You can install Secure Agents on Windows or Linux.
Installing in Windows
On Windows, the Secure Agent runs as a Windows service. When you install the Secure Agent, you also install the Informatica Cloud Secure Agent Manager.
By default, the Secure Agent starts when you start Windows. You can stop and restart the Secure Agent using the Secure Agent Manager or Windows Services. If you install the Secure Agent on a different volume than you use to run the installation program, you must start and stop the Secure Agent from Windows Services.
You can also use the Secure Agent Manager to check the Secure Agent status and configure proxy information. The Secure Agent works with BASIC, DIGEST, and NTLMv2 proxy authentication.
You can launch the Secure Agent Manager from the Start menu or desktop icon. When you close the Secure Agent Manager, it minimizes to the Windows taskbar notification area for quick access.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Secure Agent requirements on Windows
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services.
Verify the following requirements before you install the Secure Agent on Windows:
•The Secure Agent machine has the Microsoft Visual C++ 2015 Redistributable.
•The Secure Agent machine has the following attributes at a minimum:
- x86 64-bit architecture
- 4 CPU cores
- 16 GB RAM
- 5 GB free disk space
•The Secure Agent machine is on a volume with at least 250GB disk space, with at least 5 GB free space or three times the size of the Secure Agent installation, whichever is greater.
•The account you use to install the Secure Agent has access to all remote directories that contain flat source or target files.
•No other Secure Agent is installed on the machine. If another Secure Agent is installed on the machine, uninstall it first.
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services domain name or IP address ranges in the list of approved domain names or IP addresses. To ensure that the Secure Agent can perform all necessary tasks through the firewall, enable the port that the Secure Agent uses.
The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
The allowlists of domains and IP addresses can vary according to your POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
For the allowlists of Informatica Intelligent Cloud Services domains and IP addresses for different PODs, see Pod Availability and Networking on the Documentation Portal or click the link at the top of the Runtime Environments page in Administrator.
Setting Secure Agent permissions on Windows
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Windows, the Secure Agent must be part of the local Administrators group.
Configuring Windows settings
Before you use the Secure Agent on Windows, configure proxy settings and a Windows Secure Agent service login.
You can configure proxy settings in Secure Agent Manager. Configure a login for the Windows Secure Agent service on Windows.
Note: If you use the Secure Agent for Informatica Cloud Data Wizard, you do not need to configure proxy settings or a Windows service login for the Secure Agent.
Downloading and installing the Secure Agent on Windows
To install the Secure Agent on a Windows machine, you must download and run the Secure Agent installation program and then register the agent.
Secure Agent registration requires an install token. To get the install token, copy the token when you download the agent or use the Generate Install Token option in Administrator. The token expires after 24 hours.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine. If any other Secure Agent exists, you must uninstall it.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Secure Agent.
3Select the Windows 64-bit operating system platform, copy the install token, and then click Download.
The installation program is downloaded to your machine. The name of the installation program is agent64_install_ng_ext.<agent core version>.exe.
4Run the installation program as an Administrator:
aSpecify the Secure Agent installation directory, and click Next.
Note: Ensure that the file path doesn't contain multibyte characters. If the path contains multibyte characters, the Secure Agent might not start.
bClick Install to install the agent.
The Cloud Secure Agent dialog box opens and prompts you to register the agent as shown in the following image:
5If you did not copy the install token when you downloaded the agent, click Generate Install Token on the Runtime Environments page in Administrator, and copy the token.
6In the Secure Agent Manager, enter the following information, and then click Register:
Option
Description
User Name
User name that you use to access Informatica Intelligent Cloud Services.
Install Token
Token that you copied.
The Secure Agent Manager displays the status of the Secure Agent. It takes a minute for all of the services to start.
7If your organization uses an outgoing proxy server to connect to the internet, enter the proxy server information.
8Close the Secure Agent Manager.
The Secure Agent Manager minimizes to the taskbar and continues to run as a service until stopped.
Configuring the proxy settings in Windows
If your organization uses an outgoing proxy server to connect to the internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server. The Secure Agent installer configures the proxy server settings for the Secure Agent based on settings configured in the browser. You can change the proxy server settings through the Secure Agent Manager.
Contact your network administrator for the correct proxy settings.
Note: Don't update your proxy details by manually updating the proxy configuration file, because this might cause issues. Always use the Secure Agent Manager.
1In the Secure Agent Manager, click Proxy.
2To enter proxy server settings, click Use a Proxy Server.
3Enter the following information:
Field
Description
Proxy Host
Required. Host name of the outgoing proxy server that the Secure Agent uses.
Proxy Port
Required. Port number of the outgoing proxy server.
User Name
User name to connect to the outgoing proxy server.
Password
Password to connect to the outgoing proxy server.
4Click OK.
The Secure Agent Manager restarts the Secure Agent to apply the settings.
Configuring a login for a Windows Secure Agent service
On Windows, configure a network login for the Secure Agent service. The Secure Agent can access the network with the privileges and permissions associated with the login.
Configure a login for the Secure Agent machine to allow the Secure Agent to access directories to configure and run tasks. When you configure connections, configure tasks, and run tasks that use flat file or FTP/SFTP connection types, the Secure Agent might require read and write permissions on the related directories.
For example, to browse to a directory to configure a flat file or FTP/SFTP connection, the Secure Agent login might require permission to access the directory. Without a Secure Agent login with the appropriate permissions, Informatica Intelligent Cloud Services cannot display the directory in the Browse for Directory dialog box.
1Go to the Services window from the Windows Administrative tools.
2In the Services window, right-click the Informatica Cloud Secure Agent service and choose Properties.
3In the Properties dialog box, click the Log On tab.
4To configure a login, select This Account.
5Enter an account and password.
Use an account with the required privileges and permissions for the network security defined for the domain. By default, the account format is <domain name>\<user name>.
6Click OK.
7In the Services window, restart the Secure Agent service for the changes to take effect.
Uninstalling the Secure Agent in Windows
You can uninstall the Secure Agent. You might uninstall the Secure Agent if you no longer want to run the Secure Agent on the machine or if you want to reinstall the Secure Agent.
Before you uninstall the Secure Agent, verify that no connection or task is configured to use it.
4Delete any remaining files in the installation directory.
After you uninstall the Secure Agent, delete all files and directories associated with the Secure Agent installation.
Note: Uninstalling the Secure Agent does not delete log files from the Secure Agent directory. If you want to reinstall a Secure Agent on the machine, you must delete all files and directories associated with the Secure Agent installation or reinstallation will fail. If you want to save the log files, copy them to a different directory, and then delete the Secure Agent installation directory.
Installing in Linux
On Linux, the Secure Agent runs as a process. You can use a shell command line to install, register, start, stop, and uninstall the Secure Agent.
You can also use the shell command line to check the Secure Agent status.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Consider the following guidelines:
•Create a specific user profile to install the Secure Agent with full access to all folders from the Secure Agent installation directory. Don't install the Secure Agent as the root user.
•You can't install more than one Secure Agent on the same machine under the same user account. Multiple agents may exist under different user accounts.
•Don't install the Secure Agent on any node within the Informatica domain.
Secure Agent requirements on Linux
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services. Before you install the Secure Agent on Linux, verify the system requirements.
Verify the following requirements before you install the Secure Agent on Linux:
•Verify that the Secure Agent machine is running the x86 64-bit architecture, with at least 11 GB free disk space.
•Verify that the libidn.x86_64 package is installed.
If the package isn't present, install it using the following command: sudo yum install libidn.x86_64
Note: The command to install the package might vary based on your Linux distribution.
•Verify that the libidn.so.* libraries are installed.
If the libraries aren't present, run the following commands:
1Change to the appropriate directory on the Secure Agent machine.
▪ For 64-bit systems: cd /usr/lib/x86_64-linux-gnu
▪ For 32-bit systems: cd /usr/lib/i386-linux-gnu
2Create a symbolic link using the following command:
sudo ln -s libidn.so.12 libidn.so.11
If you are installing the Secure Agent on RHEL 9, create an additional symbolic link using the following command:
sudo ln -s libidn2.so.0 libidn.so.11
•If you are installing the Secure Agent on RHEL 9, verify that the libnsl library is installed.
If the library isn't present, install it using the following command: sudo yum install libnsl
Note: The command to install the package might vary based on your Linux distribution.
To verify whether libnsl is present, use one of the following commands: ldconfig -p | grep libnsl or which libnsl.
•The account that you use to install the Secure Agent must have access to all remote directories that contain flat source or target files.
• If you use PowerCenter, install the Secure Agent using a different user account than the account you used to install PowerCenter.
Informatica Intelligent Cloud Services and PowerCenter use some common environment variables. If the environment variables are not set correctly for Informatica Intelligent Cloud Services, your jobs might fail at run time.
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services domain name or IP address ranges in the list of approved domain names or IP addresses. To ensure that the Secure Agent can perform all necessary tasks through the firewall, enable the port that the Secure Agent uses.
The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
The allowlists of domains and IP addresses can vary according to your POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
For the allowlists of Informatica Intelligent Cloud Services domains and IP addresses for different PODs, see Pod Availability and Networking on the Documentation Portal or click the link at the top of the Runtime Environments page in Administrator.
Setting Secure Agent permissions on Linux
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Linux, the Secure Agent must have read/write/execute permissions for the installation directory.
Downloading and installing the Secure Agent on Linux
To install the Secure Agent on a Linux machine, you must download and run the Secure Agent installation program and then register the agent.
Secure Agent registration requires an install token. To get the install token, copy the token when you download the agent or use the Generate Install Token option in Administrator. The token expires after 24 hours.
When you register the agent, it is added to its own Secure Agent group by default. You can add the agent to a different Secure Agent group.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine using the same Linux user account. If there is, you must uninstall it.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Secure Agent.
3Select the Linux 64-bit operating system platform, copy the install token, and then click Download.
The installation program is downloaded to your machine. The name of the installation program is agent64_install_ng_ext.<agent core version>.bin.
4Save the installation program to a directory on the machine where you want to run the Secure Agent.
Note: Ensure that the file path doesn't contain spaces or multibyte characters. If the file path contains spaces, the installation might fail. If the path contains multibyte characters, the Secure Agent might not start.
5From a shell command line, navigate to the directory where you downloaded the installation program and enter the following command:
./agent64_install_ng_ext.bin -i console
6When the installer completes, navigate to the following directory:
7To start the Secure Agent, enter the following command:
./infaagent startup
The Secure Agent Manager starts. You must register the agent using the user name that you use to access Informatica Intelligent Cloud Services. You must also supply the install token.
8If you did not copy the install token when you downloaded the agent, click Generate Install Token on the Runtime Environments page in Administrator, and copy the token.
9To register the agent, in the <Secure Agent installation directory>/apps/agentcore directory, enter one of the following commands using your Informatica Intelligent Cloud Services user name and the token that you copied:
- To add the agent to its own Secure Agent group, use the following command:
- To add the agent to an existing Secure Agent group, use the following command:
./consoleAgentManager.sh configureTokenWithRuntime <user name> <install token> <Secure Agent group name>
Note: If the command includes a Secure Agent group name that doesn't exist, the Secure Agent is not assigned to a group. Be sure to use a valid Secure Agent group name.
The following table lists the command options:
Option
Description
User Name
Required. Informatica Intelligent Cloud Services user name of the user installing the Secure Agent.
Install Token
Required. The install token that you copied.
Secure Agent group name
Optional. Include when you want to add the agent to an existing Secure Agent group instead. If this option isn’t included in the command, the agent will be in its own Secure Agent group.
You can check the registration status of a Secure Agent using the following command:
./consoleAgentManager.sh isConfigured
Configuring the proxy settings in Linux
If your organization uses an outgoing proxy server to connect to the internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.
The Secure Agent installer configures the proxy server settings for the Secure Agent based on settings configured in the browser. You can update the proxy server settings defined for the Secure Agent from the command line. The Secure Agent works with BASIC, DIGEST, and NTLMv2 proxy authentication.
To configure the proxy server settings for the Secure Agent on a Linux machine, use a shell command that updates the proxy.ini file. Contact the network administrator to determine the proxy settings.
Note: To avoid potential issues, don't change the settings by editing the proxy.ini file manually.
You can uninstall the Secure Agent. You might uninstall the Secure Agent if you no longer want to run the Secure Agent on the machine or if you want to reinstall the Secure Agent.
Before you uninstall the Secure Agent, verify that no connection or task is configured to use it.
1From the command line, navigate to the following directory:
