On Linux, the Secure Agent runs as a process. You can use a shell command line to install, register, start, stop, and uninstall the Secure Agent.
You can also use the shell command line to check the Secure Agent status.
When you install a Secure Agent, you perform the following tasks:
1Verify that the machine meets the minimum requirements.
2Download the Secure Agent installer files.
3Install and register the Secure Agent.
Consider the following guidelines:
•Create a specific user profile to install the Secure Agent with full access to all folders from the Secure Agent installation directory. Don't install the Secure Agent as the root user.
•You can't install more than one Secure Agent on the same machine under the same user account. Multiple agents may exist under different user accounts.
•Don't install the Secure Agent on any node within the Informatica domain.
Secure Agent requirements on Linux
You can install the Secure Agent on any machine that has internet connectivity and can access Informatica Intelligent Cloud Services. Before you install the Secure Agent on Linux, verify the system requirements.
Verify the following requirements before you install the Secure Agent on Linux:
•Verify that the Secure Agent machine is running the x86 64-bit architecture, with at least 11 GB free disk space.
•Verify that the libidn.x86_64 package is installed.
If the package isn't present, install it using the following command: sudo yum install libidn.x86_64
Note: The command to install the package might vary based on your Linux distribution.
•Verify that the libidn.so.* libraries are installed.
If the libraries aren't present, run the following commands:
1Change to the appropriate directory on the Secure Agent machine.
▪ For 64-bit systems: cd /usr/lib/x86_64-linux-gnu
▪ For 32-bit systems: cd /usr/lib/i386-linux-gnu
2Create a symbolic link using the following command:
sudo ln -s libidn.so.12 libidn.so.11
If you are installing the Secure Agent on RHEL 9, create an additional symbolic link using the following command:
sudo ln -s libidn2.so.0 libidn.so.11
•The account that you use to install the Secure Agent must have access to all remote directories that contain flat source or target files.
• If you use PowerCenter, install the Secure Agent using a different user account than the account you used to install PowerCenter.
Informatica Intelligent Cloud Services and PowerCenter use some common environment variables. If the environment variables are not set correctly for Informatica Intelligent Cloud Services, your jobs might fail at run time.
A Secure Agent requires certain permissions to transfer data between sources and targets.
When you install a Secure Agent on Linux, the Secure Agent must have read/write/execute permissions for the installation directory.
Downloading and installing the Secure Agent on Linux
To install the Secure Agent on a Linux machine, you must download and run the Secure Agent installation program and then register the agent.
Secure Agent registration requires an install token. To get the install token, copy the token when you download the agent or use the Generate Install Token option in Administrator. The token expires after 24 hours.
When you register the agent, it is added to its own Secure Agent group by default. You can add the agent to a different Secure Agent group.
Before you download and install the Secure Agent, verify that no other Secure Agent is installed on the machine using the same Linux user account. If there is, you must uninstall it.
Tip: To verify the checksum of the Secure Agent installation program, use the agent REST API version 2 resource. For more information about the agent resource, see REST API Reference.
1Open Administrator and select Runtime Environments.
2On the Runtime Environments page, click Download Secure Agent.
3Select the Linux 64-bit operating system platform, copy the install token, and then click Download.
The installation program is downloaded to your machine. The name of the installation program is agent64_install_ng_ext.<agent core version>.bin.
4Save the installation program to a directory on the machine where you want to run the Secure Agent.
Note: Ensure that the file path doesn't contain spaces or multibyte characters. If the file path contains spaces, the installation might fail. If the path contains multibyte characters, the Secure Agent might not start.
5From a shell command line, navigate to the directory where you downloaded the installation program and enter the following command:
./agent64_install_ng_ext.bin -i console
6When the installer completes, navigate to the following directory:
7To start the Secure Agent, enter the following command:
./infaagent startup
The Secure Agent Manager starts. You must register the agent using the user name that you use to access Informatica Intelligent Cloud Services. You must also supply the install token.
8If you did not copy the install token when you downloaded the agent, click Generate Install Token on the Runtime Environments page in Administrator, and copy the token.
9To register the agent, in the <Secure Agent installation directory>/apps/agentcore directory, enter one of the following commands using your Informatica Intelligent Cloud Services user name and the token that you copied:
- To add the agent to its own Secure Agent group, use the following command:
- To add the agent to an existing Secure Agent group, use the following command:
./consoleAgentManager.sh configureTokenWithRuntime <user name> <install token> <Secure Agent group name>
Note: If the command includes a Secure Agent group name that doesn't exist, the Secure Agent is not assigned to a group. Be sure to use a valid Secure Agent group name.
The following table lists the command options:
Option
Description
User Name
Required. Informatica Intelligent Cloud Services user name of the user installing the Secure Agent.
Install Token
Required. The install token that you copied.
Secure Agent group name
Optional. Include when you want to add the agent to an existing Secure Agent group instead. If this option isn’t included in the command, the agent will be in its own Secure Agent group.
You can check the registration status of a Secure Agent using the following command:
./consoleAgentManager.sh isConfigured
Configuring the firewall
If your organization uses a protective firewall, include the Informatica Intelligent Cloud Services and Operational Insights domain name or IP address ranges for your region in the list of approved domain names or IP addresses. You must also configure Secure Agents used by the domains Operational Insights monitors to use the approved IP address ranges.
You should also enable the port that the Secure Agent uses. The Secure Agent uses port 443 (HTTPS) to connect to the internet. Configure your firewall to allow traffic to pass over port 443.
You must add the domain name or IP address ranges required by both Informatica Intelligent Cloud Services and Operational Insights to your list of approved domain names or IP addresses.
The allowlists of domains and IP addresses can vary according to your data center, which is also called a POD (Point of Deployment). You can identify your POD through the URL that appears when you open any service in Informatica Intelligent Cloud Services. The first few characters of the URL string identify the POD. For example, if the URL starts with usw3.dm-us.informaticacloud.com, your POD is USW3.
You can find the domains and IP addresses to allowlist for Informatica Intelligent Cloud Services in the following KB article on Informatica Network:
To configure a Secure Agent to use the approved IP address ranges, complete the steps below:
1 Add either the domain names or the IP address ranges for your region to your list of approved addresses.
2Log in to Operational Insights.
3Select a domain, and then click the Details tab.
4Locate the name of the Secure Agent the domain uses in the Secure Agent Group property.
5Click Secure Agents in the left hand navigation bar.
6Select a Secure Agent, then click Manage.
The Details page for the Secure Agent opens in the Administrator application.
7Click Edit.
8Click the + symbol next to a property in the Custom Configuration section of the page to add a new custom property.
9Select OpsInsights Data Collector from the Service menu, and then select OpsInsights from the Type menu.
10Enter useStaticIP in the Name field, and then enter true in the Value field.
11Click Save.
Updating proxy settings through the command line
To update proxy hosts, proxy ports, and the username and password to connect to the proxy server, use the command line to update the proxy configuration file.
You can uninstall the Secure Agent. You might uninstall the Secure Agent if you no longer want to run the Secure Agent on the machine or if you want to reinstall the Secure Agent.
Before you uninstall the Secure Agent, verify that no connection or task is configured to use it.
1From the command line, navigate to the following directory: