The Informatica Cloud Secure Agent is a lightweight program that runs all tasks and enables secure communication across the firewall between your organization and Informatica Intelligent Cloud Services. When the Secure Agent runs a task, it connects to the Informatica Cloud hosting facility to access task information. It connects directly and securely to sources and targets, transfers data between them, orchestrates the flow of tasks, runs processes, and performs any additional task requirement.
If the Secure Agent loses connectivity to Informatica Intelligent Cloud Services, it tries to reestablish connectivity to continue the task. If it cannot reestablish connectivity, the task fails.
The Secure Agent uses pluggable microservices for data processing. For example, the Data Integration Server runs all data integration jobs, and Process Server runs application integration and process orchestration jobs. Each service has a unique set of configuration properties, such as Tomcat and Tomcat JRE settings. For more information about Secure Agent services, see Secure Agent services.
You can install and run one Secure Agent on a physical or virtual machine. After you install a Secure Agent, all users in the organization share the Secure Agent. You can configure the Secure Agent properties and move it to a different Secure Agent group. To improve scalability, you can also add multiple agents to a Secure Agent group.
Working with Secure Agents
After you create a Secure Agent, you might need to perform management tasks such as viewing and configuring agent properties, checking the host information, viewing audit logs, or refreshing the agent status. You can also delete a Secure Agent if it is no longer used.
You perform most management tasks for Secure Agents on the agent details page. To access the agent details page, click a Secure Agent on the Runtime Environments page.
The following image shows the agent details page:
You can complete the following tasks:
View the Secure Agent details.
View details such as the host name, the current status, the last date and time that the agent was updated, and the agent version.
The Secure Agent can have any of the following statuses:
Status
Description
Agent Core is not running.
The Secure Agent is not available, but one or more of the services is running.
Not all the services are running.
The Secure Agent is available, but one or more of the services is not available.
Agent Core Upgrading
The Secure Agent is upgrading to a new version.
Stopped
The Secure Agent is not available.
Up and Running
The Secure Agent and all of the services that the agent runs are available.
View the agent service details.
View details for services that run on the Secure Agent such as the service name, status, version, and last update time.
A service can have any of the following statuses:
Status
Description
Error
The process failed.
Restarting Due to Error
The service is starting due to a failure.
Shutting Down
The service is shutting down.
Standby
The service is running, but it is not compatible with Informatica Intelligent Cloud Services.
Starting Up
The service is starting up.
Stopped
The service is not available.
Up and Running
The service is running.
User Stopped
The service was stopped by a user.
Warning
The service is running, but it cannot accept work.
The version number changes each time you modify the service. The Secure Agent retains the directories for the old version of the service for seven days. For example, if you update the NetworkTimeoutPeriod for version 55.0.2 of the Data Integration Server, the agent increments the version number to 55.0.3 and creates the following directory:
It deletes the <Secure Agent installation directory>/apps/Data_Integration_Server/55.0.2.x directories after seven days.
Stop and start the services that run on the Secure Agent.
Stop and start the services that run on a Secure Agent to perform troubleshooting, optimize resources on the agent machine, or make service configuration changes. When you stop or start a service, other services that run on the agent are not affected.
View the Secure Agent package details.
Expand the Agent Package Details section to see the name and version number for the packages in each service that runs on the Secure Agent. You can filter the packages by service.
View and edit Secure Agent service properties.
Expand the System Configuration Details section to see the Secure Agent service properties. You can filter the properties by service and type.
To configure the properties, click Edit. You can configure properties for each service that runs on the Secure Agent. You can also add and remove custom properties, which are used by connectors. For more information about Secure Agent services and service properties, see Secure Agent services. For more information about custom properties, see the help for the appropriate connector.
View the Secure Agent host properties.
Expand the Agent Host section to see information about the machine that hosts the Secure Agent. For example, you can view the machine name, operating system, and available disk space.
To refresh the information, click Refresh. The last date and time that the information was refreshed appears next to the Agent Host | Updated heading.
View the Audit Log.
To view audit information such as start and stop times, server connections, and upgrade messages, click Audit Log.
Refresh the Secure Agent status.
To refresh the status of the Secure Agent, click Refresh Status in the upper right corner of the page.
To view the status on Linux, you can also navigate to the following directory:
By default, each Secure Agent in an organization runs all microservices that are used for data processing in the organization. You can stop and start these services to perform troubleshooting, optimize resources on the agent machine, or make configuration changes. When you stop or start a Secure Agent service, other services that run on the agent are not affected.
The services that you stop and start on a Secure Agent are the Secure Agent services, which are different from the Informatica Intelligent Cloud Services. For example, if you want to stop the services associated with Operational Insights, you must stop the OI Data Collector service on the agent. For more information about Secure Agent services, see Secure Agent services.
You might need to stop and restart a Secure Agent service in the following circumstances:
You need to troubleshoot issues with a specific service.
If a service shows an error state, you can stop the service, troubleshoot the problem, and then restart the service.
You are running memory or CPU intensive jobs, and you want to optimize computing resources on the Secure Agent machine.
For example, your organization runs Data Integration and Application Integration jobs. You want to optimize computing resources so that the Data Integration jobs run during the day and the Application Integration jobs run at night. To do this, stop Process Server during the day and restart it in the evening, and stop the Data Integration Server at night and restart it in the morning.
You update service configuration properties for the File Integration Service.
After you change configuration properties for the File Integration Service, you must restart the service. If the Secure Agent runs other services, you can stop and restart the File Integration Service without affecting the other services.
To start or stop a service on a Secure Agent, you must have update permission on the Secure Agent.
If you are the administrator of a sub-organization, you can start and stop services on the agents in the sub-organization. However, you cannot start and stop services on a Secure Agent that is in a shared Secure Agent group.
Each time you start and restart a service, the Secure Agent creates a new subdirectory for the service-related files. For example, if the Secure Agent uses version 12.1 of the B2B Processor Service, the Secure Agent installation directory contains the following subdirectory:
The Secure Agent does not delete the .../12.1.1 directory.
Example
Your organization uses Data Integration and has licenses for Enterprise Data Catalog integration, file integration, and mass ingestion.
Your Secure Agent runs the following services:
•Data Integration Server
•EDC Search Agent
•File Integration Service
•Mass Ingestion
If you have issues with Enterprise Data Catalog search, you can stop the EDC Search Agent service while you perform troubleshooting. When you stop the EDC Search Agent service, you cannot perform data catalog discovery in Data Integration. However, jobs processed by the other services on this agent such as mappings, tasks, taskflows, and AS2 file transfers continue to run.
Guidelines for stopping and starting services
Use the following guidelines when you stop and start services on a Secure Agent:
•Use caution when you stop services on a Secure Agent because stopping services can cause job failures.
When you stop a service, any job that requires the service and is currently running on the agent stops. If there are no other agents in the group, the job can no longer run. If there are other agents in the group, you can restart the job and it will run on a different agent.
•Do not stop the Data Integration Server on an agent if you store connection properties with the agent.
If you store connection properties with a local Secure Agent and you stop the Data Integration Server on the agent, users will not be able to access any connections or run tasks in the organization. Any job that is currently running on the agent also fails.
•Do not stop and start services to reserve a Secure Agent group for certain types of jobs.
If you want to reserve a Secure Agent group for certain types of jobs, you can enable the required services for the Secure Agent group and disable other services. For more information about enabling and disabling services for a Secure Agent group, see Service assignment for Secure Agent groups.
Stopping a Service
You can stop a service that is in the "Up and Running" or "Error" state. Stopping a service stops all versions of the service that are running. After a service stops, you can start the latest version of the service.
Note: If you stop a service and then restart the Secure Agent, the service remains stopped until you start it.
1In Administrator, select Runtime Environments.
2On the Runtime Environments page, click the name of the Secure Agent.
Note: You might have to expand the Secure Agent group to see the list of Secure Agents within the group.
3Click the Details tab.
4In the Agent Service Start or Stop area, select the service that you want to stop.
5Click Stop.
The service stops, and Informatica Intelligent Cloud Services adds an entry in the audit log indicating that the service was stopped by a user.
Starting a Service
You can start a service that is in the "Stopped" state. Starting a service starts the latest version of the service.
1In Administrator, select Runtime Environments.
2On the Runtime Environments page, click the name of the Secure Agent.
Note: You might have to expand the Secure Agent group to see the list of Secure Agents within the group.
3Click the Details tab.
4In the Agent Service Start or Stop area, select the service that you want to start.
5Click Start.
Informatica Intelligent Cloud Services attempts to start the service. After the service starts, the status changes to "Up and Running." If the service fails to start, check the audit log to find the cause of the error.
Configuring agent blackout periods
You can configure blackout periods for a Secure Agent. Blackout periods prevent data integration jobs from running on the agent during a certain period. Configure an agent blackout period to configure specific hours, days, or intervals in which no data integration jobs can run on the agent.
Agent blackout periods stop the Data Integration Server service from running jobs on a Secure Agent during the blackout period. They do not prevent other types of jobs from running on the agent. Configure an agent blackout period in the following circumstances:
•The Data Integration Server is the only service enabled on the agent and you want to stop all data integration jobs from running during a certain period.
•The Secure Agent runs multiple services and you want to stop only the data integration jobs from running during a certain period.
Note: The agent blackout period is different than the schedule blackout period for the organization. During an organization's schedule blackout period, no jobs can run on any agent. For more information about schedule blackout periods, see Configuring a blackout period.
To configure a blackout period on a Secure Agent, you must create a blackout file. The blackout file is an XML file that specifies the repeat frequency, start date, and end date for each blackout period.
For example, the following blackout file contains two blackout periods: one blackout period from July 27, 5:00 AM through July 28, 11:00 PM and a second blackout period that repeats on Fridays from 2:00-4:00 PM:
If you want to use a different file name and directory, you can override the file name and file path.
After you create a blackout file, restart the Data Integration Server service on the Secure Agent so that the blackout periods take effect.
Overriding the blackout file name and directory
You can override the blackout file name and directory.
To do this, set the following custom property for the Data Integration Server on the agent details page:
Service
Type
Name
Value
Data Integration Server
Tomcat
BlackoutWindowsFile
File path and file name for the blackout file. For example:
C:/AgentBlackouts/Agent001Blackouts.dat
Note: Use forward slashes (/) in the file path on both Windows and UNIX machines because the Secure Agent interprets backslashes (\) as escape characters.
The file path must be accessible by the Secure Agent.
The blackout file is an XML file that contains elements that define each blackout period and the frequency, start time, and end time for each blackout period.
Contains a BlackoutWindow element for each blackout period.
Must contain one or more BlackoutWindow elements.
BlackoutWindow
Required
Defines one blackout period.
Must contain one RepeatFrequency element, one Start element, and one End element.
RepeatFrequency
Required
Repeat frequency for the blackout period.
Must contain one of the following values:
- OneTime
- Daily
- Weekdays
- Sunday
- Monday
- Tuesday
- Wednesday
- Thursday
- Friday
- Saturday
Start
Required
Blackout period start time in the format yyyy-mm-dd hh24:mi:ss. For example, 2019-07-25 10:26:55.
The time zone is the Secure Agent time zone.
End
Required
Blackout period end time in the format yyyy-mm-dd hh24:mi:ss. For example, 2019-07-26 11:45:00.
The time zone is the Secure Agent time zone.
Do not enclose element values in quotation marks.
Renaming a Secure Agent
By default, the name of a Secure Agent is the same as the name of the machine where you installed the agent. You can change the agent name.
1On the Runtime Environments page, click the name of the Secure Agent.
Note: You might have to expand the Secure Agent group to see the list of Secure Agents within the group.
2Click the Details tab.
3In the upper right corner, click Edit.
4Enter a new name in the Agent Name field.
5Click Save.
Deleting a Secure Agent
Delete a Secure Agent if you no longer need it to run tasks. Delete a Secure Agent on the Runtime Environments page.
Note: You cannot delete a Secure Agent if it is used in a connection or a task. For example, if the Secure Agent is the only agent in a group, and the group is used as the runtime environment for a connection or task, you cannot delete the agent.
1In Administrator, select Runtime Environments.
2Expand the Actions menu for the Secure Agent and select Delete Secure Agent.
If the Secure Agent is running, a warning message appears. Stopping an active Secure Agent prevents scheduled tasks associated with the Secure Agent from running. Ignore the warning if you do not need the Secure Agent.
If you no longer need the Secure Agent, uninstall the Secure Agent after you delete it.
Upgrading a Secure Agent
The Secure Agent upgrades automatically the first time that you access a new Informatica Intelligent Cloud Services release. The upgrade process installs a new version of the Secure Agent, updates connector packages, and applies configuration changes for the microservices that run on the agent. You do not need to upgrade the Secure Agent manually.
However, to prepare for an upgrade, you might need to perform tasks such as ensuring that each Secure Agent machine has enough disk space available for the upgrade. For more information about preparing for an upgrade, see Administrator What's New.
Secure Agent Manager
When you install the Secure Agent on Windows, you also install the Informatica Cloud Secure Agent Manager. The Secure Agent runs as a Windows service. You can launch the Secure Agent Manager from the Windows Start menu or the desktop icon.
Use the Secure Agent Manager to perform the following tasks:
•View the status of the Secure Agent and the services that the Secure Agent runs.
•Stop and restart the Secure Agent.
•Configure Windows settings such as proxy settings and a Windows Secure Agent service login.
The Secure Agent Manager displays the status of the Secure Agent and the services that the Secure Agent runs. If the Secure Agent or one of the services that the Secure Agent runs is not starting or not running, the Secure Agent Manager displays an alert message and a link that you can click to view details.
When you close the Secure Agent Manager, it minimizes to the Windows taskbar for quick access. Closing the Secure Agent Manager does not stop the Secure Agent. When the Secure Agent Manager is minimized, you can view the Secure Agent status by hovering over the Secure Agent Manager icon.
Configuring a proxy to exclude non-proxy hosts
A proxy server allows indirect connection to network services for security and performance reasons. For example, you can use a proxy server to get through a firewall, and some proxies provide caching mechanisms. When you configure a proxy server for the Informatica Cloud Secure Agent, you can exclude certain IP addresses and host names from the proxy.
When you configure a proxy server for the Informatica Cloud Secure Agent, you define the minimum required settings in the Secure Agent Manager. Informatica Intelligent Cloud Services updates the following file and adds other properties that you can edit manually:
The property, InfaAgent.NonProxyHost, enables you to exclude IP addresses or host names. By default, Informatica Intelligent Cloud Services adds localhost as the value for InfaAgent.NonProxyHost when you initially configure the proxy server:
Note: You can combine a list of host names and IP addresses using the pipe character (|) as a delimiter. You can also enter a wildcard to the left for host names or to the right for IP addresses.
3Restart the Secure Agent so that the changes take effect.
Stopping and restarting the Secure Agent on Windows
The Secure Agent Manager displays the Secure Agent status. You can use the Secure Agent Manager to stop or restart the Secure Agent.
Launch the Secure Agent Manager from the Windows Start menu. If the Secure Agent Manager is active, you can click the Informatica Cloud Secure Agent Manager icon in the Windows taskbar notification area to open the Secure Agent Manager.
To stop the Secure Agent from the Secure Agent Manager, click Stop. To restart the Secure Agent, click Restart. The Secure Agent Manager displays a message when the action is complete.
When you close the Secure Agent Manager, it minimizes to the Windows taskbar notification tray. Closing the Secure Agent Manager does not stop the Secure Agent.
Starting and stopping the Secure Agent on Linux
After you download the Secure Agent program files on a Linux machine, you can run the Secure Agent as a Linux process. Manually start the Secure Agent process on Linux.
1From the command line, navigate to the following directory:
