Installation and Configuration Guide > Part III: Run the Big Data Suite Installer > Join a Domain and Install All Big Data Products > Configure the Domain

Configure the Domain

This task includes installer prompts to configure the domain. You will provide information to join a domain, configure the domain security, domain repository, and the encryption key for the domain.

When you complete the tasks, you will complete the installation.

Configure the Domain

After you review the Pre-Installation summary, you can enter the domain information.

1. Press 2 to join a domain.

The installer joins a node on the machine where you install.

2. Specify whether the domain you want to join has the secure communication option enabled.

Press 1 to join an unsecure domain or press 2 to join a secure domain.

3. Select the type of node you want to create.

The following table describes that types of nodes that you can create:

Property	Description
Configure this node as a gateway	Select whether to configure the node as a gateway or worker node. 1 - Yes 2 - No Select 1 to configure a gateway node or 2 to configure a worker node.

If you configure the node as a gateway, you can enable a secure HTTPS connection to the Informatica Administrator.

4. Specify the connection details to Informatica Administrator.

a. Specify whether to set up a secure HTTPS connection to the Informatica Administrator.

Option	Description
1 - Enable HTTPS for Informatica Administrator	Set up a secure connection to Informatica Administrator.
2 - Disable HTTPS	Do not set up a secure connection to Informatica Administrator.

b. If you enable HTTPS connection for the Informatica Administrator, enter the keystore file and port number to use to secure the connection.

Option	Description
Port	Port number for the HTTPS connection.
Keystore file	Select whether to use a keystore file generated by the installer or a keystore file you create. You can use a keystore file with a self-signed certificate or a certificate signed by a certification authority. 1 - Use a keystore generated by the installer 2 - Specify a keystore file and password If you select to use a keystore file generated by the installer, the installer creates a self-signed keystore file named Default.keystore in the following location: <Informatica installation directory>/tomcat/conf/

Option

Description

Port

Port number for the HTTPS connection.

Keystore file

Select whether to use a keystore file generated by the installer or a keystore file you create. You can use a keystore file with a self-signed certificate or a certificate signed by a certification authority.

1 - Use a keystore generated by the installer

2 - Specify a keystore file and password

If you select to use a keystore file generated by the installer, the installer creates a self-signed keystore file named Default.keystore in the following location: <Informatica installation directory>/tomcat/conf/

c. If you specify the keystore, enter the password and location of the keystore file.
d. If you enabled secure communication for the domain, the Domain Security - Secure Communication section appears.
e. If you did not enable secure communication for the domain, the Domain Configuration Repository section appears. Skip to Configure the Domain Repository.

5. Select if SAML authentication is enabled to configure Security Assertion Markup Language (SAML)-based single sign-on (SSO) support for web-based Informatica applications in an Informatica domain.

The following table describes the information you must enter to enable SAML authentication:

Prompt	Description
Does the domain use SAML authentication?	Select if the domain uses SAML authentication: 1 - No If you select No, skip to Domain Security 2 - Yes If you select Yes, configure the SAML authentication.

6. Enter the Identity Provider URL for the domain.

7. Enter the identity provider assertion signing certificate alias name.

8. Select whether to use the default Informatica SSL certificates or to use your SSL certificates to enable SAML authentication in the domain.

The following table describes the SSL certificate options for SAML authentication:

Option	Description
Use the default Informatica SSL certificate file	Select to use the default Informatica truststore file for SAML authentication.
Enter the location of the SSL certificate file	Select to use a custom truststore file for SAML authentication. Specify the directory containing the custom truststore file on gateway nodes within the domain. Specify the directory only, not the full path to the file.

9. If you provide the security certificates, specify the location and passwords of the keystore and truststore files.

The following table describes the location and password of the truststore file:

Property	Description
Truststore Directory	Specify the directory containing the custom truststore file on gateway nodes within the domain. Specify the directory only, not the full path to the file.
Truststore Password	The password for the custom truststore file.

The Domain Security - Secure Communication appears.

Domain Security

After you configure the domain, you can configure domain security.

1. In the Domain Security - Secure Communication section, specify whether to use the default Informatica SSL certificates or to use your SSL certificates to secure domain communication.

a. Select the type of SSL certificates to use.

The following table describes the options for the SSL certificates that you can use to secure the Informatica domain:

Option	Description
Use the default Informatica SSL certificates	Use the default SSL certificates contained in the default keystore and truststore. Note: If you do not provide an SSL certificate, Informatica uses the same default private key for all Informatica installations. If you use the default Informatica keystore and truststore files, the security of your domain could be compromised. To ensure a high level of security for the domain, select the option to specify the location of the SSL certificate files.
Use custom SSL certificates	Specify the path for the keystore and truststore files that contain the SSL certificates. You must also specify the keystore and truststore passwords. You can provide a self-signed certificate or a certificate issued by a certificate authority (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files. Informatica requires specific names for the SSL certificate files for the Informatica domain. You must use the same SSL certificates for all nodes in the domain. Store the truststore and keystore files in a directory accessible to all the nodes in the domain and specify the same keystore file directory and truststore file directory for all nodes in the same domain.

Option

Description

Use the default Informatica SSL certificates

Use the default SSL certificates contained in the default keystore and truststore.

Note: If you do not provide an SSL certificate, Informatica uses the same default private key for all Informatica installations. If you use the default Informatica keystore and truststore files, the security of your domain could be compromised. To ensure a high level of security for the domain, select the option to specify the location of the SSL certificate files.

Use custom SSL certificates

Specify the path for the keystore and truststore files that contain the SSL certificates. You must also specify the keystore and truststore passwords.

You can provide a self-signed certificate or a certificate issued by a certificate authority (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files. Informatica requires specific names for the SSL certificate files for the Informatica domain. You must use the same SSL certificates for all nodes in the domain. Store the truststore and keystore files in a directory accessible to all the nodes in the domain and specify the same keystore file directory and truststore file directory for all nodes in the same domain.

b. If you provide the SSL certificate, specify the location and passwords of the keystore and truststore files.

The following table describes the parameters that you must enter for the SSL certificate files:

Property	Description
Keystore file directory	Directory that contains the keystore files. The directory must contain files named infa_keystore.jks.
Keystore password	Password for the keystore infa_keystore.jks.
Truststore file directory	Directory that contains the truststore files. The directory must contain files named infa_truststore.jks and infa_truststore.pem.
Truststore password	Password for the infa_truststore.jks file.

The Domain Configuration Repository section appears.

Configure the Domain Repository

After you configure the domain, you can configure domain repository.

Enter the information for the domain that you want to join.

The following table describes the properties that you specify for the domain:

Property	Description
Domain name	Name of the domain to join.
Gateway node host	Host name of the machine that hosts the gateway node for the domain.
Gateway node port	Port number of the gateway node.
Domain user name	User name of the administrator for the domain you want to join.
Domain password	Password for the domain administrator.

The Domain Security - Encryption Key section appears.

Configure the Encryption Key

After you configure domain repository, you can configure encryption key.

In the Domain Security - Encryption Key section, enter the directory for the encryption key for the Informatica domain.

The following table describes the encryption key parameters that you must specify when you join a domain:

Property	Description
Select the encryption key	Path and file name of the encryption key for the Informatica domain that you want to join. All nodes in the Informatica domain use the same encryption key. You must specify the encryption key file created on the gateway node for the domain that you want to join. If you copied the encryption key file to a temporary directory to make it accessible to the nodes in the domain, specify the path and file name of the encryption key file in the temporary directory.
Encryption key directory	Directory in which to store the encryption key on the node created during this installation. The installer copies the encryption key file for the domain to the encryption key directory on the new node.

Property

Description

Select the encryption key

Path and file name of the encryption key for the Informatica domain that you want to join. All nodes in the Informatica domain use the same encryption key. You must specify the encryption key file created on the gateway node for the domain that you want to join.

If you copied the encryption key file to a temporary directory to make it accessible to the nodes in the domain, specify the path and file name of the encryption key file in the temporary directory.

Encryption key directory

Directory in which to store the encryption key on the node created during this installation. The installer copies the encryption key file for the domain to the encryption key directory on the new node.

The installer sets different permissions to the directory and the files in the directory. For more information about the permissions for the encryption key file and directory, see Secure Files and Directories.

The Domain and Node Configuration section appears.

Configure the Domain and Node

After you configure the encryption key, you can configure the domain and node.

1. Enter the information for the domain and the node that you want to join.

The following table describes the properties that you set for the domain and gateway node.

Property	Description
Node Host name	Host name for the node. The node host name cannot contain the underscore (_) character.Note: Do not use localhost. The host name must explicitly identify the machine.
Node name	Name of the node to join.
Node port number	Port number for the node. The default port number for the node is 6005. If the port number is not available on the machine, the installer displays the next available port number.
Database truststore file	Path and file name of the truststore file for the secure database. Select the same database truststore file used by the master gateway node in the domain. Available when you join a gateway node to a domain that uses a domain configuration repository database that is secured with the SSL protocol.
Truststore password	Password for the database truststore file for the secure database. Available when you join a gateway node to a domain that uses a domain configuration repository database that is secured with the SSL protocol.

2. Select whether to display the default ports for the domain and node components assigned by the installer.

The following table describes the advanced port configuration page:

Prompt	Description
Display advanced port configuration page	Select whether to display the port numbers for the domain and node components assigned by the installer: 1 - No 2 - Yes If you select Yes, the installer displays the default port numbers assigned to the domain components. You can specify the port numbers to use for the domain and node components. You can also specify a range of port numbers to use for the service process that will run on the node. You can use the default port numbers or specify new port numbers. Verify that the port numbers you enter are not used by other applications.

Prompt

Description

Display advanced port configuration page

Select whether to display the port numbers for the domain and node components assigned by the installer:

1 - No

2 - Yes

If you select Yes, the installer displays the default port numbers assigned to the domain components. You can specify the port numbers to use for the domain and node components. You can also specify a range of port numbers to use for the service process that will run on the node. You can use the default port numbers or specify new port numbers. Verify that the port numbers you enter are not used by other applications.

3. If you display the port configuration page, enter new port numbers at the prompt or press Enter to use the default port numbers.

The following table describes the ports that you can set:

Port	Description
Service Manager port	Port number used by the Service Manager on the node. The Service Manager listens for incoming connection requests on this port. Client applications use this port to communicate with the services in the domain. The Informatica command line programs use this port to communicate to the domain. This is also the port for the SQL data service JDBC/ODBC driver. Default is 6006.
Service Manager Shutdown port	Port number that controls server shutdown for the domain Service Manager. The Service Manager listens for shutdown commands on this port. Default is 6007.
Informatica Administrator port	Port number used by Informatica Administrator. Default is 6008.
Informatica Administrator HTTPS port	No default port. Enter the required port number when you create the service. Setting this port to 0 disables an HTTPS connection to the Administrator tool.
Informatica Administrator shutdown port	Port number that controls server shutdown for Informatica Administrator. Informatica Administrator listens for shutdown commands on this port. Default is 6009.
Minimum port number	Lowest port number in the range of dynamic port numbers that can be assigned to the application service processes that run on this node. Default is 6014.
Maximum port number	Highest port number in the range of dynamic port numbers that can be assigned to the application service processes that run on this node. Default is 6114.

The Post-Installation Summary section indicates whether the installation completed successfully. The summary also shows the status of the installed components and their configuration.