On Linux, the Secure Agent runs as a process. You can use a shell command line to install, register, start, stop, and uninstall the Secure Agent.
You can also use the shell command line to check the Secure Agent status.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Consider the following guidelines:
•Create a specific user profile to install the Secure Agent with full access to all folders from the Secure Agent installation directory. Don't install the Secure Agent as the root user.
•You can't install more than one Secure Agent on the same machine under the same user account. Multiple agents may exist under different user accounts.
•Don't install the Secure Agent on any node within the Informatica domain.
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services. Before you install the Secure Agent on Linux, verify the system requirements.
Verify the following requirements before you install the Secure Agent on Linux:
•Verify that the machine has at least 11 GB free disk space.
•Verify that the libidn.x86_64 package is installed.
If the package isn't present, install it using the following command: sudo yum install libidn.x86_64
Note: The command to install the package might vary based on your Linux distribution.
•Verify that the libidn.so.* libraries are installed.
If the libraries aren't present, install them using the following commands:
- For 64-bit systems: cd /usr/lib/x86_64-linux-gnu
- For 32-bit systems: cd /usr/lib/i386-linux-gnu
After installing the libraries, create a symbolic link using the following command:
sudo ln -s libidn.so.12 libidn.so.11
•The account that you use to install the Secure Agent must have access to all remote directories that contain flat source or target files.
• If you use PowerCenter, install the Secure Agent using a different user account than the account you used to install PowerCenter.
Informatica Intelligent Cloud Services and PowerCenter use some common environment variables. If the environment variables are not set correctly for Informatica Intelligent Cloud Services, your jobs might fail at run time.
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services domain name or IP address ranges in the list of approved domain names or IP addresses. To ensure that the Secure Agent can perform all necessary tasks through the firewall, enable the port that the Secure Agent uses.
The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
The allowlists of domains and IP addresses can vary according to your data center, which is also called a POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
For the allowlists of Informatica Intelligent Cloud Services domains and IP addresses for different PODs, see Pod Availability and Networking in the documentation portal or click the link at the top of the Runtime Environments page in Administrator.
For information on the IP address ranges that you need to add to your list of approved IP addresses for AWS, see this Knowledge Base article on Informatica Network. You can follow this Knowledge Base article for receiving notifications on updates made to the article.
For information on the IP address ranges that you need to add to your list of approved IP addresses for Azure, see this Knowledge Base article on Informatica Network. You can follow this Knowledge Base article for receiving notifications on updates made to the article.
For information on the IP address ranges that you need to add to your list of approved IP addresses for GCP, see this Knowledge Base article on Informatica Network. You can follow this Knowledge Base article for receiving notifications on updates made to the article.
Secure Agent permissions on Linux
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Linux, the Secure Agent must have read/write/execute permissions for the installation directory.
Downloading and installing the Secure Agent on Linux
To install the Secure Agent on a Linux machine, download and run the Secure Agent installer and then register the agent.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine using the same Linux user account. If any other Secure Agent exists, you must uninstall it first.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Runtime Installer.
3Select Secure Agent as the Environment Type.
4Select Linux 64 as the Platform.
5Click Copy to copy the install token.
You will need this token to install the Secure Agent. The token expires after 24 hours. If the token expires before you install the Secure Agent, repeat steps 1 to 5 to obtain a new token. You don't need to download the installer again.
6Click Download.
The installer is downloaded to your machine. The name of the installer is agent64_install_ng_ext.<agent core version>.bin.
7Save the installer to a directory on the machine where you want to run the Secure Agent.
Note: Ensure that the file path doesn't contain spaces or multibyte characters. If the file path contains spaces, the installation might fail. If the path contains multibyte characters, the Secure Agent might not start.
8From a shell command line, navigate to the directory where you downloaded the installation program and enter the following command:
./agent64_install_ng_ext.bin -i console
9When the installer completes, navigate to the following directory:
10To start the Secure Agent, enter the following command:
./infaagent.sh startup
The Secure Agent Manager starts. Register the agent using the user name that you use to access Informatica Intelligent Cloud Services and also supply the install token.
11To register the agent, in the <Secure Agent installation directory>/apps/agentcore directory, enter one of the following commands using your Informatica Intelligent Cloud Services user name and the token that you copied:
- To add the agent to its own Secure Agent group, use the following command:
- To add the agent to an existing Secure Agent group, use the following command:
./consoleAgentManager.sh configureTokenWithRuntime <user name> <install token> <Secure Agent group name>
Note: If the command includes a Secure Agent group name that doesn't exist, the Secure Agent is not assigned to a group. Be sure to use a valid Secure Agent group name.
The following table lists the command options:
Option
Description
User Name
Required. Informatica Intelligent Cloud Services user name of the user installing the Secure Agent.
Install Token
Required. The install token that you copied when you downloaded the runtime installer.
Secure Agent group name
Optional. Include a group name when you want to add the agent to an existing Secure Agent group instead. If this option isn’t included in the command, the agent will be in its own Secure Agent group.
You can check the registration status of a Secure Agent using the following command:
./consoleAgentManager.sh isConfigured
Configure the proxy settings on Linux
If your organization uses an outgoing proxy server to connect to the internet, the Secure Agent connects to Informatica Intelligent Cloud Services through the proxy server. The Secure Agent installer configures the proxy server settings for the Secure Agent based on settings configured in the browser. Update the proxy server settings from the command line and in the Administrator service.
1Open a command prompt and navigate to the following directory: