source

Verify the License Key

Before you install the software, verify that you have the license key available.

When you download the installation files from the Informatica Electronic Software Download (ESD) site, the
license key is in an email message from Informatica. Copy the license key file to a directory accessible to the
user account that installs the product.

Contact Informatica Global Customer Support if you do not have a license key or if you have an incremental
license key and you want to create a domain.

Prepare for Cluster Import

When you run the installer, you can choose to configure the cluster. The cluster configuration enables the
Data Integration Service to push mapping logic to the cluster. To integrate the Informatica domain with the
non-native cluster, you must import a cluster configuration. You can import the cluster information directly
from the cluster or from an archive file.

You can import cluster information from an archive file of any supported cluster into the domain. Your
administrator might prefer to provide you with the archive file to protect sensitive connection information to
the cluster. The archive file can be in a .zip or .tar format. Ensure that you store the archive file locally.

Prepare the Archive File for Hadoop Environment

To import the cluster configuration from Amazon EMR, MapR, or Google Dataproc cluster, you must import
from an archive file. The Hadoop cluster configuration archive file can have the following contents based on
the distribution:

• core-site.xml
• hbase-site.xml. hbase-site.xml is required only if you access HBase sources and targets.
• hdfs-site.xml
• hive-site.xml
• mapred-site.xml or tez-site.xml. Include the mapred-site.xml file or the tez-site.xml file based on the Hive
execution type used on the Hadoop cluster.
• yarn-site.xml

Note: When you configure a CDP Public Cloud cluster, the hbase-site.xml file is on the Data Lake cluster. The
other files are on the Data Hub cluster.

Prepare the Archive File for the Databricks Environment

To create the .xml file for import, you must get the required information from the Databricks administrator.
You can provide any name for the file and store it locally.

Verify the License Key 33

 The following table describes the cluster properties required to configure in the import file for the Databricks
environment:

Property Name Description

cluster_name Name of the Databricks cluster.

cluster_ID The cluster ID of the Databricks cluster.

base URL URL to access the Databricks cluster.

accesstoken Token ID created within Databricks required for authentication.

Optionally, you can include other properties specific to the Databricks environment. When you complete
the .xml file, compress it into a .zip or .tar file for import.

34 Chapter 2: Before You Install the Services on UNIX or Linux

Chapter 3

Prepare for Application Services

and Databases
This chapter includes the following topics:

• Checklist to Prepare for Application Services , 35

• Prepare for Application Services and Databases Overview, 36
• Set Up Database User Accounts, 36
• Identify Application Services by Product, 36
• Domain Configuration Repository Database Requirements, 37
• Catalog Service, 40
• Content Management Service, 44
• Data Integration Service, 46
• Data Privacy Management Service, 49
• Informatica Cluster Service, 54
• Model Repository Service, 54
• Monitoring Model Repository Service, 57
• Configure Native Connectivity on Service Machines, 58

Checklist to Prepare for Application Services

This chapter contains information about application services and databases for the Informatica environment.
Use this checklist to track service planning and database preparation.

 Identify the application services that you need in your environment.

 Identify the application services that you want the installer to create.

 Prepare databases for the services:

• Create the database.
• Create a user for the database.
• Create environment variables.
• Configure connectivity.

35
Prepare for Application Services and Databases
Overview
When you plan the application services, you must account for the associated services that connect to the
application service. You also must plan the relational databases that the application service requires.

The installer prompts you to optionally create some services during the installation. Some service properties
require database information. If you want the installer to create a service that requires a database, you must
prepare the database before you run the installer. To prepare the databases, verify the data base
requirements, set up the database, and set up a user account. The database requirements depend on the
application services that you create.

If you do not create services during installation, you can create them manually after you install.

Set Up Database User Accounts

Set up a database and user account for the repository databases.

Use the following rules and guidelines when you set up the user accounts:

• The database user account must have permissions to create and drop tables, indexes, and views, and to
select, insert, update, and delete data from tables.
• Use 7-bit ASCII to create the password for the account.
• To prevent database errors in one repository from affecting any other repository, create each repository in
a separate database schema with a different database user account. Do not create a repository in the
same database schema as the domain configuration repository or any other repository in the domain.

Identify Application Services by Product

Each application service provides different functionality within the Informatica domain. You create
application services based on the license key generated for your organization.

36 Chapter 3: Prepare for Application Services and Databases

 The following table lists the application services that each product uses:

Product Application Services

Data Privacy Management - Data Privacy Management Service *

- Catalog Service *
- Content Management Service *
- Data Integration Service *
- monitoring Model Repository Service *
- Model Repository Service *
- Informatica Cluster Service *

Enterprise Data Catalog - Catalog Service *

- Content Management Service *
- Data Integration Service *
- Model Repository Service *
- monitoring Model Repository Service *
- Informatica Cluster Service *

Data Engineering Integration - Data Integration Service *

- Model Repository Service *
- monitoring Model Repository Service *

* You can create these services when you install the product.

Domain Configuration Repository Database

Requirements
Informatica components store metadata in relational database repositories. The domain stores configuration
and user information in a domain configuration repository.

You must set up a database and user account for the domain configuration repository before you run the
installation. The database must be accessible to all gateway nodes in the Informatica domain.

When you install Informatica, you provide the database and user account information for the domain
configuration repository. The Informatica installer uses JDBC to communicate with the domain configuration
repository.

The domain configuration repository supports the following database types:

• IBM DB2 UDB

• Microsoft SQL Server
• Microsoft Azure SQL Database
• Oracle
• PostgreSQL

Allow 200 MB of disk space for the database.

Domain Configuration Repository Database Requirements 37

 IBM DB2 Database Requirements
Use the following guidelines when you set up the repository on IBM DB2:

• If the repository is in an IBM DB2 database, verify that IBM DB2 Version 10.5 is installed.
• On the IBM DB2 instance where you create the database, set the following parameters to ON:
- DB2_SKIPINSERTED

- DB2_EVALUNCOMMITTED

- DB2_SKIPDELETED

- AUTO_RUNSTATS
• On the database, set the configuration parameters.
The following table lists the configuration parameters that you must set:

Parameter Value

logfilsiz 8000

maxlocks 98

locklist 50000

auto_stmt_stats ON

• Set the tablespace pageSize parameter to 32768 bytes.

In a single-partition database, specify a tablespace that meets the pageSize requirements. If you do not
specify a tablespace, the default tablespace must meet the pageSize requirements.
In a multi-partition database, specify a non-partitioned tablespace that meets the pageSize requirements.
Define the tablespace in the catalog partition of the database.
• Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.
• Verify that the database user has CREATETAB, CONNECT, and BINDADD privileges.
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• In the DataDirect Connect for JDBC utility, update the DynamicSections parameter to 3000.
The default value for DynamicSections is too low for the Informatica repositories. Informatica requires a
larger DB2 package than the default. When you set up the DB2 database for the domain configuration
repository or a Model repository, you must set the DynamicSections parameter to at least 3000. If the
DynamicSections parameter is set to a lower number, you can encounter problems when you install or run
Informatica services.

38 Chapter 3: Prepare for Application Services and Databases

Microsoft SQL Server Database Requirements
Use the following guidelines when you set up the repository:

• Set the allow snapshot isolation and read committed isolation level to ALLOW_SNAPSHOT_ISOLATION
and READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following commands:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following commands:
SELECT snapshot_isolation_state FROM sys.databases WHERE name=[DatabaseName]
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Microsoft Azure SQL Database Requirements

Use the following guidelines when you set up the repository:

• Set the allow snapshot isolation and read committed isolation level to ALLOW_SNAPSHOT_ISOLATION
and READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following commands:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following commands:
SELECT snapshot_isolation_state FROM sys.databases WHERE name=[DatabaseName]
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Oracle Database Requirements

Use the following guidelines when you set up the repository on Oracle:

• Verify that the database user has the following privileges:

CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.

PostgreSQL Database Requirements

Use the following guidelines when you set up the repository on PostgreSQL:

• Verify that the database user account has CONNECT, CREATE TABLE, and CREATE VIEW privileges.
• Specify the database schema name when you use PostgreSQL as the database.

Domain Configuration Repository Database Requirements 39

 • Ensure that PostgreSQL has sufficient disk space for the data files. By default, the data files are present in
the following location:
<PostgreSQL installation directory>/data
• On the database, set the configuration parameters.
The following table lists the minimum and recommended values for the configuration parameters that you
must set:

Parameter Minimum Value Recommended Value

max_connections 200 4000

shared_buffers 2 GB 16 GB

max_locks_per_transaction 1024 1024

max_wal_size 1 GB 8 GB

checkpoint_timeout 5 minutes 30 minutes

Catalog Service
The Catalog Service is an application service that runs Enterprise Data Catalog in the Informatica domain. It
manages the connections between service components and the users that have access to Enterprise Data
Catalog search interface and Catalog Administrator.

The catalog represents an indexed inventory of all the configured data assets in an enterprise. You can find
metadata and statistical information, such as profile statistics, data asset ratings, data domains, and data
relationships, in the catalog.

The following table summarizes the dependencies for products, services, and databases that are associated
with the Catalog Service:

Dependency Summary

Products The following products use the Catalog Service:

- Enterprise Data Catalog
- Enterprise Data Preparation
- Data Privacy Management

Services The Catalog Service depends on the following services:

- Content Management Service
- Data Integration Service
- Informatica Cluster Service
- Model Repository Service
- Analyst Service

40 Chapter 3: Prepare for Application Services and Databases

 Dependency Summary

Databases If you want to enable Data Asset Analytics for the Catalog Service, you can select from one of the
following databases for the Data Asset Analytics repository:
- Oracle
- SQL Server
- PostgreSQL
Configure Data Asset Analytics for the Catalog Service if you want to enable Data Flow Analytics. To
enable Data Flow Analytics for a PowerCenter resource, create a read-only database user on the
PowerCenter repository database.

Installer You can create the Catalog Service when you install Enterprise Data Catalog.

Data Asset Analytics Repository Database Requirements

The Data Asset Analytics repository database stores the analytical information collected from the catalog.
The analytical information is displayed as reports and statistical data in the Data Asset Analytics tab in
Enterprise Data Catalog. You can access the Data Asset Analytics tab after you configure Data Asset
Analytics in the Catalog Service and assign the required privileges for users to access the tab.

You can configure any of the following databases as the repository database for Data Asset Analytics:

• Oracle
• SQL Server
• PostgreSQL

Oracle Database Requirements

Perform the following steps before you configure Oracle as the repository database:

1. Create a user name and password to access the Oracle database using the following command: CREATE
USER <Database schema>
2. Run the following commands to provide the required user privileges:
GRANT CONNECT TO <Database schema>;
GRANT RESOURCE TO <Database schema>;
GRANT CREATE VIEW TO <Database schema>;
GRANT CREATE MATERIALIZED VIEW TO <Database schema>;
GRANT UNLIMITED TABLESPACE TO <Database schema>. Alternatively, use the command
ALTER USER <Database schema> QUOTA <SIZE> ON <Tablespace name>;

Microsoft SQL Server Database Requirements

Perform the following steps before you configure Microsoft SQL Server as the repository database:

1. Use the dbo schema for SQL Server.

2. Run the following commands to create the database, the user name, password and assign the required
privileges for the user:
USE master
GO
CREATE DATABASE <New database name>;
GO
use <New database name>
CREATE LOGIN <New login name> WITH PASSWORD = '<Password>';
CREATE USER <New user name> FOR LOGIN <New login name> WITH DEFAULT_SCHEMA = [dbo];
GRANT CREATE TABLE TO <New user name>;
GRANT CREATE VIEW TO <New user name>;
GRANT SELECT, ALTER, INSERT, DELETE, UPDATE on schema::dbo to <New user name> ;
GRANT REFERENCES to <New user name>;

Catalog Service 41
 PostgreSQL Database Requirements
Perform the following steps before you configure PostgreSQL as the repository database:

1. Use the public schema for PostgreSQL.

2. Create the credentials to access the database using the following command: CREATE USER <New user
name> WITH PASSWORD '<Password>';
Note: Make sure that you choose a user name that is different from the name of the database schema.
3. Create the database and assign the ownership to the user name that you created. Use the following
command to complete this step: CREATE DATABASE <NEW db NAME> owner=<New user name>;
4. After you connect to the database, run the command SHOW search_path. The command must return the
value <User>, public.

Data Flow Analytics Repository Database Requirements

Data Flow Analytics connects to the PowerCenter data source to retrieve mappings and performs analyses
on the mappings. The statistical information from the analyses appears in the Data Flow Analytics tab in the
Enterprise Data Catalog tool. Create a database user account and configure the required read privileges for
the account. After you create the account, you can configure Data Flow Analytics for the PowerCenter
resource using the Catalog Administrator tool.

Use the following guidelines when you set up the database user account for the PowerCenter repository.

Oracle Database Requirements

Perform the following steps before you configure Oracle as the PowerCenter data source for Data Flow
Analytics:

1. Create a user name and password to access the database using the CREATE USER <Database schema>
IDENTIFIED BY <database schema> command.
2. Run the following commands to provide the required privileges to the database user:
GRANT CONNECT TO <Database schema>;
GRANT SELECT ON <PowerCenter repository schema>.OPB_WFLOW_RUN TO <Database schema>;
GRANT SELECT ON <PowerCenter repository schema>.OPB_SUBJECT TO <Database schema>;
3. Run the following commands to create synonyms for the tables to query the workflow execution details:
CREATE synonym <Database schema>.OPB_WFLOW_RUN FOR <PCRS schema>.OPB_WFLOW_RUN;
CREATE synonym <Database schema>.OPB_SUBJECT FOR <PCRS schema>.OPB_SUBJECT;

Microsoft SQL Server Database Requirements

Perform the following steps before you configure Microsoft SQL Server as the PowerCenter data source for
Data Flow Analytics:

1. Run the following commands to create a user name and password to access the database:
USE <PowerCenter repository name>
CREATE LOGIN <New login name> WITH PASSWORD='<Password>';
CREATE USER <New user name> FOR LOGIN <New login name>;
2. Run the following commands to provide the required privileges to the database user:
GRANT SELECT ON OPB_SUBJECT TO <New user name>;
GRANT SELECT ON OPB_WFLOW_RUN TO <New user name>

42 Chapter 3: Prepare for Application Services and Databases

IBM DB2 Database Requirements
Perform the following steps before you configure IBM DB2 as the PowerCenter data source for Data Flow
Analytics:

1. Log in to the machine that hosts the IBM DB2 database as a root user and create a new user account on
the machine.
2. Run the following commands to provide the required privileges to the database user:
GRANT CONNECT ON <PowerCenter repository name> TO USER <Database user name>;
GRANT SELECT ON TABLE <PowerCenter repository name>."OPB_WFLOW_RUN" TO USER
<Database user name>;
GRANT SELECT ON TABLE <PowerCenter repository name>."OPB_SUBJECT" TO USER <Database
user name>;
3. Run the following commands to create aliases for the tables to query the workflow execution details:
CREATE ALIAS <Database user name>.OPB_WFLOW_RUN FOR <PowerCenter repository
name>.OPB_WFLOW_RUN;
CREATE ALIAS <Database user name>.OPB_SUBJECT FOR <PowerCenter repository
name>.OPB_SUBJECT;

Sybase
Perform the following steps before you configure Sybase as the PowerCenter data source for Data Flow
Analytics:

1. Log in to a Sybase client as an administrator and run the following commands to create a user name and
password to access the database:
sp_addlogin <New login name>, <Password>
use <PowerCenter repository name>
sp_adduser <New login name>, <New user name>
2. Run the following commands to provide the required privileges to the database user:
GRANT SELECT TO <New user name>
GRANT CREATE VIEW TO <New user name>
3. Run the following commands to create views for the tables to query the workflow execution details:
CREATE VIEW <Database user name>.OPB_WFLOW_RUN as select * from <PowerCenter
repository schema>.OPB_WFLOW_RUN
CREATE VIEW <Database user name>.OPB_SUBJECT as select * from <PowerCenter
repository schema>.OPB_SUBJECT

PostgreSQL
Perform the following steps before you configure PostgreSQL as the PowerCenter data source for Data Flow
Analytics:

1. Create a user name and password to access the database using the following command: CREATE USER
<Database user name> WITH PASSWORD '<Database user name>'
2. Create a role using the CREATE ROLE <Role name> command.
3. Run the following commands to provide the required privileges to the user:
GRANT <role name> TO <Database user name>;
GRANT CONNECT ON DATABASE "<PowerCenter repository name>" to <Role name>;
GRANT USAGE ON SCHEMA <PowerCenter repository schema> TO <Role name>;
GRANT SELECT ON OPB_WFLOW_RUN TO <Role name>;
GRANT SELECT ON OPB_SUBJECT TO <Role name>;

Catalog Service 43
Content Management Service
The Content Management Service manages reference data for data domains that use reference tables. It
uses the Data Integration Service to run mappings to transfer data between reference tables and external
data sources. When you create the service, you need to associate other application services with it.

The following table summarizes the dependencies for products, services, and databases that are associated
with the Content Management Service:

Dependency Summary

Products The following products use the Content Management Service:

- Data Engineering Quality
- Data Privacy Management
- Enterprise Data Catalog
- Enterprise Data Preparation
- Informatica Data Quality
- Test Data Management

Services The Content Management Service requires a direct association with the following services:
- Model Repository Service
- Data Integration Service

Databases The Content Management Service uses the following database:

- Reference data warehouse. Stores data values for the reference table objects that you define in the
Model repository. When you add data to a reference table, the Content Management Service writes
the data values to a table in the reference data warehouse.

Installer You can create the Content Management Service when you run the installer.
Note: You must create the Content Management Service on the same node as the Data Integration
Service.

Reference Data Warehouse Requirements

The reference data warehouse stores the data values for reference table objects that you define in a Model
repository. You configure a Content Management Service to identify the reference data warehouse and the
Model repository.

You associate a reference data warehouse with a single Model repository. You can select a common
reference data warehouse on multiple Content Management Services if the Content Management Services
identify a common Model repository. The reference data warehouse must support mixed-case column
names.

The reference data warehouse supports the following database types:

• IBM DB2 UDB

• Microsoft SQL Server
• Oracle

Allow 200 MB of disk space for the database.

Note: Ensure that you install the database client on the machine on which you want to run the Content
Management Service.

44 Chapter 3: Prepare for Application Services and Databases

IBM DB2 Database Requirements
Use the following guidelines when you set up the repository on IBM DB2:

• Verify that the database user account has CREATETAB and CONNECT privileges.
• Verify that the database user has SELECT privileges on the SYSCAT.DBAUTH and SYSCAT.DBTABAUTH
tables.
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• Set the tablespace pageSize parameter to 32768 bytes.
• Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.

Microsoft Azure SQL Database Requirements

Use the following guidelines when you set up the repository:

• Set the allow snapshot isolation and read committed isolation level to ALLOW_SNAPSHOT_ISOLATION
and READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following commands:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following commands:
SELECT snapshot_isolation_state FROM sys.databases WHERE name=[DatabaseName]
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Microsoft SQL Server Database Requirements

Use the following guidelines when you set up the repository:

• Verify that the database user account has CONNECT and CREATE TABLE privileges.

Oracle Database Requirements

Use the following guidelines when you set up the repository on Oracle:

• Verify that the database user has the following privileges:

ALTER SEQUENCE
ALTER TABLE
CREATE SEQUENCE
CREATE SESSION
CREATE TABLE
CREATE VIEW
DROP SEQUENCE
DROP TABLE
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.

Content Management Service 45

 PostgreSQL Database Requirements
Use the following guidelines when you set up the repository on PostgreSQL:

• Use a JDBC connection to connect to the PostgreSQL database.

Informatica installs a DataDirect JDBC driver for PostgreSQL that you can use to connect to the database.
Find the driver in the clients/DeveloperClient/infacmd installation directory, and copy the driver to the
clients/externaljdbcjars directory .
• Specify the database schema name. Do not leave the schema name blank.
If the database uses the default PostgreSQL schema name of public, you can specify public as the
schema name.
• Verify that the database user has the CONNECT and CREATE TABLE privileges.

Data Integration Service

The Data Integration Service receives requests from Informatica client tools to run integration, profile, and
data preparation jobs. It writes results to different databases, and it writes run-time metadata to the Model
repository. When you create the service, you need to associate another application service with it.

The following table lists the dependencies for products, services, and databases that are associated with the
Data Integration Service.

Dependency Summary

Products The following products use the Data Integration Service:

- Data Engineering Integration
- Data Engineering Quality
- Data Engineering Streaming
- Data Privacy Management
- Enterprise Data Catalog
- Enterprise Data Preparation
- Informatica Data Quality
- PowerCenter
- Test Data Management

Services The Data Integration Service requires a direct association with the following service:
- Model Repository Service

Databases The Data Integration Service uses the following databases:

- Data object cache. Stores cached logical data objects and virtual tables.
- Profiling warehouse. Stores profiling information, such as profile and scorecard results.
- Workflow database. Stores run-time metadata for workflows.

Installer You can create the Data Integration Service when you run the installer.

46 Chapter 3: Prepare for Application Services and Databases

Data Object Cache Database Requirements
The data object cache database stores cached logical data objects and virtual tables for the Data Integration
Service. You specify the data object cache database connection when you create the Data Integration
Service.

The data object cache database supports the following database types:

• IBM DB2 UDB

• Microsoft SQL Server
• Microsoft Azure SQL Database
• Oracle

Allow 200 MB of disk space for the database.

Note: Ensure that you install the database client on the machine on which you want to run the Data
Integration Service.

IBM DB2 Database Requirements

Use the following guidelines when you set up the repository on IBM DB2:

• Verify that the database user account has CREATETAB and CONNECT privileges.
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• Set the tablespace pageSize parameter to 32768 bytes.
• Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.

Microsoft SQL Server Database Requirements

Use the following guidelines when you set up the repository:

• Verify that the database user account has CONNECT and CREATE TABLE privileges.

Microsoft Azure SQL Database Requirements

Use the following guidelines when you set up the repository:

• Verify that the database user account has CONNECT and CREATE TABLE privileges.

Data Integration Service 47

 Oracle Database Requirements
Use the following guidelines when you set up the repository on Oracle:

• Verify that the database user has the following privileges:

CREATE INDEX
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW
DROP TABLE
INSERT INTO TABLE
UPDATE TABLE
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.

Profiling Warehouse Requirements

The profiling warehouse database stores profiling and scorecard results. You specify the profiling warehouse
connection when you create the Data Integration Service.

The profiling warehouse supports the following database types:

• IBM DB2 UDB

• Microsoft SQL Server
• Oracle

Allow 10 GB of disk space for the database.

Note: Ensure that you install the database client on the machine on which you want to run the Data
Integration Service. You can specify a JDBC connection as the profiling warehouse connection for IBM DB2
UDB, Microsoft SQL Server, and Oracle database types.

For more information about configuring the database, see the documentation for your database system.

IBM DB2 Database Requirements

Use the following guidelines when you set up the repository on IBM DB2:

• The database user account must have the CREATETAB, CONNECT, CREATE VIEW, and CREATE FUNCTION
privileges.
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• Set the tablespace pageSize parameter to 32768 bytes.
• Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.

Note: Informatica does not support the partitioned database environment for IBM DB2 databases when you
use a JDBC connection as the profiling warehouse connection.

48 Chapter 3: Prepare for Application Services and Databases

 Microsoft SQL Server Database Requirements
Use the following guidelines when you set up the repository:

• The database user account must have the CONNECT, CREATE TABLE, CREATE VIEW, and CREATE
FUNCTION privileges.

Oracle Database Requirements

Use the following guidelines when you set up the repository on Oracle:

• Verify that the database user has the following privileges:

ALTER TABLE
CREATE ANY INDEX
CREATE PROCEDURE
CREATE SESSION
CREATE TABLE
CREATE VIEW
DROP TABLE
UPDATE TABLE
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.
• Set the following parameters to the Informatica recommended values:

Parameter Recommended Value

open_cursors 4000

Sessions 1000

Processes 1000

Data Privacy Management Service

The Data Privacy Management Service runs Data Privacy Management in the Informatica domain. When you
create the service, you need to associate other application services with it.

Data Privacy Management stores data and metadata such as data stores and scans in the Data Privacy
Management repository. Before you create the Data Privacy Management Service, set up a database and
database user account for the Data Privacy Management repository.

Data Privacy Management Service 49

 The following table lists the dependencies for products, services, and databases that are associated with the
Data Privacy Management Service.

Dependency Summary

Products The following products use the Data Privacy Management Service:
- Data Privacy Management

Services The Data Privacy Management Service requires a direct association with the following service:
- Catalog Service

Databases The Data Privacy Management Service uses the following databases:
- Data Privacy Management repository. Stores data and metadata such as data stores and scans that
you run in Data Privacy Management.

Installer You can create the Data Privacy Management Service when you run the installer.

Data Privacy Management Repository Database Requirements

Data Privacy Management stores data and metadata, such as data stores and scans, in the Data Privacy
Management repository. Before you create the Data Privacy Management Service, set up a database and
database user account for the Data Privacy Management repository.

The Data Privacy Management repository supports the following database types:

• IBM DB2
• Microsoft SQL Server
• Microsoft Azure SQL Database
• Oracle
• PostgreSQL

When you configure Microsoft SQL Server, you can choose to configure the Microsoft Azure SQL Database as
the Data Privacy Management repository.

Allow 3 GB of disk space for DB2. Allow 200 MB of disk space for all other database types.

For more information about configuring the database, see the documentation for your database system.

IBM DB2 Database Requirements

Use the following guidelines when you set up the repository on IBM DB2:

• On the IBM DB2 instance where you create the database, set the following parameters to ON:
- DB2_SKIPINSERTED

- DB2_EVALUNCOMMITTED

- DB2_SKIPDELETED

- AUTO_RUNSTATS
• On the database, set the configuration parameters.

50 Chapter 3: Prepare for Application Services and Databases

 The following table lists the configuration parameters that you must set:

Parameter Value

logfilsiz 8000

maxlocks 98

locklist 50000

auto_stmt_stats ON

• Set the tablespace pageSize parameter to 32768 bytes.

In a single-partition database, specify a tablespace that meets the pageSize requirements. If you do not
specify a tablespace, the default tablespace must meet the pageSize requirements.
In a multi-partition database, specify a non-partitioned tablespace that meets the pageSize requirements.
Define the tablespace in the catalog partition of the database.
• Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.
• Verify that the database user has CREATETAB, CONNECT, and BINDADD privileges.
• Setup the national character mapping configuration parameter, NCHAR_MAPPING, to GRAPHIC_CU16.
You can use the following commands:
db2 connect to <Data Privacy Management database name>
db2 update db cfg using NCHAR_MAPPING GRAPHIC_CU16
db2 connect reset
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• In the DataDirect Connect for JDBC utility, update the DynamicSections parameter to 3000.
The default value for DynamicSections is too low for the Informatica repositories. Informatica requires a
larger DB2 package than the default. When you set up the DB2 database for the domain configuration
repository or a Model repository, you must set the DynamicSections parameter to at least 3000. If the
DynamicSections parameter is set to a lower number, you can encounter problems when you install or run
Informatica services.

Microsoft SQL Server Database Requirements

Important: The database collation type must be case sensitive. For example: COLLATE
SQL_Latin1_General_CP1_CS_AS

Use the following guidelines when you set up the repository on Microsoft SQL Server:

• Set the read committed isolation level to READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following command:
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following command:
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• Set the ALLOW_SNAPSHOT_ISOLATION parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON

Data Privacy Management Service 51

 To verify that the parameter is set correctly, run the following command:
SELECT is_allow_snapshot_isolation_on FROM sys.databases WHERE name = DatabaseName
• Set the AUTO_UPDATE_STATISTICS_ASYNC parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET AUTO_UPDATE_STATISTICS_ASYNC ON
To verify that the parameter is set correctly, run the following command:
SELECT is_auto_update_statistics_async_on FROM sys.databases WHERE name = DatabaseName
• Set the AUTO_UPDATE_STATISTICS parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET AUTO_UPDATE_STATISTICS ON
To verify that the parameter is set correctly, run the following command:
SELECT is_auto_update_statistics_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Microsoft Azure SQL Server Database Requirements

Important: The database collation type must be case sensitive. For example: COLLATE
SQL_Latin1_General_CP1_CS_AS

Use the following guidelines when you set up the repository on Microsoft SQL Server:

• Set the read committed isolation level to READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following command:
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following command:
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• Set the ALLOW_SNAPSHOT_ISOLATION parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
To verify that the parameter is set correctly, run the following command:
SELECT is_allow_snapshot_isolation_on FROM sys.databases WHERE name = DatabaseName
• Set the AUTO_UPDATE_STATISTICS_ASYNC parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET AUTO_UPDATE_STATISTICS_ASYNC ON
To verify that the parameter is set correctly, run the following command:
SELECT is_auto_update_statistics_async_on FROM sys.databases WHERE name = DatabaseName
• Set the AUTO_UPDATE_STATISTICS parameter to ON.
To set the parameter to ON, run the following command:
ALTER DATABASE DatabaseName SET AUTO_UPDATE_STATISTICS ON
To verify that the parameter is set correctly, run the following command:
SELECT is_auto_update_statistics_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

52 Chapter 3: Prepare for Application Services and Databases

Oracle Database Requirements
Use the following guidelines when you set up the repository on Oracle:

• Set the SESSIONS parameter to 1500.

• Set the PROCESSES parameter to 2272.
• Set the OPEN_CURSORS parameter to 2000 or higher.
• Verify that the database user has the CONNECT, RESOURCE, and CREATE VIEW privileges.
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.

PostgreSQL Database Requirements

Use the following guidelines when you set up the repository on PostgreSQL:

• Verify that the database user account has CONNECT, CREATE TABLE, and CREATE VIEW privileges.
• Specify the database schema name when you use PostgreSQL as the database.
• Ensure that PostgreSQL has sufficient disk space for the data files. By default, the data files are present in
the following location:
<PostgreSQL installation directory>/data
• On the database, set the configuration parameters.
The following table lists the minimum and recommended values for the configuration parameters that you
must set:

Parameter Minimum Value Recommended Value

max_connections 200 4000

shared_buffers 2 GB 16 GB

max_locks_per_transaction 1024 1024

max_wal_size 1 GB 8 GB

checkpoint_timeout 5 minutes 30 minutes

Data Privacy Management Service 53

Informatica Cluster Service
The Informatica Cluster Service runs and manages Enterprise Data Catalog and the associated services.

The following table summarizes the dependencies for products, services, and databases that are associated
with the Informatica Cluster Service:

Dependency Summary

Products The following products use the Informatica Cluster Service:

- Data Privacy Management
- Enterprise Data Catalog
- Enterprise Data Preparation

Services The Informatica Cluster Service must be associated with the Catalog Service.

Databases Mongo DB as the metadata store.

Installer You can create the Informatica Cluster Service when you install Enterprise Data Catalog.

Model Repository Service

The Model Repository Service manages the Model repository. It receives requests from Informatica clients
and application services to store or access metadata in the Model repository.

The following table summarizes the dependencies for products, services, and databases that are associated
with the Model Repository Service.

Dependency Summary

Products The following products use the Model Repository Service:

- Data Engineering Integration
- Data Engineering Quality
- Data Engineering Streaming
- Data Privacy Management
- Enterprise Data Catalog
- Enterprise Data Preparation
- Informatica Data Quality
- PowerCenter
- Test Data Management

Services The Model Repository Service does not require an association with another application service.

Databases The Model Repository Service uses the following database:

- Model repository. Stores metadata created by Informatica clients and application services.

Installer You can create the Model Repository Service when you run the installer.

Model Repository Database Requirements

Informatica services and clients store data and metadata in the Model repository. Configure a monitoring
Model repository to store statistics for ad hoc jobs, applications, logical data objects, SQL data services, web

54 Chapter 3: Prepare for Application Services and Databases

 services, and workflows. Before you create the Model Repository Service, set up a database and database
user account for the Model repository. It is recommended that you use different database configuration for
Model repository and monitoring Model repository.

The Model repository supports the following database types:

• IBM DB2 UDB

• Microsoft SQL Server
• Microsoft Azure SQL Database
• Oracle
• PostgreSQL

When you configure Microsoft SQL Server, you can choose to configure the Microsoft Azure SQL Database as
the Model repository.

If you specify the Windows NT credentials for the Model repository database on Microsoft SQL Server, you
must also specify the connection string syntax to include the authentication method as NTLM.

Allow 3 GB of disk space for DB2. Allow 200 MB of disk space for all other database types.

For more information about configuring the database, see the documentation for your database system.

IBM DB2 Database Requirements

Use the following guidelines when you set up the repository on IBM DB2:

• Specify the tablespace name when you use IBM DB2 as the Model Repository database.
• If the repository is in an IBM DB2 database, verify that IBM DB2 Version 10.5 is installed.
• On the IBM DB2 instance where you create the database, set the following parameters to ON:
- DB2_SKIPINSERTED

- DB2_EVALUNCOMMITTED

- DB2_SKIPDELETED

- AUTO_RUNSTATS
• On the database, set the configuration parameters.
The following table lists the configuration parameters that you must set:

Parameter Value

logfilsiz 8000

maxlocks 98

locklist 50000

auto_stmt_stats ON

• Set the tablespace pageSize parameter to 32768 bytes.

In a single-partition database, specify a tablespace that meets the pageSize requirements. If you do not
specify a tablespace, the default tablespace must meet the pageSize requirements.
In a multi-partition database, specify a non-partitioned tablespace that meets the pageSize requirements.
Define the tablespace in the catalog partition of the database.

Model Repository Service 55

 • Set the NPAGES parameter to at least 5000. The NPAGES parameter determines the number of pages in
the tablespace.
• Verify that the database user has CREATETAB, CONNECT, and BINDADD privileges.
• Informatica does not support IBM DB2 table aliases for repository tables. Verify that table aliases have
not been created for any tables in the database.
• In the DataDirect Connect for JDBC utility, update the DynamicSections parameter to 3000.
The default value for DynamicSections is too low for the Informatica repositories. Informatica requires a
larger DB2 package than the default. When you set up the DB2 database for the domain configuration
repository or a Model repository, you must set the DynamicSections parameter to at least 3000. If the
DynamicSections parameter is set to a lower number, you can encounter problems when you install or run
Informatica services.

Microsoft Azure SQL Database Requirements

Use the following guidelines when you set up the repository:

• Set the allow snapshot isolation and read committed isolation level to ALLOW_SNAPSHOT_ISOLATION
and READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following commands:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following commands:
SELECT snapshot_isolation_state FROM sys.databases WHERE name=[DatabaseName]
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Note: The guidelines to set up the repository for Azure SQL Database with Active Directory authentication is
the same.

Microsoft SQL Server Database Requirements

Use the following guidelines when you set up the repository:

• Specify the database schema name when you use Microsoft SQL Server as the Model Repository
database.
• Set the allow snapshot isolation and read committed isolation level to ALLOW_SNAPSHOT_ISOLATION
and READ_COMMITTED_SNAPSHOT to minimize locking contention.
To set the isolation level for the database, run the following commands:
ALTER DATABASE DatabaseName SET ALLOW_SNAPSHOT_ISOLATION ON
ALTER DATABASE DatabaseName SET READ_COMMITTED_SNAPSHOT ON
To verify that the isolation level for the database is correct, run the following commands:
SELECT snapshot_isolation_state FROM sys.databases WHERE name=[DatabaseName]
SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = DatabaseName
• The database user account must have the CONNECT, CREATE TABLE, and CREATE VIEW privileges.

Note: The guidelines to set up the repositories for Microsoft Azure SQL Database and Azure SQL Database
with Active Directory authentication is the same.

56 Chapter 3: Prepare for Application Services and Databases

 Oracle Database Requirements
Use the following guidelines when you set up the repository on Oracle:

• Set the OPEN_CURSORS parameter to 4000 or higher.

Verify that the database user has the following privileges:

CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW
• Informatica does not support Oracle public synonyms for repository tables. Verify that public synonyms
have not been created for any tables in the database.

PostgreSQL Database Requirements

Use the following guidelines when you set up the repository on PostgreSQL:

• Verify that the database user account has CONNECT, CREATE TABLE, and CREATE VIEW privileges.
• Specify the database schema name when you use PostgreSQL as the database.
• Ensure that PostgreSQL has sufficient disk space for the data files. By default, the data files are present in
the following location:
<PostgreSQL installation directory>/data
• On the database, set the configuration parameters.
The following table lists the minimum and recommended values for the configuration parameters that you
must set:

Parameter Minimum Value Recommended Value

max_connections 200 4000

shared_buffers 2 GB 16 GB

max_locks_per_transaction 1024 1024

max_wal_size 1 GB 8 GB

checkpoint_timeout 5 minutes 30 minutes

Monitoring Model Repository Service

The monitoring Model Repository Service is a Model Repository Service that monitors statistics for Data
Integration Service jobs. You configure the monitoring Model Repository Service in the domain properties.

Note: If you want to generate monitoring statistics, you must create a dedicated Model Repository Service for
monitoring. You cannot store run-time monitoring statistics in the same repository where you store object
metadata.

Monitoring Model Repository Service 57

 The following table summarizes the dependencies for products, services, and databases that are associated
with the monitoring Model Repository Service:

Dependency Summary

Products The following products use the monitoring Model Repository Service:
- Data Engineering Integration
- Data Engineering Quality
- Data Engineering Streaming
- Data Privacy Management
- Enterprise Data Catalog
- Enterprise Data Preparation
- Informatica Data Quality
- PowerCenter
- Test Data Management

Services The monitoring Model Repository Service does not require an association with another application
service.

Databases The monitoring Model Repository Service uses the following database:
- Model repository. Stores run-time monitoring statistics that you can view in the Administrator tool.

Installer You can create the monitoring Model Repository Service when you run the installer.

Configure Native Connectivity on Service Machines

To establish native connectivity between an application service and a database, install the database client
software for the database that you want to access.

Native drivers are packaged with the database server and client software. Configure connectivity on the
machines that need to access the databases. To ensure compatibility between the application service and
the database, install a client software that is compatible with the database version and use the appropriate
database client libraries.

The Data Integration Service uses native database drivers to connect to the following databases:

• Source and target databases. Reads data from source databases and writes data to target databases.
• Data object cache database. Stores the data object cache.
• Profiling source databases. Reads from relational source databases to run profiles against the sources.
• Profiling warehouse. Writes the profiling results to the profiling warehouse.
• Reference tables. Runs mappings to transfer data between the reference tables and the external data
sources.

When the Data Integration Service runs on a single node or on primary and back-up nodes, install database
client software and configure connectivity on the machines where the Data Integration Service runs.

When the Data Integration Service runs on a grid, install database client software and configure connectivity
on each machine that represents a node with the compute role or a node with both the service and compute
roles.

58 Chapter 3: Prepare for Application Services and Databases

Install Database Client Software
You must install the database clients on the required machines based on the types of databases that the
application services access.

To ensure compatibility between the application service and the database, use the appropriate database
client libraries and install a client software that is compatible with the database version.

Install the following database client software based on the type of database that the application service
accesses:

IBM DB2 Client Application Enabler (CAE)

Configure connectivity on the required machines by logging in to the machine as the user who starts
Informatica services.

Oracle client

Install compatible versions of the Oracle client and Oracle database server. You must also install the
same version of the Oracle client on all machines that require it. To verify compatibility, contact Oracle.

Configure Database Client Environment Variables

Configure database client environment variables on the machines that run the Data Integration Service
processes.

After you configure the database environment variables, you can test the connection to the database from
the database client.

Oracle database
The following table lists the database environment variables that you need to set for the Oracle database
with sqlplus as the database utility:

Environment Variable Value

ORACLE_HOME <Client InstallDatabasePath>

PATH <DatabasePath>/bin and USER_INSTALL_DIR/server/bin:$PATH

LD_LIBRARY_PATH $Oracle_HOME/lib and USER_INSTALL_DIR/server/bin:$LD_LIBRARY_PATH

TNS_ADMIN Set to the location of the tnsnames.ora file: $ORACLE_HOME/network/admin

Configure Native Connectivity on Service Machines 59

 IBM DB2 database
The following table lists the database environment variables that you need to set for the IBM DB2 database
with db2connect as the database utility:

Environment Variable Value

DB2DIR <database path>

DB2INSTANCE <DB2InstanceName>

PATH <database path>/bin

PostgreSQL database
The following table lists the database environment variables that you need to set for the PostgreSQL
database:

Environment Variable Value

PGSERVICEFILE Set to the location of the pg_service.conf file: <pg_service.conf file directory>/
pg_service.conf

PGHOME /usr/pgsql -10

PATH $PGHOME:${PATH}

LD_LIBRARY_PATH $PGHOME/lib:${LD_LIBRARY_PATH}

INFA_TRUSTSTORE For default SSL domain, add to: <InstallationDirectory>/services/shared/security

For custom SSL domain, set INFA_TRUSTSTORE and INFA_TRUSTSTORE_PASSWORD

POSTGRES_ODBC Set the value to 1 for the PostgreSQL ODBC connection. You can set it either for all the
repositories in the domain or for any PostgreSQL repository that uses an ODBC connection.

Microsoft SQL Server database

The following table lists the database environment variables that you need to set for the Microsoft SQL
Server database:

Environment Variable Value

ODBCHOME USER_INSTALL_DIR/ODBC7.1

ODBCINI $ODBCHOME/odbc.ini

ODBCINST $ODBCHOME/odbcinst.ini

PATH /opt/mssql-tools/bin:$PATH$PATHUSER_INSTALL_DIR/ODBC7.1:$PATHUSER_INSTALL_DIR/
server/bin:$PATH

60 Chapter 3: Prepare for Application Services and Databases

Environment Variable Value

LD_LIBRARY_PATH $ODBCHOME/lib

INFA_TRUSTSTORE USER_INSTALL_DIR/server/bin:$LD_LIBRARY_PATH
For default SSL domain, add to: USER_INSTALL_DIR/services/shared/security
For custom SSL domain, set INFA_TRUSTSTORE and INFA_TRUSTSTORE_PASSWORD

Configure Native Connectivity on Service Machines 61

Chapter 4

Prepare for Enterprise Data

Catalog Deployment
This chapter includes the following topics:

• Checklist to Prepare for Enterprise Data Catalog Deployment, 62

• Deployment Planning, 63
• Informatica Cluster Service and Associated Services, 63
• Common Operating System Prerequisites, 63
• Operating System Prerequisites for Red Hat Enterprise Linux, 68
• Operating System Prerequisites for SUSE Linux Enterprise Server , 68
• Node Prerequisites, 69

Checklist to Prepare for Enterprise Data Catalog

Deployment
You can deploy Enterprise Data Catalog on a single data node or alternatively on three or six data nodes in a
cluster.

This chapter contains tasks that you must complete before you deploy Enterprise Data Catalog.

Complete the following tasks:

 Understand about Enterprise Data Catalog deployment and the Informatica Cluster Service that runs and
manages Enterprise Data Catalog.

 Understand about services associated with Informatica Cluster Service.

 Complete prerequisites and prepare the environment.

62
Deployment Planning
You can plan to deploy Enterprise Data Catalog on one, three, or six nodes.

Deployment of Enterprise Data Catalog involves creating and configuring the Informatica Cluster Service. The
Informatica Cluster Service runs and manages your Enterprise Data Catalog deployment. If you plan to deploy
Enterprise Data Catalog on more than one node, high availability is enabled by default to provide resiliency
and fail over for the Informatica Cluster Service.

Note: If you plan to deploy Data Privacy Management with Enterprise Data Catalog, you can plan for a six-
data-node deployment. In a six-node deployment, the nodes are split equally between Enterprise Data Catalog
and Data Privacy Management.

The Informatica Cluster Service uses a set of applications and associated services bundled with the installer
to manage and run Enterprise Data Catalog.

When you configure the Informatica Cluster Service, you can specify one, three, or six nodes on which the
associated applications and services can run. These nodes are referred to as the data nodes in the cluster.
The nodes on which you want to run profiling jobs or metadata scan jobs are referred to as processing nodes
in the cluster. There are no restrictions on the number of processing nodes that you can configure.

Effective in version 10.5.2, the Advanced Scanners tool is renamed to the MetaDex tool. The installer panels
and the install and upgrade guides still refer to Advanced Scanners.

Important: For the associated application services, you cannot configure more than three service instances
for a deployment.

Informatica Cluster Service and Associated Services

The Informatica Cluster Service uses the following services to run and manage Enterprise Data Catalog:

Service Description

MongoDB Service to manage the MongoDB database used as the metadata store.

Nomad Service to manage the Nomad orchestration service used to schedule resource scan jobs.

Apache Solr Service to manage Apache Solr used to index and search catalog assets.

Apache ZooKeeper Service to manage Apache ZooKeeper used as the service co-ordination application

PostgreSQL Service to manage PostgreSQL database used as the store for similarity profiling data.

Common Operating System Prerequisites

You can install Enterprise Data Catalog on a machine that runs on Red Hat Enterprise Linux Server or SUSE
Linux Enterprise Server. The prerequisites in this section are common for Red Hat Enterprise Linux and SUSE
Linux Enterprise Server.

Deployment Planning 63
 Operating System Configuration Prerequisites
Make sure that you verify the following operating system prerequisites:

• Verify that Bash is the default shell.

• Verify that ntpd is synchronized between the Informatica domain node and the cluster nodes.
• Verify that the Linux base repository is set up and working.
• Set the soft limit and hard limit for max user processes and file descriptors to 65,000 or more for the
machines where you plan to host the Informatica domain.
• Set the soft limit and hard limit for open file descriptor to 65,000 or more for the machines where you
deploy the Informatica Cluster Service.
• Set UMASK to 022 (0022).
• Set the value of the MaxStartups parameter in the SSH server configuration file to 30:30:100.

Applications and Utility Prerequisites

Verify that the following applications and utilities are installed:

• JDK 1.8
• Bash shell
• xz-libs
• systemctl
• rsync
• netstat
• YUM
• Zypper
• scp
• curl
• rpm
• zip
• unzip
• tar
• wget
• libcurl
• nslookup
• md5sum
• ping
• ifconfig
• cksum
• dnsdomainname
• OpenSSL version 1.0.1e-30.el6_6.5.x86_64 or later.
Note: Verify that the $PATH variable points to the /usr/bin directory to use the correct version of Linux
OpenSSL.

64 Chapter 4: Prepare for Enterprise Data Catalog Deployment

Directory Prerequisites
Configure the following directory prerequisites:
root directory (/)

The root directory (/) must have a minimum of 10 GB of free disk space. If you plan to create the data
directory for Informatica Cluster Service in the root directory, verify that the root directory has a
minimum of 50 GB additional free disk space available. If you want to configure a separate directory for
the Informatica Cluster Service log files, verify that the directory has a minimum of 50 GB of free disk
space.

If you configure the workingDir to /, validate if the file system mounted on /tmp and /var directories
have the EXEC flag set.

If the workingDir is not configured to /, validate if the workingDir directory has read, write, and
execute permissions configured. Validate if the EXEC flag is set for the directory.

The directory must not have the read, write, and execute permissions configured.

/var directory

The directory must not have the write permission for everyone.

The directory must have a minimum of 2 GB of free disk space.

The directory must not have the read, write, and execute permissions configured.

/tmp directory

The directory must have the read, write, and execute permissions configured.

/usr directory

The directory must have a minimum of 2 GB of free disk space.

Custom directory

Verify that a minimum of 60 GB of free disk space is available in any custom directory that you plan to
configure.

The requirements listed here are the minimum recommended values to install the product and start the
services. The requirements vary based on the size of deployment. See the Enterprise Data Catalog
Performance Tuning Guide for additional information about hardware requirements based on deployment
sizes.

DNS Prerequisites
Verify the following DNS prerequisites in the /etc/hosts file for all the nodes in the cluster:

• An entry for the loopback address, 127.0.0.1 localhost localhost.domain.com in the file.
• Each machine in the cluster includes the 127.0.0.1 localhost localhost.localdomain entry in the file.
• The file includes the fully-qualified host names for all the cluster nodes. Alternatively, make sure that
reverse DNS lookup returns the fully-qualified host names for all the cluster nodes.

Common Operating System Prerequisites 65

 User Account Prerequisites
Verify the following prerequisites for all the user accounts:

• Create a user account without root privileges and ensure that the user has sudo privileges.
Note: The services associated with the Informatica Cluster Service such as Apache Solr, PostgreSQL, and
Nomad require a non-root user with sudo privileges to run the services. Sudo allows a user to run
programs or commands with elevated privileges for a specific time frame. Enterprise Data Catalog
requires a non-root user with sudo permissions to run certain commands when performing administrative
tasks such as installation, upgrade, and service status monitoring.
• Update the sudoers file. Certain commands require sudo privileges for the gateway user when you enable
the Informatica Cluster Service for the first time. Ensure that the user has sudo privileges for the mkdir,
chown, chmod, echo, systemctl, cp, mv, sysctl, rm, sshd commands.
Note: You must configure sudo permissions for the commands if you plan to change the properties for the
Informatica Cluster Service or replace the SSL certificates configured for the Informatica Cluster Service.
To configure sudo privileges for the commands, you must add the commands to the /etc/sudoers file as
shown in the following sample: %<Gateway user name> ALL =(ALL) NOPASSWD: /bin/mkdir, /bin/
chown, /bin/chmod, /bin/echo, /bin/systemctl, /bin/cp, /bin/mv, /usr/sbin/
sysctl, /bin/rm, /usr/sbin/sshd.
Note: You can determine the directory where each command is located using the which <command name>
command.
After you enable the Informatica Cluster Service for the first time, you can choose to disable the validation
for sudo permissions for the Informatica Cluster Service. To disable the validation, configure the following
custom property for the Informatica Cluster Service: IcsCustomOptions.IcsGatewayUserSudoEnabled and
set the value to false. After you disable the validation, sudo privileges are not required when you restart
the Informatica Cluster Service. However, to shut down the Informatica Cluster Service, sudo permission
is still required for the systemctl command.
To run the infacmd ics cleanCluster command to clean the Informatica Cluster Service, sudo
permission must be configured for the systemctl and rm commands.
• Add the following entries in the /etc/security/limits.d/20-nproc.conf file for the root user:
- soft nproc 65000

- hard nproc 65000

- soft nofile 65000

- hard nofile 65000

• Add the following entries in the /etc/security/limits.d/20-nproc.conf file for the non-root user:
- <non root user name> soft nproc 65000

- <non root user name> hard nproc 65000

- <non root user name> soft nofile 65000

- <non root user name> hard nofile 65000

• For the non-root user account with sudo privileges that you use to install Enterprise Data Catalog,
configure the following ulimit values:

-f (file size): unlimited

-t (cpu time): unlimited
-v (virtual memory): unlimited
-l (locked-in-memory size): unlimited

66 Chapter 4: Prepare for Enterprise Data Catalog Deployment

 -n (open files): 64000
-m (memory size): unlimited
-u (processes/threads): 64000
• Disable the password prompt from the domain host to the cluster gateway host and from the cluster
gateway host to all the agent nodes.
• Verify that the gateway user has the required privileges to run the ping command.
• Disable the password prompt for the gateway user.
• If you use a user account without root privileges and if you want to remove sudo access, comment
defaults requiretty in the /etc/sudoers file.
• Disable sudoers I/O logging. Comment Defaults log_input,log_output in the /etc/sudoers file.

Port Prerequisites
Verify that the following ports are available:

Service Default Port

HTTP/HTTPS 9075

Nomad Serf 4648

Nomad HTTP 4646

Nomad RPC 4647

ZooKeeper 2181

ZooKeeper peer 2888

ZooKeeper leader 3888

Solr 8983

Mongo DB is not configured as a shard member or configuration server. 27017

Mongo DB is configured as a shard member 27018

Mongo DB is configured as a configuration server. 27019

PostgreSQL 5432

Common Operating System Prerequisites 67

Operating System Prerequisites for Red Hat
Enterprise Linux
Verify the following prerequisites for a Red Hat Linux Enterprise Server if you plan to install Enterprise Data
Catalog on a Red Hat Enterprise Linux Server:

Operating Prerequisite
System

Red Hat - Sudo version 1.8.16 or later.

Enterprise Linux - Install openssl version v1.01 build 16 or later or v1.0.2k.
- Verify that the /etc/sysconfig/network directory exists and configure read permission for
the directory.
- Verify that /etc/sysconfig/network includes the same entry as the entry configured for
hostname -f.
- For RHEL 6.x, install lsb_release.
- For RHEL 8.x, install ncurses-c++-libs and ncurses-compat-libs.
- For RHEL 8.3, install libidn.so.11.

See the Informatica Product Availability Matrix for 10.5.2 for more details.

Operating System Prerequisites for SUSE Linux

Enterprise Server
Verify the following prerequisites for a SUSE Linux Enterprise Server if you plan to install Enterprise Data
Catalog on a SUSE Linux Enterprise Server:

Operating Prerequisite
System

SUSE Linux - Install netcat-openbsd.

Enterprise - Verify that the /etc/HOSTNAME directory exists and configure read permission for the directory.
Server - Verify that the /etc/HOSTNAME directory includes the same entry as the entry configured for
hostname -f
- Install the following RPM Package Manager (RPMs) on all the cluster nodes:
- openssl-1.0.1c-2.1.3.x86_64.rpm
- libopenssl1_0_0-1.0.1c-2.1.3.x86_64.rpm
- libopenssl1_0_0-32bit-1.0.1c-2.1.3.x86_64.rpm
- Install libncurses5.
Note: The pre-validation utility does not validate this prerequisite.
- Do not install libsnappy if you install Enterprise Data Catalog on SUSE Linux Enterprise Server.

See the Informatica Product Availability Matrix for more details.

68 Chapter 4: Prepare for Enterprise Data Catalog Deployment

Node Prerequisites

Host Node Prerequisites

Verify the following prerequisites for the host nodes:

• Disable the firewall on each host in the cluster.

• Enable passwordless SSH between the following nodes:
- Node that hosts the Informatica domain and node that hosts the gateway.

- Gateway node and all data nodes and processing nodes.

- Backup nodes and gateway node.

- All nodes in the cluster and data nodes.

Cluster Node Prerequisites

Verify that the cluster nodes meet the following minimum requirements per node:

Requirement Value

CPU 4

Unused memory 12 GB

Total memory 16 GB

Disk space 60 GB

Node Prerequisites 69
Chapter 5

Record Information for Installer

Prompts
This chapter includes the following topics:

• Checklist to Record Installer Prompts, 70

• Record Information for Installer Prompts Overview, 71
• Domain, 71
• Nodes, 72
• Application Services, 72
• Databases , 73
• Connection String to a Secure Database, 75
• Cluster Configuration, 77
• Secure Data Storage, 78

Checklist to Record Installer Prompts

This chapter contains information that you need to enter when you run the installer. Use this checklist to
track the recording tasks before you run the installer.

 Record the names of nodes that you want to create and the services that you want to create on each
node.

 Record basic database information for each database associated with a service that you are creating.

 If the domain configuration and Model repository databases are secure, record the JDBC connection
string with required security parameters.

 Record the site key for the installer.

 If you want to enable Kerberos authentication when you run the installer, record Kerberos information for
each node in the domain.

70
Record Information for Installer Prompts Overview
When you install the Informatica services, you need to know information about the domain, nodes,
application services, and databases that you plan to create.

This section lists information that you need to provide when you run the installer. Informatica recommends
recording installer prompts before you start the installation process. For example, you might want to create a
text file of information so you can copy into the installer.

Domain Object Naming Conventions

You cannot change domain, node, and application service names. Use names that continue to work if you
migrate a node to another machine or if you add additional nodes and services to the domain. In addition, use
names that convey how the domain object is used. Naming conventions are provided in applicable topics.

Domain
When you create a domain, you must provide a domain name and gateway node name.

The following table describes the domain information that you need to enter during the installation process:

Domain Information Description

Domain name Name of the domain that you plan to create. The name must not exceed 128
characters and must be 7-bit ASCII only. It cannot contain a space or any of
the following characters: ` % * + ; " ? , < > \ /
Consider one of the following naming conventions: DMN, DOM, DOMAIN,
_<ORG>_<ENV>

Master gateway node host name Fully qualified host name of the machine on which to create the master
gateway node. If the machine has a single network name, use the default
host name. The node host name cannot contain the underscore (_)
character.
If the machine has multiple network names, you can modify the default host
name to use an alternate network name. If the machine has a single network
name, use the default host name.
Note: Do not use localhost. The host name must explicitly identify the
machine.

Master gateway node name Name of the master gateway node that you plan to create on this machine.
The node name is not the host name for the machine.
Consider the following naming convention: Node<node##>_<ORG>_<optional
distinguisher>_<ENV>

Record Information for Installer Prompts Overview 71

Nodes
When you install the Informatica services, you add the installation machine to the domain as a node. You can
add multiple nodes to a domain.

The following table describes the node information that you need to enter when you join a domain.

Node Information Description

Node host name Fully qualified host name of the machine on which to create nodes. If the machine
has a single network name, use the default host name. The node host name cannot
contain the underscore (_) character.
If the machine has multiple network names, you can modify the default host name
to use an alternate network name. If the machine has a single network name, use
the default host name.
Note: Do not use localhost. The host name must explicitly identify the machine.

Node name Name of the nodes that you plan to create on this machine. The node name is not
the host name for the machine.
Consider the following naming convention: Node<node##>_<ORG>_<optional
distinguisher>_<ENV>

Application Services
Record the application service names and the nodes where you want to create them.

The following table lists the application services that you can create when you run the installer:

Application Service Naming Convention

Catalog Service CS_<ORG>_<ENV>

Content Management CMS_<ORG>_<ENV>

Data Integration Service DIS_<ORG>_<ENV>

Data Privacy Management Service DPM_<ORG>_<ENV>

Interactive Data Preparation Service DPS_<ORG>_<ENV>

Enterprise Data Preparation Service EDLS_<ORG>_<ENV>

Metadata Access Service MAS_<ORG>_<ENV>

Informatica Cluster Service ICS_<ORG>_<ENV>

Model Repository Service MRS_<ORG>_<ENV>

monitoring Model Repository Service mMRS_<ORG>_<ENV>

72 Chapter 5: Record Information for Installer Prompts

 Application Service Naming Convention

PowerCenter Repository Service PCRS, RS _<ORG>_<ENV>

PowerCenter Integration Service PCIS, IS _<ORG >_<ENV>

For more information about all service naming conventions, see the following Informatica Velocity Best
Practice article available on the Informatica Network: Velocity Naming Conventions

Databases
When you plan the installation, you also need to plan the required relational databases. The domain requires
a database to store configuration information and user account privileges and permissions. Some application
services require databases to store information processed by the application service.

Domain
The following table describes the information that you need to enter during the installation process:

Database Information Description

Domain configuration database type Database type for the domain configuration repository. The domain
configuration repository supports IBM DB2 UDB, Microsoft SQL Server,
Oracle, PostgreSQL, or Sybase ASE.

Domain configuration database host The name of the machine hosting the database.
name

Content Management Service

The following table describes the information that you need to enter during the installation process:

Database Information Description

Reference data warehouse database Database type for the reference data warehouse. The reference data
type warehouse supports IBM DB2 UDB, Microsoft Azure SQL Database, Microsoft
SQL Server, Oracle, or PostgreSQL.

Reference data warehouse database The name of the machine hosting the database.
host name

Databases 73
 Data Integration Service
The following table describes the information that you need to enter during the installation process:

Database Information Description

Data object cache database type Database type for the data object cache database. The data object cache
database supports IBM DB2 UDB, Microsoft SQL Server, or Oracle.

Data object cache database host The name of the machine hosting the database.
name

Profiling warehouse database type Database type for the profiling warehouse. The profiling warehouse supports
IBM DB2 UDB, Microsoft SQL Server, or Oracle.

Profiling warehouse database host The name of the machine hosting the database.
name

Workflow database type Database type for the workflow database. The workflow database supports
IBM DB2 UDB, Microsoft Azure SQL Database, Microsoft SQL Server, Oracle,
or PostgreSQL.

Workflow database host name The name of the machine hosting the database.

Model Repository Service

The following table describes the information that you need to enter during the installation process:

Database Information Description

Model repository database type Database type for the Model repository. The Model repository supports IBM
DB2 UDB, Microsoft SQL Server, PostgreSQL, or Oracle.

Model repository database host name The name of the machine hosting the database.

Data Privacy Management Service

The following table describes the information that you need to enter during the installation process:

Database Information Description

Data Privacy Management repository Database type for the Data Privacy Management repository. The Data Privacy
database type Management repository supports Oracle, Microsoft SQL Server, Microsoft
Azure SQL Database, IBM DB2 UDB, and PostgreSQL.

Data Privacy Management repository The name of the machine hosting the database.
database host name

74 Chapter 5: Record Information for Installer Prompts

Connection String to a Secure Database
If you create a repository on a secure database, you must provide the truststore information for the database
and a JDBC connection string that includes the security parameters for the database.

During installation, you can create the domain configuration repository in a secure database. You can also
create the Model repository and PowerCenter repository in a secure database.

You can configure a secure connection to the following databases:

• IBM DB2 UDB

• Microsoft SQL Server
• Microsoft Azure SQL Database
• PostgreSQL
• Azure PostgreSQL
• Oracle

Note: You cannot configure a secure connection to a Sybase database.

When you configure the connection to the secure database, you must specify the connection information in a
JDBC connection string. In addition to the host name and port number for the database server, the
connection string must include security parameters.

The following table describes the security parameters that you must include in the JDBC connection string:

Parameter Description

EncryptionMethod Required. Indicates whether data is encrypted when transmitted over the network.
This parameter must be set to SSL.

ValidateServerCertificate Optional. Indicates whether Informatica validates the certificate that is sent by the
database server.
If this parameter is set to True, Informatica validates the certificate that is sent by
the database server. If you specify the HostNameInCertificate parameter, Informatica
also validates the host name in the certificate.
If this parameter is set to false, Informatica does not validate the certificate that is
sent by the database server. Informatica ignores any truststore information that you
specify.

HostNameInCertificate Optional. Host name of the machine that hosts the secure database. If you specify a
host name, Informatica validates the host name included in the connection string
against the host name in the SSL certificate.
If SSL encryption and validation is enabled and this property is not specified, the
driver uses the server name specified in the connection URL or data source of the
connection to validate the certificate.

cryptoProtocolVersion Required. Specifies the cryptographic protocol to use to connect to a secure

database. You can set the parameter to cryptoProtocolVersion=TLSv1.1 or
cryptoProtocolVersion=TLSv1.2 based on the cryptographic protocol used by
the database server.

You can use the following syntax in the JDBC connection string to connect to a secure database:

Connection String to a Secure Database 75

 IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=<database
name>;EncryptionMethod=SSL;HostNameInCertificate=<database host
name>;ValidateServerCertificate=<true or false>

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=<service
name>;EncryptionMethod=SSL;HostNameInCertificate=<database host
name>;ValidateServerCertificate=<true or false>

Use the following connection string to connect to the Oracle database through the Oracle Connection
Manager:

jdbc:Informatica:oracle:TNSNamesFile=<fully qualified path to the tnsnames.ora

file>;TNSServerName=<TNS server name>;

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;EncryptionMethod=SSL;HostNameInCertificate=<database host
name>;ValidateServerCertificate=<true or false>

Microsoft SQL Server with Windows NT credentials

If you specified the Windows NT credentials for the Model repository database on Microsoft SQL Server,
specify the connection string syntax to include the authentication method as NTLM.

Microsoft SQL Server that uses the default instance with Windows NT credentials:

"jdbc:informatica:sqlserver://<host name>:<port number>;DatabaseName=<database

name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Microsoft SQL Server that uses a named instance with Windows NT credentials:

"jdbc:informatica:sqlserver://<host name>\<named instance name>;DatabaseName=<database

name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.database.win
dows.net;ValidateServerCertificate=false

PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=<database
name>;EncryptionMethod=SSL;HostNameInCertificate=<database host
name>;ValidateServerCertificate=<true or false>

Azure PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=<database
name>;EncryptionMethod=SSL;ValidateServerCertificate=true;CryptoProtocolVersion=TLSv1.2;

Note: The installer does not validate the connection string. Verify that the connection string contains all the
connection parameters and security parameters required by your database.

76 Chapter 5: Record Information for Installer Prompts

Cluster Configuration
You import configuration properties from the non-native cluster to create a cluster configuration. The cluster
configuration enables the Data Integration Service to push jobs to the non-native environment.

You can import the properties from an archive file that the Hadoop administrator creates, or you can import
the properties directly from the cluster. When you create the cluster configuration, you can also choose to
create Hadoop, Hive, HBase, HDFS, or Databricks connections associated with the cluster. The installer
appends the connection type to the cluster configuration name to create each connection name.

The following table describes the initial information that you need to enter during the installation process:

Cluster Information Description

Cluster configuration name Name of the cluster configuration to create.

Distribution type Type of non-native cluster distribution.

Cluster configuration import Method to import the cluster configuration. You can choose to import the cluster
method configuration from an archive file or from the cluster.

Import Cluster Configuration from an Archive File

To import the cluster configuration properties from an archive file, specify the path of the configuration
archive file.

Import Cluster Configuration from the Cluster

The following table describes the cluster properties for Cloudera, Hortonworks, or Azure HDInsight that you
need to enter when you import from cluster during the installation process:

Property Description

Host The host name or IP address of the cluster manager.

Port Port of the cluster manager.

User ID Cluster user name.

Password Password for the cluster user.

Cluster Name Name of the cluster. Use the display name if the cluster manager manages multiple clusters. If you do
not provide a cluster name, the wizard imports information based on the default cluster.

Engine type For a Cloudera cluster, the installer prompts for the engine type.
If you are on a CDP cluster, accept the default engine type of Tez. If you are on a CDH cluster, set the
engine type to MRv2.

Cluster Configuration 77
 The following table describes the cluster properties for Databricks that you need to enter during the
installation process:

Property Description

Databricks domain URL of the Databricks cluster.

Databricks token ID Token ID of the Databricks cluster.

Databricks cluster ID Cluster ID of the Databricks cluster.

Secure Data Storage

When you install the Informatica services, you must back up the site key that the installer generates and
ensure that you save the site key. If you lose the site key, you cannot generate the site key again.

Use the following table to record the information that you need to configure secure data storage:

Property Description

Encryption key directory Directory in which to store the encryption key for the domain. By default, the
encryption key is created in the following directory: <Informatica installation
directory>/isp/config/keys.

Specify if you want to back Specify if you want to back up the site key that the installer generates or not:
up the site key that the - Select 1 for No. If you choose No, the installer exits.
installer generates or not: - Select 2 for Yes. If you choose Yes, you agree to back up the file manually.
A unique site key is generated. If you lose the site key, you cannot generate the site
key again. Make sure that you save a copy of this key and do not share the unique
site key with others.

78 Chapter 5: Record Information for Installer Prompts

Chapter 6

Configure Custom SSL

Certificates
This chapter includes the following topics:

• Configure Custom SSL Certificates (Optional), 79

• Generate CA-signed Custom SSL Certificates, 80
• Generate Self-signed Custom SSL Certificates, 84

Configure Custom SSL Certificates (Optional)

During an install or an upgrade, you can use SSL certificates of your choice, referred to as custom SSL
certificates, to secure components associated with the Informatica Cluster Service. You can choose to use
CA-signed custom SSL certificates or self-signed custom SSL certificates as the client and cluster
certificates.

If you choose to use CA-signed custom SSL certificates, use the generate_csr.sh and generate_certs.sh
scripts to generate the required certificates.

If you choose to use self-signed custom SSL certificates, use the custom SSL utility bundled with the installer
to generate the required certificates.

Requirements to Enable Custom SSL Certificates

Before you enable custom SSL for Enterprise Data Catalog, secure the Informatica domain with custom SSL
certificates.

Verify the following prerequisites for the Informatica domain:

• The custom truststore and keystore files are placed in a custom directory. The truststore file name must
be infa_truststore.jks.
• The directory that stores the keystore and truststore files are accessible to the command line programs.

Important: The installer places the default infa_truststore.jks and keystore files in the <Informatica
installation directory>/services/shared/security directory on each node. Do not overwrite, delete, or
move the default truststore and keystore files. Do not place the custom truststore and keystore files in the
directory.

To know about how to convert a non-SSL Informatica domain to an SSL-enabled Informatica domain, see the
Knowledge Article Convert a non-SSL Informatica domain to an SSL-enabled Informatica domain.

79
Generate CA-signed Custom SSL Certificates
You have a custom SSL certificate for the Informatica domain, and you want to use CA-signed SSL
certificates as the client and cluster certificates for the Informatica Cluster Service.

Use the generate_csr.sh and generate_certs.sh scripts to generate the Certificate Signing Request (CSR)
to send it to a CA and generate the required SSL certificates. You can download the scripts from the Akamai
Download Manager.

Perform the following steps to use the scripts to generate the certificates:

1. Extract the generate_csr.sh and generate_certs.sh scripts from the following location: <Location of
installer files>/properties/utils/CustomSSLScriptsUtil_ExternalCA.
2. Set the JAVA_HOME environment variable to point to JDK 8.
3. In the gen_csr.properties file, provide the values for the following parameters:

Parameter Description

InfaDomainKeystorePassword The Informatica domain keystore password in plain text.

ServerHosts The Informatica Cluster Service hosts that include the data nodes, processing
nodes, and gateway node. Enter a comma-separated list of FQDNs of cluster
nodes.

ClientHosts Comma-separated list of unique host names of domain nodes and cluster
nodes.

InfaDomainName The Informatica domain name.

ICSServiceName The name of the Informatica Cluster Service.

KeysOutputDir The directory to store the generated keys. Specify the $CUSTOM KEYSTORE
LOC directory to avoid the additional steps to copy the generated keys.
The $ICS SERVICENAME/client_certs and the $ICS SERVICENAME/cluster_certs
directories are created under the $CUSTOM KEYSTORE LOC directory.
$CUSTOM KEYSTORE LOC is the directory where the custom keystore for the
Informatica domain (infa_keystore.jks) is located. $ICS SERVICENAME is the
name of the Informatica Cluster Service.

CertsOutputDir The $CUSTOM TRUSTSTORE LOC directory to store the generated truststore
files.
The $ICS SERVICENAME/client_certs and the $ICS SERVICENAME/cluster_certs
directories are created under the $CUSTOM TRUSTSTORE LOC directory.
The $CUSTOM TRUSTSTORE LOC is the directory where the custom truststore
for the Informatica domain (infa_truststore.jks) is located.

DNSDomainName The DNS domain name for the cluster nodes.

ClusterCert_OrganizationUnit Optional. The value for the OrganizationUnit for the cluster nodes certificate.

80 Chapter 6: Configure Custom SSL Certificates

 Parameter Description

ClusterCert_Organization The value for the Organization for the cluster nodes certificate.
Note: Verify that the combination of the Organization (O) and the Organizational
Unit (OU) parameters in the certificate subject is distinct for the cluster and
client certificates

ClusterCert_Location The value for the Location for the cluster nodes certificate.

ClusterCert_State The value for the State for the cluster nodes certificate.

ClusterCert_CountryCode The value for the Country Code for the cluster nodes certificate.

DomainCert_OrganizationUnit Optional. The value for the Organization Unit for the domain nodes certificate.

DomainCert_Organization The value for the Organization for the domain nodes certificate.
Note: Verify that the combination of the Organization (O) and the Organizational
Unit (OU) parameters in the certificate subject is distinct for the cluster and
client certificates

DomainCert_Location Optional. The value for the Location for the domain nodes certificate. Default is
the ClusterCert_Location parameter.

DomainCert_State Optional. The value for the State for the domain nodes certificate. Default is the
ClusterCert_State parameter.

DomainCert_CountryCode Optional. The value for the Country Code for the domain nodes certificate.
Default is the ClusterCert_CountryCode parameter.

Custom_Server_Certificate_CN Optional. The value for the Common Name in the cluster nodes certificate that
can be used instead of the default $InfaDomainName-
$ICSServiceName.$DNSDomainName value.
Note: You must enter RFC2253 compliant values. The following special
characters are supported: , + " \ < > ;. Double quotes (") must be used in
pairs. The characters \ and " must not be used together. The value cannot
contain a space.

Custom_Client_Certificate_CN Optional. The value for the Common Name in the domain nodes certificate that
can be used instead of the default $InfaDomainName-
$ICSServiceName.$DNSDomainName value. Default is the
Custom_Server_Certificate_CN parameter.
Note: You must enter RFC2253 compliant values. The following special
characters are supported: , + " \ < > ;. Double quotes (") must be used in
pairs. The characters \ and " must not be used together. The value cannot
contain a space.

Note: If the values contain spaces or special characters, you must enclose the values within double-
quotes.

4. Run the generate_csr.sh script using the following command to generate the .csr files to send to an
external CA: ./generate_csr.sh gen_csr.properties
The following files are generated for the cluster:

infa_nodecert.csr

Generate CA-signed Custom SSL Certificates 81

 infa_privkey.key
infa_privkey.pem
keystore.jks

The following files are generated for the client:

infa_nodecert.csr
infa_privkey.key
infa_privkey.pem
keystore.jks
browser_cert.csr
browser_keystore.jks
browser_privkey.key
browser_privkey.pem
5. Validate the contents of the .csr files. Run the following command to view the contents: keytool -
printcertreq -file $PATH TO CSR
6. Send the following .csr files to an external CA for signing:
• <CertsOutputDir>/<ICSServiceName>/client_certs/infa_nodecert.csr
• <CertsOutputDir>/<ICSServiceName>/cluster_certs/infa_nodecert.csr
• <CertsOutputDir>/<ICSServiceName>/client_certs/browser_cert.csr
Note: The browser_cert.csr file is required if you want to create the browser certificates to view the scan
job logs on Nomad.
7. After you receive the certificates or certificate chains from the CA in .pem format, “Validate the CA-
signed Certificates” on page 84 and store the certificates to a location under the $INFA HOME directory
on your machine.
Note: If you receive the certificates or certificate chains from the CA in .cer format, run the following
command to convert the files to pem format: openssl x509 -inform der -in <certificate file
name>.cer -outform pem -out <certificate file name>.pem.
If you receive a certificate chain from the CA, you must extract the root certificate, intermediate
certificates, and the end user certificate.
8. In the gen_certs.properties file, provide the values for the following parameters:

Parameter Description

InfaDomainKeystorePassword The Informatica domain keystore password in plain text.

InfaDomainTruststorePassword The Informatica domain truststore password in plain text.

ClusterCertificate The path to the cluster certificate signed by the CA in .pem format. This is
an end user certificate.

ClientCertificate The path to the client certificate signed by the CA in .pem format. This is
an end user certificate.

BrowserCertificate The path to the browser certificate signed by the CA in .pem format.

82 Chapter 6: Configure Custom SSL Certificates

 Parameter Description

ICSServiceName The name of the Informatica Cluster Service.

IsCACertificateChainAvailable Specify if the CA certificate chain is available as a single .pem file. Enter
true or false.
Note: The certificate chain must contain only the root and intermediate
certificates.

SingleCACertificateChain The path to the CA certificate chain in .pem format.

IndividualCertificatesFromCAChain Optional. Only required if the IsCACertificateChainAvailable parameter is

set to false.
Comma-separated paths to the public certificates in the CA certificate
chain in .pem format if the complete CA certificate chain is available as
individual .pem files.

KeysOutputDir The $CUSTOM KEYSTORE LOC directory store the generated keys.
The $ICS SERVICENAME/client_certs and $ICS SERVICENAME/
cluster_certs directories are created under the $CUSTOM KEYSTORE LOC
directory.
$CUSTOM KEYSTORE LOC is the directory where the custom keystore for
the Informatica domain (infa_keystore.jks) is located. $ICS SERVICENAME
is the name of the Informatica Cluster Service

CertsOutputDir The $CUSTOM TRUSTSTORE LOC directory to store the generated

truststore files.
The $ICS SERVICENAME/client_certs and the $ICS SERVICENAME/
cluster_certs directories are created under the $CUSTOM TRUSTSTORE
LOC directory.
The $CUSTOM TRUSTSTORE LOC is the directory where the custom
truststore for the Informatica domain (infa_truststore.jks) is located.

9. Run the generate_certs.sh script using the following command to generate the certificates: ./
generate_certs.sh gen_certs.properties
The keystore.jks keystore and the infa_privkey.pem private keys are stored at $CUSTOM KEYSTORE
LOC/$ICSServiceName/client_certs and $CUSTOM KEYSTORE LOC/$ICSServiceName/cluster_certs
directories.
The truststore.jks truststore and the infa_nodecert.pem, infa_nodecertkey.pem, and infa_pubcert.pem
public keys are stored at $CUSTOM TRUSTSTORE LOC/$ICSServiceName/client_certs and $CUSTOM
TRUSTSTORE LOC/$ICSServiceName/cluster_certs directories.
10. Optional. The directories $CUSTOM KEYSTORE LOC and $CUSTOM TRUSTSTORE LOC are generally the
same. If the <KeysOutputDir> location is not the same as $CUSTOM KEYSTORE LOC and
<CertsOutputDir> location is not the same as $CUSTOM TRUSTSTORE LOC, move the keys and
certificates to the respective directories.
Note: Verify that the $CUSTOM KEYSTORE LOC and the $CUSTOM TRUSTSTORE LOC directories have
the required user privileges. Also, validate that the user has minimum chmod 700 permissions
configured for the directories and chmod 600 permissions configured for the files that are copied to the
directories.

To access the Nomad Web UI and Solr Admin UI when the Informatica Cluster Service is SSL enabled, you
must import the browser certificates. To know more about how to import the browser certificates, see the
Knowledge Article Access Nomad Web UI and Solr Admin UI when Informatica Cluster Service is SSL enabled
in Enterprise Data Catalog.

Generate CA-signed Custom SSL Certificates 83

 Validate the CA-signed Certificates
You must use a single CA for the cluster and client certificates. After you receive the signed certificates from
the CA, you must verify that each certificate is an X.509 certificate in .pem format.

Run the following command to view the contents of the signed cluster and client certificates: keytool -
printcert -file $PATH TO CERTIFICATE PEM FILE.

Validate the following requirements for the cluster and client certificates:

Prerequisite Certificate Requirement

Mandatory fields For the cluster certificate, consider the following key usage requirements:
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
For the client certificate, consider the following key usage requirements:
keyUsage = digitalSignature
extendedKeyUsage = clientAuth

Subject For the cluster certificate, the SAN must include the list of cluster nodes in the following format:
Alternate Name SAN=DNS:$CLUSTER HOST1 FQDN,DNS:$CLUSTER HOST2 FQDN,DNS:$CLUSTER HOST3 FQDN
(SAN) The client certificate must contain the FQDNs for the cluster nodes.
For the client certificate, the SAN must include the list of all Informatica nodes in the following
format: SAN=DNS:$INFA DOMAIN HOST1 FQDN,DNS:$INFA DOMAIN HOST2 FQDN
The client certificate must contain the FQDNs for both the domain and cluster nodes.

CLUSTER HOST FQDN represents the fully qualified domain name for the cluster gateway host, processing
nodes, and data nodes in the cluster.

INFA DOMAIN HOST FQDN represents the fully qualified domain name of the Informatica domain gateway
host, domain nodes, cluster gateway host, processing nodes, and data nodes in the cluster.

Note: Verify that the custom certificate location for the domain nodes contains the infa_truststore.pem file.
Also, verify that all the certificates in the CA certificate chain are present in the truststore.jks and the
infa_pubcert.pem files.

Generate Self-signed Custom SSL Certificates

You have a custom SSL certificate for the Informatica domain, and you want to use self-signed custom SSL
certificates as the client and cluster certificates for the Informatica Cluster Service.

Use the custom SSL utility bundled with the installer to generate the required SSL certificates.

Perform the following steps to use the custom SSL utility to generate the certificates:

1. Extract GenerateCustomSslUtility.zip from the following location: <Location of installer files>/

properties/utils/CustomSslCertsUtility/.
2. Set the JAVA_HOME environment variable to point to JDK 8.

84 Chapter 6: Configure Custom SSL Certificates

3. Configure the following parameters in the input.properties file that you extracted from the
GenerateCustomSslUtility.zip file:

Parameter Description

KeystoreFile Path to a custom keystore file along with file name. The keystore type must be
in JKS. X509 format. The file must contain a single private key entry with the
complete certificate chain. Verify that the file has signing capability.

KeystorePassword Password of the custom keystore file in plain text format.

TruststoreFile Path to a custom truststore file along with file name. the truststore type must
be in JKS. X509 format. The file must contain the public certificates
corresponding to the private key entry in the keystore file.

TruststorePassword Password of the custom truststore file in plain text format.

ISPDomainKeystorePassword Password of Informatica domain keystore in plain text format. The utility uses
the password for the cluster and client keystore.jks file.

ISPDomainTruststorePassword Password of the Informatica domain truststore in plain text format. The utility
uses the password for the cluster and client truststore.jks file

KeystoreOutputDir Represents the location of the Informatica domain custom keystore that you
provided when you installed Enterprise Data Catalog.

TruststoreOutputDir Represents the location of the Informatica domain custom truststore that you
provided when you installed Enterprise Data Catalog.
Note: Verify that the KeystoreOutputDir and TruststoreOutputDir parameters
point to the same directory.

ServerNodes Comma-separated list of fully qualified domain names of nodes that you plan
to configure as data nodes, processing nodes, service hosts, and gateway node
when you configure the Informatica Cluster Service.

IcsServiceName Name of the Informatica Cluster Service.

ClientNodes Comma-separated list of fully qualified domain names of nodes that you plan
to configure as Informatica domain hosts, data nodes, processing nodes,
service hosts, and gateway node.

IspDomainName The Informatica domain name.

ClusterNodeDNSDomain Domain name of the gateway host that you plan to configure for the
Informatica Cluster Service.

4. Run the utility using the following command: java -jar GenerateCustomSslUtility.jar -in
input.properties. The utility generates the following keys and client and cluster certificates:
• Keys:
- keystore.jks

- infa_privkey.pem

Note: The cluster keys are generated in the following directory: <Keystore output directory>/
<IcsServiceName>/cluster_certs. The client keys are generated in the following directory:
<Keystore output directory>/<IcsServiceName>/client_certs

Generate Self-signed Custom SSL Certificates 85

 • Certificates:
- truststore.jks

- infa_pubcert.pem

- infa_nodecert.pem

- infa_nodecertkey.pem

Note: The cluster certificates are generated in the following directory: <Truststore output
directory>/<IcsServiceName>/cluster_certs. The client certificates are generated in the
following directory: <Truststore output directory>/<IcsServiceName>/client_certs
5. Copy the generated certificates to the required folders.
6. Assign the ownership of the following directories to the Informatica domain user:
• <Keystore output directory>/<IcsServiceName>/cluster_certs
• <Truststore output directory>/<IcsServiceName>/cluster_certs
• <Keystore output directory>/<IcsServiceName>/client_certs
• <Truststore output directory>/<IcsServiceName/client_certs

Note: Verify that all the client certificates are included in a single directory. Similarly, verify that all the cluster
certificates are included in a single directory. You must also verify that the directories have the chmod 700
permission configured and the files under the directories have the chmod 600 permission configured.

86 Chapter 6: Configure Custom SSL Certificates

Chapter 7

Introduction to the Services

Installer
This chapter includes the following topics:

• Services Installer Tasks, 87

• Secure Files and Directories, 87
• Pre-install Utilities, 88
• Run the Pre-Installation (i10Pi) System Check Tool in Console Mode, 88
• Run the Pre-Installation (i10Pi) System Check Tool in Silent Mode, 91

Services Installer Tasks

The installer performs install tasks based on the product or products that you install.

The installer can perform the following tasks:

1. Perform pre-install validation and system check.

2. Create a domain or join a node to an existing domain.
3. Install binaries for service support.
4. Create application services.
5. Configure security between the domain and services.
6. Start the domain and application services that you created.
7. Write message to the log file.

Secure Files and Directories

When you install or upgrade Informatica, the installer creates directories to store Informatica files that
require restricted access, such as the domain encryption key file and the nodemeta.xml. The installer assigns
different permissions for the directories and the files in the directories.

By default, the installer creates the following directories within the Informatica installation directory:

87
 <Informatica installation directory>/isp/config

Contains the nodemeta.xml file. Also contains the /keys directory where the encryption key file is stored.

<Informatica installation directory>/services/shared/security

If you enable secure communication for the domain, the /security directory contains the keystore and
truststore files for the default SSL certificates.

To maintain the security of the directories and files, the installer restricts access to the directories and the
files in the directories. The installer assigns specific permissions to the group and user account that own the
directories and files.

For more information about permissions assigned to the directories and files, see the Informatica Security
Guide.

Pre-install Utilities
Informatica provides utilities to facilitate the Informatica services installation process. You can use the
Informatica installer to run the utilities.

Before you install the services, run the Pre-Installation (i10Pi) System Check Tool to verify whether a machine
meets the system requirements for the Informatica installation. Informatica recommends that you verify the
minimum system requirements before you start the installation. When you run the system check tool before
you perform the installation, the installer sets values for certain fields, such as the database connection and
domain port numbers, based on the information that you enter during the system check.

Run the Pre-Installation (i10Pi) System Check Tool in

Console Mode
Run the Pre-installation (i10Pi) System Check Tool to verify whether the machine meets the system
requirements for installation or upgrade.

Ensure that you verified the system requirements and prepared the domain configuration repository
database.

1. Log in to the machine with a system user account.

2. Close all other applications.
3. On a shell command line, run the install file.
The installer displays the message to verify that the locale environment variables are set.
4. If the environment variables are not set, press n to exit the installer and set them as required.
If the environment variables are set, press y to continue.
5. Press 1 to install or upgrade Informatica.
6. Press 1 to run the Pre-Installation (i10Pi) System Check Tool that verifies whether the machine meets
the system requirements for the installation or upgrade.
7. From the Informatica Pre-Installation (i10Pi) System Check Tool Welcome section, press Enter.
The System Information section appears.

88 Chapter 7: Introduction to the Services Installer

 8. Type the absolute path for the installation directory.
The directory names in the path must not contain spaces or the following special characters: @|* $ # ! %
(){}[],;'
Note: Informatica recommends using alphanumeric characters in the installation directory path. If you
use a special character such as á or €, unexpected results might occur at run time.
9. Press Enter.
10. Enter the starting port number for the node that you will create or upgrade on the machine. The default
port number for the node is 6005.
11. Press Enter.
The Database and Connection Information section appears.
12. To enter the JDBC connection information using a custom JDBC connection string, press 1. To enter the
JDBC connection information using the JDBC URL information, press 2.
To connect to a secure database, you must enter the JDBC connection using a custom JDBC connection
string.
13. Enter the JDBC connection information.
• To enter the connection information using a custom JDBC connection string, type the connection
string and specify the connection parameters.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Use the following connection string to connect to the Oracle database through the Oracle
Connection Manager:
jdbc:Informatica:oracle:TNSNamesFile=<fully qualified path to the tnsnames.ora
file>;TNSServerName=<TNS name>;

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=

Microsoft SQL Server with Windows NT credentials

If you specified the Windows NT credentials for the Model repository database on Microsoft SQL
Server, specify the connection string syntax to include the authentication method as NTLM.
Microsoft SQL Server that uses the default instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>:<port number>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"
Microsoft SQL Server that uses a named instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Run the Pre-Installation (i10Pi) System Check Tool in Console Mode 89

 Microsoft Azure SQL
jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.datab
ase.windows.net;ValidateServerCertificate=false

Azure SQL Database with Active Directory authentication

jdbc:informatica: sqlserver://
<host_name>:<port_number>;database=<database_name>;encrypt=true;AuthenticationMeth
od=ActiveDirectoryPassword;trustServerCertificate=false;hostNameInCertificate=*.da
tabase.windows.net;loginTimeout=<seconds>

PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=

Azure PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=<database
name>;EncryptionMethod=SSL;ValidateServerCertificate=true;CryptoProtocolVersion=TL
Sv1.2;

Sybase
jdbc:Informatica:sybase://<host name>:<port number>;DatabaseName=

Verify that the connection string contains all the connection parameters required by your database
system.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.
The following table describes the connection information:

Prompt Description

Database type Type of database for the domain configuration repository. Select from the
following database types:
- 1 - Oracle
- 2 - Microsoft SQL Server
- 3 - IBM DB2
- 4 - PostgreSQL

Database user ID User ID for the database user account for the domain configuration repository.

Database user Password for the database user account.

password

Database host name Host name for the database server.

Database port number Port number for the database.

Database service name Service name for Oracle and IBM DB2 databases, or database name for
PostgreSQL and Microsoft SQL Server.

90 Chapter 7: Introduction to the Services Installer

 • To connect to a secure database, select 1 to use a custom string and type the connection string.
You must include the security parameters in addition to the connection parameters. For information
about the security parameters you must include in the JDBC connection for a secure database, see
“Connection String to a Secure Database” on page 75.
The tool checks the settings of the hard drive, the availability of the ports, and the configuration of the
database. After the system check is complete, the System Check Summary section displays the results
of the system check.

14. Analyze the results of the system check.

Each requirement is listed, along with one of the following check statuses:
• [Pass] - The requirement meets the criteria for the Informatica installation or upgrade.
• [Fail] - The requirement does not meet the criteria for the Informatica installation or upgrade. Resolve
the issue before you proceed with the installation or upgrade.
• [Information] - Verify the information and perform any additional tasks as outlined in the details.
The results of the system check are saved to the following file: ...<Informatica installation
directory>/Server/I10PI/I10PI/en/I10PI_summary.txt
15. Press Enter to close the Pre-Installation (i10Pi) System Check Tool.
You can continue to the Informatica service installation or upgrade immediately or end the system check
and continue with the installation or upgrade later. If you continue to the installation or upgrade
immediately, you do not have to restart the installer.
16. To continue to the Informatica service installation or upgrade immediately, press y.
To end the system check and continue with the installation or upgrade later, press n.
If the Pre-Installation (i10Pi) System Check Tool finishes with failed requirements, resolve the failed
requirements and run the Pre-Installation (i10Pi) System Check Tool again.

Note: If the Informatica Pre-Installation (i10Pi) System Check Tool check finishes with failed requirements,
you can still perform the Informatica installation or upgrade. However, Informatica highly recommends that
you resolve the failed requirements before you proceed.

Run the Pre-Installation (i10Pi) System Check Tool in

Silent Mode
Run the Pre-installation (i10Pi) System Check Tool in silent mode to verify system requirements for
installation without user intervention.

1. Extract the Informatica services installer file.

2. Navigate to the following location:
<Informatica installation directory>/Server/I10PI
3. To specify the properties for the I10PI system check tool in silent mode, update the
SilentInput.properties file in the I10PI folder.
4. To run the i10Pi in silent mode, run the silentInstall file in the I10PI folder.
You can view the results of the i10Pi system check tool in silent mode from the I10PI_summary.txt file in the
following location:
<Informatica installation directory>/Server/I10PI/I10PI/en

Run the Pre-Installation (i10Pi) System Check Tool in Silent Mode 91

 If the Pre-Installation (i10Pi) System Check Tool finishes with failed requirements, resolve the failed
requirements and run the Pre-Installation (i10Pi) System Check Tool again.

Note: If the Informatica Pre-Installation (i10Pi) System Check Tool check finishes with failed requirements,
you can still perform the Informatica installation or upgrade. However, Informatica highly recommends that
you resolve the failed requirements before you proceed.

92 Chapter 7: Introduction to the Services Installer

Part III: Run the Services Installer
This part contains the following chapters:

• Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management, 94
• Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management, 129
• Install Data Privacy Management in an Existing Domain, 142
• Run the Silent Installer, 149
• Troubleshooting , 152

93
Chapter 8

Create a Domain With Data

Engineering, Enterprise Data
Catalog and Data Privacy
Management
This chapter includes the following topics:

• Begin the Install, 94

• Configure the Domain, 100

Begin the Install

This task includes installer prompts to begin the installation. You will provide basic information such as
acceptance of terms, installation option, and the installation directory.

When you complete the preliminary tasks, you will continue with the installer prompts and will provide
information to configure the domain.

Run the Installer

Perform the following steps to run the installer:

1. Log in to the machine with a system user account.

2. Close all other applications.
3. On a shell command line, run the install.sh file from the installer directory.
The installer displays the message to verify that the locale environment variables are set.
4. At the prompt to read the documents, press y to continue the install.
Press n if you want to read the documentation before you continue.
5. Press 1 to perform a fresh installation.
6. Press 3 to run the installer.
The Welcome screen appears.

94
Welcome - Accept Terms and Conditions
u Read the terms and conditions for Informatica installation and the product usage toolkit and select I
agree to the terms and conditions.
a. Press 1 if you do not want to accept the terms and conditions.
b. Press 2 to accept the terms and conditions.
The Component Selection sections appears.

Product Installation
After you accept the terms and conditions, you can install Informatica Data Engineering, Enterprise Data
Catalog, and Data Privacy Management.

1. Press 4 to install and configure Data Privacy Management.

When you select this option, you can choose to install Data Engineering products, Enterprise Data
Catalog, and Data Privacy Management or Data Privacy Management only in an existing domain with
Enterprise Data Catalog.
2. Press 1 to indicate Enterprise Data Catalog is not installed on the node.
3. Choose whether you want to enable User Activity.
a. Press 1 to continue without enabling user activity monitoring.
b. Press 2 to enable user activity monitoring.
Note: You cannot change the User Activity settings from the Administrator Tool.
4. The installer includes an Elasticsearch version that does not include TLS and authentication. If you
enabled User Activity and wish to use an Elasticsearch version that includes TLS and authentication, you
can choose to provide the location and password of an Elasticsearch tar file with X-Pack features. X-
Pack features include TLS and authentication.
Note: ElasticSearch with TLS enabled takes more time to persist events compared to ElasticSearch
without TLS. You might notice a difference in performance.
• Press 1 to continue with the Elasticsearch version included with the installer.
• Press 2 to use a version of Elasticsearch with X-Pack features.
Enter the following information:

Property Description

Path to the Elasticsearch .tar file with X- Enter the complete path to the Elasticsearch .tar file that you
Pack features want to use.

Elasticsearch Admin User Password Enter the password to use. The user name is always elastic.

Note: You cannot change the Elasticsearch settings from the Administrator Tool.

The Installation Prerequisites section displays the installation requirements. Verify that all requirements are
met before you continue the installation.

Begin the Install 95

 Tune the Application Services
After you review the installation prerequisites, you can choose to tune the application services for better
performance based on the deployment type in your environment. If you do not tune now, you can tune the
services later through infacmd.

1. Select if you want the installer to tune the application services:

• Press 1 if you do not want to tune the services. The License and Installation Directory section
appears.
• Press 2 if you want to tune the services.
If you are joining the node to existing domain, ensure the deployment type you select here is same
deployment type as the gateway nodes.
2. Select the deployment type associated with the Informatica environment.

Deployment Type Disk Space per Node Total Virtual Cores RAM per Node

Sandbox 140 GB 16 32 GB

Basic 140 GB 24 64 GB

Standard 140 GB 48 64 GB

Advanced 140 GB 96 128 GB

3. Select whether you want to change the deployment type or continue with the current deployment
selection.
a. Press 1 to change the deployment type.
b. Press 2 to continue with the current deployment selection.
The License and Installation Directory section appears.

Specify the Installation Directory

After you verify the installation prerequisites, you can specify the installation directory.

1. Enter the installation directory.

The directory names in the path must not contain spaces or the following special characters: @|* $ # ! %
( ) { } [ ] , ; ' Default is <user home directory>/Informatica/10.5.2.
Note: Informatica recommends using alphanumeric characters in the installation directory path. If you
use a special character such as á or €, unexpected results might occur at run time.
2. Enter the path and file name to the license key file and press Enter.
3. Choose an installation environment and press Enter.
• Press 1 to set Sandbox environment for a basic environment used for proof of concept with minimal
users.
• Press 2 to set Development environment for the design environment.
• Press 3 to set Test environment for high volume processing that is closest to a production
environment.
• Press 4 to set Production environment for high volume processing with high levels of concurrency
meant for end users. Advanced production environments are typically multi-node setups.

96 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 Default is 1 for Sandbox.
4. Select whether you want to run the pre-validation utility.
a. Press 1 to skip the pre-validation utility.
b. Press 2 to run the pre-validation utility.
The utility helps you validate the prerequisites to install Enterprise Data Catalog.
If you choose to skip the pre-validation utility, the Pre-Installation Summary section appears. Review the
installation summary.

If choose to run the pre-validation utility, the Pre-validation section appears.

Prepare the Pre-validation Utility

You can use the pre-validation utility to verify the prerequisites to create the Informatica Cluster Service.

1. Select if you want to run the pre-validation utility:

a. Press 1 to skip running the pre-validation utility.
b. Press 2 to run the pre-validation utility.
2. If you chose to run the pre-validation utility, you must provide the details listed in the following table:

Property Description

Informatica cluster Fully qualified domain name of the node that you want to configure as the gateway host.
gateway host

Gateway user User name for the gateway host.

Enable advanced - Press 1 to skip validation of advanced configuration properties for associated services.
configuration - Press 2 to validate advanced configuration properties of associated services. If you
select this option, you must specify values for all the properties.

Data nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as data nodes.

Processing nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as processing nodes.

Working directory Directory for the Informatica Cluster Service. Default is /opt/informatica/ics. For a
path multi-node setup, the installer prompts you to confirm if you want to specify the path to
the shared file system.
- Type 1 if you want to configure the shared file system path for the multi-node setup.
- Type 2 if you want to configure the shared file system path for the multi-node setup. If
you select this option, you must specify the path to the cluster custom directory.
Note: The permission on the directory must be u=rwx (0700) or u=rwx,g=rx
(0750). The Postgres service does not start if the directory does not have the required
permission.

3. Applies if you selected the option to validate advanced configuration properties of associated services.

Begin the Install 97

 Provide the following values for validation of the Nomad server configuration parameters:

Property Description

Nomad Server Comma-separated list of fully qualified domain names of nodes that host the Nomad
Hosts servers.

Nomad HTTP HTTP port number configured for the Nomad server. Default is 4646.
Port

Nomad Serf Port Serf port configured as the gossip protocol for the Nomad servers. Default is 4648.

Nomad RPC Port The Remote Procedure Call (RPC) port configured for communication. Default is 4647.

Nomad Server The directory that includes sub directories with tasks running on the Nomad server. Default
Working is $clusterCustomDir/nomad/nomadserver
Directory

Nomad Client The directory configured for tasks in the Nomad client. Default is $clusterCustomDir/nomad/
Working nomadclient
Directory

Nomad Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue
within double quotes as shown in the following sample: “sample value”.

Provide the following values for validation of the Apache ZooKeeper server configuration parameters:

Property Description

ZooKeeper Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache
ZooKeeper server.

ZooKeeper Port Port number configured for the Apache ZooKeeper Server. Default is 2181.

ZooKeeper Peer Port number configured for Apache ZooKeeper peer communication. Default is 2888.
Port

ZooKeeper Port number configured for the ZooKeeper Sever identified as the Leader. Default is 3888.
Leader Port

ZooKeeper Specify the path to the directory where you want to install Apache ZooKeeper. Default is
Installation $clusterCustomDir/zk/install
Directory

98 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 Property Description

ZooKeeper Data Specify the path to the directory where you want to store data from Apache ZooKeeper.
Directory Default is $clusterCustomDir/zk/data

ZooKeeper Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue
within double quotes as shown in the following sample: “sample value”.

Provide the following values for validation of the Apache Solr server configuration parameters:

Property Description

Solr Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache Solr
server.

Solr Port Port number configured for Apache Solr Server. Default is 8983.

Solr Installation Specify the path to the directory where you want to install Apache Solr Server. Default is
Directory $clusterCustomDir/solr/install.

Solr Data Specify the path to the directory where you want to store data from Apache Solr. Default is
Directory $clusterCustomDir/solr/data

Solr Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Provide the following values for validation of the MongoDB database configuration parameters:

Property Description

MongoDB Comma-separated list of fully qualified domain names of nodes that host the MongoDB
Hosts database.

MongoDB Port Port number configured for MongoDB. Default is 27017.

MongoDB Log Specify the path to the directory where you want to store the log files. Default is
Directory $clusterCustomDir/mongo/log

MongoDB Data Specify the path to the directory where you want to store data from the MongoDB database.
Directory Default is $clusterCustomDir/mongo/data

MongoDB Specify any custom options for the service in the following format:
Custom [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
Options white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Begin the Install 99

 Provide the following values for validation of the PostgreSQL database configuration parameters:

Property Description

PostgreSQL DB Fully qualified domain name of the machine that hosts the PostgreSQL database. Default is
Host the gateway host.
Note: If you did not select the Enable Advanced Configuration option, the service uses the
gateway host value specified as the host value

PostgreSQL DB Port number configured for PostgreSQL. Default is 5432.

Port

PostgreSQL DB Specify the path to the directory where you want to install the PostgreSQL database. Default
Installation is $clusterCustomDir/postgres/install
Directory

PostgreSQL DB Specify the path to the directory where you want to store the log files from the PostgreSQL
Log Directory database. Default is $clusterCustomDir/postgres/log

PostgreSQL DB Specify the path to the directory where you want to store PostgreSQL data. Default is
Data Directory $clusterCustomDir/postgres/data

PostgreSQL DB Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character. If the OptionValue includes a white space character, you must
enclose the OptionValue within double quotes as shown in the following sample: “sample
value”.

Note: The details for the Data Privacy Management, Elasticsearch, and Spark services are not validated
by the pre-validation utility.
4. Press Enter to continue after running the pre-validation utility.

Configure the Domain

This task includes installer prompts to configure the domain. You will provide information to create a domain,
configure the domain security, domain repository, and application services.

Configure the Domain Options

After you review the Pre-Installation summary and proceed with the installation, the installer copies the
installation files to the installation directory. You see a prompt to create or join a domain. You can then enter
the domain information.

1. Press 1 to create a domain.

When you create a domain, the node that you create becomes a gateway node in the domain. The
gateway node contains a Service Manager that manages all domain operations.
2. Specify the connection details for Informatica Administrator.
a. Enter the keystore file and port number for the HTTPS connection to Informatica Administrator.

100 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 The following table describes the connection information you must enter:

Option Description

Port Port number for the HTTPS connection.

Keystore file Select whether to use a keystore file generated by the installer or a keystore
file you create. You can use a keystore file with a self-signed certificate or a
certificate signed by a certification authority.
1 - Use a keystore generated by the installer
2 - Specify a keystore file and password
If you select to use a keystore file generated by the installer, the installer
creates a self-signed keystore file named Default.keystore in the following
location: <Informatica installation directory>/tomcat/conf/

b. If you use custom SSL certificates, specify the keystore, enter the password and location of the
keystore file.

3. Select whether to enable SAML authentication to configure Security Assertion Markup Language
(SAML)-based single sign-on (SSO) support for web-based Informatica applications in an Informatica
domain.
Press 1 to disable SAML authentication and skip to “Domain Security - Secure Communication” on page
103. Press 2 to enable and configure SAML authentication.
4. Enter the Identity Provider URL for the domain.
5. Specify the relying party trust name or the service provider identifier for the domain as defined in the
identity provider. If you choose No, the service provider identifier is set to "Informatica".
6. Specify whether IdP will sign SAML assertion or not.
7. Enter the identity provider assertion signing certificate alias name.
8. Specify whether to use the default Informatica SSL certificates or to use your SSL certificates to secure
domain communication.
9. Select whether to use the default Informatica SSL certificates or to use your SSL certificates to enable
SAML authentication in the domain.
The following table describes the SSL certificate options for SAML authentication:

Option Description

Use the default Informatica Use the default SSL certificates provided by Informatica.
SSL certificates.

Use custom SSL Select to use a custom truststore file for SAML authentication. Specify the
certificates. directory containing the custom truststore file on gateway nodes within the
domain. Specify the directory only, not the full path to the file.

10. If you provide the security certificates, specify the location and passwords of the keystore and truststore
files.

Configure the Domain 101

 The following table describes the location and password of the truststore and keystore files:

Property Description

Truststore Directory Specify the directory containing the custom truststore file on gateway nodes within the
domain. Specify the directory only, not the full path to the file.

Truststore Password The password for the custom truststore file.

Keystore Directory Specify the directory containing the custom keystore file.

Keystore Password The password for the custom keystore file.

11. To specify the Authentication Context Comparison, specify the strength comparison of the
authentication mechanism used by the user with the IdP server.
Supported values are MINIMUM, MAXIMUM, BETTER, or EXACT option. Default is MINIMUM.
12. To set the Authentication Context Class, specify the expected mechanism of first time authentication of
the user with the IdP server.
Supported values are PASSWORD or PASSWORDPROTECTEDTRANSPORT. Default is PASSWORD.
13. Specify if you want to enable the webapp to sign the SAML authentication request or not?
Default is disabled.
14. Specify the alias name of the private key that was imported to the node SAML keystore using which the
SAML request should be signed.
15. Specify the password to access the private key used for signing the SAML request.
16. Specify the algorithm that the web application uses to sign the SAML request.
Supported values are RSA_SHA256, DSA_SHA1, DSA_SHA256, RSA_SHA1, RSA_SHA224, RSA_SHA384,
RSA_SHA512, ECDSA_SHA1, ECDSA_SHA224, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512,
RIPEMD160, or RSA_MD5.
17. Specify whether you want IdP to sign the SAML response or not?
Choose to select to enable the webapp to receive the signed SAML response or not. Default is disabled.
18. Specify whether IdP will encrypt SAML assertion or not.
Select to enable the webapp to receive an encrypted SAML assertion. Default is enabled.
19. Specify the alias name of the private key present in the gateway nodes gateway node SAML truststore
that used for Informatica uses to decrypt decrypting the SAML assertion.
20. Provide the password to access the private key to use when decrypting the assertion encryption key.
21. Click Next.
The Domain Security - Secure Communication section appears.

102 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Domain Security - Secure Communication
After you configure the domain, you can configure domain security.

u In the Domain Security - Secure Communication section, specify whether to use the default Informatica
SSL certificates or to use your SSL certificates to secure domain communication.
a. Select the type of SSL certificates to use.
The following table describes the options for the SSL certificates that you can use to secure the
Informatica domain:

Option Description

Use the default Use the default SSL certificates contained in the default keystore and
Informatica SSL truststore.
certificates Note: If you do not provide an SSL certificate, Informatica uses the same
default private key for all Informatica installations. If you use the default
Informatica keystore and truststore files, the security of your domain could be
compromised. To ensure a high level of security for the domain, select the
option to specify the location of the SSL certificate files.

Use custom SSL Specify the path for the keystore and truststore files that contain the SSL
certificates certificates. You must also specify the keystore and truststore passwords.
You can provide a self-signed certificate or a certificate issued by a certificate
authority (CA). You must provide SSL certificates in PEM format and in Java
Keystore (JKS) files.
Informatica requires specific names for the SSL certificate files for the
Informatica domain. You must use the same SSL certificates for all nodes in
the domain.
Store the truststore and keystore files in a directory accessible to all the
nodes in the domain and specify the same keystore file directory and
truststore file directory for all nodes in the same domain.

b. If you provide the SSL certificate, specify the location and passwords of the keystore and truststore
files.
The following table describes the parameters that you must enter for the SSL certificate files:

Property Description

Keystore file directory Directory that contains the keystore files. The directory must contain files
named infa_keystore.jks.

Keystore password Password for the keystore infa_keystore.jks.

Truststore file directory Directory that contains the truststore files. The directory must contain files
named infa_truststore.jks and infa_truststore.pem.

Truststore password Password for the infa_truststore.jks file.

The Domain Configuration Repository section appears.

Configure the Domain 103

 Domain Configuration Repository
After you configure domain security, you can configure the domain repository details.

1. Select the database to use for the domain configuration repository details.
The following table lists the databases you can use for the domain configuration repository:

Prompt Description

Database type Type of database for the domain configuration repository. Select from the following
options:
1 - Oracle
2 - Microsoft SQL Server
3 - IBM DB2
4 - PostgreSQL

The Informatica domain configuration repository stores metadata for domain operations and user
authentication. The domain configuration repository must be accessible to all gateway nodes in the
domain.
2. Enter the properties for the database user account.
The following table lists the properties for the database user account:

Property Description

Database user ID Name for the domain configuration database user account.

User password Password for the domain configuration database user account.

3. Enter the parameters for the database.

a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.
The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Specify whether you want to configure a tablespace.

Enter 1 for No.
Enter 2 for Yes.
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multi-partition database, specify the name of the tablespace that resides
in the catalog partition of the database.

b. If you select Microsoft SQL Server, select whether to enter the schema name for the database.

104 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 The following table describes the properties that you must configure for the Microsoft SQL Server
database:

Property Description

Specify Schema Name Specify whether you want to specify a schema name.
Enter 1 for No.
Enter 2 for Yes.

Schema name Name of the schema that will contain domain configuration tables. If this
parameter is blank, the installer creates the tables in the default schema.

4. At the Secure database prompt, specify whether to create a secure domain configuration repository. You
can create a domain configuration repository in a database secured with the SSL protocol. To create a
domain configuration repository in a secure database, press 1 and enter the required parameters. To
create the repository in an unsecured database, press 2.
5. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
a. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.
The following table describes the database connection information:

Prompt Description

Database address Address for the database.

Default is <host name>:<port>.

Database service Service or database name :

name - Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.
- PostgreSQL: Enter the database name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

Configure the Domain 105

 • To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.d
atabase.windows.net;ValidateServerCertificate=false

PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=

Verify that the connection string contains all the connection parameters required by your
database system.

The Domain Security - Encryption Key section appears.

Domain Security - Encryption Key

After you configure domain repository, you can configure encryption key.

u In the Domain Security - Encryption Key section, enter the directory for the encryption key for the
Informatica domain.
The following table describes the encryption key parameters that you must specify when you create a
domain:

Property Description

Encryption key directory Directory in which to store the encryption key for the domain. By default, the
encryption key is created in the following directory: <Informatica
installation directory>/isp/config/keys.

Specify if you want to back A unique site key is generated. If you lose the site key, you cannot generate the
up the site key that the site key again. Make sure that you save a copy of this key and do not share the
installer generates or not unique site key with others.
Specify if you want to back up the site key that the installer generates or not:
- Select 1 for No. If you choose No, the installer generates an error. Press Enter
to continue.
- Select 2 for Yes. If you choose Yes, you agree to back up the file manually.

The installer sets different permissions to the directory and the files in the directory. For more
information about the permissions for the encryption key file and directory, see “Secure Files and
Directories” on page 87.

The Domain and Node Configuration section appears.

106 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Domain and Node Configuration
After you configure the encryption key, you can configure the domain and node.

1. Enter the information for the domain and the node that you want to create.
The following table describes the properties that you set for the domain and gateway node.

Property Description

Domain Name of the domain to create. The default domain name is Domain_<MachineName>. The name
name must not exceed 128 characters and must be 7-bit ASCII only. It cannot contain a space or any of
the following characters: ` % * + ; " ? , < > \ /

Node host Host name of the machine on which to create the node. The node host name cannot contain the
name underscore (_) character. If the machine has a single network name, use the default host name. If
the a machine has multiple network names, you can modify the default host name to use an
alternate network name. Optionally, you can use the IP address.
Note: The default suggestion is the fully qualified host name. If you choose to change the default,
do not use localhost. Use the fully qualified host name that explicitly identifies the machine.

Node name Name of the node to create on this machine. The node name is not the host name for the
machine.

Node port Port number for the node. The default port number for the node is 6005. If the port number is not
number available on the machine, the installer displays the next available port number.

Domain user User name for the domain administrator. You can use this user name to initially log in to
name Informatica Administrator. Use the following guidelines:
- The name is not case sensitive and cannot exceed 128 characters.
- The name cannot include a tab, newline character, or the following special characters: % *
+/?;<>
- The name can include an ASCII space character except for the first and last character. Other
space characters are not allowed.

2. Select whether you want to enable password complexity to secure sensitive data in the domain.
The following table describes the password complexity:

Prompt Description

Password complexity Select whether you want to enable password complexity.

1 - Yes
2 - No
If you select Yes, the password must meet the following requirements:
It must be at least eight characters long and contain at least one alpha character,
one numeric character, and one special character.

Domain password Password for the domain administrator. The password must be more than 2
characters and must not exceed 16 characters.
Not available if you configure the Informatica domain to run on a network with
Kerberos authentication.

Confirm password Enter the password again to confirm.

Not available if you configure the Informatica domain to run on a network with
Kerberos authentication.

Configure the Domain 107

 3. At the Display the Advanced Port Configuration page prompt, specify whether to display the Advanced
Port Configuration page.
• Enter 1 for No.
• Enter 2 for Yes.
If you select Yes, the installer displays the default port numbers assigned to the domain components.
You can specify the port numbers to use for the domain and node components. You can also specify
a range of port numbers to use for the service process that will run on the node. You can use the
default port numbers or specify new port numbers. Verify that the port numbers you enter are not
used by other applications.
The following table describes the ports that you can set:

Port Description

Service Manager port Port number used by the Service Manager on the node. The Service Manager
listens for incoming connection requests on this port. Client applications use
this port to communicate with the services in the domain. The Informatica
command line programs use this port to communicate to the domain. This is
also the port for the SQL data service JDBC/ODBC driver. Default is 6006.

Service Manager Shutdown Port number that controls server shutdown for the domain Service Manager.
port The Service Manager listens for shutdown commands on this port. Default is
6007.

Informatica Administrator Port number used by Informatica Administrator. Default is 6008.

port

Informatica Administrator No default port. Enter the required port number when you create the service.
HTTPS port Setting this port to 0 disables an HTTPS connection to the Administrator tool.

Informatica Administrator Port number that controls server shutdown for Informatica Administrator.
shutdown port Informatica Administrator listens for shutdown commands on this port. Default
is 6009.

Minimum port number Lowest port number in the range of dynamic port numbers that can be assigned
to the application service processes that run on this node. Default is 6014.

Maximum port number Highest port number in the range of dynamic port numbers that can be
assigned to the application service processes that run on this node. Default is
6114.

4. At the prompt to configure the repository for Advanced Scanners, press 2 to continue without
configuring the repository.
The Model Repository Database section appears.

108 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Model Repository Database
The Model Repository Database panel collects information on the database for the Model Repository Service.

1. Enter the Model Repository Service name.

Enter the name of the service. The name is not case sensitive and must be unique within the domain. It
cannot exceed 128 characters or begin with @. It also cannot contain spaces or the following special
characters:
` ~ % ^ * + = { } \ ; : ' " / ? . , < > | ! ( ) ] [
You cannot change the name of the service after you create it.
If you selected process level SPN, specify the keytab file for the Model Repository Service process. The
keytab file must have the following name: .keytab
2. Select the database to configure Model repository database.
The following table lists the database type for the Model repository:

Prompt Description

Database type Type of database for the Model repository. Select from the following options:
1 - Oracle
2 - SQL Server
3 - IBM DB2
4 - PostgreSQL

3. Enter the properties for the database user account.

The following table lists the properties for the database user account:

Property Description

Database user ID Name for the Model repository database user account.
You can enter the Windows NT user name for trusted connection on Microsoft
SQL Server.

User password Password for the Model repository user account.

You can enter the Windows NT password for trusted connection on Microsoft SQL
Server.

4. Enter the parameters for the database.

a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.

Configure the Domain 109

 The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Specify whether you want to configure a tablespace.

Enter 1 for No.
Enter 2 for Yes.
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multi-partition database, specify the name of the tablespace that resides
in the catalog partition of the database.

b. If you select Microsoft SQL Server, select whether to enter the schema name for the database.
The following table describes the properties that you must configure for the Microsoft SQL Server
database:

Property Description

Specify Schema Name Specify whether you want to specify a schema name.
Enter 1 for No.
Enter 2 for Yes.

Schema name Name of the schema that will contain domain configuration tables. If this
parameter is blank, the installer creates the tables in the default schema.

5. At the Secure database prompt, specify whether to create a secure repository. You can create a
repository in a database secured with the SSL protocol. To create a Model repository in a secure
database, press 1 and enter the required parameters. To create the repository in an unsecured database,
press 2.
6. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
a. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.

110 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
The following table describes the database connection information:

Prompt Description

Database address Address for the database.

Default is <host name>:<port>.

Database service Service or database name :

name - Oracle: Enter the service name.
- SQL Server: Enter the database name.
- IBM DB2: Enter the service name.
- PostgreSQL: Enter the database name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

Configure the Domain 111

 • To enter the connection information using a custom JDBC connection string, type the connection
string.
You use the following syntax in the JDBC connection string to connect to a database:
IBM DB2
jdbc:Informatica:db2://<host name:port number>;DatabaseName=<database name>;

Oracle
jdbc:Informatica:oracle://<host name:port number>;ServiceName=<service name>;
Use the following connection string to connect to the Oracle database through the Oracle
Connection Manager:
jdbc:Informatica:oracle:TNSNamesFile=<fully qualified path to the tnsnames.ora
file>;TNSServerName=<TNS server name>;

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name:port
number>;SelectMethod=cursor;DatabaseName=<database name>

Microsoft SQL Server with Windows NT credentials

If you specified the Windows NT credentials for the Model repository database on Microsoft
SQL Server, specify the connection string syntax to include the authentication method as
NTLM.
Microsoft SQL Server that uses the default instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>:<port number>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"
Microsoft SQL Server that uses a named instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.d
atabase.windows.net;ValidateServerCertificate=false

Azure SQL Database with Active Directory authentication

"jdbc:informatica: sqlserver://
<host_name>:<port_number>;database=<database_name>;encrypt=true;Authentication
Method=ActiveDirectoryPassword;trustServerCertificate=false;hostNameInCertific
ate=*.database.windows.net;loginTimeout=<seconds>"

PostgreSQL
jdbc:Informatica:postgresql://<host name:port number>;DatabaseName=<database
name>;

Note: The installer does not validate the connection string. Verify that the connection string
contains all the connection parameters and security parameters required by your database.

The Model Repository Database for monitoring section appears.

112 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Model Repository Database for Monitoring
The Model Repository Database for Monitoring panel collects information on the database for the Monitoring
Model Repository Service database.

1. Enter the monitoring Model Repository Service name.

Enter the name of the service. The name is not case sensitive and must be unique within the domain. It
cannot exceed 128 characters or begin with @. It also cannot contain spaces or the following special
characters:
` ~ % ^ * + = { } \ ; : ' " / ? . , < > | ! ( ) ] [
You cannot change the name of the service after you create it.
If you selected process level SPN, specify the keytab file for the monitoring Model Repository Service
process. The keytab file must have the following name: .keytab
2. Select the database for the monitoring Model repository.
The following table lists the database type for monitoring Model repository:

Prompt Description

Database type Type of database type for monitoring Model repository. Select from the following
options:
1 - Oracle
2 - Microsoft SQL Server
3 - IBM DB2
4 - PostgreSQL

3. Enter the properties for the database user account.

The following table lists the properties for the database user account:

Property Description

Database user ID Name for the monitoring Model repository database user account.
You can enter the Windows NT user name for trusted connection on Microsoft
SQL Server.

User password Password for the Monitoring model repository database user account.
You can enter the Windows NT password for trusted connection on Microsoft SQL
Server.

4. Enter the parameters for the database.

a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.

Configure the Domain 113

 The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Select whether to specify a tablespace:

1 - No
2 - Yes
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multipartition database, select this option and specify the name of the
non-partitioned tablespace that resides in the catalog partition of the
database.

b. If you select Microsoft SQL Server or PostgreSQL, enter the schema name for the database.
The following table describes the properties that you must configure for the Microsoft SQL Server or
PostgreSQL database:

Property Description

Specify Schema Name Specify whether you want to specify a schema name.
Enter 1 for No.
Enter 2 for Yes.

Schema name Name of the schema that will contain domain configuration tables. If this
parameter is blank, the installer creates the tables in the default schema.

5. Select whether to create a secure monitoring Model repository.

You can create a monitoring Model repository in a database secured with the SSL protocol. To create a
monitoring Model repository in a secure database, press 1 and enter the required parameters. To create
the repository in an unsecured database, press 2.
6. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
a. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.

114 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
The following table describes the database connection information:

Prompt Description

Database address Address for the database.

Default is <host name>:<port>.

Database service Service or database name :

name - Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.
- PostgreSQL: Enter the database name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

Configure the Domain 115

 • To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=

Microsoft SQL Server with Windows NT credentials

If you specified the Windows NT credentials for the Model repository database on Microsoft
SQL Server, specify the connection string syntax to include the authentication method as
NTLM.
Microsoft SQL Server that uses the default instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>:<port number>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"
Microsoft SQL Server that uses a named instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.d
atabase.windows.net;ValidateServerCertificate=false

Azure SQL Database with Active Directory authentication

"jdbc:informatica: sqlserver://
<host_name>:<port_number>;database=<database_name>;encrypt=true;Authentication
Method=ActiveDirectoryPassword;trustServerCertificate=false;hostNameInCertific
ate=*.database.windows.net;loginTimeout=<seconds>"

PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=

Verify that the connection string contains all the connection parameters required by your
database system.

The Data Integration Service section appears.

Data Integration Service

The Data Integration Service panel requests connection details to the Data Integration Service.

1. Enter the name of the Data Integration Service.

2. Specify the port number for the Data Integration Service.
• Press Enter if you want to use the default port.

116 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 • Enter a port number.
3. Select the SSL certificates to use to secure the Data Integration Service.

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and truststore.
Informatica SSL Note: If you do not provide an SSL certificate, Informatica uses the same default private key
certificate files for all Informatica installations. If you use the default Informatica keystore and truststore
files, the security of your domain could be compromised. To ensure a high level of security
for the domain, select the option to specify the location of the SSL certificate files.

Use custom SSL Use custom SSL certificates. You must specify the location of the keystore and truststore
certificates files.
You can provide a self-signed certificate or a certificate issued by a certificate authority (CA).
You must provide SSL certificates in PEM format and in Java Keystore (JKS) files.
Informatica requires specific names for the SSL certificate files for the Informatica domain.
You must use the same SSL certificates for all nodes in the domain. Store the truststore and
keystore files in a directory accessible to all the nodes in the domain and specify the same
keystore file directory and truststore file directory for all nodes in the same domain.

If you choose to use custom SSL certificates, enter the following information.

Property Description

Keystore file directory Directory that contains the keystore files. The directory must contain files named
infa_keystore.jks and infa_keystore.pem.

Keystore password Password for the keystore infa_keystore.jks.

Truststore file directory Directory that contains the truststore files. The directory must contain files
named infa_truststore.jks and infa_truststore.pem.

Truststore password Password for the infa_truststore.jks file.

4. Choose whether you want to enable data engineering recovery for the Data Integration Service or not.
• Press 1 for Yes.
• Press 2 for No.
If you choose Yes, you can recover mapping jobs that the Data Integration Service pushes to the Spark
engine for processing. Default is No.
The Content Management Service Parameters and Database section appears.

Content Management Service Parameters and Database

The Content Management Service Parameters and Database panel collects information on the database for
the Content Management Service.

1. At the Content Management Service name prompt, enter the service name. For example, CMS
2. At the HTTPS port prompt, enter the HTTPS port number to use for the Content Management Service.

Configure the Domain 117

 3. Select the keystore file to use to secure the Content Management Service.

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and truststore.
Informatica Note: If you do not provide an SSL certificate, Informatica uses the same default private key
keystore files for all Informatica installations. If you use the default Informatica keystore and truststore
files, the security of your domain could be compromised. To ensure a high level of security for
the domain, select the option to specify the location of the SSL certificate files.

Use custom Use custom SSL certificates. You must specify the location of the keystore and truststore
keystore files files.
You can provide a self-signed certificate or a certificate issued by a certificate authority (CA).
You must provide SSL certificates in PEM format and in Java Keystore (JKS) files. Informatica
requires specific names for the SSL certificate files for the Informatica domain. You must use
the same SSL certificates for all nodes in the domain. Store the truststore and keystore files
in a directory accessible to all the nodes in the domain and specify the same keystore file
directory and truststore file directory for all nodes in the same domain.

If you choose to use custom SSL certificates, enter the following information.

Property Description

Keystore file directory Directory that contains the keystore files. The directory must contain files named
infa_keystore.jks and infa_keystore.pem.

Keystore password Password for the keystore infa_keystore.jks.

The keystore certificate types for the Content Management Service depends on the certificate types that
the SSL-enabled domain uses:
• If you used the default keystore certificate for the domain, you can use either the default or a custom
keystore certificate for the Content Management Service.
• If you used a custom keystore certificate for the domain, you must use a custom keystore certificate
for the Content Management Service.

4. Enter database information for the reference data warehouse.

The following table lists the database information for the reference data warehouse.

Prompt Description

Database type Type of database for reference data warehouse. Select from the following options:
1 - Oracle
2 - Microsoft SQL Server
3 - IBM DB2
4 - PostgreSQL

5. Enter the properties for the database user account.

118 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 The following table lists the properties for the database user account:

Property Description

Database user ID Name for the reference data warehouse database user account.

User password Password for the profiling warehouse database user account.

6. Based on the database type selected, enter the parameters for the database.
a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.
The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Select whether to specify a tablespace:

1 - No
2 - Yes
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multipartition database, select this option and specify the name of the
non-partitioned tablespace that resides in the catalog partition of the
database.

b. If you select Microsoft SQL Server, enter the schema name for the database.
The following table describes the properties that you must configure for the Microsoft SQL Server
database:

Property Description

Specify Schema Name Specify whether you want to specify a schema name.
Enter 1 for No.
Enter 2 for Yes.

Schema name Name of the schema that will contain domain configuration tables. If this
parameter is blank, the installer creates the tables in the default schema.

7. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
8. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.

Configure the Domain 119

 The following table describes the database connection information:

Prompt Description

Database address Host name and port number for the database.

Database service name Service or database name :

- Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

• To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Use the following connection string to connect to the Oracle database through the Oracle
Connection Manager:
jdbc:Informatica:oracle:TNSNamesFile=<fully qualified path to the tnsnames.ora
file>;TNSServerName=<TNS name>;

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.datab
ase.windows.net;ValidateServerCertificate=false

PostgreSQL
jdbc:Informatica:postgresql://<host name>:<port number>;DatabaseName=

Verify that the connection string contains all the connection parameters required by your database
system.

9. Enter the data access connection string.

The Profiling Warehouse Connection Database section appears.

120 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Profiling Warehouse Connection Database
The Profiling Warehouse Connection Database panel collects information on the database for the Profiling
Warehouse.

1. Select the database type for the profiling warehouse.

The following table lists the database type for the profiling warehouse.

Prompt Description

Database type Type of database for the profiling warehouse connection. Select from the following
options:
1 - Oracle
2 - Microsoft SQL Server
3 - IBM DB2

2. Enter the properties for the database user account.

The following table lists the properties for the database user account:

Property Description

Database user ID Name for the profiling warehouse database user account.

User password Password for the profiling warehouse database user account.

3. Based on the database type selected, enter the parameters for the database.
a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.
The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Select whether to specify a tablespace:

1 - No
2 - Yes
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multipartition database, select this option and specify the name of the
non-partitioned tablespace that resides in the catalog partition of the
database.

b. If you select Microsoft SQL Server, enter the schema name for the database.

Configure the Domain 121

 The following table describes the properties that you must configure for the Microsoft SQL Server
database:

Property Description

Specify Schema Name Specify whether you want to specify a schema name.
Enter 1 for No.
Enter 2 for Yes.

Schema name Name of the schema that will contain domain configuration tables. If this
parameter is blank, the installer creates the tables in the default schema.

4. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
5. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.
The following table describes the database connection information:

Prompt Description

Database address Host name and port number for the database.

Database service name Service or database name :

- Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

122 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 • To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://host_name:port_no;DatabaseName=

Oracle
jdbc:Informatica:oracle://host_name:port_no;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://host_name:port_no;SelectMethod=cursor;DatabaseName=

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.datab
ase.windows.net;ValidateServerCertificate=false

Verify that the connection string contains all the connection parameters required by your database
system.

6. Enter the data access connection string.

The Informatica Cluster Service Creation section appears.

Create and Configure the Informatica Cluster Service

1. Configure the following properties to create the Informatica Cluster Service:

Property Description

User name for the User name for the gateway host. The gateway user must be a non-root user with sudo
gateway host access.
You must enable passwordless SSH for the following nodes:
- Between the Informatica domain and the gateway host for the gateway user.
- Between gateway host and data nodes and processing nodes.
- If you plan to enable Advanced Configuration for the service, enable passwordless
SSH between the gateway node and service nodes.

Enter the Informatica Name of the service. The name is not case-sensitive and must be unique within the
Cluster Service Name domain. The name cannot exceed 128 characters or begin with @. The name cannot
contain character spaces. The characters in the name must be compatible with the
code page of the Model repository. The name cannot contain the following special
characters:` ~ % ^ * + = { } \ ; : ' " / ? . , < > | ! ( ) ] [

Informatica Cluster Fully qualified domain name of the node that you want to configure as the gateway
Gateway Host host.
The node that you configure as the gateway host must be a data node or a processing
node.

Configure the Domain 123

 Property Description

Enable Advanced Select 2 if you want to configure the properties of the applications and associated
Configuration services. If you select 2, the associated services use the values that you specify for
them instead of using the values specified for the data nodes.
Provide the parameters listed in “Informatica Cluster Service Advanced Configuration” on
page 189 .

Data Nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as data nodes.

Processing Nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as processing nodes.

Enable Transport Layer Select the option to enable TLS for the Informatica Cluster Service.
Security (TLS)

Enter the Informatica Port number for the HTTPS connection. Required if you selected Enable Transport
Cluster Service HTTPS Layer Security.
Port

Enable Secure Select 1 to use to default Informatica SSL certificates or select 2 to use the custom
Communication for the SSL certificates.
Service If the Informatica domain is enabled for SSL, you must provide the following details:
- HTTPS port. The HTTPS port to access the Informatica domain node.
- Informatica keystore file. The fully qualified path to the Informatica domain
keystore file.
- Keystore password. The password for the keystore file.

SSL protocol to use Optional. Provide the SSL protocol that you want to use for the service.

Enable Advanced Select 2 if you want to configure the properties of the Spark and Elasticsearch
Configuration for Data services. If you select 2, the associated services use the values that you specify for
Privacy Management them instead of using the values specified for the data nodes.
Note: You must select the same option for the Advanced Configuration for the
Informatica Cluster Service and the Advanced Configuration for Data Privacy
Management.
Provide the parameters listed in the “Data Privacy Management Service Advanced
Configuration” on page 192 section.
If you do not enable advanced configuration, Elasticsearch installs on all data nodes.
The gateway host is used as the Spark master node. Spark slave nodes are installed
on processing nodes.

Cluster Custom Directory for the service. Default is /opt/informatica/ics

Directory

2. Press Enter.

Catalog Service Parameters

After you configure the existing cluster, you can configure the Catalog Service parameters.

1. Enter the name of the Catalog Service.

2. At the HTTPS port prompt, enter the HTTPS port number to use for the Catalog Service.
3. Enable secure communication for the Service.

124 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 The following table describes the options for the SSL certificates that you can use to secure the
repository:

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and
keystore truststore.
generated by the Note: If you do not provide an SSL certificate, Informatica uses the same default private key
installer for all Informatica installations. If you use the default Informatica keystore and truststore
files, the security of your domain could be compromised. To ensure a high level of security
for the domain, select the option to specify the location of the SSL certificate files.

Specify the Use custom SSL certificates. You must specify the location of the keystore and truststore
location and files.
password of a You can provide a self-signed certificate or a certificate issued by a certificate authority
custom keystore (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files.
file Informatica requires specific names for the SSL certificate files for the Informatica domain.
You must use the same SSL certificates for all nodes in the domain. Store the truststore and
keystore files in a directory accessible to all the nodes in the domain and specify the same
keystore file directory and truststore file directory for all nodes in the same domain.

If you choose to use custom SSL certificates, enter the following information.

Property Description

Catalog Service Keystore Full path and file name of the keystore file.
file

Catalog Service Keystore Password for the keystore infa_keystore.jks.

password

Domain Keystore alias Name of the domain keystore alias.

The Data Privacy Management Service Configuration section appears.

Data Privacy Management Service Configuration

The Data Privacy Management Service Configuration panel includes information for the Data Privacy
Management repository database.

1. At the Data Privacy Management Service name prompt, enter the service name. For example, DPM
2. At the HTTPS port prompt, enter the HTTPS port number to use for the Data Privacy Management
Service.
3. Enable secure communication for the Service.

Configure the Domain 125

 The following table describes the options for the SSL certificates that you can use to secure the
repository:

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and
keystore truststore.
generated by the Note: If you do not provide an SSL certificate, Informatica uses the same default private key
installer for all Informatica installations. If you use the default Informatica keystore and truststore
files, the security of your domain could be compromised. To ensure a high level of security
for the domain, select the option to specify the location of the SSL certificate files.

Specify the Use custom SSL certificates. You must specify the location of the keystore and truststore
location and files.
password of a You can provide a self-signed certificate or a certificate issued by a certificate authority
custom keystore (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files.
file Informatica requires specific names for the SSL certificate files for the Informatica domain.
You must use the same SSL certificates for all nodes in the domain. Store the truststore and
keystore files in a directory accessible to all the nodes in the domain and specify the same
keystore file directory and truststore file directory for all nodes in the same domain.

If you choose to use custom SSL certificates, enter the following information.

Property Description

Keystore file Full path and file name of the keystore file.

Keystore password Password for the keystore infa_keystore.jks.

Keystore alias Name of the keystore alias.

4. At the Database type prompt, select the database type to use for the Data Privacy Management
repository database.
• Enter 1 for Oracle.
• Enter 2 for Microsoft SQL Server or Azure SQL Database.
• Enter 3 for IBM DB2.
• Enter 4 for PostgreSQL.
5. At the Database user ID prompt, enter the name for the Data Privacy Management repository database
user account.
6. At the User password prompt, enter password for the Data Privacy Management repository database
user account.
7. Enter the parameters for the database.
a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.

126 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Specify whether you want to configure a tablespace.

Enter 1 for No.
Enter 2 for Yes.
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multi-partition database, specify the name of the tablespace that resides
in the catalog partition of the database.

b. If you select Microsoft SQL Server, choose not to enter the schema name for the database.

8. At the Secure database prompt, press 2.

9. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
a. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.
The following table describes the database connection information:

Prompt Description

Database address Address for the database.

Default is <host name>:<port>.

Database service Service or database name:

name - Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.
- PostgreSQL: Enter the database name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

Configure the Domain 127

 • To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database name>;

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.d
atabase.windows.net;ValidateServerCertificate=false

PostgreSQL
jdbc:Informatica:postgresql://<host name:port number>;DatabaseName=<database
name>;

Verify that the connection string contains all the connection parameters required by your
database system.

10. If you enabled User Activity monitoring, enter the mount location to store event messages.
The mount location must be accessible to the domain machine and all cluster machines. The path to the
mount location must be the same on all machines with Read, Write, and Execute permissions for the
domain user on all machines.
The post-installation summary appears when the install completes successfully.

128 Chapter 8: Create a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
Chapter 9

Join a Domain With Data

Engineering, Enterprise Data
Catalog and Data Privacy
Management
This chapter includes the following topics:

• Begin the Installation, 129

• Configure the Domain, 136

Begin the Installation

This task includes installer prompts to begin the installation. You will provide basic information such as
acceptance of terms, installation option, and the installation directory.

When you complete the preliminary tasks, you will continue with the installer prompts and will provide
information to configure the domain.

You must have performed the following prerequisite tasks before you run the installer to join a domain:

• The installation path on each machine where you install Data Privacy Management must be the same.
• Configure the backup node with all domain prerequisites for an Enterprise Data Catalog installation
• Copy the $INFA_HOME/isp/config/keys/siteKey siteKey from the primary node to the backup node
machine.
• If the primary node uses custom SSL certificates, the backup node must also use custom SSL certificates.
Both nodes must use the same truststore file with certificates of both nodes imported.
• If you use a remote agent, import the remote agent certificate to the truststores of both nodes. Import the
certificate of the backup node machine into the remote agent truststore.

Run the Installer

Perform the following steps to run the installer:

1. Log in to the machine with a system user account.

129
 2. Close all other applications.
3. On a shell command line, run the install.sh file from the installer directory.
The installer displays the message to verify that the locale environment variables are set.
4. At the prompt to read the documents, press y to continue the install.
Press n if you want to read the documentation before you continue.
5. Press 1 to install Informatica products.
6. Press 3 to run the installer.

Welcome - Accept Terms and Conditions

u Read the terms and conditions for Informatica installation and the product usage toolkit and select I
agree to the terms and conditions.
a. Press 1 if you do not want to accept the terms and conditions.
b. Press 2 to accept the terms and conditions.
The Component Selection sections appears.

Component Selection
After you accept terms and conditions, you can install Informatica Data Engineering, Enterprise Data Catalog,
and Data Privacy Management.

1. Press 4 to install and configure Data Privacy Management.

When you select this option, you can choose to install Data Engineering products, Enterprise Data
Catalog, and Data Privacy Management or Data Privacy Management only in an existing domain with
Enterprise Data Catalog.
2. Press 1 to indicate Enterprise Data Catalog is not installed on the node.
3. Choose whether you want to enable user activity monitoring.
a. Press 1 to continue without enabling user activity monitoring.
b. Press 2 to enable user activity monitoring.
If you enable user activity monitoring, you can choose the Elasticsearch version to use.
4. The installer includes an Elasticsearch version that does not include X-Pack features including TLS
support and authentication.
You can choose to use a different Elasticsearch tar file that includes X-Pack features.
Note: ElasticSearch with TLS enabled takes more time to persist events compared to ElasticSearch
without TLS. You might notice a difference in performance.
a. Press 1 to use the Elasticsearch version included with the installer.
b. Press 2 to use a different Elasticsearch file.

130 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 Enter the following information:

Property Description

Path to the Elasticsearch .tar file with X- Enter the complete path to the Elasticsearch .tar file that you
Pack features want to use.

Elasticsearch Admin User Password Enter the password to use. The user name is always elastic.

Note: You cannot change the Elasticsearch settings from the Administrator Tool.

The Installation Prerequisites section displays the installation requirements. Verify that all requirements are
met before you continue the installation.

Tune the Application Services

After you review the installation prerequisites, you can choose to tune the application services for better
performance based on the deployment type in your environment. If you do not tune now, you can tune the
services later through infacmd.

1. Select if you want the installer to tune the application services:

• Press 1 if you do not want to tune the services. The License and Installation Directory section
appears.
• Press 2 if you want to tune the services.
If you are joining the node to existing domain, ensure the deployment type you select here is same
deployment type as the gateway nodes.
2. Select the deployment type associated with the Informatica environment.

Deployment Type Disk Space per Node Total Virtual Cores RAM per Node

Sandbox 140 GB 16 32 GB

Basic 140 GB 24 64 GB

Standard 140 GB 48 64 GB

Advanced 140 GB 96 128 GB

3. Select whether you want to change the deployment type or continue with the current deployment
selection.
a. Press 1 to change the deployment type.
b. Press 2 to continue with the current deployment selection.
The License and Installation Directory section appears.

Begin the Installation 131

 Specify the Installation Directory
After you verify the installation prerequisites, you can specify the installation directory.

1. Enter the installation directory.

The directory names in the path must not contain spaces or the following special characters: @|* $ # ! %
( ) { } [ ] , ; ' Default is <user home directory>/Informatica/10.5.2.
Note: Informatica recommends using alphanumeric characters in the installation directory path. If you
use a special character such as á or €, unexpected results might occur at run time.
2. Enter the path and file name to the license key file and press Enter.
3. Choose an installation environment and press Enter.
• Press 1 to set Sandbox environment for a basic environment used for proof of concept with minimal
users.
• Press 2 to set Development environment for the design environment.
• Press 3 to set Test environment for high volume processing that is closest to a production
environment.
• Press 4 to set Production environment for high volume processing with high levels of concurrency
meant for end users. Advanced production environments are typically multi-node setups.
Default is 1 for Sandbox.
4. Select whether you want to run the pre-validation utility.
a. Press 1 to skip the pre-validation utility.
b. Press 2 to run the pre-validation utility.
The utility helps you validate the prerequisites to install Enterprise Data Catalog.
If you choose to skip the pre-validation utility, the Pre-Installation Summary section appears. Review the
installation summary.

If choose to run the pre-validation utility, the Pre-validation section appears.

Prepare the Pre-validation Utility

You can use the pre-validation utility to verify the prerequisites to create the Informatica Cluster Service.

1. Select if you want to run the pre-validation utility:

a. Press 1 to skip running the pre-validation utility.
b. Press 2 to run the pre-validation utility.
2. If you chose to run the pre-validation utility, you must provide the details listed in the following table:

Property Description

Informatica cluster Fully qualified domain name of the node that you want to configure as the gateway host.
gateway host

Gateway user User name for the gateway host.

Enable advanced - Press 1 to skip validation of advanced configuration properties for associated services.
configuration - Press 2 to validate advanced configuration properties of associated services. If you
select this option, you must specify values for all the properties.

132 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 Property Description

Data nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as data nodes.

Processing nodes Comma-separated list of fully qualified domain names of nodes that you want to
configure as processing nodes.

Working directory Directory for the Informatica Cluster Service. Default is /opt/informatica/ics. For a
path multi-node setup, the installer prompts you to confirm if you want to specify the path to
the shared file system.
- Type 1 if you want to configure the shared file system path for the multi-node setup.
- Type 2 if you want to configure the shared file system path for the multi-node setup. If
you select this option, you must specify the path to the cluster custom directory.
Note: The permission on the directory must be u=rwx (0700) or u=rwx,g=rx
(0750). The Postgres service does not start if the directory does not have the required
permission.

3. Applies if you selected the option to validate advanced configuration properties of associated services.
Provide the following values for validation of the Nomad server configuration parameters:

Property Description

Nomad Server Comma-separated list of fully qualified domain names of nodes that host the Nomad
Hosts servers.

Nomad HTTP HTTP port number configured for the Nomad server. Default is 4646.
Port

Nomad Serf Port Serf port configured as the gossip protocol for the Nomad servers. Default is 4648.

Nomad RPC Port The Remote Procedure Call (RPC) port configured for communication. Default is 4647.

Nomad Server The directory that includes sub directories with tasks running on the Nomad server. Default
Working is $clusterCustomDir/nomad/nomadserver
Directory

Nomad Client The directory configured for tasks in the Nomad client. Default is $clusterCustomDir/nomad/
Working nomadclient
Directory

Nomad Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue
within double quotes as shown in the following sample: “sample value”.

Begin the Installation 133

 Provide the following values for validation of the Apache ZooKeeper server configuration parameters:

Property Description

ZooKeeper Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache
ZooKeeper server.

ZooKeeper Port Port number configured for the Apache ZooKeeper Server. Default is 2181.

ZooKeeper Peer Port number configured for Apache ZooKeeper peer communication. Default is 2888.
Port

ZooKeeper Port number configured for the ZooKeeper Sever identified as the Leader. Default is 3888.
Leader Port

ZooKeeper Specify the path to the directory where you want to install Apache ZooKeeper. Default is
Installation $clusterCustomDir/zk/install
Directory

ZooKeeper Data Specify the path to the directory where you want to store data from Apache ZooKeeper.
Directory Default is $clusterCustomDir/zk/data

ZooKeeper Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue
within double quotes as shown in the following sample: “sample value”.

Provide the following values for validation of the Apache Solr server configuration parameters:

Property Description

Solr Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache Solr
server.

Solr Port Port number configured for Apache Solr Server. Default is 8983.

Solr Installation Specify the path to the directory where you want to install Apache Solr Server. Default is
Directory $clusterCustomDir/solr/install.

Solr Data Specify the path to the directory where you want to store data from Apache Solr. Default is
Directory $clusterCustomDir/solr/data

Solr Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

134 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 Provide the following values for validation of the MongoDB database configuration parameters:

Property Description

MongoDB Comma-separated list of fully qualified domain names of nodes that host the MongoDB
Hosts database.

MongoDB Port Port number configured for MongoDB. Default is 27017.

MongoDB Log Specify the path to the directory where you want to store the log files. Default is
Directory $clusterCustomDir/mongo/log

MongoDB Data Specify the path to the directory where you want to store data from the MongoDB database.
Directory Default is $clusterCustomDir/mongo/data

MongoDB Specify any custom options for the service in the following format:
Custom [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
Options white space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Provide the following values for validation of the PostgreSQL database configuration parameters:

Property Description

PostgreSQL DB Fully qualified domain name of the machine that hosts the PostgreSQL database. Default is
Host the gateway host.
Note: If you did not select the Enable Advanced Configuration option, the service uses the
gateway host value specified as the host value

PostgreSQL DB Port number configured for PostgreSQL. Default is 5432.

Port

PostgreSQL DB Specify the path to the directory where you want to install the PostgreSQL database. Default
Installation is $clusterCustomDir/postgres/install
Directory

PostgreSQL DB Specify the path to the directory where you want to store the log files from the PostgreSQL
Log Directory database. Default is $clusterCustomDir/postgres/log

PostgreSQL DB Specify the path to the directory where you want to store PostgreSQL data. Default is
Data Directory $clusterCustomDir/postgres/data

PostgreSQL DB Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a
white space character. If the OptionValue includes a white space character, you must
enclose the OptionValue within double quotes as shown in the following sample: “sample
value”.

Note: The details for the Data Privacy Management, Elasticsearch, and Spark services are not validated
by the pre-validation utility.
4. Press Enter to continue after running the pre-validation utility.

Begin the Installation 135

Configure the Domain
This task includes installer prompts to configure the domain. You will provide information to join a domain,
configure the domain security, domain repository, and the encryption key for the domain.

When you complete the tasks, you will complete the installation.

Domain Selection
After you review the Pre-Installation summary, you can enter the domain information.

1. Press 2 to join a domain.

The installer joins a node on the machine where you install.
2. Select the type of node you want to create.
The following table describes the types of nodes that you can create:

Property Description

Configure this node as a Select whether to configure the node as a gateway or worker node.
gateway 1 - Yes
2 - No
Select 1 to configure a gateway node or 2 to configure a worker node.

3. Enter a HTTPS port number or press Enter to use the default port number.
Default is 8443.
4. If you configure the node as a gateway, enable a secure HTTPS connection to the Informatica
Administrator.
a. Enable secure communication.

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and
keystore truststore.
generated by the Note: If you do not provide an SSL certificate, Informatica uses the same default private
installer key for all Informatica installations. If you use the default Informatica keystore and
truststore files, the security of your domain could be compromised. To ensure a high
level of security for the domain, select the option to specify the location of the SSL
certificate files.

Specify the Use custom SSL certificates. You must specify the location of the keystore and
location and truststore files.
password of a You can provide a self-signed certificate or a certificate issued by a certificate
custom keystore authority (CA). You must provide SSL certificates in PEM format and in Java Keystore
file (JKS) files. Informatica requires specific names for the SSL certificate files for the
Informatica domain. You must use the same SSL certificates for all nodes in the
domain. Store the truststore and keystore files in a directory accessible to all the nodes
in the domain and specify the same keystore file directory and truststore file directory
for all nodes in the same domain.

136 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 If you choose to use custom SSL certificates, enter the following information:

Property Description

Keystore file directory Directory that contains the keystore files. The directory must contain files
named infa_keystore.jks and infa_keystore.pem.

Keystore password Password for the keystore infa_keystore.jks.

Keystore alias Name of the keystore alias.

5. Applicable if you configure the node as a gateway node. Select whether SAML authentication is enabled
to configure Security Assertion Markup Language (SAML)-based single sign-on (SSO) support for web-
based Informatica applications in an Informatica domain.
• Press 1 if the domain does not use SAML authentication and skip to “Domain Security - Secure
Communication” on page 103.
• Press 2 if the domain uses SAML authentication.
6. Select whether to use the default Informatica SSL certificates or to use your SSL certificates to enable
secure communication in the domain.
The following table describes the SSL certificate options for SAML authentication:

Option Description

Use the default Informatica SSL Select to use the default Informatica truststore file for SAML authentication.
certificate file.

Enter the location of the SSL Select to use a custom truststore file for SAML authentication. Specify the
certificate file. directory containing the custom truststore file on gateway nodes within the
domain. Specify the directory only, not the full path to the file.

7. Select whether to use the default Informatica SSL certificates or to use your SSL certificates to enable
SAML authentication in the domain.
The following table describes the SSL certificate options for SAML authentication:

Option Description

Use the default Informatica SSL Select to use the default Informatica truststore file for SAML authentication.
certificate file.

Enter the location of the SSL Select to use a custom truststore file for SAML authentication. Specify the
certificate file. directory containing the custom truststore file on gateway nodes within the
domain. Specify the directory only, not the full path to the file.

8. If you provide the security certificates, specify the location and passwords of the keystore and truststore
files.

Configure the Domain 137

 The following table describes the location and password of the truststore and keystore files:

Property Description

Truststore Directory Specify the directory containing the custom truststore file on gateway nodes within the
domain. Specify the directory only, not the full path to the file.

Truststore Password The password for the custom truststore file.

Keystore Directory Specify the directory containing the custom keystore file.

Keystore Password The password for the custom keystore file.

9. Click Next.
The Domain Security - Secure Communication appears.

Domain Security
After you configure the domain, you can configure domain security.

u In the Domain Security - Secure Communication section, specify whether to use the default Informatica
SSL certificates or to use your SSL certificates to secure domain communication.
a. Select the type of SSL certificates to use.
The following table describes the options for the SSL certificates that you can use to secure the
Informatica domain:

Option Description

Use the default Use the default SSL certificates contained in the default keystore and
Informatica SSL truststore.
certificates Note: If you do not provide an SSL certificate, Informatica uses the same
default private key for all Informatica installations. If you use the default
Informatica keystore and truststore files, the security of your domain could be
compromised. To ensure a high level of security for the domain, select the
option to specify the location of the SSL certificate files.

Use custom SSL Specify the path for the keystore and truststore files that contain the SSL
certificates certificates. You must also specify the keystore and truststore passwords.
You can provide a self-signed certificate or a certificate issued by a certificate
authority (CA). You must provide SSL certificates in PEM format and in Java
Keystore (JKS) files. Informatica requires specific names for the SSL
certificate files for the Informatica domain. You must use the same SSL
certificates for all nodes in the domain. Store the truststore and keystore files
in a directory accessible to all the nodes in the domain and specify the same
keystore file directory and truststore file directory for all nodes in the same
domain.

If the node that you create uses a different keystore, perform the following steps:
1. Import the node keystore to the domain truststore.

138 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 2. Copy the domain truststore to the node.
3. Update the Informatica Cluster Service truststore with the node keystore. The Informatica
Cluster Service truststore is stored in the following location: opt/Informatica/<Informatica
Cluster Service name>/certs/trustore.jks
4. Shut down and enable the Informatica Cluster Service.

b. If you provide the SSL certificate, specify the location and passwords of the keystore and truststore
files.
The following table describes the parameters that you must enter for the SSL certificate files:

Property Description

Keystore file directory Directory that contains the keystore files. The directory must contain files
named infa_keystore.jks.

Keystore password Password for the keystore infa_keystore.jks.

Truststore file directory Directory that contains the truststore files. The directory must contain files
named infa_truststore.jks and infa_truststore.pem.

Truststore password Password for the infa_truststore.jks file.

The Domain Configuration Repository section appears.

Domain Configuration
After you configure the domain security, you can enter the domain details.

u Enter the information for the domain that you want to join.
The following table describes the properties that you specify for the domain:

Property Description

Domain name Name of the domain to join.

Gateway node host Host name of the machine that hosts the gateway node for the domain.

Gateway node port Port number of the gateway node.

Domain user name User name of the administrator for the domain you want to join.

Domain password Password for the domain administrator.

Confirm password Enter the password again to confirm.

The Domain Security - Encryption Key section appears.

Configure the Domain 139

 Domain Security - Encryption Key
After you configure the domain repository, you can configure the encryption key.

u Enter the directory for the encryption key for the Informatica domain.
The following table describes the encryption key parameters that you must specify when you join a
domain:

Prompt Description

Select the Path and file name of the encryption key for the Informatica domain that you want to join. All
encryption key nodes in the Informatica domain use the same encryption key. You must specify the
encryption key file created on the gateway node for the domain that you want to join.
If you copied the encryption key file to a temporary directory to make it accessible to the
nodes in the domain, specify the path and file name of the encryption key file in the temporary
directory.

Encryption key Directory in which to store the encryption key on the node created during this installation. The
directory installer copies the encryption key file for the domain to the encryption key directory on the
new node.

The installer sets different permissions to the directory and the files in the directory. For more
information about the permissions for the encryption key file and directory, see “Secure Files and
Directories” on page 87.

The Join Domain Node Configuration section appears.

Join Domain Node Configuration

After you configure the encryption key, you can configure the join domain and node.

1. Enter the information for the domain and the node that you want to join.
The following table describes the properties that you set for the current node.

Property Description

Node host name Host name or IP address of the machine on which to join the node.
If the machine has a single network name, use the default host name. If the a
machine has multiple network names, you can modify the default host name to
use an alternate network name.
Note: The node host name cannot contain the underscore (_) character. Do not
use localhost. The host name must explicitly identify the machine.

Node name Name of the node to join.

Node port number Port number for the node. The default port number for the node is 6005. If the
port number is not available on the machine, the installer displays the next
available port number.

2. Select whether to display the advanced port configurations for the domain and node components
assigned by the installer.

140 Chapter 9: Join a Domain With Data Engineering, Enterprise Data Catalog and Data Privacy Management
 If you select 1, the installer does not display the port configurations. If you select 2 to create the ports,
the Port Configuration section appears. The installer displays the default port numbers assigned to the
domain components. You can specify the port numbers to use for the domain and node components.
You can also specify a range of port numbers to use for the service process that will run on the node.
You can use the default port numbers or specify new port numbers. Verify that the port numbers you
enter are not used by other applications.
3. Press 2 to choose not to create the Model Repository Service and Data Integration Service.
The Post-Installation Summary section indicates whether the installation completed successfully. The
summary also shows the status of the installed components and their configuration.

You can configure the backup nodes for available services from Informatica Administrator.

Port Configuration
If you chose to display the advanced port configuration page, you can set the ports for the domain
components.

u Enter new port numbers at the prompt or press Enter to use the default port numbers.
The following table describes the ports that you can set:

Port Description

Service Manager port Port number used by the Service Manager on the node. The Service Manager
listens for incoming connection requests on this port. Client applications use this
port to communicate with the services in the domain. The Informatica command
line programs use this port to communicate to the domain. This is also the port
for the SQL data service JDBC/ODBC driver. Default is 6006.

Service Manager Shutdown Port number that controls server shutdown for the domain Service Manager. The
port Service Manager listens for shutdown commands on this port. Default is 6007.

Informatica Administrator Port number used by Informatica Administrator. Default is 6008.

port

Informatica Administrator No default port. Enter the required port number when you create the service.
HTTPS port Setting this port to 0 disables an HTTPS connection to the Administrator tool.

Informatica Administrator Port number that controls server shutdown for Informatica Administrator.
shutdown port Informatica Administrator listens for shutdown commands on this port. Default is
6009.

Minimum port number Lowest port number in the range of dynamic port numbers that can be assigned to
the application service processes that run on this node. Default is 6014.

Maximum port number Highest port number in the range of dynamic port numbers that can be assigned
to the application service processes that run on this node. Default is 6114.

The Post-Installation Summary section appears. The Post-Installation Summary section indicates whether
the installation completed successfully. The summary also shows the status of the installed components and
their configuration.

Configure the Domain 141

Chapter 10

Install Data Privacy Management

in an Existing Domain
This chapter includes the following topics:

• Overview, 142
• Prerequisites, 142
• Install Data Privacy Management, 143
• Data Privacy Management Service Configuration, 146

Overview
If you installed and configured Data Engineering and Enterprise Data Catalog, you can install Data Privacy
Management on a node in the domain and configure the Data Privacy Management Service.

Complete the following tasks to install and configure Data Privacy Management on an existing node in the
domain:

1. Perform prerequisite tasks for application services and databases.

2. Run the installer to install Data Privacy Management and create the Data Privacy Management Service
on the node.

Prerequisites
If you plan to install Data Privacy Management in an existing domain with Enterprise Data Catalog and Data
Engineering products installed, you must account for the dependencies for each product.

Ensure you complete the following prerequisite tasks before you run the installer to install Data Privacy
Management in an existing domain:

• Install the current version of Data Engineering products and Enterprise Data Catalog.
• The Informatica domain and Enterprise Data Catalog must have SSL authentication enabled.
• Data Engineering services and Enterprise Data Catalog services that Data Privacy Management requires
must be created and available.
Verify that the following services are available when you run the installer:

142
 Model Repository Service

The Model Repository Service manages the Model repository. It receives requests from Informatica
clients and application services to store or access metadata in the Model repository. You also need to
prepare the Model Repository database. For more information, see Model Repository Service “Model
Repository Service” on page 54.

monitoring Model Repository Service

The monitoring Model Repository Service is a Model Repository Service that monitors statistics for Data
Integration Service jobs. The service uses the Model repository to store data. For more information, see
“Monitoring Model Repository Service” on page 57.

Data Integration Service

The Data Integration Service receives requests from Informatica client tools to run integration, profile,
and data preparation jobs. It writes results to different databases, and it writes run-time metadata to the
Model repository. You also need to prepare databases associated with the service. For more information,
see “Data Integration Service” on page 46.

Content Management Service

The Content Management Service manages reference data for data domains that use reference tables. It
uses the Data Integration Service to run mappings to transfer data between reference tables and
external data sources. For more information, see “Content Management Service” on page 44.

Informatica Cluster Service

The Informatica Cluster Service runs and manages the cluster that runs with Enterprise Data Catalog. It
distributes the Hortonworks binaries and launches the required cluster services on the hosts where the
cluster runs. For more information, see “Informatica Cluster Service” on page 54.

Catalog Service

The Catalog Service manages connections between service components and the users that have access
to Enterprise Data Catalog search interface and Catalog Administrator. For more information, see
“Catalog Service” on page 40.

Install Data Privacy Management

You can install Data Privacy Management on a node on which Data Engineering products and Enterprise Data
Catalog are installed.

1. On a shell command line, run the install.sh file from the installer directory.
The installer displays the message for documentation. Press Y to continue.
2. Press 1 to install the products.
3. Press Y to continue the installation.
4. Press Y to continue the installation.
5. Press 3 to run the installer.
6. Press 2 to agree to the terms and conditions.
7. Press 4 to install Data Privacy Management.
8. Press 2 to indicate that Enterprise Data Catalog is installed on the node.
9. You can choose to enable User Activity.

Install Data Privacy Management 143

 • Press 1 to continue without enabling User Activity.
• Press 2 to enable User Activity.
Data Privacy Management uses Elasticsearch for User Activity monitoring. If you enable user activity
monitoring, you can choose the Elasticsearch version to use.
10. The installer includes an Elasticsearch version that does not include X-Pack features including TLS and
authentication. If you want to use Elasticsearch with TLS and authentication, you can choose to use a
different .tar file.
Note: ElasticSearch with TLS enabled takes more time to persist events compared to ElasticSearch
without TLS. You might notice a difference in performance.
• Press 1 to continue with the Elasticsearch bundled with the installer.
• Press 2 to enter the path to an Elasticsearch .tar file that includes X-Pack features.
Enter the following information:

Property Description

Path to the Elasticsearch .tar file with X- Enter the complete path to the Elasticsearch .tar file that you
Pack features want to use.

Elasticsearch Admin User Password Enter the password to use. The user name is always elastic.

Note: You cannot change the Elasticsearch settings from the Administrator Tool.

11. Enter the Informatica installation directory.

You must install Data Privacy Management in the directory where you installed Informatica services.
12. Enter the path to the license key file.
13. Enter the domain user name and password of the Enterprise Data Catalog installation.
14. Enter the domain password again to confirm.
15. Select the type of SSL certificates that the domain uses.
• 1. Press 1 if the domain uses the default Informatica SSL certificate files.
• 2. Press 2 if the domain uses SSL certificates that you provide.
If the domain uses SSL certificates that you provide, you must enter the following information:

Property Description

Keystore file name Full path and file name of the keystore file.

Keystore password Password for the keystore infa_keystore.jks.

Truststore file name Full path and file name of the truststore file.

Truststore password Password for the infa_truststore.jks file.

16. Confirm whether the domain has multiple Catalog services.

• 1. Press 1 if the domain does not have multiple Catalog services.
• 2. Press 2 if the domain has multiple Catalog services.

144 Chapter 10: Install Data Privacy Management in an Existing Domain

 If the domain has multiple Catalog services, enter the name of the Catalog Service that you want to
associate with Data Privacy Management.
17. Choose to enable Advanced Configuration.
Enable advanced configuration to provide Elasticsearch and Spark property values. If you do not enable
advanced configuration, the installer uses the default values.
Note: You must select the same option for the Advanced Configuration for the Informatica Cluster
Service and the Advanced Configuration for Data Privacy Management.
18. Enter the following Elasticsearch properties:

Property Description

Elasticsearch Hosts Comma-separated list of fully qualified domain names of the nodes configured as
Elasticsearch hosts.

Elasticsearch WebUI Port Web UI port configure for the service.Default is 9200.

Elasticsearch Application Application port number configured for the service. Default is 9300.
Port

Elasticsearch Log The path to the directory where you want to store the log files from the service.
Directory Default is /opt/informatica/ics/elasticsearch/log.

Elasticsearch Data The path to the directory where you want to store data from the service. Default
Directory is /opt/informatica/ics/elasticsearch/data.

Elasticsearch Cluster The name of the Elasticsearch cluster.

Name

19. Enter the following Spark properties:

Property Description

Spark Master Node Fully qualified domain name of the machine configured as the gateway host.

Spark Master Port Port number configured for the service. Default is 7077.

Spark Slave Nodes Comma-separated list of fully qualified domain names of nodes configured as Apache
Spark slave nodes.

Spark Executor Cores The number of concurrent tasks that you want an Apache Spark executor to run.

Spark Log Directory The path to the directory where you want to store the log files related to the service.
Default is /opt/informatica/ics/spark/log.

20. Review the pre-installation summary, and then press Enter.

The install recycles the Informatica Cluster Service and the Catalog Service. Verify that the services are
enabled before you continue the install. If the services do not enable, you can enable them from
Informatica Administrator.
The Data Privacy Management Service Configuration panel appears.

Install Data Privacy Management 145

Data Privacy Management Service Configuration
The Data Privacy Management Service Configuration panel includes information for the Data Privacy
Management repository database.

1. At the Data Privacy Management Service name prompt, enter the service name. For example, DPM
2. At the HTTPS port prompt, enter the HTTPS port number to use for the Data Privacy Management
Service.
3. Enable secure communication for the Service.
The following table describes the options for the SSL certificates that you can use to secure the
repository:

Option Description

Use the default Use the default Informatica SSL certificates contained in the default keystore and
keystore truststore.
generated by the Note: If you do not provide an SSL certificate, Informatica uses the same default private key
installer for all Informatica installations. If you use the default Informatica keystore and truststore
files, the security of your domain could be compromised. To ensure a high level of security
for the domain, select the option to specify the location of the SSL certificate files.

Specify the Use custom SSL certificates. You must specify the location of the keystore and truststore
location and files.
password of a You can provide a self-signed certificate or a certificate issued by a certificate authority
custom keystore (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files.
file Informatica requires specific names for the SSL certificate files for the Informatica domain.
You must use the same SSL certificates for all nodes in the domain. Store the truststore and
keystore files in a directory accessible to all the nodes in the domain and specify the same
keystore file directory and truststore file directory for all nodes in the same domain.

If you choose to use custom SSL certificates, enter the following information.

Property Description

Keystore file Full path and file name of the keystore file.

Keystore password Password for the keystore infa_keystore.jks.

Keystore alias Name of the keystore alias.

4. At the Database type prompt, select the database type to use for the Data Privacy Management
repository database.
• Enter 1 for Oracle.
• Enter 2 for Microsoft SQL Server or Azure SQL Database.
• Enter 3 for IBM DB2.
• Enter 4 for PostgreSQL.
5. At the Database user ID prompt, enter the name for the Data Privacy Management repository database
user account.
6. At the User password prompt, enter password for the Data Privacy Management repository database
user account.

146 Chapter 10: Install Data Privacy Management in an Existing Domain

7. Enter the parameters for the database.
a. If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.
The following table describes the properties that you must configure for the IBM DB2 database:

Property Description

Configure tablespace Specify whether you want to configure a tablespace.

Enter 1 for No.
Enter 2 for Yes.
In a single-partition database, if you select No, the installer creates the tables
in the default tablespace. In a multi-partition database, you must select Yes.

Tablespace Name of the tablespace in which to create the tables. Specify a tablespace
that meets the pageSize requirement of 32768 bytes.
In a single-partition database, if you select Yes to configure the tablespace,
enter the name of the tablespace in which to create the tables.
In a multi-partition database, specify the name of the tablespace that resides
in the catalog partition of the database.

b. If you select Microsoft SQL Server, choose not to enter the schema name for the database.

8. At the Secure database prompt, press 2.

9. To enter the JDBC connection information using the JDBC URL information, press 1. To enter the JDBC
connection information using a custom JDBC connection string, press 2.
a. Enter the JDBC connection information.
• To enter the connection information using the JDBC URL information, specify the JDBC URL
properties.
The following table describes the database connection information:

Prompt Description

Database address Address for the database.

Default is <host name>:<port>.

Database service Service or database name:

name - Oracle: Enter the service name.
- Microsoft SQL Server: Enter the database name.
- IBM DB2: Enter the service name.
- PostgreSQL: Enter the database name.

Configure JDBC Select whether to add additional JDBC parameters to the connection string:
Parameters 1 - Yes
2 - No
If you select Yes, enter the parameters or press Enter to accept the default.
If you select No, the installer creates the JDBC connection string without
parameters.

Data Privacy Management Service Configuration 147

 • To enter the connection information using a custom JDBC connection string, type the connection
string.
Use the following syntax in the JDBC connection string:
IBM DB2
jdbc:Informatica:db2://<host name>:<port number>;DatabaseName=

Oracle
jdbc:Informatica:oracle://<host name>:<port number>;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database name>;

Microsoft Azure SQL

jdbc:Informatica:sqlserver://<host name>:<port
number>;SelectMethod=cursor;DatabaseName=<database
name>;SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCertificate=*.d
atabase.windows.net;ValidateServerCertificate=false

PostgreSQL
jdbc:Informatica:postgresql://<host name:port number>;DatabaseName=<database
name>;

Verify that the connection string contains all the connection parameters required by your
database system.

10. If you enabled User Activity monitoring, enter the mount location to store event messages.
The mount location must be accessible to the domain machine and all cluster machines. The path to the
mount location must be the same on all machines with Read, Write, and Execute permissions for the
domain user on all machines.
The post-installation summary appears when the install completes successfully.

148 Chapter 10: Install Data Privacy Management in an Existing Domain

Chapter 11

Run the Silent Installer

This chapter includes the following topics:

• Installing in Silent Mode, 149

• Encrypting Passwords in the Properties File, 150

Installing in Silent Mode

To install without user interaction, install in silent mode. Use a properties file to specify the installation
options. The installer reads the file to determine the installation options. You can use silent mode installation
to install the services on multiple machines on the network or to standardize the installation across
machines.

Copy the installation files to the hard disk on the machine where you plan to install the services. If you install
on a remote machine, verify that you can access and create files on the remote machine.

To install in silent mode, complete the following tasks:

1. Run the password encryption utility to encrypt the passwords in the installation properties file.
2. Configure the installation properties file and specify the installation options in the properties file.
3. Run the installer with the installation properties file.

Configure the Properties File

Configure the properties file that contains the configuration properties required to install Data Privacy
Management in silent mode.

The install files include separate files for each type of Data Privacy Managementinstall. Use the correct file
for the required installation.

You can choose from the following files based on the installation:

SilentInput_DPM.properties

The file contains the configuration properties required to install Informatica services, Enterprise Data
Catalog, and Data Privacy Management in silent mode. Use the file if you want to perform a fresh install
of all three products.

SilentInput_Standalone_DPM.properties

The file contains the configuration properties required to install Data Privacy Management in silent
mode. Use the file if you have installed Informatica services and Enterprise Data Catalog and want to
install Data Privacy Management.

149
 To configure the properties files, perform the following steps:

1. Go to the root of the directory that contains the installer files.

2. Optionally, run the password encryption utility to encrypt passwords in the .properties file.
3. Identify the correct Data Privacy Management file based on the required installation type.
4. Create a backup copy of the properties file that you plan to update.
5. Open the required properties file.
6. Configure the properties in the file.
For some properties, you must retain the default values. Read the instructions in the file carefully before
you update the values.
7. Save the file with the name SilentInput.properties.

Run the Installer

After you configure the properties file, open a command prompt to start the silent installation.

1. Open a command prompt.

2. Go to the root of the directory that contains the installation files.
3. Verify that the directory contains the file SilentInput.properties that you edited and resaved.
4. Run the silent installation. On Linux, run silentInstall.sh.
The silent installer runs in the background. The process can take a while. The silent installation is complete
when the Informatica_<Version>_Services_InstallLog<timestamp>.log file is created in the installation
directory.

The silent installation fails if you incorrectly configure the properties file or if the installation directory is not
accessible. View the installation log files and correct the errors. Then run the silent installation again.

Encrypting Passwords in the Properties File

The installer includes a utility that you can use to encrypt passwords you set in the properties file you use to
specify options when you run the installer in silent mode. Informatica uses AES encryption with multiple 256-
bit keys to encrypt passwords.

You run the utility for each password you want to encrypt. When you run the utility, you specify the value of
the password in plain text at the command prompt. The utility generates the password in encrypted format as
output. The output includes the following prefix: =INSTALLER:CIPHER:AES:256=

Copy the complete output string, including the prefix, and then paste it into the properties file as the value for
the password property. When you run the installer in silent mode, the installation framework decrypts the
password.

1. Go to the utility directory:

<Installer directory>/properties/utils/passwd_encryption
2. Run the utility. Specify the plain text password you want to encrypt as the value for <password>.
• On Linux and UNIX, run the following command:
sh install.sh <password>

150 Chapter 11: Run the Silent Installer

 • On Windows, run the following command:
install.bat <password>
3. Copy the encrypted password string from the output, and then paste the string into the .properties file as
the value for the corresponding password.
The following example shows the encrypted password set as the value for the DOMAIN_PSSWD
property:
DOMAIN_PSSWD==INSTALLER:CIPHER:AES:256=mjkjmDR2kzFJiizfRWIOPg==

Encrypting Passwords in the Properties File 151

Chapter 12

Troubleshooting
This chapter includes the following topics:

• Installation Troubleshooting Overview, 152

• Resuming a Failed Installer Process, 152
• Troubleshooting with Installation Log Files, 153
• Troubleshooting Domains and Nodes, 155
• Troubleshooting Informatica Developer, 157

Installation Troubleshooting Overview

The topics in this section provides you information on troubleshooting probable issues that you might
encounter during Informatica installation process. The examples included in the topics describe general
troubleshooting strategies and are not a comprehensive list of possible causes of installation issues.

Resuming a Failed Installer Process

When the installation process stops midway, you can resume the installation from the point of failure or exit.

When the service installation process fails on UNIX or Linux, you can resume from the previous service
configuration and recover the last entered details for that service installation. The install process might fail
for reasons such as network outage, when you exit the installation before completing the entire installation
process, or because of incorrect information entered.

Consider the following guidelines for resuming the installation:

You can resume the installer

If a service fails or if the installation process fails during a service creation, you can resume the
installation process with the server installer. To resume the installation process, ensure that at least one
of the services is created and that the domain is up and running from the installation log. For example, if
you want to check whether the Model Repository Service is created, check if you have a service creation
success text in the server log in the following format:

SUCCESS: MRS Service [mrs_name] is created. Command ran successfully.

To resume the installation, run the installer again.

152
 When you resume the installer while creating a service, the installer retains all the service and database
specific information, such as the create service status, service name, service enabled or disabled status.
You can confirm and use the previously entered values or specify new values for the service and resume
the installation process.

You cannot resume the installer

You cannot resume the installer in the following situations:

• You run installer to configure services after the services are created.
• You run the service configuration wizard.
• You join a domain.

Before You Resume the Installer

When the installation process stops midway, you can resume the installation from the point of failure or exit.

Before you can resume the installer, complete the following prerequisites:

1. In the installation log file present in the installation directory, verify that at least the domain and one
service is created. The installer log file name appears in the following syntax:
Informatica_<Version>_Services_<timestamp>.log
2. Ensure that you do not delete the installInst.obj object file present in the tools folder of the user
installation directory.
3. If you are going to resume through the silent installer, ensure that RESUME_INSTALLATION is set to true
in the SilentInput.properties file.

Resume the Installer

After you complete prerequisite tasks, you can resume the installer.

1. Open a command prompt and navigate to the location of the installation files.
2. Run the console installer or the silent installer.

3. When the regular installer runs, you might get a prompt confirming whether you want to resume previous
installer or not.
• If you do not want to resume installation, enter 1 for No. Default is 1.
• If you want to resume installation, enter 2 for Yes.
Before you can resume the installation, the services get validated.

Troubleshooting with Installation Log Files

You can use the following log files to troubleshoot an Informatica installation:

Installation log files

The installer produces log files during and after the installation. You can use these logs to get more
information about the tasks completed by the installer and errors that occurred during installation. The
installation log files include the following logs:

• Debug logs

Troubleshooting with Installation Log Files 153

 • File installation logs

Service Manager log files

Log files generated when the Service Manager starts on a node.

Debug Log Files

The installer writes actions and errors to the debug log file. The name of the log file depends on the
Informatica component you install.

The debug log contains output from the infacmd and infasetup commands used to create the domain, node,
and application services. It also contains information about starting the application services.

The following table describes the properties of the debug log files:

Property Description

Log File Name - Informatica_<Version>_Services_<timestamp>.log

- Informatica_<Version>_Client_<timestamp>.log
- Informatica_<Version>_Services_Upgrade_<timestamp>.log
- Informatica_<Version>_Client_Upgrade_<timestamp>.log

Location Installation directory.

Usage Get more information about the actions performed by the installer and get more information about
installation errors. The installer writes information to this file during the installation. If the installer
generates an error, you can use this log to troubleshoot the error.

Contents Detailed summary of each action performed by the installer, the information you entered in the
installer, each command line command used by the installer, and the error code returned by the
command.

File Installation Log File

The file installation log file contains information about the installed files.

The following table describes the properties of the installation log file:

Property Description

Log File Name - Informatica_<Version>_Services_InstallLog.log

- Informatica_<Version>_Client_InstallLog.log

Location Installation directory.

Usage Get information about the files installed and registry entries created.

Contents Directories created, names of the files installed and commands run, and status for each installed
file.

Service Manager Log Files

The installer starts the Informatica service. The Informatica service starts the Service Manager for the node.
The Service Manager generates log files that indicate the startup status of a node. Use these files to

154 Chapter 12: Troubleshooting

 troubleshoot issues when the Informatica service fails to start and you cannot log in to Informatica
Administrator. The Service Manager log files are created on each node.

The following table describes the files generated by the Service Manager:

Property Description

catalina.out Log events from the Java Virtual Machine (JVM) that runs the Service Manager. For
example, a port is available during installation, but is in use when the Service Manager
starts. Use this log to get more information about which port was unavailable during
startup of the Service Manager.
The catalina.out file is in the following directory: <Informatica installation
directory>/logs/<node name>/catalina.out

node.log Log events generated during the startup of the Service Manager on a node. You can use
this log to get more information about why the Service Manager for a node failed to start.
For example, if the Service Manager cannot connect to the domain configuration database
after 30 seconds, the Service Manager fails to start. The node.log file is in the /tomcat/
logs directory.

Note: The Service Manager also uses node.log to record events when the Log Manager is unavailable. For
example, if the machine where the Service Manager runs does not have enough available disk space to write
log event files, the Log Manager is unavailable.

Troubleshooting Domains and Nodes

The installer can generate errors when creating and configuring domains and nodes during the Informatica
installation.

Creating the Domain Configuration Repository

If you create a domain, the installer creates a domain configuration repository to store domain metadata. The
installer uses the options you enter during installation to add configuration metadata to the domain
configuration repository. The installer uses JDBC to communicate with the database. You do not need to
configure ODBC or native connectivity on the machine where you install the Informatica services.

The installer creates and drops a table in the domain configuration repository database to verify the
connection information. The user account for the database must have create privileges on the database.
Each domain must have a separate domain configuration repository.

Creating or Joining a Domain

The installer completes different tasks depending on whether you create a domain or join a domain:

• Creating a domain. The installer runs the infasetup DefineDomain command to create the domain and the
gateway node for the domain on the current machine based on the information you enter in the Configure
Domain window.
• Joining a domain. The installer runs the infasetup DefineWorkerNode command to create a node on the
current machine, and runs the infacmd AddDomainNode command to add the node to the domain. The
installer uses the information you enter in the Configure Domain window to run the commands.

Troubleshooting Domains and Nodes 155

 The infasetup and infacmd commands fail if the gateway node is unavailable. If the gateway node is
unavailable, you cannot log in to Informatica Administrator.

For example, the DefineDomain command fails if you click Test Connection and the connection test passes
but the database becomes unavailable before you click Next. The DefineDomain command can also fail if the
host name or IP address does not belong to the current machine. Verify that the database for the domain
configuration is available and that the host name is correct and try again.

If the AddDomainNode command fails, verify that the Informatica service is running on the gateway node and
try again.

Starting Informatica
The installer runs infaservice to start the Informatica service. To troubleshoot issues when Informatica fails
to start, use the information in the installation debug log and the node.log and catalina.out Service Manager
log files to identify the cause of the error.

If you create a domain, log in to Informatica Administrator after the Informatica service starts to verify that
the domain is available. If you join a domain, log in to Informatica Administrator after the Informatica service
starts to verify that the node was successfully created and started.

Informatica can fail to start for the following reasons:

• The Service Manager is out of system memory. The Java Runtime Environment (JRE) that starts
Informatica and runs the Service Manager may not have enough system memory to start. Set the
INFA_JAVA_OPTS environment variable to configure the amount of system memory used by Informatica.
On UNIX, you can set the memory configuration when you start Informatica.
• The domain configuration database is not available. Informatica fails to start on a node if the Service
Manager on a gateway node cannot connect to the domain configuration database within 30 seconds.
Verify that the domain configuration repository is available.
• Some of the folders in the Informatica installation directory do not have the appropriate execute
permissions. Grant execute permission on the Informatica installation directory.
• The localhost does not resolve successfully. If you use an embedded cluster and the localhost does not
resolve successfully, Informatica Cluster Service might fail. You need to verify that the localhost resolves
successfully.

Pinging the Domain

The installer runs the infacmd Ping command to verify that the domain is available before it continues the
installation. The domain must be available so that license objects can be added to the domain. If the Ping
command fails, start Informatica on the gateway node.

Adding a License
The installer runs the infacmd AddLicense command to read the Informatica license key file and create a
license object in the domain. To run the application services in Informatica Administrator, a valid license
object must exist in the domain.

If you use an incremental license and join a domain, the serial number of the incremental license must match
the serial number for an existing license object in the domain. If the serial numbers do not match, the
AddLicense command fails.

You can get more information about the contents of the license key file used for installation, including serial
number, version, expiration date, operating systems, and connectivity options in the installation debug log.
You can get more information about existing licenses for the domain in Informatica Administrator.

156 Chapter 12: Troubleshooting

Troubleshooting Informatica Developer
Consider the following tips when you work with the Informatica Developer:

Informatica Developer fails to launch

This issue might occur if the jvm.dll of java requires the MSVCR100.dll.

To resolve this issue, download Microsoft Visual C++ Studio 2010 Redistributable Package from the
Microsoft website.

Troubleshooting Informatica Developer 157

Part IV: After You Install the
Services
This part contains the following chapters:

• Complete the Domain Configuration, 159

• Install the Informatica Discovery Agent, 165
• Prepare to Create the Application Services, 168
• Create and Configure Application Services, 176

158
Chapter 13

Complete the Domain

Configuration
This chapter includes the following topics:

• Checklist to Complete the Domain Configuration, 159

• Complete the Domain Configuration Overview, 160
• Integrate the Domain with the Hadoop Environment, 160
• Verify Locale Settings and Code Page Compatibility, 160
• Configure Environment Variables on UNIX or Linux, 161
• Copy the SiteKey to the Remote Test Data Management Domain, 163

Checklist to Complete the Domain Configuration

This chapter contains information about domain configuration tasks that you need to complete after
installation. Use this checklist to track domain configuration tasks.

 Integrate the domain with the Hadoop environment.

 Verify locale settings and code page compatibility:

• Verify
that the domain configuration database is compatible with the code pages of the application
services that you create in the domain.
• Verifythat the locale settings on machines that access the Administrator tool and the Informatica client
tools is compatible with the code pages of repositories in the domain.
• Configure the locale environment variables.

 Configure the following environment variables:

• Informatica environment variables to store memory, domain, and location settings.
• Library path environment variables on the machines that run the Data Integration Service.
• Kerberosenvironment variables if you configure the Informatica domain to run on a network with
Kerberos authentication.

159
Complete the Domain Configuration Overview
After you install Informatica services and before you create the application services, complete the
configuration for the domain services.

Domain configuration includes tasks such as verifying code pages, configuring the environment variables for
the domain, and configuring the firewall.

Integrate the Domain with the Hadoop Environment

If you imported the cluster configuration from the Hadoop environment during installation, you must
complete the integration between the domain and the Hadoop environment. Integration tasks are required in
both the Hadoop environment and the Informatica domain environment.

For information on how to import a Hadoop cluster configuration, refer to the “Cluster Configuration” on page
77 topic and the Hadoop Integration section of the Data Engineering Integration Guide.

To integrate the domain with the Hadoop environment, you complete the following high-level tasks:

1. Prepare directories, users, and permissions.

2. Configure *-site.xml files on the Hadoop environment. The properties *-site.xml files must be updated
with values required for Informatica processing in the Hadoop environment.
3. Refresh the cluster configuration in the Administrator tool. Refresh the cluster configuration to get the
updated properties from the *-site.xml files on the cluster.
4. Update connections in the Administrator tool. Update connections if you want to use property values
other than the default values. You will also need to configure environment variables in the Hadoop
connection.

Verify Locale Settings and Code Page Compatibility

The code pages for application services must be compatible with code pages in the domain.

Verify and configure the locale settings and code pages:

Verify that the domain configuration database is compatible with the code pages of the application services that you
create in the domain.

The Service Manager synchronizes the list of users in the domain with the list of users and group in each
application service. If a user name in the domain has characters that the code page of the application
service does not recognize, characters do not convert correctly and inconsistencies occur.

Verify that the locale settings on machines that access the Administrator tool and the Informatica client tools are
compatible with code pages of repositories in the domain.

If the locale setting is not compatible with the repository code page, you cannot create an application
service.

160 Chapter 13: Complete the Domain Configuration

 Configure Locale Environment Variables
Verify that the locale setting is compatible with the code page for the repository. If the locale setting is not
compatible with the repository code page, you cannot create an application service.

Use LANG, LC_CTYPE, or LC_ALL to set the UNIX or Linux code page.

Different operating systems require different values for the same locale. The value for the locale variable is
case sensitive.

Use the following command to verify that the value for the locale environment variable is compatible with the
language settings for the machine and the type of code page you want to use for the repository:
locale -a
The command returns the languages installed on the operating system and the existing locale settings.

Set the following locale environment variables:

Locale on Linux

All UNIX operating systems except Linux have a unique value for each locale. Linux allows different
values to represent the same locale. For example, “utf8,” “UTF-8,” “UTF8,” and “utf-8” represent the same
locale on a Linux machine. Informatica requires that you use a specific value for each locale on a Linux
machine. Make sure that you set the LANG environment variable appropriately for all Linux machines.

Locale for Oracle database clients

For Oracle database clients, set NLS_LANG to the locale that you want the database client and server to
use with the login. A locale setting consists of the language, territory, and character set. The value of
NLS_LANG depends on the configuration.

For example, if the value is american_america.UTF8, set the variable in a C shell with the following
command:
setenv NLS_LANG american_america.UTF8
To read multibyte characters from the database, set the variable with the following command:
setenv NLS_LANG=american_america.AL32UTF8
You must set the correct variable on the Data Integration Service machine so that the Data Integration
Service can read the Oracle data correctly.

Configure Environment Variables on UNIX or Linux

Informatica uses environment variables to store configuration information when it runs the application
services and connects to the clients. Configure the environment variables to meet the Informatica
requirements.

Incorrectly configured environment variables can cause the Informatica domain or nodes to fail to start or
can cause connection problems between the Informatica clients and the domain.

To configure environment variables, log in with the system user account you used to install Informatica.

Configure Informatica Environment Variables

You can configure Informatica environment variables to store memory, domain, and location settings.

Set the following environment variables:

Configure Environment Variables on UNIX or Linux 161

 INFA_JAVA_OPTS

By default, Informatica uses a maximum of 512 MB of system memory.

The following table lists the minimum requirement for the maximum heap size settings, based on the
number of users and services in the domain:

Number of Domain Users Maximum Heap Size Maximum Heap Size

(1-5 Services) (6-10 Services)

1,000 or less 512 MB (default) 1024 MB

5,000 2048 MB 3072 MB

10,000 3072 MB 5120 MB

20,000 5120 MB 6144 MB

30,000 5120 MB 6144 MB

Note: The maximum heap size settings in the table are based on the number of application services in
the domain.

If the domain has more than 1,000 users, update the maximum heap size based on the number of users
in the domain.

You can use the INFA_JAVA_OPTS environment variable to configure the amount of system memory
used by Informatica. For example, to configure 1 GB of system memory for the Informatica daemon in a
C shell, use the following command:
setenv INFA_JAVA_OPTS "-Xmx1024m"
Restart the node for the changes to take effect.

INFA_DOMAINS_FILE

The installer creates a domains.infa file in the Informatica installation directory. The domains.infa file
contains the connectivity information for the gateway nodes in a domain, including the domain names,
domain host names, and domain host port numbers.

Set the value of the INFA_DOMAINS_FILE variable to the path and file name of the domains.infa file.

Configure the INFA_DOMAINS_FILE variable on the machine where you install the Informatica services.

INFA_HOME

Use INFA_HOME to designate the Informatica installation directory. If you modify the Informatica
directory structure, you need to set the environment variable to the location of the Informatica
installation directory or the directory where the installed Informatica files are located.

For example, you use a softlink for any of the Informatica directories. To configure INFA_HOME so that
any Informatica application or service can locate the other Informatica components it needs to run, set
INFA_HOME to the location of the Informatica installation directory.

INFA_TRUSTSTORE

If you enable secure communication for the domain, set the INFA_TRUSTSTORE variable with the
directory that contains the truststore files for the SSL certificates. The directory must contain truststore
files named infa_truststore.jks and infa_truststore.pem.

162 Chapter 13: Complete the Domain Configuration

 You must set the INFA_TRUSTSTORE variable if you use the default SSL certificate provided by
Informatica or a certificate that you provide.

INFA_TRUSTSTORE_PASSWORD

If you enable secure communication for the domain and you specify the SSL certificate to use, set the
INFA_TRUSTSTORE_PASSWORD variable with the password for the infa_truststore.jks that contains the
SSL certificate. The password must be encrypted. Use the command line program pmpasswd to encrypt
the password.

Configure Library Path Environment Variables

Configure library path environment variables on the machines that run the Data Integration Service
processes. The variable name and requirements depend on the platform and database.

Configure the LD_LIBRARY_PATH environment variable.

The following table describes the values that you set for the LD_LIBRARY_PATH for the different databases:

Database Value

Oracle <Database path>/lib

IBM DB2 <Database path>/lib

Sybase ASE “${SYBASE_OCS}/lib:${SYBASE_ASE}/lib:${LD_LIBRARY_PATH}”

Teradata <Database path>/lib

ODBC <CLOSEDODBCHOME>/lib

PostgreSQL $PGHOME/lib:$ {LD_LIBRARY_PATH}

Copy the SiteKey to the Remote Test Data

Management Domain
To run protection tasks across domains, the SiteKey in the domains must be the same. If you use a remote
Test Data Management with Data Privacy Management, you must copy the SiteKey from the Data Privacy
Management domain to the Test Data Management domain.

Both domains must be on the same Informatica version.

1. Shut down the remote Test Data Management domain.

2. Rename the SiteKey in the remote Test Data Management domain to siteKey_old.
The SiteKey is stored in the following location: <Informatica installation directory>/isp/config/keys
3. Copy the SiteKey from the Data Privacy Management domain to the remote Test Data Management
domain.
The SiteKey is stored in the following location: <Informatica installation directory>/isp/config/keys
4. From the remote Test Data Management domain, run the following command:

Copy the SiteKey to the Remote Test Data Management Domain 163
 <Informatica installation directory>/isp/bin/infasetup.sh MigrateEncryptionKey -loc
$INFA_HOME/isp/config/keys/ -mig false
The command changes the encryption key used to secure sensitive data, such as passwords, in the
Informatica domain.
5. Restart the remote Test Data Management domain.
6. Upgrade the PowerCenter Repository Service and Model Repository Service content.
7. Restart the services in the following order:
• Model Repository Service
• Data Integration Service
• PowerCenter Repository Service
• PowerCenter Integration Service
• Test Data Manager Service
If you use multiple remote Test Data Management domains with Data Privacy Management, repeat the steps
on each remote domain.

164 Chapter 13: Complete the Domain Configuration

Chapter 14

Install the Informatica Discovery

Agent
This chapter includes the following topics:

• Informatica Discovery Agent Overview, 165

• Prerequisites, 165
• Install the Informatica Discovery Agent, 166
• Configure the Informatica Discovery Agent, 166
• Starting and Stopping the Informatica Discovery Agent, 167

Informatica Discovery Agent Overview

Install the Informatica Discovery Agent to perform tasks with unstructured data sources in Data Privacy
Management.

Use the agent to perform the following tasks:

• Run domain discovery scans on unstructured data stores.

• Include unstructured data stores in subject registry scans.

Complete the following steps to install the remote agent:

1. Perform prerequisites tasks.

2. Install the Informatica Discovery Agent.
3. Configure the server.xml file to configure the agent.

Prerequisites
Perform the following tasks before you install the Informatica Discovery Agent:

1. Generate a keystore file for the remote agent.

2. Import the remote agent keystore certificate into the Informatica domain truststore.
3. Import the Data Privacy Management Service certificate into the Informatica Discovery Agent truststore.

165
 4. At startup, the agent checks for all libraries that OCR requires and lists the libraries missing on the
machine.
To include image files in unstructured scans, the following files must be available on the agent machine:
RHEL 7 or RHEL 8 agent machine

The latest version of the libpng15 shared object.

SUSE Linux 12 SP 3 or SUSE Linux 15 agent machine

The latest version of the libpng15 and libgompshared objects.

Windows agent machine

Microsoft Visual C++ 2015-2019 Redistributable Packages

You can download the version from the Microsoft Support site.
5. Restart the agent if you install any missing files.

Install the Informatica Discovery Agent

Extract the agent files to create the agent.

You can install the agent on Windows and Linux machines. On Windows machines, use the .bat file to start
the agent.

1. Navigate to the following folder: <Informatica installation directory>/SecureAtSourceService/

InformaticaDiscoveryAgent
2. Extract the contents of the following file: InformaticaDiscoveryAgent.zip
Extract the files to a folder. For example: RemoteAgent

Configure the Informatica Discovery Agent

Update the server port and truststore and keystore details in the following server configuration file:
server.xml.

1. Navigate to the following folder: <Remote agent>/tomcat/conf

2. Open the server.xml file.
3. Locate the following lines in the text:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443">
4. Comment out the lines.
Add <!-- before the section and --> after the section.
<!-- <Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" /> -->
5. Find a port that is available for the remote agent.

166 Chapter 14: Install the Informatica Discovery Agent

 You can use the netstat command to determine port availability. For example, use the following
command to determine if port 9000 is available:
• Linux. netstat -anp | grep 9000
• Windows. netstat -aon | find /i "listening" |find "9000"
6. Add the following configuration information:
<Connector port="<port number>" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
truststoreFile="<remote agent truststore file path>" truststorePass="<truststore
password>"
keystoreFile="<remote agent keystore file path>" keystorePass="<keystore password>"
keyAlias="<alias name of the certificate used for the remote agent>"
clientAuth="true" sslProtocol="TLS" />
7. Save the changes to server.xml file.

Starting and Stopping the Informatica Discovery

Agent
You can start up and shut down the Informatica Discovery Agent. Before you run a scan, the agent must be
up and running.

1. You can run the agent on Linux and Windows machines. To start the agent run the following command:
• Linux.
cd <remote agent>/bin
./siagent.sh startup
• Windows.
cd <remote agent>/bin
siagent.bat startup
The following message appears: Tomcat started.
2. To stop the agent run the following command:
• Linux.
cd <remote agent>/bin
./siagent.sh shutdown
• Windows.
cd <remote agent>/bin
siagent.bat shutdown
Note: You can view the Informatica Discovery Agent logs at the following location: <remote agent>/
tomcat/logs/catalina.out

Starting and Stopping the Informatica Discovery Agent 167

Chapter 15

Prepare to Create the Application

Services
This chapter includes the following topics:

• Checklist for Preparing to Create Application Services, 168

• Create a Keystore for a Secure Connection to a Web Application Service, 169
• Log In to Informatica Administrator, 169
• Create Connections, 170

Checklist for Preparing to Create Application

Services
This chapter contains tasks that you need to complete before you create or configure the Data Integration
Service and the Content Management Service. When you configure the services you configure properties
based on the connections and directories that you create. Use this checklist to track the configuration tasks.

 Create the following connections for the Data Integration Service:

• Data object cache database
• Workflow database
• Profiling warehouse

 Create the following connection for the Content Management Service:

• Reference data warehouse

168
Create a Keystore for a Secure Connection to a Web
Application Service
You can secure the connection between the Informatica domain and a web application service, such as the
Analyst service. Informatica uses the SSL/TLS protocol to encrypt network traffic. To secure the connection,
you must create the required files.

Before you can secure the connection to a web application service, verify that the following requirements are
met:

You created a certificate signing request (CSR) and private key.

You can use keytool or OpenSSL to create the CSR and private key.

If you use RSA encryption, you must use more than 512 bits.

You have a signed SSL certificate.

The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate.

You imported the certificate into a keystore in JKS format.

A keystore must contain only one certificate. If you use a unique certificate for each web application
service, create a separate keystore for each certificate. Alternatively, you can use a shared certificate
and keystore.

If you use the installer-generated SSL certificate for the Administrator tool, you do not need to import the
certificate into a keystore in JKS format.

The keystore is in an accessible directory.

The keystore must be in a directory that is accessible to the Administrator tool.

Log In to Informatica Administrator

You must have a user account to log in to the Informatica Administrator web application.

In Microsoft Internet Explorer and Google Chrome, add the URL of the Informatica web application to the list
of trusted sites. If you are using Chrome version 80.0.39x or later, you must also set the AuthServerWhitelist
and AuthNegotiateDelegateWhitelist policies.

1. Start a Microsoft Internet Explorer or Google Chrome browser.

2. In the Address field, enter the URL for the Administrator tool:
• If the Administrator tool is not configured to use a secure connection, enter the following URL:
http://<fully qualified host name>:<http port>/administrator/
• If the Administrator tool is configured to use a secure connection, enter the following URL:
https://<fully qualified host name>:<http port>/administrator/
Host name and port in the URL represent the host name and port number of the master gateway node. If
you configured secure communication for the domain, you must use HTTPS in the URL to ensure that
you can access the Administrator tool.

Create a Keystore for a Secure Connection to a Web Application Service 169

 3. Enter the user name, password, and security domain for your user account, and then click Login.
The Security Domain field appears when the Informatica domain contains an LDAP security domain. If
you do not know the security domain that your user account belongs to, contact the Informatica domain
administrator.
Note: If this is the first time you log in with the user name and password provided by the domain
administrator, change your password to maintain security.

Create Connections
In the Administrator tool, create connections to the databases that the application services use. You need to
specify the connection details while you configure the application service.

When you create the database connection, specify the database connection properties and test the
connection.

The following table describes the database connections that you need to create before the application
services can access the associated databases.

Database Description
Connection

Data object cache To access the data object cache, create the data object cache connection for the Data
database Integration Service.

Workflow database To store run-time metadata for workflows, create the workflow database connection for the
Data Integration Service.

Profiling warehouse To create and run profiles and scorecards, create the profiling warehouse database
database connection for the Data Integration Service.
Use this instance of the Data Integration Service when you configure the run-time properties
of the Analyst Service.
Note: To use the Microsoft SQL Server database as the profiling warehouse, choose ODBC as
the provider type, and clear the use DSN option in the Microsoft SQL Server connection
properties dialog box when you configure the Microsoft SQL Server connection.

Reference data To store reference table data, create the reference data warehouse connection for the
warehouse Content Management Service.

IBM DB2 Connection Properties

Use a DB2 for LUW connection to access tables in a DB2 for LUW database.

The following table describes the DB2 for LUW connection properties:

Property Description

User name Database user name.

Password Password for the user name.

170 Chapter 15: Prepare to Create the Application Services

 Property Description

Connection String for metadata access Connection string to import physical data objects. Use the following
connection string: jdbc:informatica:db2://
<host>:50000;databaseName=<dbname>

Connection String for data access Connection string to preview data and run mappings. Enter dbname from
the alias configured in the DB2 client.

Code Page Database code page.

Environment SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
connection environment SQL each time it connects to the database.

Transaction SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
transaction environment SQL at the beginning of each transaction.

Retry Period This property is reserved for future use.

Tablespace Tablespace name of the DB2 for LUW database.

SQL Identifier Character The type of character used to identify special characters and reserved SQL
keywords, such as WHERE. The Data Integration Service places the
selected character around special characters and reserved SQL keywords.
The Data Integration Service also uses this character for the Support
Mixed-case Identifiers property.

Support Mixed-case Identifiers When enabled, the Data Integration Service places identifier characters
around table, view, schema, synonym, and column names when generating
and executing SQL against these objects in the connection. Use if the
objects have mixed-case or lowercase names. By default, this option is not
selected.

Microsoft Azure SQL Database Connection Properties

Use an Azure SQL Data Warehouse connection to access tables in a Microsoft Azure SQL database.

The following table describes the Microsoft Azure SQL Database connection properties:

Property Description

Azure DW JDBC URL Connection string to the Microsoft Azure SQL database.

Azure DW JDBC Username Database user name.

Azure DW JDBC Password Password for the user name.

Azure DW JDBC Schema Name Name of the schema in the database.

Azure Storage Type

Azure Blob Account Name

Create Connections 171

 Property Description

Azure Blob Account Key

ADLS Gen2 Storage Account Name

ADLS Gen2 Account Key

Blob End-Point

VNet Rule

Note: When you use a Microsoft SQL Server connection to access tables in a Microsoft SQL Server database,
the Developer tool does not display the synonyms for the tables.

Microsoft SQL Server Connection Properties

Use a Microsoft SQL Server connection to access tables in a Microsoft SQL Server database.

The following table describes the Microsoft SQL Server connection properties:

Property Description

User name Database user name.

Password Password for the user name.

Use Trusted Connection Optional. When enabled, the Data Integration Service uses Windows
authentication to access the Microsoft SQL Server database. The user
name that starts the Data Integration Service must be a valid Windows
user with access to the Microsoft SQL Server database.

Connection String for metadata access Connection string to import physical data objects. Use the following
connection string: jdbc:informatica:sqlserver://
<host>:<port>;databaseName=<dbname>

Connection String for data access Connection string to preview data and run mappings. Enter
<ServerName>@<DBName>

Domain Name Optional. Name of the domain where Microsoft SQL Server is running.

Packet Size Required. Optimize the ODBC connection to Microsoft SQL Server. Increase
the packet size to increase performance. Default is 0.

Code Page Database code page.

Owner Name Name of the schema owner. Specify for connections to the profiling
warehouse database or data object cache database.

Schema Name Name of the schema in the database. Specify for connections to the
profiling warehouse or data object cache database. You must specify the
schema name for the profiling warehouse if the schema name is different
from the database user name. You must specify the schema name for the
data object cache database if the schema name is different from the
database user name and you manage the cache with an external tool.

172 Chapter 15: Prepare to Create the Application Services

 Property Description

Environment SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
connection environment SQL each time it connects to the database.

Transaction SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
transaction environment SQL at the beginning of each transaction.

Retry Period This property is reserved for future use.

SQL Identifier Character The type of character used to identify special characters and reserved SQL
keywords, such as WHERE. The Data Integration Service places the
selected character around special characters and reserved SQL keywords.
The Data Integration Service also uses this character for the Support
Mixed-case Identifiers property.

Support Mixed-case Identifiers When enabled, the Data Integration Service places identifier characters
around table, view, schema, synonym, and column names when generating
and executing SQL against these objects in the connection. Use if the
objects have mixed-case or lowercase names. By default, this option is not
selected.

Note: When you use a Microsoft SQL Server connection to access tables in a Microsoft SQL Server database,
the Developer tool does not display the synonyms for the tables.

Oracle Connection Properties

Use an Oracle connection to access tables in an Oracle database.

The following table describes the Oracle connection properties:

Property Description

User name Database user name.

Password Password for the user name.

Connection String for metadata access Connection string to import physical data objects.
Use the following connection string: jdbc:informatica:oracle://
<host>:1521;SID=<sid>
Use the following connection string to connect to Oracle through Oracle
Connection Manager:
jdbc:Informatica:oracle:TNSNamesFile=<fully qualified
path to the tnsnames.ora file>;TNSServerName=<TNS server
name>;

Connection String for data access Connection string to preview data and run mappings. Enter dbname.world
from the TNSNAMES entry.

Code Page Database code page.

Create Connections 173

 Property Description

Environment SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
connection environment SQL each time it connects to the database.

Transaction SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
transaction environment SQL at the beginning of each transaction.

Retry Period This property is reserved for future use.

Parallel Mode Optional. Enables parallel processing when loading data into a table in
bulk mode. Default is disabled.

SQL Identifier Character The type of character used to identify special characters and reserved SQL
keywords, such as WHERE. The Data Integration Service places the
selected character around special characters and reserved SQL keywords.
The Data Integration Service also uses this character for the Support
Mixed-case Identifiers property.

Support Mixed-case Identifiers When enabled, the Data Integration Service places identifier characters
around table, view, schema, synonym, and column names when generating
and executing SQL against these objects in the connection. Use if the
objects have mixed-case or lowercase names. By default, this option is not
selected.

PostgreSQL Connection Properties

Use a JDBC connection to access tables in a PostgreSQL database.

The following table describes the Oracle connection properties:

Property Description

User name Database user name.

Password Password for the user name.

JDBC Driver Class Name

Connection String Connection string to use to read data and metadata from the database.
Define the connection string in the following format:
jdbc:informatica:postgresql://<host>:<port>;Database=<id>

Environment SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
connection environment SQL each time it connects to the database.

Transaction SQL Optional. Enter SQL commands to set the database environment when you
connect to the database. The Data Integration Service executes the
transaction environment SQL at the beginning of each transaction.

174 Chapter 15: Prepare to Create the Application Services

 Property Description

Support Mixed-case Identifiers When enabled, the Data Integration Service places identifier characters
around table, view, schema, synonym, and column names when generating
and executing SQL against these objects in the connection. Use if the
objects have mixed-case or lowercase names. By default, this option is not
selected.

SQL Identifier Character The type of character used to identify special characters and reserved SQL
keywords, such as WHERE. The Data Integration Service places the
selected character around special characters and reserved SQL keywords.
The Data Integration Service also uses this character for the Support
Mixed-case Identifiers property.

Use Sqoop Connector

Sqoop Arguments

Creating a Connection
In the Administrator tool, you can create relational database, social media, and file systems connections.

1. In the Administrator tool, click the Manage tab.

2. Click the Connections view.
3. In the Navigator, select the domain.
4. In the Navigator, click Actions > New > Connection.
The New Connection dialog box appears.
5. In the New Connection dialog box, select the connection type, and then click OK.
The New Connection wizard appears.
6. Enter the connection properties.
The connection properties that you enter depend on the connection type. Click Next to go to the next
page of the New Connection wizard.
7. When you finish entering connection properties, you can click Test Connection to test the connection.

8. Click Finish.

Create Connections 175

Chapter 16

Create and Configure Application

Services
This chapter includes the following topics:

• Checklist to Create and Configure Application Services, 176

• Create and Configure the Application Services Overview, 177
• Create and Configure the Model Repository Service, 177
• Create and Configure the Data Integration Service, 182
• Create and Configure the Content Management Service, 185
• Create and Configure the Informatica Cluster Service, 187
• Create and Configure the Catalog Service, 193
• Create and Configure the Data Privacy Management Service, 197

Checklist to Create and Configure Application

Services
This chapter contains instructions to create and configure application services. Even if you created services
during installation, you might still need to configure some services. Use this checklist to track completion of
application service configuration.

 Review your notes for planning the application services.

 Identify the services that you created during installation, and complete additional configuration for the
service.

 Create and configure other services that you want in the domain.

176
Create and Configure the Application Services
Overview
If you did not create services with you ran the installer, use the Administrator tool to create the application
services.

Some application services depend on other application services. When you create these dependent
application services, you must provide the name of other running application services. Review the application
service dependencies to determine the order that you must create the services. For example, you must create
a Model Repository Service before you create a Data Integration Service.

Before you create the application services, verify that you have completed the prerequisite tasks required by
the installation and configuration process.

Create and Configure the Model Repository Service

The Model Repository Service is an application service that manages the Model repository. The Model
repository stores metadata created by Informatica clients and application services in a relational database to
enable collaboration among the clients and services.

When you access a Model repository object from an Informatica client tool or application service, the client
or service sends a request to the Model Repository Service. The Model Repository Service process fetches,
inserts, and updates the metadata in the Model repository database tables.

Create the Model Repository Service

Use the service creation wizard in the Administrator tool to create the service.

1. In the Administrator tool, click the Manage tab.

2. Click Actions > New > Model Repository Service.
The New Model Repository Service dialog box appears.
3. On the New Model Repository Service - Step 1 of 2 page, enter the following properties:

Property Description

Name Name of the service. The name is not case sensitive and must be unique within the domain. It
cannot exceed 128 characters or begin with @. It also cannot contain spaces or the following
special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Location Domain and folder where the service is created. Click Browse to choose a different folder. You
can move the service after you create it.

License License object that allows use of the service.

Create and Configure the Application Services Overview 177

 Property Description

Node Node on which the service runs.

Backup Nodes If your license includes high availability, nodes on which the service can run if the primary node
is unavailable.

4. Click Next.
The New Model Repository Service - Step 2 of 2 page appears.
5. Enter the following properties for the Model repository database:

Property Description

Database Type The type of the repository database.

Username The database user name for the repository.

You can enter the Windows NT user name for trusted connection for Microsoft SQL Server.

Password Repository database password for the database user.

You can enter the Windows NT password for trusted connection for Microsoft SQL Server.

Database Schema Available for Microsoft SQL Server and PostgreSQL. Name of the schema that will contain
Model repository tables.

Database Available for IBM DB2. Name of the tablespace in which to create the tables. For a multi-
Tablespace partition IBM DB2 database, the tablespace must span a single node and a single partition.

6. Enter the JDBC connection string that the service uses to connect to the Model repository database.

178 Chapter 16: Create and Configure Application Services

 Use the following syntax for the connection string for the selected database type:

Database Type Connection String Syntax

IBM DB2 "jdbc:informatica:db2://<host name>:<port

number>;DatabaseName=<database
name>;BatchPerformanceWorkaround=true;DynamicSections=3000"

Microsoft SQL Server - Microsoft SQL Server that uses the default instance
"jdbc:informatica:sqlserver://<host name>:<port
number>;DatabaseName=<database
name>;SnapshotSerializable=true"
- Microsoft SQL Server that uses a named instance
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database name>;SnapshotSerializable=true"
- Microsoft Azure. jdbc:informatica:sqlserver://
<host_name>:<port_number>;DatabaseName=<database_name>;Snapsho
tSerializable=true;
SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCerti
ficate=*.<hostnameincertificate>;ValidateServerCertificate=tru
e
- Azure SQL Database with Active Directory authentication.
"jdbc:informatica: sqlserver://
<host_name>:<port_number>;database=<database_name>;encrypt=tru
e;AuthenticationMethod=ActiveDirectoryPassword;trustServerCert
ificate=false;hostNameInCertificate=*.database.windows.net;log
inTimeout=<seconds>"
Note: If you specified the Windows NT credentials for the Model repository
database on Microsoft SQL Server, specify the connection string syntax to include
the authentication method as NTLM.
- Microsoft SQL Server that uses the default instance with Windows NT
credentials:
"jdbc:informatica:sqlserver://<host name>:<port
number>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"
- Microsoft SQL Server that uses a named instance with Windows NT credentials:
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database
name>;SnapshotSerializable=true;authenticationMethod=NTLM"

Oracle "jdbc:informatica:oracle://<host name>:<port

number>;SID=<database
name>;MaxPooledStatements=20;CatalogOptions=0;BatchPerformanceWo
rkaround=true"

PostgreSQL "jdbc:informatica:postgresql://<host name>:<port

number>;DatabaseName= "

7. If the Model repository database is secured with the SSL protocol, you must enter the secure database
parameters in the Secure JDBC Parameters field.
Enter the parameters as name=value pairs separated by semicolon characters (;). For example:
param1=value1;param2=value2

Create and Configure the Model Repository Service 179

 Enter the following secure database parameters:

Secure Database Description

Parameter

EncryptionMethod Required. Indicates whether data is encrypted when transmitted over the network.
This parameter must be set to SSL.

ValidateServerCertificate Optional. Indicates whether Informatica validates the certificate that the database
server sends.
If this parameter is set to True, Informatica validates the certificate that the
database server sends. If you specify the HostNameInCertificate parameter,
Informatica also validates the host name in the certificate.
If this parameter is set to False, Informatica does not validate the certificate that
the database server sends. Informatica ignores any truststore information that you
specify.

HostNameInCertificate Optional. Host name of the machine that hosts the secure database. If you specify
a host name, Informatica validates the host name included in the connection string
against the host name in the SSL certificate.

cryptoProtocolVersion Required. Specifies the cryptographic protocol to use to connect to a secure

database. You can set the parameter to cryptoProtocolVersion=TLSv1.1 or
cryptoProtocolVersion=TLSv1.2 based on the cryptographic protocol used by
the database server.

TrustStore Required. Path and file name of the truststore file that contains the SSL certificate
for the database.
If you do not include the path for the truststore file, Informatica looks for the file in
the following default directory: <Informatica installation directory>/
tomcat/bin

TrustStorePassword Required. Password for the truststore file for the secure database.

Note: Informatica appends the secure JDBC parameters to the JDBC connection string. If you include the
secure JDBC parameters directly in the connection string, do not enter any parameter in the Secure
JDBC Parameters field.
8. Click Test Connection to verify that you can connect to the database.
9. Select No content exists under specified connection string. Create new content.
10. Click Finish.
The domain creates the Model Repository Service, creates content for the Model repository in the
specified database, and enables the service.
After you create the service through the wizard, you can edit the properties or configure other properties.

After You Create the Model Repository Service

After you create the Model Repository Service, perform the following tasks:

• Create the Model repository user if the domain does not use Kerberos authentication.
• Create other application services.

180 Chapter 16: Create and Configure Application Services

Create the Model Repository User
When you create an application service that depends on the Model Repository Service, you provide the name
of the Model Repository Service and of this Model repository user.

1. In the Administrator tool, click the Security tab.

2. On the Security Actions menu, click Create User to create a native user account.
Note: If you set up LDAP authentication in the domain, you can use an LDAP user account for the Model
repository user.
3. Enter the following properties for the user:

Property Description

Login Name Login name for the user account. The login name for a user account must be unique
within the security domain to which it belongs.
The name is not case sensitive and cannot exceed 128 characters. It cannot include a
tab, newline character, or the following special characters:
,+"\<>;/*%?&
The name can include an ASCII space character except for the first and last character. All
other space characters are not allowed.

Password Password for the user account. The password can be from 1 through 80 characters long.

Confirm Password Enter the password again to confirm. You must retype the password. Do not copy and
paste the password.

Full Name Full name for the user account. The full name cannot include the following special
characters:
<>“

Description Description of the user account. The description cannot exceed 765 characters or include
the following special characters:
<>“

4. Click OK.
The user properties appear.
5. Click the Privileges tab.
6. Click Edit.
The Edit Roles and Privileges dialog box appears.
7. On the Roles tab, expand the Model Repository Service.
8. Under System Defined Roles, select Administrator and click OK.

Create Other Services

After you create the Model Repository Service, create the application services that depend on the Model
Repository Service.

Create the dependent services in the following order:

1. Data Integration Service

2. Content Management Service

Create and Configure the Model Repository Service 181

Create and Configure the Data Integration Service

Create the Data Integration Service

Use the service creation wizard in the Administrator tool to create the service.

Before you create the Data Integration Service, verify that you have created the following service:

Model Repository Service

1. In the Administrator tool, click the Manage tab.

2. Click the Services and Nodes view.
3. In the Domain Navigator, select the domain.
4. Click Actions > New > Data Integration Service.
The New Data Integration Service wizard appears.
5. On the New Data Integration Service - Step 1 of 14 page, enter the following properties:

Property Description

Name Name of the service. The name is not case sensitive and must be unique within the domain. It
cannot exceed 128 characters or begin with @. It also cannot contain spaces or the following
special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Location Domain and folder where the service is created. Click Browse to choose a different folder.
You can move the service after you create it.

License License object that allows use of the service.

Assign Select Node to configure the service to run on a node. If your license includes grid, you can
create a grid and assign the service to run on the grid after you create the service.

Node Node on which the service runs.

Backup Nodes If your license includes high availability, nodes on which the service can run if the primary
node is unavailable.

Model Model Repository Service to associate with the service.

Repository
Service

Username User name that the service uses to access the Model Repository Service. Enter the Model
repository user that you created.

182 Chapter 16: Create and Configure Application Services

 Property Description

Password Password for the Model repository user.

Security Domain LDAP security domain for the Model repository user. The field appears when the Informatica
domain contains an LDAP security domain. Not available for a domain with Kerberos
authentication.

6. Click Next.
The New Data Integration Service - Step 2 of 14 page appears.
7. Enter the HTTP port number to use for the Data Integration Service.
8. Accept the default values for the remaining security properties. You can configure the security properties
after you create the Data Integration Service.
9. Select Enable Service.
The Model Repository Service must be running to enable the Data Integration Service.
10. Verify that the Move to plugin configuration page is not selected.
11. Click Next.
The New Data Integration Service - Step 3 of 14 page appears.
12. Set the Launch Job Options property to one of the following values:
• In the service process. Configure when you run SQL data service and web service jobs. SQL data
service and web service jobs typically achieve better performance when the Data Integration Service
runs jobs in the service process.
• In separate local processes. Configure when you run mapping, profile, and workflow jobs. When the
Data Integration Service runs jobs in separate local processes, stability increases because an
unexpected interruption to one job does not affect all other jobs.
If you configure the Data Integration Service to run on a grid after you create the service, you can
configure the service to run jobs in separate remote processes.
13. Accept the default values for the remaining execution options and click Next.
The New Data Integration Service - Step 4 of 14 page appears.
14. If you created the data object cache database for the Data Integration Service, click Select to select the
cache connection. Select the data object cache connection that you created for the service to access the
database.
15. Accept the default values for the remaining properties on this page and click Next.
The New Data Integration Service - Step 5 of 14 page appears.
16. For optimal performance, enable the Data Integration Service modules that you plan to use.
The following table lists the Data Integration Service modules that you can enable:

Module Description

Web Service Module Runs web service operation mappings.

Mapping Service Module Runs mappings and previews.

Profiling Service Module Runs profiles and scorecards.

Create and Configure the Data Integration Service 183

 Module Description

SQL Service Module Runs SQL queries from a third-party client tool to an SQL data service.

Workflow Orchestration Service Module Runs workflows.

17. Click Next.

The New Data Integration Service - Step 6 of 14 page appears.
You can configure the HTTP proxy server properties to redirect HTTP requests to the Data Integration
Service. You can configure the HTTP configuration properties to filter the web services client machines
that can send requests to the Data Integration Service. You can configure these properties after you
create the service.
18. Accept the default values for the HTTP proxy server and HTTP configuration properties and click Next.
The New Data Integration Service - Step 7 of 14 page appears.
The Data Integration Service uses the result set cache properties to use cached results for SQL data
service queries and web service requests. You can configure the properties after you create the service.
19. Accept the default values for the result set cache properties and click Next.
The New Data Integration Service - Step 8 of 14 page appears.
20. If you created the profiling warehouse database for the Data Integration Service, select the Profiling
Service module.
21. If you created the workflow database for the Data Integration Service, select the Workflow Orchestration
Service module.
22. Verify that the remaining modules are not selected.
You can configure properties for the remaining modules after you create the service.
23. Click Next.
The New Data Integration Service - Step 11 of 14 page appears.
24. If you created the profiling warehouse database for the Data Integration Service, click Select to select
the database connection. Select the profiling warehouse connection that you created for the service to
access the database.
25. Select whether or not content exists in the profiling warehouse database.
If you created a new profiling warehouse database, select No content exists under specified connection
string.
26. Click Next.
The New Data Integration Service - Step 12 of 14 page appears.
27. Accept the default values for the advanced profiling properties and click Next.
The New Data Integration Service - Step 14 of 14 page appears.
28. If you created the workflow database for the Data Integration Service, click Select to select the database
connection. Select the workflow database connection that you created for the service to access the
database.
29. Click Finish.
The domain creates and enables the Data Integration Service.
After you create the service through the wizard, you can edit the properties or configure other properties.

184 Chapter 16: Create and Configure Application Services

 After You Create the Data Integration Service
After you create the Data Integration Service, perform the following tasks:

• Verify the host file configuration.

• Create other application services.

Verify the Host File Configuration

If you configured the Data Integration Service on UNIX or Linux to launch jobs as separate processes, verify
that the host file on the node that runs the service contains a localhost entry. Otherwise, jobs fail when the
Launch Jobs as Separate Processes property for the Data Integration Service is enabled.

Create Other Services

After you create the Data Integration Service, create the application services that depend on the Data
Integration Service.

Create the dependent services in the following order:

1. Content Management Service

Create and Configure the Content Management

Service
The Content Management Service is an application service that manages reference data. A reference data
object contains a set of data values that you can search while performing data quality operations on source
data. The Content Management Service also compiles rule specifications into mapplets. A rule specification
object describes the data requirements of a business rule in logical terms.

The Content Management Service uses the Data Integration Service to run mappings to transfer data
between reference tables and external data sources. The Content Management Service also provides
transformations, mapping specifications, and rule specifications with the following types of reference data:

• Address reference data

• Identity populations
• Probabilistic models and classifier models
• Reference tables

Create the Content Management Service

Use the service creation wizard in the Administrator tool to create the service.

Before you create the Content Management Service, verify that you have created and enabled the following
services:

Model Repository Service

Data Integration Service

1. In the Administrator tool, click the Manage tab.

Create and Configure the Content Management Service 185

 2. Click Actions > New > Content Management Service.
The New Content Management Service dialog box appears.
3. On the New Content Management Service - Step 1 of 2 page, enter the following properties:

Property Description

Name Name of the service. The name is not case sensitive and must be unique within the domain.
It cannot exceed 128 characters or begin with @. It also cannot contain spaces or the
following special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Location Domain and folder where the service is created. Click Browse to choose a different folder.
You can move the service after you create it.

License License object that allows use of the service.

Node Node on which the service runs.

HTTP Port HTTP port number to use for the Content Management Service.

Data Integration Data Integration Service to associate with the service. The Data Integration Service and the
Service Content Management Service must run on the same node.

Model Repository Model Repository Service to associate with the service.

Service

Username User name that the service uses to access the Model Repository Service. Enter the Model
repository user that you created.

Password Password for the Model repository user.

Security Domain LDAP security domain for the Model repository user. The field appears when the Informatica
domain contains an LDAP security domain. Not available for a domain with Kerberos
authentication.

Reference Data Reference data warehouse connection that you created for the Content Management Service
Location to access the reference data warehouse. Click Select to select the connection.

4. Click Next.
The New Content Management Service - Step 2 of 2 page appears.
5. Accept the default values for the security properties.
6. Select Enable Service.
The Model Repository Service and Data Integration Service must be running to enable the Content
Management Service.
7. Click Finish.
The domain creates and enables the Content Management Service.
After you create the service through the wizard, you can edit the properties or configure other properties.

186 Chapter 16: Create and Configure Application Services

Create and Configure the Informatica Cluster Service
The Informatica Cluster Service is an application service that runs and manages the nodes and services
associated with Enterprise Data Catalog.

You can choose to create the Informatica Cluster Service when you install Enterprise Data Catalog or create
the application service manually using Informatica Administrator.

Perform the following steps to create the Informatica Cluster Service:

1. In the Administrator tool, select a domain, and click the Services and Nodes tab.
2. On the Actions menu, click New > Informatica Cluster Service.
The New Informatica Cluster Service: Step 1 of 4 dialog box appears.
3. Configure the general properties in the dialog box.
The following table describes the properties:

Property Description

Name Name of the service. The name is not case-sensitive and must be unique within the domain. The
name cannot exceed 128 characters or begin with @. The name cannot contain character
spaces. The characters in the name must be compatible with the code page of the Model
repository.
The name cannot contain the following special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Location Select the Informatica domain node.

License License to assign to the Informatica Cluster Service. Select the license that you installed with
Enterprise Data Catalog.

Node Primary node on which the Informatica Cluster Service runs. If you change the node, you must
recycle the Informatica Cluster Service.

Backup Nodes Nodes on which the service can run if the primary node is unavailable.

4. Click Next.
The New Informatica Cluster Service - Step 2 of 4 dialog box appears.
5. Configure the security properties in the dialog box.
The following table describes the properties:

Property Description

HTTP Port A unique HTTP port number for the service. The default is 9075.

Enable Transport Select the option to enable TLS for the Informatica Cluster Service.
Layer Security
(TLS)

Create and Configure the Informatica Cluster Service 187

 Property Description

HTTPS Port Port number for the HTTPS connection. Required if you select Enable Transport layer
Security.

Keystore File Path and file name of the keystore file. The keystore file contains the keys and certificates
required if you use the SSL security protocol with Catalog Administrator. Required if you
select Enable Transport layer Security.
Note: Verify that you specified the correct keystore file for the Informatica Cluster Service.
The certificates in the keystore must be trusted by the domain truststore. The keystore file
must contain CA-signed certificates for custom SSL configuration.

Keystore Password for the keystore file. Required if you select Enable Transport Layer Security.
Password

SSL Protocol Secure Sockets Layer protocol to use.

6. Click Next.
The New Informatica Cluster Service - Step 3 of 4 dialog box appears.
7. Configure the cluster properties in the dialog box.
The following table describes the properties:

Property Description

Gateway Host Fully qualified domain name of the node that you want to configure as the gateway host.
The node that you configure as the gateway host must be a data node or a processing node.

Data Nodes Comma-separated list of fully qualified domain names of nodes that you want to configure as
data nodes.

Processing Comma-separated list of fully qualified domain names of nodes that you want to configure as
Nodes processing nodes.

Gateway User User name for the gateway host. The gateway user must be a non-root user with sudo access.
You must enable passwordless SSH for the following nodes:
- Between the Informatica domain and the gateway host for the gateway user.
- Between gateway host and data nodes and precessing nodes.
- If you plan to enable Advanced Configuration for the service, enable passwordless SSH
between the gateway node and service nodes.

Cluster Custom Directory for the service. Default is /opt/informatica/ics.

Directory
Note: The permission on the directory must be u=rwx (0700) or u=rwx,g=rx (0750).
The Postgres service does not start if the directory does not have the required permission.

Cluster Shared Applies if you deploy the service in multiple nodes. The shared directory on all cluster nodes.
File System The service uses this directory on all cluster nodes to back up Apache Solr data.
Path Verify the following directory prerequisites:
- The directory must be empty.
- The directory must have the NFS file system mounted.
- The user name to access the directory must be the same in all cluster nodes.
- The user configured to access the directory must be a non-root user.

8. Optional. Click Enable Advanced Configuration if you want to configure the properties of the
applications and associated services. By default, the services use the values that you provided for the

188 Chapter 16: Create and Configure Application Services

 data nodes as the host names. The PostgreSQL database uses the value specified for the gateway host
as the host name.
9. Select Enable Service to enable the service after you click Finish.
By default, the associated services use the values that you provided for the data nodes as the host
names. The PostgreSQL database uses the value specified for the gateway host as the host name.
Note: If enabling the service fails due to a slow SSH connection, you must increase the timeout value for
the service thread. To increase the timeout value to 150 seconds, create the
IcsCustomOptions.ServiceThreadTime custom property for the Informatica Cluster Service and set the
value to 150000.
10. Click Next.
The New Informatica Cluster Service - Step 4 of 4 dialog box appears.
11. Optional. Select Enable DPM UA to configure the Data Privacy Management Service options.
See the Data Privacy Management Service Advanced Configurationon page 192 section for information
about the parameters that you must configure for the Data Privacy Management.
12. Click Finish.

After You Create the Informatica Cluster Service

After you create the Informatica Cluster Service, create the Catalog Service that depends on the Informatica
Cluster Service.

Informatica Cluster Service Advanced Configuration

If you selected Enable Advanced Configuration while configuring the Informatica Cluster Service, you must
configure all the properties for the associated services.

Configure the following properties for the services associated with the Informatica Cluster Service:

Nomad Service Properties

Configure the properties for Nomad as shown in the following table:

Property Description

Nomad Server Comma-separated list of fully qualified domain names of nodes that host the Nomad servers.
Hosts

Nomad HTTP HTTP port number configured for the Nomad server. Default is 4646.
Port

Nomad Serf Port Serf port configured as the gossip protocol for the Nomad servers. Default is 4648.

Nomad RPC Port The Remote Procedure Call (RPC) port configured for communication. Default is 4647.

Nomad Server The directory that includes sub directories with tasks running on the Nomad server. Default is
Working Directory <Cluster custom directory>/nomad/nomadserver

Create and Configure the Informatica Cluster Service 189

 Property Description

Nomad Client The directory configured for tasks in the Nomad client. Default is <Cluster custom
Working Directory directory>/nomad/nomadclient

Nomad Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a white
space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Apache ZooKeeper Service Properties

Configure the properties for Apache ZooKeeper as shown in the following table:

Property Description

ZooKeeper Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache ZooKeeper
server.

ZooKeeper Port Port number configured for the Apache ZooKeeper Server. Default is 2181.

ZooKeeper Peer Port number configured for Apache ZooKeeper peer communication. Default is 2888.
Port

ZooKeeper Leader Port number configured for the ZooKeeper Sever identified as the Leader. Default is 3888.
Port

ZooKeeper Specify the path to the directory where you want to install Apache ZooKeeper. Default is
Installation <Cluster custom directory>/zk/install.
Directory

ZooKeeper Data Specify the path to the directory where you want to store data from Apache ZooKeeper. Default is
Directory <Cluster custom directory>/zk/data.

ZooKeeper Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a white
space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Apache Solr Service Properties

Configure the properties for Apache Solr as shown in the following table:

Property Description

Solr Hosts Comma-separated list of fully qualified domain names of nodes that host the Apache Solr server.

Solr Port Port number configured for Apache Solr Server. Default is 8983.

Solr Installation Specify the path to the directory where you want to install Apache Solr Server. Default is
Directory <Cluster custom directory>/solr/install.

190 Chapter 16: Create and Configure Application Services

 Property Description

Solr Data Specify the path to the directory where you want to store data from Apache Solr. Default is
Directory <Cluster custom directory>/solr/data.

Solr Custom Specify any custom options for the service in the following format:
Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a white
space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

Mongo DB Service Properties

Configure the properties for the MongoDB database as shown in the following table:

Property Description

MongoDB Comma-separated list of fully qualified domain names of nodes that host the MongoDB database.
Hosts

MongoDB Port Port number configured for MongoDB. Default is 27017.

MongoDB Log Specify the path to the directory where you want to store the log files. Default is <Cluster
Directory custom directory>/mongo/log.

MongoDB Data Specify the path to the directory where you want to store data from the MongoDB database. Default
Directory is <Cluster custom directory>/mongo/data.

MongoDB Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a white
space character.
If the OptionValue includes a white space character, you must enclose the OptionValue within
double quotes as shown in the following sample: “sample value”.

PostgreSQL Service Properties

Configure the properties for the PostgreSQL database as shown in the following table:

Property Description

PostgreSQL DB Fully qualified domain name of the machine that hosts the PostgreSQL database. Default is the
Host gateway host.
Note: If you did not select the Enable Advanced Configuration option, the service uses the
gateway host value specified as the host value.

PostgreSQL DB Port number configured for PostgreSQL. Default is 5432.

Port

PostgreSQL DB Specify the path to the directory where you want to install the PostgreSQL database. Default is
Installation <Cluster custom directory>/postgres/install.
Directory

PostgreSQL DB Specify the path to the directory where you want to store the log files from the PostgreSQL
Log Directory database. Default is <Cluster custom directory>/postgres/log.

Create and Configure the Informatica Cluster Service 191

 Property Description

PostgreSQL DB Specify the path to the directory where you want to store PostgreSQL data. Default is <Cluster
Data Directory custom directory>/postgres/data.

PostgreSQL DB Specify any custom options for the service in the following format:
Custom Options [OptionGroupName.OptionName=OptionValue]. You can separate multiple options using a white
space character. If the OptionValue includes a white space character, you must enclose the
OptionValue within double quotes as shown in the following sample: “sample value”.

Data Privacy Management Service Advanced Configuration

If you selected Enable DPM UA while configuring the Informatica Cluster Service, you must configure all the
properties for the services associated with Data Privacy Management Service.

Configure the following properties for the services associated with the Data Privacy Management Service:

Elasticsearch Service

Property Description

Elasticsearch Hosts Comma-separated list of fully qualified domain names of the nodes configured as
Elasticsearch hosts.

Elasticsearch Web UI Port Web UI port configured for the service. Default is 9200.

Elasticsearch Application Application port number configured for the service. Default is 9300.
Port

Elasticsearch Log The path to the directory where you want to store the log files from the service. Default
Directory is /opt/informatica/ics/elasticsearch/log.

Elasticsearch Data The path to the directory where you want to store data from the service. Default
Directory is /opt/informatica/ics/elasticsearch/data.

Elasticsearch Cluster The name of the Elasticsearch cluster.

Name

Enable TLS for Select the option to enable TLS for the Service.
Elasticsearch Note: ElasticSearch with TLS enabled takes more time to persist events compared to
ElasticSearch without TLS. You might notice a difference in performance.

Spark Service

Property Description

Spark Augmenter Listener The path to the directory configured as the listener directory in Apache Spark.
Directory

Spark Master Node Fully qualified domain name of the machine configured as the master node for Apache
Spark.

Spark Master Port Port number configured for the service. Default is 7077.

192 Chapter 16: Create and Configure Application Services

 Property Description

Spark Slave Nodes Comma-separated list of fully qualified domain names of nodes configured as Apache
Spark slave nodes.

Spark Executor Cores The number of concurrent tasks that you want an Apache Spark executor to run. Default
is 2.

Spark Log Directory The path to the directory where you want to store the log files related to the service.
Default is /opt/informatica/ics/spark/log.

Create and Configure the Catalog Service

Create a Catalog Service to run Enterprise Data Catalog and manage the connections between the Enterprise
Data Catalog components. You can configure the general, application service, and security properties of the
Catalog Service

If you plan to deploy Enterprise Data Catalog on multiple nodes, ensure that you configure the Informatica
Cluster Service and Catalog Service on separate nodes.

Before you create the Catalog Service, verify that you have created and enabled the following services:

Model Repository Service

Content Management Service
Data Integration Service
Informatica Cluster Service

Note: The Catalog Service has the same privileges as the user account that creates it. Ensure that the user
account does not have privileges to read or modify sensitive files on the system.

1. In the Administrator tool, select a domain, and click the Services and Nodes tab.
2. On the Actions menu, click New > Catalog Service.
The New Catalog Service Step 1 of 5 dialog box appears.
3. Configure the general properties in the dialog box.
The following table describes the properties:

Property Description

Name Name of the service. The name is not case-sensitive and must be unique within the domain. The
name cannot exceed 128 characters or begin with @. The name cannot contain character
spaces. The characters in the name must be compatible with the code page of the Model
repository that you associate with the Catalog Service.
The name cannot contain the following special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Create and Configure the Catalog Service 193

 Property Description

Location Domain in which the service runs.

License License to assign to the Catalog Service. Select the license that you installed with Informatica.

Node Node in the Informatica domain on which the Catalog Service runs. If you change the node, you
must recycle the Catalog Service.

Backup Nodes If your license includes high availability, nodes on which the service can run if the primary node
is unavailable.

4. Click Next.
The New Catalog Service - Step 2 of 5 dialog box appears.
5. Configure the application service properties in the dialog box.
The following table describes the properties:

Property Description

Model Repository Model Repository Service to associate with the Catalog Service. The Model Repository
Service Service manages the Model repository that Enterprise Data Catalog uses. If you update
the property to specify a different Model Repository Service, recycle the Catalog Service.

User name The database user name for the Model repository.

Password An encrypted version of the database password for the Model repository.

Security Domain Name of the security domain that includes the User name.

6. Click Next.
The New Catalog Service - Step 3 of 5 dialog box appears.
7. Configure the security properties in the dialog box.
The following table describes the properties:

Property Description

HTTP Port A unique HTTP port number used for each Data Integration Service process. Default is 8085.

Enable Indicates that the Catalog Service must use HTTPS. If you did not configure the Data
Transport Layer Integration Service to use HTTPS, the Catalog Service does not start.
Security If the cluster is enabled for SSL, make sure that you enable SSL for the Informatica domain
and the application services.

HTTPS Port Port number for the HTTPS connection.

194 Chapter 16: Create and Configure Application Services

 Property Description

Keystore File Path and file name of the keystore file. The keystore file contains the keys and certificates
required if you use the SSL security protocol with Catalog Administrator. Required if you
select Enable Transport layer Security.
When Enterprise Data Catalog creates the Catalog Service, Enterprise Data Catalog exports
the keystore to a certificate and stores the certificate in the keystore directory. Ensure that
you configure the read and write permissions on the directory for Enterprise Data Catalog to
successfully store the certificate.
Note: Verify that you specified the correct keystore file for the Catalog Service. The
certificates in the keystore must be trusted by the domain truststore. The keystore file must
contain CA-signed certificates for custom SSL configuration.

Keystore Password for the keystore file. Required if you select Enable Transport layer Security.
Password

SSL Protocol Secure Sockets Layer protocol to use.

8. Click Next.
The New Catalog Service - Step 4 of 5 dialog box appears.
9. Configure the following properties in the dialog box.
The following table describes the properties:

Property Description

Informatica Cluster Service Name of the Informatica Cluster Service that you must associate with the Catalog
Service.

Receive Alerts through Choose to receive email notifications on the Catalog Service status.
Email Note: If you select this option, you must enable the Email Service.
For more information about enabling Email Service, see
Administrator Reference for Enterprise Data Catalog.

Enable Catalog Service Select the option to enable the Catalog Service.

Enable Email Notifications Select the option to receive email notifications in Enterprise Data Catalog when
for Asset Changes there are updates for assets.

10. Click Next.

The New Catalog Service - Step 5 of 5 dialog box appears.
11. Optional. Click Enable Data Asset Analytics to configure the properties to enable Data Asset Analytics
for Enterprise Data Catalog. You can use Data Asset Analytics with Enterprise Data Catalog to gain
analytical insights into asset details, such as values, enrichment, and collaboration using reports and
charts.

Create and Configure the Catalog Service 195

 Configure the following properties to enable Data Asset Analytics:

Property Description

Select Database Select the repository database that you want to use for Data Asset Analytics from the
following options:
- Oracle
- SQLServer
- PostgreSQL

User Name The database user name for the repository.

Password The password for the database user name.

Database Enter the JDBC connection string to connect to the repository database.
Connection Use the following syntax for the connection string based on the database selected:
String
- Oracle.
jdbc:informatica:oracle://<host name>:<port
number>;ServiceName=<database name>
- SQLServer:
- SQL Server.
jdbc:informatica:sqlserver://<host name>: <port
number>;DatabaseName=<database name>;SnapshotSerializable=true
- PostgreSQL.
jdbc:informatica:postgresql://<host name>: <port
number>;DatabaseName=<database name>

Secure JDBC If the repository database is secured with the SSL protocol, you must enter the secure
Parameters database parameters as name=value pairs separated by semicolon characters (;). For
example: param1=value1;param2=value2

Data Asset Analytics supports the following schemas for the databases listed:
• dbo schema for SQL Server.
• public schema for PostgreSQL.
Optional. Click Test Connection if you want to validate the configuration details.
12. Click Finish.

Configure the Advanced Scanners Server

If you configured the Advanced Scanners repository, you must configure Enterprise Data Catalog details in
the Advanced Scanners server.

Perform the following steps to configure the details:

1. Start the Catalog Service.

2. Log in to the Advanced Scanners web interface as an administrator. You can access the web interface by
providing the URL in the <host>:<port> format. <host> represents the host name configured for the
Informatica domain and <port> represents the port number configured for the Advanced Scanners
repository server.
Note: For enhanced security, you must change the password after you log in for the first time.
3. Click Administration > Global Variables.

196 Chapter 16: Create and Configure Application Services

 4. Configure the following variables with the values shown:

Variable Value

EDC_USER The user name configured as an administrator in Enterprise Data Catalog.

EDC_PASSWORD The password configured for the administrator.

EDC_URL The host name and port number configured for Enterprise Data Catalog in the following
format: <host>:<port>

5. Shut down the Advanced Scanners server using the server.sh stop command available in the following
directory: <INFA_HOME>/services/CatalogService/AdvancedScannersApplication/app/
6. Start the Advanced Scanners repository server using the following command: server.sh &.

Create and Configure the Data Privacy Management

Service
The Data Privacy Management Service is an application service that manages the Data Privacy Management
repository. The repository stores Data Privacy Managementdata and metadata, such as data stores and
scans.

When you access a repository object from Data Privacy Management, it sends a request to the Data Privacy
Management Service. The service process fetches, inserts, and updates the metadata in the repository
database tables.

Create the Data Privacy Management Service

Use the service creation wizard in the Administrator tool to create the service.

Before you create the Data Privacy Management Service, verify that you have created and enabled the
following service:

Catalog Service

1. In the Administrator tool, click the Manage tab, and click Services and Nodes.
2. Click Actions > New > Data Privacy Management Service.
The New Data Privacy Management Service dialog box appears.

Create and Configure the Data Privacy Management Service 197

 3. On the New Data Privacy Management Service - Step 1 of 4 page, enter the following properties:

Property Description

Name Name of the service. The name is not case sensitive and must be unique within the domain. It
cannot exceed 128 characters or begin with @. It also cannot contain spaces or the following
special characters:
`~%^*+={}\;:'"/?.,<>|!()][

Description Description of the service. The description cannot exceed 765 characters.

Location Domain and folder where the service is created. Click Browse to choose a different folder. You
can move the service after you create it.

License License object that allows use of the service.

Node Node on which the service runs.

Backup Nodes If your license includes high availability, nodes on which the service can run if the primary node
is unavailable.

4. Click Next.
The New Data Privacy Management Service - Step 2 of 4 page appears.
5. Enter the following properties for the Data Privacy Management repository database:

Property Description

Database Type The type of the repository database.

Username The database user name for the repository.

Password Repository database password for the database user.

Schema Available for Microsoft SQL Server. Name of the schema that will contain Data Privacy
Management repository tables.

Tablespace Available for IBM DB2. Name of the tablespace in which to create the tables. For a multi-
partition IBM DB2 database, the tablespace must span a single node and a single partition.

6. Enter the JDBC connection string that the service uses to connect to the Data Privacy Management
repository database.

198 Chapter 16: Create and Configure Application Services

 Use the following syntax for the connection string for the selected database type:

Database Type Connection String Syntax

IBM DB2 "jdbc:informatica:db2://<host name>:<port

number>;DatabaseName=<database
name>;BatchPerformanceWorkaround=true;DynamicSections=3000"

Microsoft SQL Server - Microsoft SQL Server that uses the default instance
"jdbc:informatica:sqlserver://<host name>:<port
number>;DatabaseName=<database
name>;SnapshotSerializable=true"
- Microsoft SQL Server that uses a named instance
"jdbc:informatica:sqlserver://<host name>\<named instance
name>;DatabaseName=<database name>;SnapshotSerializable=true"
- Azure SQL Server. "jdbc:informatica:sqlserver://<host name>:<port
number>;DatabaseName=<database
name>;SnapshotSerializable=true;
SnapshotSerializable=true;EncryptionMethod=SSL;HostNameInCerti
ficate=*.<hostnameincertificate>;ValidateServerCertificate=tru
e"

Oracle "jdbc:informatica:oracle://<host name>:<port

number>;SID=<database
name>;MaxPooledStatements=20;CatalogOptions=0;BatchPerformanceWo
rkaround=true"

PostgreSQL "jdbc:informatica:postgresql://<host name>:<port

number>;DatabaseName= "

7. If the Data Privacy Management repository database is secured with the SSL protocol, you must enter
the secure database parameters in the Secure JDBC Parameters field.
Enter the parameters as name=value pairs separated by semicolon characters (;). For example:
param1=value1;param2=value2
Enter the following secure database parameters:

Secure Database Description

Parameter

EncryptionMethod Required. Indicates whether data is encrypted when transmitted over the network.
This parameter must be set to SSL.

ValidateServerCertificate Optional. Indicates whether Informatica validates the certificate that the database
server sends.
If this parameter is set to True, Informatica validates the certificate that the
database server sends. If you specify the HostNameInCertificate parameter,
Informatica also validates the host name in the certificate.
If this parameter is set to False, Informatica does not validate the certificate that
the database server sends. Informatica ignores any truststore information that you
specify.

HostNameInCertificate Optional. Host name of the machine that hosts the secure database. If you specify
a host name, Informatica validates the host name included in the connection string
against the host name in the SSL certificate.

Create and Configure the Data Privacy Management Service 199

 Secure Database Description
Parameter

cryptoProtocolVersion Required. Specifies the cryptographic protocol to use to connect to a secure

database. You can set the parameter to cryptoProtocolVersion=TLSv1.1 or
cryptoProtocolVersion=TLSv1.2 based on the cryptographic protocol used by
the database server.

TrustStore Required. Path and file name of the truststore file that contains the SSL certificate
for the database.
If you do not include the path for the truststore file, Informatica looks for the file in
the following default directory: <Informatica installation directory>/
tomcat/bin

TrustStorePassword Required. Password for the truststore file for the secure database.

Note: Informatica appends the secure JDBC parameters to the JDBC connection string. If you include the
secure JDBC parameters directly in the connection string, do not enter any parameter in the Secure
JDBC Parameters field.
8. Click Test Connection to verify that you can connect to the database.
9. Select No content exists under specified connection string. Create new content.
10. Click Next.
The New Data Privacy Management Service - Step 3 of 4 page appears.
11. Required. Enter the name of the associated Catalog Service.
12. Optional. Enter the name of the associated Test Data Manager Service.
13. Enter the Catalog Service user name and password.
14. Click Next.
The New Data Privacy Management Service - Step 4 of 4 page appears.
15. Configure the security properties in the dialog box.
The following table describes the properties:

Property Description

HTTP Port A unique HTTP port number used for each service process. The defaults is 6200.

Enable Secure Use a secure connection to connect to the Data Privacy Management Service. If you
Communication enable secure communication, you must set all required HTTPS properties, including the
keystore and truststore properties.

HTTPS Port Port number for the HTTPS connection.

200 Chapter 16: Create and Configure Application Services

 Property Description

Keystore File Path and file name of the keystore file. The keystore file contains the keys and
certificates required if you use the SSL security protocol with Data Privacy Management.
When the domain creates the Data Privacy Management Service, Data Privacy
Management exports the keystore to a certificate and stores the certificate in the
keystore directory. Ensure that you configure the read and write permissions on the
directory for Data Privacy Management to successfully store the certificate.

Keystore Password Password for the keystore file. Required if you select Enable Transport layer Security.

Note: You must enable secure communication, enter the HTTPS port, and keystore file. The Data Privacy
Management Service does not start if you do not configure the properties.
16. Click Finish.
The domain creates the Data Privacy Management Service, creates content for the Data Privacy
Management repository in the specified database, and enables the service.
After you create the service through the wizard, you can edit the properties or configure other properties.
17. If you enabled User Activity monitoring during installation, update the service to set the User Activity
properties. Click Edit on the User Activity Configuration tab and enter the following properties:

Property Description

Enable User When enabled, starts the system jobs required for user activity data streaming to Data Privacy
Activity Management. Default is False.
Note: If you enable User Activity during installation and then update the field to False, the
Data Privacy Management system jobs stop.

Event Details Required. Determines the number of days to retain user activity details and anomalies in the
Retention user activity store. The Data Privacy Management Service runs a daily retention job that
Period (In Days) purges expired data from the user activity store.

Event File The mount location where you want to store streamed user activity event messages.
Shared Location The mount location must be accessible to the domain machine and all cluster machines. The
path to the mount location must be the same on all machines with Read, Write, and Execute
permissions for the domain user on all machines.
Note: ElasticSearch with TLS enabled takes more time to persist events compared to
ElasticSearch without TLS. You might notice a difference in performance.

Note: When you update the Data Privacy Management Service properties, you must restart the Data Privacy
Management Service for the modifications to take effect.

Create and Configure the Data Privacy Management Service 201

Part V: Informatica Client
Installation
This part contains the following chapters:

• Install Informatica Developer , 203

• Install in Silent Mode , 208

202
Chapter 17

Install Informatica Developer

This chapter includes the following topics:

• Before You Install Informatica Developer, 203

• Install the Developer tool, 204
• After You Install Informatica Developer, 205
• Starting the Developer Tool, 207

Before You Install Informatica Developer

Before you install the Informatica Developer, verify that the minimum system and third-party software
requirements are met. If the machine where you install the Informatica Developer is not configured correctly,
the installation can fail.

Verify Installer Package Checksum

Before you run the client installer, verify the install package integrity through the cksum command. The
cksum command calculates the checksum value for the installer.

Verify the checksum for the specific installer files against the checksum of the installation files downloaded
from Akamai.

The following table lists the checksum and file size for Informatica client on Windows:

File Checksum Value File Size

informatica_1052_client_winem-64t.z 1200477329 3869539596

ip

A checksum mismatch can occur when there are data errors during download due to network issues or when
data corruption occurs in the file on disk. For more information about the checksum errors, see
HOW TO: Identify file errors after downloading Informatica installation files.

Verify System Requirements

Before you install the client, verify the following installation requirements to install and run the client are met:

203
 Disk space for the temporary files

The installer writes temporary files to the hard disk. Verify that you have 1 GB disk space on the machine
to support the installation. When the installation completes, the installer deletes the temporary files and
releases the disk space.

Permissions to install

Verify that the user account that you use to install the client has write permission on the installation
directory and Windows registry.

Minimum system requirements

The following table lists the minimum system requirements to run the client:

Processor RAM Disk Space

1 CPU 1GB 6 GB

Verify Third-party Requirements for Informatica Developer

Before you install the Developer tool, verify the following third-party installation requirements:

• Install the .NET Framework 4.0 or later. If you plan to use Data Processor or Hierarchical-To-Relational
transformations, you must install the .NET Framework before you install the Developer tool.
• Install the latest version of Microsoft Visual C++ Redistributable Package (x64) before you use or install
the Developer tool. You can download it from the Microsoft website.

Install the Developer tool

Perform the following steps to install the Developer tool:

1. Close all other applications.

2. Go to the root of the directory for the installation files and run install.bat as administrator.
To run the file as administrator, right-click the install.bat file and select Run as administrator.
Note: If you do not run the installer as administrator, the Windows system administrator might encounter
issues when accessing files in the Informatica installation directory.
If you encounter problems when you run the install.bat file from the root directory, run the following file:
<installer files directory>\client\install.exe
3. Select Install Informatica <Version> Clients and click Next.
4. Read the terms and conditions for Informatica installation and the product usage toolkit and select I
agree to the terms and conditions.
a. Press 1 if you do not want to accept the terms and conditions.
b. Press 2 to accept the terms and conditions.
5. Version 10.5.2 is for installing Informatica 10.5.2 products.
a. Press 1 and type quit to quit the installation.
b. Press 2 to continue the installation.

204 Chapter 17: Install Informatica Developer

 If you choose to not accept the terms and condition, the installer prompts you to accept the terms and
conditions.
6. The Installation Pre-requisites page displays the system requirements. Verify that all installation
requirements are met before you continue the installation.
7. On the Installation Directory page, enter the absolute path for the installation directory.
The installation directory must be on the current computer. The maximum length of the path must be
less than 260 characters. The directory names in the path must not contain spaces or the following
special characters: @|* $ # ! % ( ) { } [ ] , ; '
Note: Informatica recommends using alphanumeric characters in the installation directory path. If you
use a special character such as á or €, unexpected results might occur at run time.
8. Click Next.
9. On the Pre-Installation Summary page, review the installation information, and click Install.
The installer copies the Developer tool files to the installation directory.
The Post-installation Summary page indicates whether the installation completed successfully.
10. Click Done to close the installer.
You can view the installation log files to get more information about the tasks performed by the installer.

After You Install Informatica Developer

After you install Informatica Developer, you can install other languages, enable secure communication within
the domain, and start the Developer tool.

Install Languages
To view languages other than the system locale and to work with repositories that use a UTF-8 code page,
install additional languages on Windows for use with the Informatica clients.

You also must install languages to use the Windows Input Method Editor (IME).

1. Click Start > Settings > Control Panel.

2. Click Regional Options.
3. Under Language settings for the system, select the languages you want to install.
4. Click Apply.
If you change the system locale when you install the language, restart the Windows machine.

Configure the Client for a Secure Domain

When you enable secure communication within the domain, you also secure connections between the domain
and Informatica client applications. Based on the truststore files used, you might need to specify the location
and password for the truststore files in environment variables on each client host.

You might need to set the following environment variables on each client host:
INFA_TRUSTSTORE

Set this variable to the directory that contains the truststore files for the SSL certificates. The directory
must contain truststore files named infa_truststore.jks and infa_truststore.pem.

After You Install Informatica Developer 205

 INFA_TRUSTSTORE_PASSWORD

Set this variable to the password for the infa_truststore.jks file. The password must be encrypted.
Use the command line program pmpasswd to encrypt the password.

Informatica provides an SSL certificate that you can use to secure the domain. When you install the
Informatica clients, the installer sets the environment variables and installs the truststore files in the
following directory by default: <Informatica installation directory>\clients\shared\security

If you use the default Informatica SSL certificate, and the infa_truststore.jks and infa_truststore.pem
are in the default directory, you do not need to set the INFA_TRUSTSTORE or INFA_TRUSTSTORE_PASSWORD
environment variables.

You must set the INFA_TRUSTSTORE and INFA_TRUSTSTORE_PASSWORD environment variables on each
client host in the following scenarios:

You use a custom SSL certificate to secure the domain.

If you provide an SSL certificate to use to secure the domain, copy the infa_truststore.jks and
infa_truststore.pem truststore files to each client host. You must specify the location of the files and
the truststore password.

You use the default Informatica SSL certificate, but the truststore files are not in the default Informatica directory.

If you use the default Informatica SSL certificate, but the infa_truststore.jks and
infa_truststore.pem truststore files are not in the default Informatica directory, you must specify the
location of the files and the truststore password.
Important: If you push processing to a compute cluster and the Data Integration Service runs on a grid,
import the certificates one time and then copy them to each Data Integration Service on the grid. Each time
you import a certificate, the contents of the certificate are identical, but the hex values are different. As a
result, concurrent mappings that run on the grid fail with initialization errors.

Configure the Developer Tool Workspace Directory

Configure Informatica Developer to write the workspace metadata to the machine where the user is logged
in.

1. Go to the following directory: <Informatica installation directory>\clients\DeveloperClient

\configuration\
2. Locate the config.ini file.
3. Create a backup copy of the config.ini file.
4. Use a text editor to open the config.ini file.
5. Add the osgi.instance.area.default variable to the end of the config.ini file and set the variable to the
directory location where you want to save the workspace metadata. The file path cannot contain non-
ANSI characters. Folder names in the workspace directory cannot contain the number sign (#) character.
If folder names in the workspace directory contain spaces, enclose the full directory in double quotes.
• If you run Informatica Developer from the local machine, set the variable to the absolute path of the
workspace directory:
osgi.instance.area.default=<Drive>/<WorkspaceDirectory>
or
osgi.instance.area.default=<Drive>\\<WorkspaceDirectory>

206 Chapter 17: Install Informatica Developer

 • If you run Informatica Developer from a remote machine, set the variable to the directory location on
the local machine:
osgi.instance.area.default=\\\\<LocalMachine>/<WorkspaceDirectory>
or
osgi.instance.area.default=\\\\<LocalMachine>\\<WorkspaceDirectory>
The user must have write permission to the local workspace directory.
Informatica Developer writes the workspace metadata to the workspace directory. If you log into Informatica
Developer from a local machine, Informatica Developer writes the workspace metadata to the local machine.
If the workspace directory does not exist on the machine from which you logged in, Informatica Developer
creates the directory when it writes the files.

You can override the workspace directory when you start Informatica Developer.

Starting the Developer Tool

When you start the Developer tool, you connect to a Model repository. The Model repository stores metadata
created in the Developer tool. The Model Repository Service manages the Model repository. Connect to the
repository before you create a project.

1. From the Windows Start menu, click Programs > Informatica[Version] > Client > Developer Client >
Launch Informatica Developer.
The first time you run the Developer tool, the Welcome page displays several icons. The Welcome page
does not appear when you run the Developer tool subsequently.
2. Click Workbench.
The first time you start the Developer tool, you must select the repository in which to save the objects
you create.
3. Click File > Connect to Repository.
The Connect to Repository dialog box appears.
4. If you have not configured a domain in the Developer tool, click Configure Domains to configure a
domain.
You must configure a domain to access a Model Repository Service.
5. Click Add to add a domain.
The New Domain dialog box appears.
6. Enter the domain name, host name, and port number.
7. Click Finish.
8. Click OK.
9. In the Connect to Repository dialog box, click Browse and select the Model Repository Service.
10. Click OK.
11. Click Next.
12. Enter a user name and password.
13. Click Finish.
The Developer tool adds the Model repository to the Object Explorer view. When you run the Developer
tool the next time, you can connect to the same repository.

Starting the Developer Tool 207

Chapter 18

Install in Silent Mode

This chapter includes the following topics:

• Overview of Install in Silent Mode, 208

• Configure the Properties File, 208
• Run the Silent Installer, 209

Overview of Install in Silent Mode

To install the Informatica clients without user interaction, install in silent mode.

Use a properties file to specify the installation options. The installer reads the file to determine the
installation options. You can use silent mode installation to install the Informatica clients on multiple
machines on the network or to standardize the installation across machines.

To install in silent mode, complete the following tasks:

1. Configure the installation properties file and specify the installation options in the properties file.
2. Run the installer with the installation properties file.

Configure the Properties File

Informatica provides a sample properties file that includes the properties required by the installer. Customize
the sample properties file to create a properties file and specify the options for your installation. Then run the
silent installation.

The sample SilentInput.properties file is stored in the installer download location.

1. Go to the root of the directory that contains the installation files.

2. Locate the sample SilentInput.properties file.
3. Create a backup copy of the SilentInput.properties file.
4. Use a text editor to open and modify the values of the properties in the file.

208
 The following table describes the installation properties that you can modify:

Property Name Description

INSTALL_TYPE Indicates whether to install or upgrade the Informatica clients.

If the value is 0, the Informatica clients are installed in the
directory you specify. If the value is 1, the Informatica clients
are upgraded.
Default is 0.

USER_INSTALL_DIR Informatica client installation directory.

DXT_COMP Indicates whether to install Informatica Developer.

If the value is 1, the Developer tool will be installed. If the
value is 0, the Developer tool will not be installed.
Default is 1.

5. Save the properties file.

Run the Silent Installer

After you configure the properties file, open a command prompt to start the silent installation.

1. Open a command prompt.

2. Go to the root of the directory that contains the installation files.
3. Verify that the directory contains the file SilentInput.properties that you edited and resaved.
4. To run the silent installation, run silentInstall.bat.
The silent installer runs in the background. The process can take a while. The silent installation is
complete when the Informatica_<Version>_Client_InstallLog<timestamp>.log file is created in the
installation directory.
The silent installation fails if you incorrectly configure the properties file or if the installation directory is
not accessible. View the installation log files and correct the errors. Then run the silent installation
again.

Run the Silent Installer 209

Part VI: Uninstallation
This part contains the following chapter:

• Uninstallation, 211

210
Chapter 19

Uninstallation
This chapter includes the following topics:

• Informatica Uninstallation Overview, 211

• Rules and Guidelines for Uninstallation, 211
• Uninstalling the Informatica Server in Console Mode, 212
• Uninstalling Informatica Server in Silent Mode, 212

Informatica Uninstallation Overview

Uninstall Informatica to remove the Informatica server or clients from a machine.

The Informatica uninstallation process deletes all Informatica files and clears all Informatica configurations
from a machine. The uninstallation process does not delete files that are not installed with Informatica. For
example, the installation process creates temporary directories. The uninstaller does not keep a record of
these directories and therefore cannot delete them. You must manually delete these directories for a clean
uninstallation.

Important: If you install the Informatica services and the PowerCenter Client in the same install directory, the
service binaries will be uninstalled when you uninstall the PowerCenter Client.

Rules and Guidelines for Uninstallation

Use the following rules and guidelines when you uninstall Informatica components:

• The Informatica server uninstallation mode depends on the mode you use to install Informatica server.
For example, you install Informatica server in console mode. When you run the uninstaller, it runs in
console mode. The Informatica clients uninstallation mode does not depend on the mode you use to
install Informatica clients. For example, you install Informatica clients in silent mode. When you run the
uninstaller, it can run in graphical or silent mode.
• Uninstalling Informatica does not affect the Informatica repositories. The uninstaller removes the
Informatica files. It does not remove repositories from the database. If you need to move the repositories,
you can back them up and restore them to another database.
• Uninstalling Informatica does not remove the metadata tables from the domain configuration database. If
you install Informatica again using the same domain configuration database and user account, you must
manually remove the tables or choose to overwrite the tables. You can use the infasetup BackupDomain

211
 command to back up the domain configuration database before you overwrite the metadata tables. To
remove the metadata tables manually, use the infasetup DeleteDomain command before you run the
uninstaller.
• Uninstalling Informatica removes all installation files and subdirectories from the Informatica installation
directory. Before you uninstall Informatica, stop all Informatica services and processes and verify that all
of the files in the installation directory are closed. At the end of the uninstallation process, the uninstaller
displays the names of the files and directories that could not be removed.
• The Informatica server installation creates the following folder for the files and libraries required by third
party adapters built using the Informatica Development Platform APIs:
<Informatica installation directory>/services/shared/extensions
Uninstalling the Informatica server deletes this folder and any subfolders created under it. If you have
adapter files stored in the /extensions folder, back up the folder before you start uninstallation.
• If you perform the uninstallation on a machine, you must back up the ODBC folder before you uninstall.
Restore the folder after the uninstallation completes.

Uninstalling the Informatica Server in Console Mode

If you installed the Informatica server in console mode, uninstall the Informatica server in console mode.

Before you run the uninstaller, stop all Informatica services and processes and verify that all files in the
installation directory are closed. The uninstallation process cannot remove files that are open or are being
used by a service or process that is running.

1. Go to the following directory:

<Informatica installation directory>/Uninstaller_Server
2. Type the following command to run the uninstaller:
./uninstaller.sh
If you installed the Informatica server in console mode, the uninstaller launches in console mode.

Uninstalling Informatica Server in Silent Mode

If you installed the Informatica server in silent mode, uninstall the Informatica server in silent mode.

Before you run the uninstaller, stop all Informatica services and processes and verify that all files in the
installation directory are closed. The uninstallation process cannot remove files that are open or are being
used by a service or process that is running.

1. Go to the following directory:

<Informatica installation directory>/Uninstaller_Server
2. Type the following command to run the silent uninstaller:
./uninstaller.sh
If you installed the Informatica server in silent mode, the uninstaller launches in silent mode. The silent
uninstaller runs in the background. The process can take a while. The silent uninstallation fails if the
installation directory is not accessible.

212 Chapter 19: Uninstallation

After you uninstall the the Informatica server, delete any remaining folders and files from the Informatica
installation directory. For example:

• Informatica _<Version>_Services_InstallLog.log file

• Informatica_<Version>_Services_<timestamp>.log file

Uninstalling Informatica Server in Silent Mode 213

Appendix A

Starting and Stopping Informatica

Services
This appendix includes the following topics:

• Starting and Stopping Informatica Services Overview , 214

• Starting and Stopping the Informatica Services from the Console, 214
• Stopping Informatica in Informatica Administrator, 215
• Rules and Guidelines for Starting or Stopping Informatica, 215

Starting and Stopping Informatica Services Overview

The Informatica service runs the Service Manager on the node. The Service Manager manages all domain
functions and starts application services configured to run on the node. The method you use to start or stop
Informatica depends on the operating system. You can use Informatica Administrator to shut down a node.
When you shut down a node, you stop Informatica on the node.

The Informatica service also runs Informatica Administrator. You use Informatica Administrator to
administer the Informatica domain objects and user accounts. Log in to Informatica Administrator to create
the user accounts for users of Informatica and to create and configure the application services in the
domain.

Starting and Stopping the Informatica Services from

the Console
Run infaservice.sh to start and stop the Informatica daemon. By default, infaservice.sh is installed in the
following directory:
<Informatica installation directory>/tomcat/bin
1. Go to the directory where infaservice.sh is located.
2. At the command prompt, enter the following command to start the daemon:
infaservice.sh startup

214
 Enter the following command to stop the daemon:
infaservice.sh shutdown
Note: If you use a softlink to specify the location of infaservice.sh, set the INFA_HOME environment
variable to the location of the Informatica installation directory.

Stopping Informatica in Informatica Administrator

When you shut down a node using Informatica Administrator, you stop the Informatica service on that node.

You can abort the processes that are running or allow them to complete before the service shuts down. If you
shut down a node and abort the repository service processes running on the node, you can lose changes that
have not yet been written to the repository. If you abort a node running integration service processes, the
workflows will abort.

1. Log in to Informatica Administrator.

2. In the Navigator, select the node to shut down.
3. On the Domain tab Actions menu, select Shutdown Node.

Rules and Guidelines for Starting or Stopping

Informatica
Consider the following rules and guidelines when starting and stopping Informatica on a node:

• When you shut down a node, the node is unavailable to the domain. If you shut down a gateway node and
do not have another gateway node in the domain, the domain is unavailable.
• When you start Informatica, verify that the port used by the service on the node is available. For example,
if you stop Informatica on a node, verify that the port is not used by any other process on the machine
before you restart Informatica. If the port is not available, Informatica will fail to start.
• If you do not use Informatica Administrator to shut down a node, any process running on the node will be
aborted. If you want to wait for all processes to complete before shutting down a node, use Informatica
Administrator.
• If you have two nodes in a domain with one node configured as a primary node for an application service
and the other node configured as a backup node, start Informatica on the primary node before you start
the backup node. Otherwise, the application service will run on the backup node and not the primary node.

Stopping Informatica in Informatica Administrator 215

Appendix B

Connecting to Databases from

UNIX or Linux
This appendix includes the following topics:

• Connecting to Databases from UNIX or Linux Overview, 216

• Connecting to an IBM DB2 Universal Database, 217
• Connecting to a Microsoft SQL Server Database, 219
• Connecting to an Oracle Database, 219
• Connecting to a Sybase ASE Database, 221
• Connecting to a Teradata Database, 223
• Connecting to a JDBC Data Source, 226
• Connecting to an ODBC Data Source, 226
• Sample odbc.ini File, 228

Connecting to Databases from UNIX or Linux

Overview
To use native connectivity, you must install and configure the database client software for the database that
you want to access. To ensure compatibility between the application service and the database, install a client
software that is compatible with the database version and use the appropriate database client libraries. To
increase performance, use native connectivity.

The Informatica installation includes DataDirect ODBC drivers. If you have existing ODBC data sources
created with an earlier version of the drivers, you must create new ODBC data sources using the new drivers.
Configure ODBC connections using the DataDirect ODBC drivers provided by Informatica or third party ODBC
drivers that are Level 2 compliant or higher.

You must configure a database connection for the following services in the Informatica domain:

• PowerCenter Repository Service

• Model Repository Service
• Data Integration Service
• Analyst Service
When you connect to databases from Linux or UNIX, use native drivers to connect to IBM DB2, Oracle, or
Sybase ASE databases. You can use ODBC to connect to other sources and targets.

216
Connecting to an IBM DB2 Universal Database
For native connectivity, install the version of IBM DB2 Client Application Enabler (CAE) appropriate for the
IBM DB2 database server version. To ensure compatibility between Informatica and databases, use the
appropriate database client libraries.

Configuring Native Connectivity

You can configure native connectivity to an IBM DB2 database to increase performance.

The following steps provide a guideline for configuring native connectivity. For specific instructions, see the
database documentation.

1. To configure connectivity on the machine where the Data Integration Service, PowerCenter Integration
Service, or PowerCenter Repository Service process runs, log in to the machine as a user who can start a
service process.
2. Set the DB2INSTANCE, INSTHOME, DB2DIR, and PATH environment variables.
The UNIX IBM DB2 software always has an associated user login, often db2admin, which serves as a
holder for database configurations. This user holds the instance for DB2.
DB2INSTANCE. The name of the instance holder.
Using a Bourne shell:
$ DB2INSTANCE=db2admin; export DB2INSTANCE
Using a C shell:
$ setenv DB2INSTANCE db2admin
INSTHOME. This is db2admin home directory path.
Using a Bourne shell:
$ INSTHOME=~db2admin
Using a C shell:
$ setenv INSTHOME ~db2admin>
DB2DIR. Set the variable to point to the IBM DB2 CAE installation directory. For example, if the client is
installed in the /opt/IBM/db2/V9.7 directory:
Using a Bourne shell:
$ DB2DIR=/opt/IBM/db2/V9.7; export DB2DIR
Using a C shell:
$ setenv DB2DIR /opt/IBM/db2/V9.7
PATH. To run the IBM DB2 command line programs, set the variable to include the DB2 bin directory.
Using a Bourne shell:
$ PATH=${PATH}:$DB2DIR/bin; export PATH
Using a C shell:
$ setenv PATH ${PATH}:$DB2DIR/bin
3. Set the shared library variable to include the DB2 lib directory.
The IBM DB2 client software contains a number of shared library components that the Data Integration
Service, PowerCenter Integration Service, and PowerCenter Repository Service processes load
dynamically. Set the shared library environment variable so that the services can find the shared libraries
at run time.
The shared library path must also include the Informatica installation directory (server_dir).

Connecting to an IBM DB2 Universal Database 217

 Set the shared library environment variable based on the operating system.
The following table describes the shared library variables for each operating system:

Operating System Variable

Linux LD_LIBRARY_PATH

AIX LIBPATH

For example, use the following syntax for Linux:

• Using a Bourne shell:
$ LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/server_dir:$DB2DIR/lib; export
LD_LIBRARY_PATH
• Using a C shell:
$ setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:$HOME/server_dir:$DB2DIR/lib
For AIX:
• Using a Bourne shell:
$ LIBPATH=${LIBPATH}:$HOME/server_dir:$DB2DIR/lib; export LIBPATH
• Using a C shell:
$ setenv LIBPATH ${LIBPATH}:$HOME/server_dir:$DB2DIR/lib
4. Edit the .cshrc or .profile to include the complete set of shell commands. Save the file and either log out
and log in again or run the source command.
Using a Bourne shell:
$ source .profile
Using a C shell:
$ source .cshrc
5. If the DB2 database resides on the same machine on which the Data Integration Service, PowerCenter
Integration Service, or PowerCenter Repository Service process runs, configure the DB2 instance as a
remote instance.
Run the following command to verify if there is a remote entry for the database:
DB2 LIST DATABASE DIRECTORY
The command lists all the databases that the DB2 client can access and their configuration properties. If
this command lists an entry for “Directory entry type” of “Remote,” skip to 7.
6. If the database is not configured as remote, run the following command to verify whether a TCP/IP node
is cataloged for the host:
DB2 LIST NODE DIRECTORY
If the node name is empty, you can create one when you set up a remote database. Use the following
command to set up a remote database and, if needed, create a node:
db2 CATALOG TCPIP NODE <nodename> REMOTE <hostname_or_address> SERVER <port number>
Run the following command to catalog the database:
db2 CATALOG DATABASE <dbname> as <dbalias> at NODE <nodename>
For more information about these commands, see the database documentation.
7. Verify that you can connect to the DB2 database. Run the DB2 Command Line Processor and run the
command:
CONNECT TO <dbalias> USER <username> USING <password>
If the connection is successful, clean up with the CONNECT RESET or TERMINATE command.

218 Appendix B: Connecting to Databases from UNIX or Linux

Connecting to a Microsoft SQL Server Database
Use the Microsoft SQL Server connection to connect to a Microsoft SQL Server database from a UNIX or
Linux machine.

Configuring SSL Authentication through ODBC

You can configure SSL authentication for Microsoft SQL Server through ODBC using the DataDirect New SQL
Server Wire Protocol driver.

1. Open the odbc.ini file and add an entry for the ODBC data source and DataDirect New SQL Server Wire
Protocol driver under the section [ODBC Data Sources].
2. Add the attributes in the odbc.ini file for configuring SSL.
The following table lists the attributes that you must add to the odbc.ini file when you configure SSL
authentication:

Attribute Description

EncryptionMethod The method that the driver uses to encrypt the data sent between the driver and the
database server. Set the value to 1 to encrypt data using SSL.

ValidateServerCertificate Determines whether the driver validates the certificate sent by the database server
when SSL encryption is enabled. Set the value to 1 for the driver to validate the
server certificate.

TrustStore The location and name of the trust store file. The trust store file contains a list of
Certificate Authorities (CAs) that the driver uses for SSL server authentication.

TrustStorePassword The password to access the contents of the trust store file.

HostNameInCertificate Optional. The host name that is established by the SSL administrator for the driver to
validate the host name contained in the certificate.

Connecting to an Oracle Database

For native connectivity, install the version of Oracle client appropriate for the Oracle database server version.
To ensure compatibility between Informatica and databases, use the appropriate database client libraries.

You must install compatible versions of the Oracle client and Oracle database server. You must also install
the same version of the Oracle client on all machines that require it. To verify compatibility, contact Oracle.

Configuring Native Connectivity

You can configure native connectivity to an Oracle database to increase performance.

The following steps provide a guideline for configuring native connectivity through Oracle Net Services or
Net8. For specific instructions, see the database documentation.

1. To configure connectivity for the Data Integration Service, PowerCenter Integration Service, or
PowerCenter Repository Service process, log in to the machine as a user who can start the server
process.

Connecting to a Microsoft SQL Server Database 219

 2. Set the ORACLE_HOME, NLS_LANG, TNS_ADMIN, and PATH environment variables.
ORACLE_HOME. Set the variable to the Oracle client installation directory. For example, if the client is
installed in the /HOME2/oracle directory. set the variable as follows:
Using a Bourne shell:
$ ORACLE_HOME=/HOME2/oracle; export ORACLE_HOME
Using a C shell:
$ setenv ORACLE_HOME /HOME2/oracle
NLS_LANG. Set the variable to the locale (language, territory, and character set) you want the database
client and server to use with the login. The value of this variable depends on the configuration. For
example, if the value is american_america.UTF8, set the variable as follows:
Using a Bourne shell:
$ NLS_LANG=american_america.UTF8; export NLS_LANG
Using a C shell:
$ NLS_LANG american_america.UTF8
To determine the value of this variable, contact the administrator.
TNS_ADMIN. If the tnsnames.ora file is not in the same location as the Oracle client installation location,
set the TNS_ADMIN environment variable to the directory where the tnsnames.ora file resides. For
example, if the file is in the /HOME2/oracle/files directory, set the variable as follows:
Using a Bourne shell:
$ TNS_ADMIN=$HOME2/oracle/files; export TNS_ADMIN
Using a C shell:
$ setenv TNS_ADMIN=$HOME2/oracle/files
Note: By default, the tnsnames.ora file is stored in the following directory: $ORACLE_HOME/network/
admin.
PATH. To run the Oracle command line programs, set the variable to include the Oracle bin directory.
Using a Bourne shell:
$ PATH=${PATH}:$ORACLE_HOME/bin; export PATH
Using a C shell:
$ setenv PATH ${PATH}:ORACLE_HOME/bin
3. Set the shared library environment variable.
The Oracle client software contains a number of shared library components that the Data Integration
Service, PowerCenter Integration Service, and PowerCenter Repository Service processes load
dynamically. To locate the shared libraries during run time, set the shared library environment variable.
The shared library path must also include the Informatica installation directory (server_dir).
Set the shared library environment variable to LD_LIBRARY_PATH.
For example, use the following syntax:
• Using a Bourne shell:
$ LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/server_dir:$ORACLE_HOME/lib; export
LD_LIBRARY_PATH
• Using a C shell:
$ setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:$HOME/server_dir:$ORACLE_HOME/lib
4. Edit the .cshrc or .profile to include the complete set of shell commands. Save the file and either log out
and log in again, or run the source command.

220 Appendix B: Connecting to Databases from UNIX or Linux

 Using a Bourne shell:
$ source .profile
Using a C shell:
$ source .cshrc
5. Verify that the Oracle client is configured to access the database.
Use the SQL*Net Easy Configuration Utility or copy an existing tnsnames.ora file to the home directory
and modify it.
The tnsnames.ora file is stored in the following directory: $ORACLE_HOME/network/admin.
Enter the correct syntax for the Oracle connect string, typically databasename.world.
Here is a sample tnsnames.ora file. Enter the information for the database.
mydatabase.world =
(DESCRIPTION
(ADDRESS_LIST =
(ADDRESS =
(COMMUNITY = mycompany.world
(PROTOCOL = TCP)
(Host = mymachine)
(Port = 1521)
)
)
(CONNECT_DATA =
(SID = MYORA7)
(GLOBAL_NAMES = mydatabase.world)
Here is a sample tnsnames.ora file to connect to Oracle using Oracle Connection Manager:
ORCL19C_CMAN =
(description=
(address_list=
(source_route=yes)
(address=(protocol=tcp)(host=inrh74ocm.mycompany.com)(port=1521))
(address=(protocol=tcp)(host=inrh74oradb.mycompany.com)(port=1521))
)
(connect_data=
(service_name=ORCL19C.mycompany.com)
)
)
6. Verify that you can connect to the Oracle database.
To connect to the Oracle database, launch SQL*Plus and enter the connectivity information. If you fail to
connect to the database, verify that you correctly entered all of the connectivity information.
Enter the user name and connect string as defined in the tnsnames.ora file.

Connecting to a Sybase ASE Database

For native connectivity, install the version of Open Client appropriate for your database version. To ensure
compatibility between Informatica and databases, use the appropriate database client libraries.

Install an Open Client version that is compatible with the Sybase ASE database server. You must also install
the same version of Open Client on the machines hosting the Sybase ASE database and Informatica. To
verify compatibility, contact Sybase.

If you want to create, restore, or upgrade a Sybase ASE repository, set allow nulls by default to TRUE at the
database level. Setting this option changes the default null type of the column to null in compliance with the
SQL standard.

Connecting to a Sybase ASE Database 221

 Configuring Native Connectivity
You can configure native connectivity to a Sybase ASE database to increase performance.

The following steps provide a guideline for configuring native connectivity. For specific instructions, see the
database documentation.

1. To configure connectivity to the Data Integration Service, PowerCenter Integration Service, or

PowerCenter Repository Service process, log in to the machine as a user who can start the server
process.
2. Set the SYBASE and PATH environment variables.
SYBASE. Set the variable to the Sybase Open Client installation directory. For example if the client is
installed in the /usr/sybase directory:
Using a Bourne shell:
$ SYBASE=/usr/sybase; export SYBASE
Using a C shell:
$ setenv SYBASE /usr/sybase
PATH. To run the Sybase command line programs, set the variable to include the Sybase OCS bin
directory.
Using a Bourne shell:
$ PATH=${PATH}:/usr/sybase/OCS-15_0/bin; export PATH
Using a C shell:
$ setenv PATH ${PATH}:/usr/sybase/OCS-15_0/bin
3. Set the shared library environment variable.
The Sybase Open Client software contains a number of shared library components that the Data
Integration Service, PowerCenter Integration Service, and PowerCenter Repository Service processes
load dynamically. Set the shared library environment variable so that the services can find the shared
libraries at run time.
The shared library path must also include the installation directory of the Informatica services
(server_dir).
Set the shared library environment variable based on the operating system.
The following table describes the shared library variables for each operating system.

Operating System Variable

Linux LD_LIBRARY_PATH

AIX LIBPATH

For example, use the following syntax for Linux:

• Using a Bourne shell:
$ LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/server_dir:$SYBASE/OCS-15_0/
lib;$SYBASE/OCS-15_0/lib3p;$SYBASE/OCS-15_0/lib3p64; export LD_LIBRARY_PATH
• Using a C shell:
$ setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:$HOME/server_dir:$SYBASE/OCS-15_0/
lib;$SYBASE/OCS-15_0/lib3p;$SYBASE/OCS-15_0/lib3p64;

222 Appendix B: Connecting to Databases from UNIX or Linux

 For AIX
• Using a Bourne shell:
$ LIBPATH=${LIBPATH}:$HOME/server_dir:$SYBASE/OCS-15_0/lib;$SYBASE/OCS-15_0/
lib3p;$SYBASE/OCS-15_0/lib3p64; export LIBPATH
• Using a C shell:
$ setenv LIBPATH ${LIBPATH}:$HOME/server_dir:$SYBASE/OCS-15_0/lib;$SYBASE/
OCS-15_0/lib3p;$SYBASE/OCS-15_0/lib3p64;
4. Edit the .cshrc or .profile to include the complete set of shell commands. Save the file and either log out
and log in again, or run the source command.
Using a Bourne shell:
$ source .profile
Using a C shell:
$ source .cshrc
5. Verify the Sybase ASE server name in the Sybase interfaces file stored in the $SYBASE directory.
6. Verify that you can connect to the Sybase ASE database.
To connect to the Sybase ASE database, launch ISQL and enter the connectivity information. If you fail to
connect to the database, verify that you correctly entered all of the connectivity information.
User names and database names are case sensitive.

Connecting to a Teradata Database

Install and configure native client software on the machines where the Data Integration Service or
PowerCenter Integration Service process runs. To ensure compatibility between Informatica and databases,
use the appropriate database client libraries.

Install the Teradata client, the Teradata ODBC driver, and any other Teradata client software that you might
need on the machine where the Data Integration Service or PowerCenter Integration Service runs. You must
also configure ODBC connectivity.

Note: Based on a recommendation from Teradata, Informatica uses ODBC to connect to Teradata. ODBC is a
native interface for Teradata.

Configuring ODBC Connectivity

You can configure ODBC connectivity to a Teradata database.

The following steps provide a guideline for configuring ODBC connectivity. For specific instructions, see the
database documentation.

1. To configure connectivity for the integration service process, log in to the machine as a user who can
start a service process.
2. Set the TERADATA_HOME, ODBCHOME, and PATH environment variables.
TERADATA_HOME. Set the variable to the Teradata driver installation directory. The defaults are as
follows:
Using a Bourne shell:
$ TERADATA_HOME=/opt/teradata/client/<version>; export TERADATA_HOME

Connecting to a Teradata Database 223

 Using a C shell:
$ setenv TERADATA_HOME /opt/teradata/client/<version>
ODBCHOME. Set the variable to the ODBC installation directory. For example:
Using a Bourne shell:
$ ODBCHOME=$INFA_HOME/ODBC<version>; export ODBCHOME
Using a C shell:
$ setenv ODBCHOME $INFA_HOME/ODBC<version>
PATH. To run the ddtestlib utility, to verify that the DataDirect ODBC driver manager can load the driver
files, set the variable as follows:
Using a Bourne shell:
PATH="${PATH}:$ODBCHOME/bin:$TERADATA_HOME/bin"
Using a C shell:
$ setenv PATH ${PATH}:$ODBCHOME/bin:$TERADATA_HOME/bin
3. Set the shared library environment variable.
The Teradata software contains multiple shared library components that the integration service process
loads dynamically. Set the shared library environment variable so that the services can find the shared
libraries at run time.
The shared library path must also include installation directory of the Informatica service (server_dir).
Set the shared library environment variable based on the operating system.
The following table describes the shared library variables for each operating system:

Operating System Variable

Linux LD_LIBRARY_PATH

AIX LIBPATH

For example, use the following syntax for Linux:

• Using a Bourne shell:
$ LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:$HOME/server_dir:$ODBCHOME/lib:

$TERADATA_HOME/lib64:$TERADATA_HOME/odbc_64/lib";

export LD_LIBRARY_PATH
• Using a C shell:
$ setenv LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:$HOME/server_dir:$ODBCHOME/
lib:$TERADATA_HOME/lib64:

$TERADATA_HOME/odbc_64/lib"
For AIX
• Using a Bourne shell:
$ LIBPATH=${LIBPATH}:$HOME/server_dir:$ODBCHOME/lib:$TERADATA_HOME/
lib64:$TERADATA_HOME/odbc_64/lib; export LIBPATH
• Using a C shell:
$ setenv LIBPATH ${LIBPATH}:$HOME/server_dir:$ODBCHOME/lib:$TERADATA_HOME/lib64:

$TERADATA_HOME/odbc_64/lib
4. Edit the existing odbc.ini file or copy the odbc.ini file to the home directory and edit it.

224 Appendix B: Connecting to Databases from UNIX or Linux

 This file exists in $ODBCHOME directory.
$ cp $ODBCHOME/odbc.ini $HOME/.odbc.ini
Add an entry for the Teradata data source under the section [ODBC Data Sources] and configure the data
source.
For example, for Teradata Parallel Transporter utilities, version 15.10:
MY_TERADATA_SOURCE=Teradata Driver
[MY_TERADATA_SOURCE]
Driver=/opt/teradata/client/15.10/lib64/tdata.so
Description=NCR 3600 running Teradata V1R5.2
DBCName=208.199.59.208
DateTimeFormat=AAA
SessionMode=ANSI
DefaultDatabase=
Username=
Password=
For example, for Teradata Parallel Transporter utilities, version 16.20:
MY_TERADATA_SOURCE=Teradata Driver
[dwtera]
Driver=/opt/teradata/client/16.20/lib64/tdataodbc_sb64.so
Description=NCR 3600 running Teradata V1R5.2
DBCName=tdvbe1510
LastUser=
Username=
Password=
Database=
DefaultDatabase=
UseNativeLOBSupport=Yes
CharacterSet=UTF8
SessionMode=ANSI
5. Set the DateTimeFormat to AAA in the Teradata data ODBC configuration.
6. Optionally, set the SessionMode to ANSI. When you use ANSI session mode, Teradata does not roll back
the transaction when it encounters a row error.
If you choose Teradata session mode, Teradata rolls back the transaction when it encounters a row
error. In Teradata mode, the integration service process cannot detect the rollback, and does not report
this in the session log.
7. To configure connection to a single Teradata database, enter the DefaultDatabase name. To create a
single connection to the default database, enter the user name and password. To connect to multiple
databases, using the same ODBC DSN, leave the DefaultDatabase field empty.
For more information about Teradata connectivity, see the Teradata ODBC driver documentation.
8. Verify that the last entry in the odbc.ini is InstallDir and set it to the odbc installation directory.
For example:
InstallDir=<Informatica installation directory>/ODBC<version>
9. Edit the .cshrc or .profile to include the complete set of shell commands.
10. Save the file and either log out and log in again, or run the source command.
Using a Bourne shell:
$ source .profile
Using a C shell:
$ source .cshrc
11. For each data source you use, make a note of the file name under the Driver=<parameter> in the data
source entry in odbc.ini. Use the ddtestlib utility to verify that the DataDirect ODBC driver manager can
load the driver file.

Connecting to a Teradata Database 225

 For example, if you have the driver entry:
Driver=/u01/app/teradata/td-tuf611/odbc/drivers/tdata.so
run the following command:
ddtestlib /u01/app/teradata/td-tuf611/odbc/drivers/tdata.so
12. Test the connection using BTEQ or another Teradata client tool.

Connecting to a JDBC Data Source

To enable the the Data Integration Service to write to relational targets, download JDBC driver .jar files to the
Data Integration Service host and to all client machines that run mappings that have relational targets.

Obtain the driver .jar file from the database vendor. For example, to access an Oracle database, download the
file ojdbc.jar from the Oracle website.

1. Place the JDBC driver .jar file in the following directory on the Data Integration Service machine
<Informatica installation directory>/externaljdbcjars. Then recycle the Data Integration
Service.
2. Place the JDBC driver .jar file in the following directory on machines that host the Developer tool:
<Informatica installation directory>/clients/externaljdbcjars. Then recycle the Developer
tool.

Connecting to an ODBC Data Source

Install and configure native client software on the machine where the Data Integration Service, PowerCenter
Integration Service, and PowerCenter Repository Service run. Also install and configure any underlying client
access software required by the ODBC driver. To ensure compatibility between Informatica and the
databases, use the appropriate database client libraries.

The Informatica installation includes DataDirect ODBC drivers. If the odbc.ini file contains connections that
use earlier versions of the ODBC driver, update the connection information to use the new drivers. Use the
System DSN to specify an ODBC data source on Windows.

1. On the machine where the application service runs, log in as a user who can start a service process.
2. Set the ODBCHOME and PATH environment variables.
ODBCHOME. Set to the DataDirect ODBC installation directory. For example, if the install directory is /
export/home/Informatica/10.0.0/ODBC7.1.
Using a Bourne shell:
$ ODBCHOME=/export/home/Informatica/10.0.0/ODBC7.1; export ODBCHOME
Using a C shell:
$ setenv ODBCHOME /export/home/Informatica/10.0.0/ODBC7.1
PATH. To run the ODBC command line programs, like ddtestlib, set the variable to include the odbc bin
directory.
Using a Bourne shell:
$ PATH=${PATH}:$ODBCHOME/bin; export PATH

226 Appendix B: Connecting to Databases from UNIX or Linux

 Using a C shell:
$ setenv PATH ${PATH}:$ODBCHOME/bin
Run the ddtestlib utility to verify that the DataDirect ODBC driver manager can load the driver files.
3. Set the shared library environment variable.
The ODBC software contains a number of shared library components that the service processes load
dynamically. Set the shared library environment variable so that the services can find the shared libraries
at run time.
The shared library path must also include the Informatica installation directory (server_dir).
Set the shared library environment variable based on the operating system.
The following table describes the shared library variables for each operating system:

Operating System Variable

Linux LD_LIBRARY_PATH

AIX LIBPATH

For example, use the following syntax for Linux:

• Using a Bourne shell:
$ LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/server_dir:$ODBCHOME/lib; export
LD_LIBRARY_PATH
• Using a C shell:
$ setenv LD_LIBRARY_PATH $HOME/server_dir:$ODBCHOME:${LD_LIBRARY_PATH}
For AIX
• Using a Bourne shell:
$ LIBPATH=${LIBPATH}:$HOME/server_dir:$ODBCHOME/lib; export LIBPATH
• Using a C shell:
$ setenv LIBPATH ${LIBPATH}:$HOME/server_dir:$ODBCHOME/lib
4. Edit the existing odbc.ini file or copy the odbc.ini file to the home directory and edit it.
This file exists in $ODBCHOME directory.
$ cp $ODBCHOME/odbc.ini $HOME/.odbc.ini
Add an entry for the ODBC data source under the section [ODBC Data Sources] and configure the data
source.
For example:
MY_MSSQLSERVER_ODBC_SOURCE=<Driver name or data source description>
[MY_SQLSERVER_ODBC_SOURCE]
Driver=<path to ODBC drivers>
Description=DataDirect 8.0 SQL Server Wire Protocol
Database=<SQLServer_database_name>
LogonID=<username>
Password=<password>
Address=<TCP/IP address>,<port number>
QuoteId=No
AnsiNPW=No
ApplicationsUsingThreads=1
This file might already exist if you have configured one or more ODBC data sources.
5. Verify that the last entry in the odbc.ini is InstallDir and set it to the odbc installation directory.

Connecting to an ODBC Data Source 227

 For example:
InstallDir=/export/home/Informatica/10.0.0/ODBC7.1
6. If you use the odbc.ini file in the home directory, set the ODBCINI environment variable.
Using a Bourne shell:
$ ODBCINI=/$HOME/.odbc.ini; export ODBCINI
Using a C shell:
$ setenv ODBCINI $HOME/.odbc.ini
7. Edit the .cshrc or .profile to include the complete set of shell commands. Save the file and either log out
and log in again, or run the source command.
Using a Bourne shell:
$ source .profile
Using a C shell:
$ source .cshrc
8. Use the ddtestlib utility to verify that the DataDirect ODBC driver manager can load the driver file you
specified for the data source in the odbc.ini file.
For example, if you have the driver entry:
Driver = /export/home/Informatica/10.0.0/ODBC7.1/lib/DWxxxxnn.so
run the following command:
ddtestlib /export/home/Informatica/10.0.0/ODBC7.1/lib/DWxxxxnn.so
9. Install and configure any underlying client access software needed by the ODBC driver.
Note: While some ODBC drivers are self-contained and have all information inside the .odbc.ini file, most
are not. For example, if you want to use an ODBC driver to access Sybase IQ, you must install the Sybase
IQ network client software and set the appropriate environment variables.
To use the Informatica ODBC drivers (DWxxxxnn.so), manually set the PATH and shared library path
environment variables. Alternatively, run the odbc.sh or odbc.csh script in the $ODBCHOME folder. This
script will set the required PATH and shared library path environment variables for the ODBC drivers
provided by Informatica.

Sample odbc.ini File

The following sample shows the entries for the ODBC drivers in the ODBC.ini file:
[ODBC Data Sources]
SQL Server Legacy Wire Protocol=DataDirect 7.1 SQL Server Legacy Wire Protocol
DB2 Wire Protocol=DataDirect 7.1 DB2 Wire Protocol
Informix Wire Protocol=DataDirect 7.1 Informix Wire Protocol
Oracle Wire Protocol=DataDirect 8.0 Oracle Wire Protocol
Sybase Wire Protocol=DataDirect 7.1 Sybase Wire Protocol
SQL Server Wire Protocol=DataDirect 8.0 SQL Server Wire Protocol
MySQL Wire Protocol=DataDirect 7.1 MySQL Wire Protocol
PostgreSQL Wire Protocol=DataDirect 7.1 PostgreSQL Wire Protocol
Greenplum Wire Protocol=DataDirect 7.1 Greenplum Wire Protocol

[ODBC]
IANAAppCodePage=4
InstallDir=/<Informatica installation directory>/ODBC7.1
Trace=0
TraceFile=odbctrace.out
TraceDll=/<Informatica installation directory>/ODBC7.1/lib/DWtrc27.so

[DB2 Wire Protocol]

228 Appendix B: Connecting to Databases from UNIX or Linux

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWdb227.so
Description=DataDirect 7.1 DB2 Wire Protocol
AccountingInfo=
AddStringToCreateTable=
AlternateID=
AlternateServers=
ApplicationName=
ApplicationUsingThreads=1
AuthenticationMethod=0
BulkBinaryThreshold=32
BulkCharacterThreshold=-1
BulkLoadBatchSize=1024
BulkLoadFieldDelimiter=
BulkLoadRecordDelimiter=
CatalogSchema=
CharsetFor65535=0
ClientHostName=
ClientUser=
#Collection applies to z/OS and iSeries only
Collection=
ConcurrentAccessResolution=0
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
CurrentFuncPath=
#Database applies to DB2 UDB only
Database=<database_name>
DefaultIsolationLevel=1
DynamicSections=1000
EnableBulkLoad=0
EncryptionMethod=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
GrantAuthid=PUBLIC
GrantExecute=1
GSSClient=native
HostNameInCertificate=
IpAddress=<DB2_server_host>
KeyPassword=
KeyStore=
KeyStorePassword=
LoadBalanceTimeout=0
LoadBalancing=0
#Location applies to z/OS and iSeries only
Location=<location_name>
LogonID=
MaxPoolSize=100
MinPoolSize=0
Password=
PackageCollection=NULLID
PackageNamePrefix=DD
PackageOwner=
Pooling=0
ProgramID=
QueryTimeout=0
ReportCodePageConversionErrors=0
TcpPort=50000
TrustStore=
TrustStorePassword=
UseCurrentSchema=0
ValidateServerCertificate=1
WithHold=1
XMLDescribeType=-10

[Informix Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWifcl27.so
Description=DataDirect 7.1 Informix Wire Protocol
AlternateServers=
ApplicationUsingThreads=1
CancelDetectInterval=0

Sample odbc.ini File 229

 ConnectionRetryCount=0
ConnectionRetryDelay=3
Database=<database_name>
HostName=<Informix_host>
LoadBalancing=0
LogonID=
Password=
PortNumber=<Informix_server_port>
ServerName=<Informix_server>
TrimBlankFromIndexName=1
UseDelimitedIdentifiers=0

[Oracle Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWora28.so
Description=DataDirect 8.0 Oracle Wire Protocol
AlternateServers=
ApplicationUsingThreads=1
AccountingInfo=
Action=
ApplicationName=
ArraySize=60000
AuthenticationMethod=1
BulkBinaryThreshold=32
BulkCharacterThreshold=-1
BulkLoadBatchSize=1024
BulkLoadFieldDelimiter=
BulkLoadRecordDelimiter=
CachedCursorLimit=32
CachedDescLimit=0
CatalogIncludesSynonyms=1
CatalogOptions=0
ClientHostName=
ClientID=
ClientUser=
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
DataIntegrityLevel=0
DataIntegrityTypes=MD5,SHA1
DefaultLongDataBuffLen=1024
DescribeAtPrepare=0
EditionName=
EnableBulkLoad=0
EnableDescribeParam=0
EnableNcharSupport=0
EnableScrollableCursors=1
EnableStaticCursorsForLongData=0
EnableTimestampWithTimeZone=0
EncryptionLevel=0
EncryptionMethod=0
EncryptionTypes=AES128,AES192,AES256,DES,3DES112,3DES168,RC4_40,RC4_56,RC4_128,
RC4_256
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
FetchTSWTZasTimestamp=0
GSSClient=native
HostName=<Oracle_server>
HostNameInCertificate=
InitializationString=
KeyPassword=
KeyStore=
KeyStorePassword=
LoadBalanceTimeout=0
LoadBalancing=0
LocalTimeZoneOffset=
LockTimeOut=-1
LoginTimeout=15
LogonID=
MaxPoolSize=100
MinPoolSize=0

230 Appendix B: Connecting to Databases from UNIX or Linux

Module=
Password=
Pooling=0
PortNumber=<Oracle_server_port>
ProcedureRetResults=0
ProgramID=
QueryTimeout=0
ReportCodePageConversionErrors=0
ReportRecycleBin=0
ServerName=<server_name in tnsnames.ora>
ServerType=0
ServiceName=
SID=<Oracle_System_Identifier>
TimestampeEscapeMapping=0
TNSNamesFile=<tnsnames.ora_filename>
TrustStore=
TrustStorePassword=
UseCurrentSchema=1
ValidateServerCertificate=1
WireProtocolMode=2

[Sybase Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWase27.so
Description=DataDirect 7.1 Sybase Wire Protocol
AlternateServers=
ApplicationName=
ApplicationUsingThreads=1
ArraySize=50
AuthenticationMethod=0
BulkBinaryThreshold=32
BulkCharacterThreshold=-1
BulkLoadBatchSize=1024
BulkLoadFieldDelimiter=
BulkLoadRecordDelimiter=
Charset=
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
CursorCacheSize=1
Database=<database_name>
DefaultLongDataBuffLen=1024
EnableBulkLoad=0
EnableDescribeParam=0
EnableQuotedIdentifiers=0
EncryptionMethod=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
GSSClient=native
HostNameInCertificate=
InitializationString=
Language=
LoadBalancing=0
LoadBalanceTimeout=0
LoginTimeout=15
LogonID=
MaxPoolSize=100
MinPoolSize=0
NetworkAddress=<Sybase_host,Sybase_server_port>
OptimizePrepare=1
PacketSize=0
Password=
Pooling=0
QueryTimeout=0
RaiseErrorPositionBehavior=0
ReportCodePageConversionErrors=0
SelectMethod=0
ServicePrincipalName=
TruncateTimeTypeFractions=0
TrustStore=
TrustStorePassword=

Sample odbc.ini File 231

 ValidateServerCertificate=1
WorkStationID=

[SQL Server Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWsqls28.so
Description=DataDirect 8.0 SQL Server Wire Protocol
AlternateServers=
AlwaysReportTriggerResults=0
AnsiNPW=1
ApplicationName=
ApplicationUsingThreads=1
AuthenticationMethod=1
BulkBinaryThreshold=32
BulkCharacterThreshold=-1
BulkLoadBatchSize=1024
BulkLoadOptions=2
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
Database=<database_name>
EnableBulkLoad=0
EnableQuotedIdentifiers=0
EncryptionMethod=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
FetchTSWTZasTimestamp=0
FetchTWFSasTime=1
GSSClient=native
HostName=<SQL_Server_host>
HostNameInCertificate=
InitializationString=
Language=
LoadBalanceTimeout=0
LoadBalancing=0
LoginTimeout=15
LogonID=
MaxPoolSize=100
MinPoolSize=0
PacketSize=-1
Password=
Pooling=0
PortNumber=<SQL_Server_server_port>
QueryTimeout=0
ReportCodePageConversionErrors=0
SnapshotSerializable=0
TrustStore=
TrustStorePassword=
ValidateServerCertificate=1
WorkStationID=
XML Describe Type=-10

[MySQL Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWmysql27.so
Description=DataDirect 7.1 MySQL Wire Protocol
AlternateServers=
ApplicationUsingThreads=1
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
Database=<database_name>
DefaultLongDataBuffLen=1024
EnableDescribeParam=0
EncryptionMethod=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
HostName=<MySQL_host>
HostNameInCertificate=
InteractiveClient=0
LicenseNotice=You must purchase commercially licensed MySQL database software or

232 Appendix B: Connecting to Databases from UNIX or Linux

a MySQL Enterprise subscription in order to use the DataDirect Connect for ODBC
for MySQL Enterprise driver with MySQL software.
KeyStore=
KeyStorePassword=
LoadBalanceTimeout=0
LoadBalancing=0
LogonID=
LoginTimeout=15
MaxPoolSize=100
MinPoolSize=0
Password=
Pooling=0
PortNumber=<MySQL_server_port>
QueryTimeout=0
ReportCodepageConversionErrors=0
TreatBinaryAsChar=0
TrustStore=
TrustStorePassword=
ValidateServerCertificate=1

[PostgreSQL Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWpsql27.so
Description=DataDirect 7.1 PostgreSQL Wire Protocol
AlternateServers=
ApplicationUsingThreads=1
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
Database=<database_name>
DefaultLongDataBuffLen=2048
EnableDescribeParam=1
EncryptionMethod=1
ExtendedColumnMetadata=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
FetchTSWTZasTimestamp=0
FetchTWFSasTime=0
GSSClient=native
HostName=<PostgreSQL_host>
HostNameInCertificate=<Host name in SSL certificate>
InitializationString=
KeyPassword=
KeyStore=
KeyStorePassword=
LoadBalanceTimeout=0
LoadBalancing=0
LoginTimeout=15
LogonID=
MaxPoolSize=100
MinPoolSize=0
Password=
Pooling=0
PortNumber=<PostgreSQL_server_port>
QueryTimeout=0
ReportCodepageConversionErrors=0
TransactionErrorBehavior=1
TrustStore=<Path of the truststore certificates>
TrustStorePassword=<Password of the truststore certificates>
ValidateServerCertificate=1
XMLDescribeType=-10

[Greenplum Wire Protocol]

Driver=/<Informatica installation directory>/ODBC7.1/lib/DWgplm27.so
Description=DataDirect 7.1 Greenplum Wire Protocol
AlternateServers=
ApplicationUsingThreads=1
ConnectionReset=0
ConnectionRetryCount=0
ConnectionRetryDelay=3
Database=<database_name>

Sample odbc.ini File 233

 DefaultLongDataBuffLen=2048
EnableDescribeParam=0
EnableKeysetCursors=0
EncryptionMethod=0
ExtendedColumnMetadata=0
FailoverGranularity=0
FailoverMode=0
FailoverPreconnect=0
FetchTSWTZasTimestamp=0
FetchTWFSasTime=0
HostName=<Greenplum_host>
InitializationString=
KeyPassword=
KeysetCursorOptions=0
KeyStore=
KeyStorePassword=
LoadBalanceTimeout=0
LoadBalancing=0
LoginTimeout=15
LogonID=
MaxPoolSize=100
MinPoolSize=0
Password=
Pooling=0
PortNumber=<Greenplum_server_port>
QueryTimeout=0
ReportCodepageConversionErrors=0
TransactionErrorBehavior=1
XMLDescribeType=-10
Note: You might have to customize the DSN entries in the ODBC.ini file based on the third-party driver that
you use. For more information about the DSN entries, see the corresponding third-party driver
documentation.

234 Appendix B: Connecting to Databases from UNIX or Linux

Index

A D
AddLicense (infacmd) Data Integration Service
troubleshooting 156 after creating 185
application services configuring 182
Content Management Service 44 creating 182
Catalog Service 40 host file configuration 185
Data Integration Service 46 data object cache
Informatica Cluster Service 54 database requirements 47
Model Repository Service 54 IBM DB2 database requirements 47
monitoring Model Repository Service 57 Microsoft Azure SQL database requirements 47
ports 26 Microsoft SQL Server database requirements 47
products 36 Oracle database requirements 48
Data Privacy Management
Microsoft Azure SQL Server database requirements 52

B Microsoft SQL Server database requirements 51

Data Privacy Management repository
before installing the clients database requirements 50
verifying installation requirements 203 IBM DB2 database requirements 50
verifying minimum system requirements 203 Oracle database requirements 53
PostgreSQL database requirements 53
Data Privacy Management Service

C configuring 197
database clients
catalina.out configuring 59
troubleshooting installation 154 environment variables 59
Catalog Service IBM DB2 client application enabler 59
creating 193 Microsoft SQL Server native clients 59
clients Oracle clients 59
configuring for secure domains 205 Sybase open clients 59
code page compatibility database connections
application services 160 creating 170
locale 160 database preparations
configuration repositories 36
domains 160 database requirements
environment variables 161 data object cache 47
environment variables on UNIX 163 Data Privacy Management repository 50
connecting Model repository 55
Integration Service to IBM DB2 (Windows) 217 profiling warehouse 48
Integration Service to JDBC data sources (UNIX) 226 reference data warehouse 44
Integration Service to ODBC data sources (UNIX) 226 database user accounts
Integration Service to Oracle (UNIX) 219 guidelines for setup 36
Integration Service to Sybase ASE (UNIX) 221 databases
UNIX databases 216 connecting to (UNIX) 216
connections connecting to IBM DB2 217
creating database connections 170, 175 connecting to Oracle 219
IBM DB2 properties 170 connecting to Sybase ASE 221
Microsoft Azure SQL Database properties 171 connecting to Teradata (UNIX) 223
Microsoft SQL Server properties 172 repository 36
Oracle properties 173 testing connections 59
PostgreSQL properties 174 dbs2 connect
Content Management Service testing database connections 59
configuring 185 debug logs
creating 185 troubleshooting the installation 154
Developer tool
third-party software requirements 204

235
domain configuration repository infasetup
IBM DB2 database requirements 38, 50, 55 defining domains 155
Microsoft Azure SQL database requirements 39, 56 defining worker nodes 155
Microsoft SQL Server database requirements 39, 56 Informatica Administrator
Oracle database requirements 39 logging in 169
preparing databases 37 Informatica clients
troubleshooting 155 installing in graphical mode 204
Domain configuration repository installing in silent mode 208
PostgreSQL database requirements 39 uninstalling 211
domains Informatica Cluster Service
configuring 160 creating 123, 187
overview 16 Informatica Developer
ports 26 configuring local workspace directory 206
installing languages 205
local machines 206

E remote machines 206

Informatica server
environment variables uninstalling 211
configuring 161 Informatica services
configuring clients 205 installing in silent mode 149
configuring on UNIX 163 starting and stopping on UNIX 214
database clients 59 troubleshooting 156
INFA_TRUSTSTORE 205 installation logs
INFA_TRUSTSTORE_PASSWORD 205 descriptions 154
installation 28 installation requirements
LANG 161 environment variables 28
LANG_C 161 keystore files 29
LC_ALL 161 port requirements 26
LC_CTYPE 161 truststore files 29
library paths on UNIX 163 isql
locale 161 testing database connections 59
UNIX 161
UNIX database clients 59

J
G JDBC data sources
connecting to (UNIX) 226
graphical mode JRE_HOME
installing Informatica clients 204 environment variables 28

H K
host file keystore files
Data Integration Service 185 installation requirements 29
HTTPS
installation requirements 29

L
I LANG
environment variables 161
i10Pi locale environment variables 28
UNIX 88 languages
IATEMPDIR client tools 205
environment variables 28 LC_ALL
IBM DB2 environment variables 161
connecting to Integration Service (Windows) 217 locale environment variables 28
IBM DB2 database requirements LC_CTYPE
data object cache 47 environment variables 161
Data Privacy Management repository database 50 library paths
domain repository 38, 50, 55 environment variables 28
Model repository database 38, 55 license keys
profiling warehouse 48 verifying 33
reference data warehouse 45 licenses
infacmd adding 156
adding nodes to domains 155 Linux
pinging objects 156 database client environment variables 59

236 Index
locale environment variables
configuring 161 P
localhost patch requirements
Data Integration Service 185 installation 25
log files PATH
catalina.out 154 environment variables 28
debug logs 154 Ping (infacmd)
installation 153 troubleshooting 156
installation logs 154 port requirements
node.log 154 installation requirements 26
types 153 ports
application services 26
domains 26
M requirements 26
PostgreSQL database requirements
Microsoft Azure SQL database requirements Data Privacy Management repository 53
data object cache 47 Domain configuration repository 39
domain configuration repository 39, 56 Model repository 57
reference data warehouse 45 pre-installation
Microsoft Azure SQL Server database requirements i10Pi on UNIX 88
Data Privacy Management 52 profiling warehouse
Microsoft SQL Server database requirements 48
connecting from UNIX 219 IBM DB2 database requirements 48
Microsoft SQL Server database requirements Microsoft SQL Server database requirements 49
data object cache 47 Oracle database requirements 49
Data Privacy Management 51
domain configuration repository 39, 56
profiling warehouse 49
reference data warehouse 45 R
Model repository reference data warehouse
database requirements 55 database requirements 44
IBM DB2 database requirements 38, 55 IBM DB2 database requirements 45
Oracle database requirements 57 Microsoft Azure SQL database requirements 45
PostgreSQL database requirements 57 Microsoft SQL Server database requirements 45
users 181 Oracle database requirements 45
Model Repository Service repositories
after creating 180 configuring native connectivity 58
configuring 177 installing database clients 59
creating 177 preparing databases 36

N S
node.log samples
troubleshooting installation 154 odbc.ini file 228
nodes secure domains
troubleshooting 155 configuring clients 205
Service Manager
log files 154
O silent mode
installing Informatica clients 208
ODBC data sources installing Informatica services 149
connecting to (UNIX) 226 source databases
odbc.ini file connecting through JDBC (UNIX) 226
sample 228 connecting through ODBC (UNIX) 226
Oracle sqlplus
connecting to Integration Service (UNIX) 219 testing database connections 59
Oracle database requirements Sybase ASE
data object cache 48 connecting to Integration Service (UNIX) 221
Data Privacy Management repository 53 system requirements
domain configuration repository 39 minimum 22, 23
Model repository 57
profiling warehouse 49
reference data warehouse 45
Oracle Net Services T
using to connect Integration Service to Oracle (UNIX) 219 target databases
connecting through JDBC (UNIX) 226
connecting through ODBC (UNIX) 226

Index 237
Teradata UNIX (continued)
connecting to Informatica clients (UNIX) 223 connecting to ODBC data sources 226
connecting to Integration Service (UNIX) 223 database client environment variables 59
third-party software requirements database client variables 59
Developer tool 204 environment variables 161
troubleshooting i10Pi 88
creating domains 155 library paths 163
domain configuration repository 155 pre-installation 88
Informatica services 156 starting and stopping Informatica services 214
joining domains 155 user accounts 29
licenses 156 user accounts
pinging domains 156 Model repository 181
truststore files UNIX 29
installation requirements 29

W
U Windows
uninstallation installing Informatica clients in graphical mode 204
rules and guidelines 211
UNIX
connecting to JDBC data sources 226

238 Index