On Linux, the Secure Agent runs as a process. You can use a shell command line to install, register, start, stop, and uninstall the Secure Agent.
You can also use the shell command line to check the Secure Agent status.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Consider the following guidelines:
•Create a specific user profile to install the Secure Agent with full access to all folders from the Secure Agent installation directory. Don't install the Secure Agent as the root user.
•You can't install more than one Secure Agent on the same machine under the same user account. Multiple agents may exist under different user accounts.
•Don't install the Secure Agent on any node within the Informatica domain.
Secure Agent requirements on Linux
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services. Before you install the Secure Agent on Linux, verify the system requirements.
Verify the following requirements before you install the Secure Agent on Linux:
•Verify that the Secure Agent machine is running the x86 64-bit architecture, with at least 11 GB free disk space.
•Verify that the libidn.x86_64 package is installed.
If the package isn't present, install it using the following command: sudo yum install libidn.x86_64
Note: The command to install the package might vary based on your Linux distribution.
•Verify that the libidn.so.* libraries are installed.
If the libraries aren't present, run the following commands:
1Change to the appropriate directory on the Secure Agent machine.
▪ For 64-bit systems: cd /usr/lib/x86_64-linux-gnu
▪ For 32-bit systems: cd /usr/lib/i386-linux-gnu
2Create a symbolic link using the following command:
sudo ln -s libidn.so.12 libidn.so.11
If you are installing the Secure Agent on RHEL 9, create an additional symbolic link using the following command:
sudo ln -s libidn2.so.0 libidn.so.11
•If you are installing the Secure Agent on RHEL 9, verify that the libnsl library is installed.
If the library isn't present, install it using the following command: sudo yum install libnsl
Note: The command to install the package might vary based on your Linux distribution.
To verify whether libnsl is present, use one of the following commands: ldconfig -p | grep libnsl or which libnsl.
•The account that you use to install the Secure Agent must have access to all remote directories that contain flat source or target files.
• If you use PowerCenter, install the Secure Agent using a different user account than the account you used to install PowerCenter.
Informatica Intelligent Cloud Services and PowerCenter use some common environment variables. If the environment variables are not set correctly for Informatica Intelligent Cloud Services, your jobs might fail at run time.
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services domain name or IP address ranges in the list of approved domain names or IP addresses. To ensure that the Secure Agent can perform all necessary tasks through the firewall, enable the port that the Secure Agent uses.
The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
The allowlists of domains and IP addresses can vary according to your POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
For the allowlists of Informatica Intelligent Cloud Services domains and IP addresses for different PODs, see Pod Availability and Networking on the Documentation Portal or click the link at the top of the Runtime Environments page in Administrator.
Setting Secure Agent permissions on Linux
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Linux, the Secure Agent must have read/write/execute permissions for the installation directory.
Downloading and installing the Secure Agent on Linux
To install the Secure Agent on a Linux machine, you must download and run the Secure Agent installation program and then register the agent.
Secure Agent registration requires an install token. To get the install token, copy the token when you download the agent or use the Generate Install Token option in Administrator. The token expires after 24 hours.
When you register the agent, it is added to its own Secure Agent group by default. You can add the agent to a different Secure Agent group.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine using the same Linux user account. If there is, you must uninstall it.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Secure Agent.
3Select the Linux 64-bit operating system platform, copy the install token, and then click Download.
The installation program is downloaded to your machine. The name of the installation program is agent64_install_ng_ext.<agent core version>.bin.
4Save the installation program to a directory on the machine where you want to run the Secure Agent.
Note: If the file path contains spaces, the installation might fail.
5From a shell command line, navigate to the directory where you downloaded the installation program and enter the following command:
./agent64_install_ng_ext.bin -i console
6When the installer completes, navigate to the following directory:
7To start the Secure Agent, enter the following command:
./infaagent startup
The Secure Agent Manager starts. You must register the agent using the user name that you use to access Informatica Intelligent Cloud Services. You must also supply the install token.
8If you did not copy the install token when you downloaded the agent, click Generate Install Token on the Runtime Environments page in Administrator, and copy the token.
9To register the agent, in the <Secure Agent installation directory>/apps/agentcore directory, enter one of the following commands using your Informatica Intelligent Cloud Services user name and the token that you copied:
- To add the agent to its own Secure Agent group, use the following command:
- To add the agent to an existing Secure Agent group, use the following command:
./consoleAgentManager.sh configureTokenWithRuntime <user name> <install token> <Secure Agent group name>
Note: If the command includes a Secure Agent group name that doesn't exist, the Secure Agent is not assigned to a group. Be sure to use a valid Secure Agent group name.
The following table lists the command options:
Option
Description
User Name
Required. Informatica Intelligent Cloud Services user name of the user installing the Secure Agent.
Install Token
Required. The install token that you copied.
Secure Agent group name
Optional. Include when you want to add the agent to an existing Secure Agent group instead. If this option isn’t included in the command, the agent will be in its own Secure Agent group.
You can check the registration status of a Secure Agent using the following command:
./consoleAgentManager.sh isConfigured
Configuring the proxy settings in Linux
If your organization uses an outgoing proxy server to connect to the internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server.
The Secure Agent installer configures the proxy server settings for the Secure Agent based on settings configured in the browser. You can update the proxy server settings defined for the Secure Agent from the command line. The Secure Agent works with BASIC, DIGEST, and NTLMv2 proxy authentication.
To configure the proxy server settings for the Secure Agent on a Linux machine, use a shell command that updates the proxy.ini file. Contact the network administrator to determine the proxy settings.
Note: To avoid potential issues, don't change the settings by editing the proxy.ini file manually.
You can uninstall the Secure Agent. You might uninstall the Secure Agent if you no longer want to run the Secure Agent on the machine or if you want to reinstall the Secure Agent.
Before you uninstall the Secure Agent, verify that no connection or task is configured to use it.
1From the command line, navigate to the following directory:
2Stop the Secure Agent Linux process by entering the following command:
./infaagent shutdown
3To uninstall the Secure Agent, run rm -rf on the directory where you installed the Secure Agent to remove Secure Agent files.
Configuring a proxy server for the Secure Agent
A proxy server allows indirect connection to network services for security and performance reasons. For example, you can use a proxy server to get through a firewall, and some proxies provide caching mechanisms.
When you configure a proxy server for the Informatica Cloud Secure Agent, you define the minimum required settings in the Secure Agent Manager. Informatica Intelligent Cloud Services updates the following file and adds other properties that you can edit manually:
When you configure a proxy server for the Informatica Cloud Secure Agent, you can set InfaAgent.NonProxyHost to exclude certain IP addresses and host names from the proxy. For example, when you use managed identity authentication to connect to an Azure source or target in a mapping that runs in advanced mode, exclude the IP address of the metadata service, 169.254.169.254.