On Linux, the Secure Agent runs as a process. You can use a shell command line to install, register, start, stop, and uninstall the Secure Agent.
You can also use the shell command line to check the Secure Agent status.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Consider the following guidelines:
•Create a specific user profile to install the Secure Agent with full access to all folders from the Secure Agent installation directory. Don't install the Secure Agent as the root user.
•You can't install more than one Secure Agent on the same machine under the same user account. Multiple agents may exist under different user accounts.
•Don't install the Secure Agent on any node within the Informatica domain.
Secure Agent requirements on Linux
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services. Before you install the Secure Agent on Linux, verify the system requirements.
Verify the following requirements before you install the Secure Agent on Linux:
•Verify that the Secure Agent machine is running the x86 64-bit architecture, with at least 11 GB free disk space.
•Verify that the libidn.x86_64 package is installed.
If the package isn't present, install it using the following command: sudo yum install libidn.x86_64
Note: The command to install the package might vary based on your Linux distribution.
•Verify that the libidn.so.* libraries are installed.
If the libraries aren't present, run the following commands:
1Change to the appropriate directory on the Secure Agent machine.
▪ For 64-bit systems: cd /usr/lib/x86_64-linux-gnu
▪ For 32-bit systems: cd /usr/lib/i386-linux-gnu
2Create a symbolic link using the following command:
sudo ln -s libidn.so.12 libidn.so.11
If you are installing the Secure Agent on RHEL 9, create an additional symbolic link using the following command:
sudo ln -s libidn2.so.0 libidn.so.11
•The account that you use to install the Secure Agent must have access to all remote directories that contain flat source or target files.
• If you use PowerCenter, install the Secure Agent using a different user account than the account you used to install PowerCenter.
Informatica Intelligent Cloud Services and PowerCenter use some common environment variables. If the environment variables are not set correctly for Informatica Intelligent Cloud Services, your jobs might fail at run time.
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services domain name or IP address ranges in the list of approved domain names or IP addresses. To ensure that the Secure Agent can perform all necessary tasks through the firewall, enable the port that the Secure Agent uses.
The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
The allowlists of domains and IP addresses can vary according to your POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
For the allowlists of Informatica Intelligent Cloud Services domains and IP addresses for different PODs, see Pod Availability and Networking on the Documentation Portal or click the link at the top of the Runtime Environments page in Administrator.
Setting Secure Agent permissions on Linux
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Linux, the Secure Agent must have read/write/execute permissions for the installation directory.
Downloading and installing the Secure Agent on Linux
To install the Secure Agent on a Linux machine, you must download and run the Secure Agent installation program and then register the agent.
Secure Agent registration requires an install token. To get the install token, copy the token when you download the agent or use the Generate Install Token option in Administrator. The token expires after 24 hours.
When you register the agent, it is added to its own Secure Agent group by default. You can add the agent to a different Secure Agent group.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine using the same Linux user account. If there is, you must uninstall it.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Secure Agent.
3Select the Linux 64-bit operating system platform, copy the install token, and then click Download.
The installation program is downloaded to your machine. The name of the installation program is agent64_install_ng_ext.<agent core version>.bin.
4Save the installation program to a directory on the machine where you want to run the Secure Agent.
Note: Ensure that the file path doesn't contain spaces or multibyte characters. If the file path contains spaces, the installation might fail. If the path contains multibyte characters, the Secure Agent might not start.
5From a shell command line, navigate to the directory where you downloaded the installation program and enter the following command:
./agent64_install_ng_ext.bin -i console
6When the installer completes, navigate to the following directory:
7To start the Secure Agent, enter the following command:
./infaagent startup
The Secure Agent Manager starts. You must register the agent using the user name that you use to access Informatica Intelligent Cloud Services. You must also supply the install token.
8If you did not copy the install token when you downloaded the agent, click Generate Install Token on the Runtime Environments page in Administrator, and copy the token.
9To register the agent, in the <Secure Agent installation directory>/apps/agentcore directory, enter one of the following commands using your Informatica Intelligent Cloud Services user name and the token that you copied:
- To add the agent to its own Secure Agent group, use the following command:
- To add the agent to an existing Secure Agent group, use the following command:
./consoleAgentManager.sh configureTokenWithRuntime <user name> <install token> <Secure Agent group name>
Note: If the command includes a Secure Agent group name that doesn't exist, the Secure Agent is not assigned to a group. Be sure to use a valid Secure Agent group name.
The following table lists the command options:
Option
Description
User Name
Required. Informatica Intelligent Cloud Services user name of the user installing the Secure Agent.
Install Token
Required. The install token that you copied.
Secure Agent group name
Optional. Include when you want to add the agent to an existing Secure Agent group instead. If this option isn’t included in the command, the agent will be in its own Secure Agent group.
You can check the registration status of a Secure Agent using the following command:
./consoleAgentManager.sh isConfigured
Configuring the proxy settings in Linux
If your organization uses an outgoing proxy server to connect to the internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.
The Secure Agent installer configures default proxy server settings for the Secure Agent based on settings configured in the browser. The proxy settings are stored in the proxy configuration file, proxy.ini, in the following directory:
To update proxy hosts and ports, as well as the username and password to connect to the proxy server, use the command line. The command line validates the values that you enter. For more information, see Updating proxy settings through the command line.
To update other properties, edit the proxy configuration file directly. When you edit the proxy configuration file, ensure that you use the correct formats to avoid errors. For more information, see Updating proxy settings in the proxy configuration file.
To allow the Secure Agent to connect to data sources and targets, configure proxy settings through JVM Options in addition to configuring the proxy configuration file. For more information, see the help for the appropriate connector.
Some use cases require the Secure Agent to bypass the proxy server and communicate directly with the instance metadata service (IMDS), which stores temporary security credentials. For example, bypassing the proxy server is required if you use an Azure managed identity to access sources and targets in a mapping in advanced mode and if you enable the Use EC2 Role to Assume Role property in an Amazon S3 V2 connection. To allow the agent to communicate directly with the IMDS, edit the proxy configuration file and set the IP address of the IMDS, 169.254.169.254, in the value for the property InfaAgent.NonProxyHost.
Contact your network administrator for the correct proxy settings.
Updating proxy settings through the command line
To update proxy hosts, proxy ports, and the username and password to connect to the proxy server, use the command line to update the proxy configuration file.
Updating proxy settings in the proxy configuration file
To update proxy settings that you can't update through the command line, edit the proxy configuration file directly.
1Open the proxy.ini file.
2Update the property values as required. Use the pipe character (|) as a delimiter to combine a list of host names and IP addresses. You can enter a wildcard to the left for host names or to the right for IP addresses.
For example, the following value uses two formats to exclude cluster IP addresses in the CIDR block 172.16.0.0/16:
3Restart the Secure Agent for the changes to take effect.
Uninstalling the Secure Agent in Linux
You can uninstall the Secure Agent. You might uninstall the Secure Agent if you no longer want to run the Secure Agent on the machine or if you want to reinstall the Secure Agent.
Before you uninstall the Secure Agent, verify that no connection or task is configured to use it.
1From the command line, navigate to the following directory: