How To Create Domain In Informatica After Installation

Installation and Configuration Guide

10.2
- 10.2 HotFix 2
- 10.2 HotFix 1
- 10.1.1 HotFix 2
- 10.1.1 HotFix 1
- 10.1.1
- 10.1
- 10.0

Creating a Domain

Create a domain if you are installing for the first time or if you want to administer nodes in separate domains.

Close all other applications.

On a shell command line, run the

install.sh

file from the root directory.

The installer displays the message to verify that the locale environment variables are set.

If the environment variables are not set, press

to exit the installer and set them as required.

If the environment variables are set, press

to continue.

Press

to install Informatica.

Informatica provides utilities to facilitate the Informatica services installation process. Run the following utilities before you install Informatica services:

Pre-Installation (i10Pi) System Check Tool. Verifies whether the machine on which you are installing Informatica services meets the system requirements for installation.

For more information about running the Pre-Installation (i10Pi) System Check Tool, see Run the Pre-Installation (i10Pi) System Check Tool.

Informatica Kerberos SPN Format Generator. Creates a list of the Kerberos service principal names and keytab file names required to run Informatica services on a network with Kerberos authentication.

For more information about running the Informatica Kerberos SPN Format Generator, see Running the Informatica Kerberos SPN Format Generator on Windows.

If you run the i10Pi System Check tool, you can run the Informatica Kerberos SPN Format Generator or run the Informatica services installation.

After you run the Informatica Kerberos SPN Format Generator, you can continue with the Informatica services installation. You cannot run the i10Pi System Check tool after you run the Informatica Kerberos SPN Format Generator.

Press

to run the Informatica service installation.

The installer displays different options based on the platform you are installing on.

If you are installing on Linux, perform the following steps:

Read the terms and conditions for Informatica installation and the product usage toolkit and select

I agree to the terms and conditions

Informatica DiscoveryIQ is a product usage tool that sends routine reports on data usage and system statistics to Informatica. Informatica DiscoveryIQ uploads data to Informatica 15 minutes after you install and configure Informatica domain. Thereafter, the domain sends the data every 30 days. You can choose to disable usage statistics from the Administrator tool.

Press

to install Informatica services.

Press

to configure the Informatica domain to run on a network that does not use Kerberos authentication.

Press

to configure the Informatica domain to run on a network with Kerberos authentication.

The

Installation Prerequisites

section displays the installation requirements. Verify that all requirements are met before you continue the installation.

Press

Enter

to continue.

Enter the path and file name of the Informatica license key and press

Enter

If you are installing on AIX and Solaris, perform the following steps:

Read the terms and conditions for Informatica installation and the product usage toolkit and select

I agree to the terms and conditions

The

Installation Prerequisites

section displays the installation requirements. Verify that all requirements are met before you continue the installation.

Press

Enter

to continue.

Enter the path and file name of the Informatica license key and press

Enter

Enter the absolute path for the installation directory.

The directory names in the path must not contain spaces or the following special characters: @|* $ # ! % ( ) { } [ ] , ; ' Default is /home/toolinst.

Informatica recommends using alphanumeric characters in the installation directory path. If you use a special character such as á or €, unexpected results might occur at run time.

Press

to configure the Informatica domain to run on a network that does not use Kerberos authentication.

Press

to configure the Informatica domain to run on a network with Kerberos authentication.

Press

Enter

If you enabled Kerberos network authentication, the

Service Principal Level

section appears.

If you did not enable Kerberos network authentication, the

Pre-Installation Summary

section appears. Skip to step11.

On the

Service Principal Level

section, select the level at which to set the Kerberos service principals for the domain.

All nodes in the domain must use the same service principal level. When you join a node to a domain, select the same service principal level used by the gateway node in the domain.

The following table describes the levels that you can select:

Level	Description
Process Level	Configures the domain to use a unique service principal name (SPN) and keytab file for each node and each application service on a node. The number of SPNs and keytab files required for each node depends on the number of application service processes that run on the node. Use the process level option for domains that require a high level of security, such as productions domains.
Node Level	Configures the domain to share SPNs and keytab files on a node. This option requires one SPN and keytab file for the node and all application services that run on the node. It also requires a separate SPN and keytab file for all HTTP processes on the node. Use the node level option for domains that do not require a high level of security, such as test and development domains.

On the

Network Security - Kerberos Authentication

section, enter the parameters required for Kerberos authentication.

The following table describes the Kerberos authentication parameters that you must set:

Property	Description
Domain name	Name of the domain. The name must not exceed 128 characters and must be 7-bit ASCII only. The name cannot contain a space or any of the following characters: ` % * + ; " ? , < > \ /
Node name	Name of the Informatica node.
Node host name	Fully qualified host name or the IP address of the machine on which to create the node. The node host name cannot contain the underscore (_) character. Do not use localhost . The host name must explicitly identify the machine.
Service realm name	Name of the Kerberos realm to which the Informatica domain services belong. The realm name must be in uppercase. The service realm name and the user realm name must be the same.
User realm name	Name of the Kerberos realm to which the Informatica domain users belong. The realm name must be in uppercase. The service realm name and the user realm name must be the same.
Keytab directory	Directory where all keytab files for the Informatica domain are stored. The name of a keytab file in the Informatica domain must follow a format set by Informatica.
Kerberos configuration file	Path and file name of the Kerberos configuration file. Informatica requires the following name for the Kerberos configuration file: krb5.conf

If you configure the domain to run with Kerberos authentication, the domain and node name and the node host name must match the names you specified when you ran the Informatica Kerberos SPN Format Generator to generate SPN and keytab file names. If you use a different domain, node, or host name, generate the SPN and keytab file names again and ask the Kerberos administrator to add the new SPN to the Kerberos principal database and create the keytab files.

Review the installation information and press

Enter

to continue.

The installer copies the Informatica files to the installation directory.

Press

to create a domain.

When you create a domain, the node that you create becomes a gateway node in the domain. The gateway node contains a Service Manager that manages all domain operations.

To enable secure communication for services in the domain, press

. To disable secure communication for the domain, press

By default, if you enable secure communication for the domain, the installer sets up an HTTPS connection for the Informatica Administrator. You can also create a domain configuration repository on a secure database.

Specify the connection details for Informatica Administrator.

If you do not enable secure communication for the domain, you can specify whether to set up a secure HTTPS connection for the Informatica Administrator.

If you enable secure communication for the domain or if you enable HTTPS connection for the Informatica Administrator, enter the keystore file and port number for the HTTPS connection to Informatica Administrator.

The following table describes the connection information you must enter if you enable HTTPS:

Option	Description
Port	Port number for the HTTPS connection.
Keystore file	Select whether to use a keystore file generated by the installer or a keystore file you create. You can use a keystore file with a self-signed certificate or a certificate signed by a certification authority. 1 - Use a keystore generated by the installer 2 - Specify a keystore file and password If you select to use a keystore file generated by the installer, the installer creates a self-signed keystore file named Default.keystore in the following location: <Informatica installation directory>/tomcat/conf/

Option

Description

Port

Port number for the HTTPS connection.

Keystore file

Select whether to use a keystore file generated by the installer or a keystore file you create. You can use a keystore file with a self-signed certificate or a certificate signed by a certification authority.

1 - Use a keystore generated by the installer

2 - Specify a keystore file and password

If you select to use a keystore file generated by the installer, the installer creates a self-signed keystore file named Default.keystore in the following location:

<Informatica installation directory>/tomcat/conf/

If you specify the keystore, enter the password and location of the keystore file.

If you enabled secure communication for the domain, the

Domain Security - Secure Communication

section appears. If you did not enable secure communication for the domain, the

Domain Configuration Repository

section appears. Skip to step 22.

Select whether to enable SAML authentication to configure Security Assertion Markup Language (SAML)-based single sign-on (SSO) support for web-based Informatica applications in an Informatica domain.

The following table describes the information you must enter to enable SAML authentication:

Prompt	Description
Enable SAML Authentication	Select whether to enable SAML Authentication: 1 - No 2 - Yes

Press

Enter

Enter the Identity Provider URL for the domain.

Enter the identity provider assertion signing certificate alias name.

Select whether to use the default Informatica SSL certificates or to use your SSL certificates to enable secure communication in the domain.

The following table describes the SSL certificate options for SAML authentication:

Option	Description
Use the default Informatica SSL certificate file.	Select to use the default Informatica truststore file for SAML authentication.
Enter the location of the SSL certificate file.	Select to use a custom truststore file for SAML authentication. Specify the directory containing the custom truststore file on gateway nodes within the domain. Specify the directory only, not the full path to the file.

If you provide the security certificates, specify the location and passwords of the keystore and truststore files.

The following table describes the location and password of the truststore file:

Property	Description
Truststore Directory	Specify the directory containing the custom truststore file on gateway nodes within the domain. Specify the directory only, not the full path to the file.
Truststore Password	The password for the custom truststore file.

In the Domain Security - Secure Communication section, specify whether to use the default Informatica SSL certificates or to use your SSL certificates to secure domain communication.

Select the type of SSL certificates to use.

The following table describes the options for the SSL certificates that you can use to secure the Informatica domain:

Option	Description
Use the default Informatica SSL certificate files	Use the default SSL certificates provided by Informatica. If you do not provide an SSL certificate, Informatica uses the same default private key for all Informatica installations. If you use the default Informatica keystore and truststore files, the security of your domain could be compromised. To ensure a high level of security for the domain, select the option to specify the location of the SSL certificate files.
Specify the location of the SSL certificate files	Use SSL certificates that you provide. You must specify the location of the keystore and truststore files. You can provide a self-signed certificate or a certificate issued by a certificate authority (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files. Informatica requires specific names for the SSL certificate files for the Informatica domain. You must use the same SSL certificates for all nodes in the domain. Store the truststore and keystore files in a directory accessible to all the nodes in the domain and specify the same keystore file directory and truststore file directory for all nodes in the same domain.

Option

Description

Use the default Informatica SSL certificate files

Use the default SSL certificates provided by Informatica.

If you do not provide an SSL certificate, Informatica uses the same default private key for all Informatica installations. If you use the default Informatica keystore and truststore files, the security of your domain could be compromised. To ensure a high level of security for the domain, select the option to specify the location of the SSL certificate files.

Specify the location of the SSL certificate files

Use SSL certificates that you provide. You must specify the location of the keystore and truststore files.

You can provide a self-signed certificate or a certificate issued by a certificate authority (CA). You must provide SSL certificates in PEM format and in Java Keystore (JKS) files. Informatica requires specific names for the SSL certificate files for the Informatica domain. You must use the same SSL certificates for all nodes in the domain. Store the truststore and keystore files in a directory accessible to all the nodes in the domain and specify the same keystore file directory and truststore file directory for all nodes in the same domain.

If you provide the SSL certificate, specify the location and passwords of the keystore and truststore files.

The following table describes the parameters that you must enter for the SSL certificate files:

Property	Description
Keystore file directory	Directory that contains the keystore files. The directory must contain files named infa_keystore.jks and infa_keystore.pem.
Keystore password	Password for the keystore infa_keystore.jks.
Truststore file directory	Directory that contains the truststore files. The directory must contain files named infa_truststore.jks and infa_truststore.pem.
Truststore password	Password for the infa_truststore.jks file.

The

Domain Configuration Repository

section appears.

Select the database to use for the domain configuration repository.

The following table lists the databases you can use for the domain configuration repository:

Prompt	Description
Database type	Type of database for the domain configuration repository. Select from the following options: 1 - Oracle 2 - Microsoft SQL Server 3 - IBM DB2 4 - Sybase ASE

The Informatica domain configuration repository stores metadata for domain operations and user authentication. The domain configuration repository must be accessible to all gateway nodes in the domain.

Enter the properties for the database user account.

The following table lists the properties for the database user account:

Property	Description
Database user ID	Name for the domain configuration database user account.
User password	Password for the domain configuration database user account.

Select whether to create a secure domain configuration repository.

You can create a domain configuration repository in a database secured with the SSL protocol. To create a domain configuration repository in a secure database, press 1 and skip to step 26.

To create a domain configuration repository in an unsecure database, press 2.

If you do not create a secure domain configuration repository, enter the parameters for the database.

If you select IBM DB2, select whether to configure a tablespace and enter the tablespace name.

The following table describes the properties that you must configure for the IBM DB2 database:

Property	Description
Configure tablespace	Select whether to specify a tablespace: 1 - No 2 - Yes In a single-partition database, if you select No, the installer creates the tables in the default tablespace. In a multi-partition database, you must select Yes.
Tablespace	Name of the tablespace in which to create the tables. Specify a tablespace that meets the pageSize requirement of 32768 bytes. In a single-partition database, if you select Yes to configure the tablespace, enter the name of the tablespace in which to create the tables. In a multi-partition database, specify the name of the tablespace that resides in the catalog partition of the database.

If you select Microsoft SQL Server, enter the schema name for the database.

The following table describes the properties that you must configure for the Microsoft SQL Server database:

Property	Description
Schema name	Name of the schema that will contain domain configuration tables. If this parameter is blank, the installer creates the tables in the default schema.

To enter the JDBC connection information using the JDBC URL information, press

. To enter the JDBC connection information using a custom JDBC connection string, press

Enter the JDBC connection information.

To enter the connection information using the JDBC URL information, specify the JDBC URL properties.

The following table describes the database connection information:

Prompt	Description
Database host name	Host name for the database.
Database port number	Port number for the database.
Database service name	Service or database name : Oracle: Enter the service name. Microsoft SQL Server: Enter the database name. IBM DB2: Enter the service name. Sybase ASE: Enter the database name.
Configure JDBC Parameters	Select whether to add additional JDBC parameters to the connection string: 1 - Yes 2 - No If you select Yes, enter the parameters or press Enter to accept the default. If you select No, the installer creates the JDBC connection string without parameters.

To enter the connection information using a custom JDBC connection string, type the connection string.

Use the following syntax in the JDBC connection string:

IBM DB2

jdbc:Informatica:db2://host_name:port_no;DatabaseName=

Oracle

jdbc:Informatica:oracle://host_name:port_no;ServiceName=

Microsoft SQL Server

jdbc:Informatica:sqlserver://host_name:port_no;SelectMethod=cursor;DatabaseName=

Sybase

jdbc:Informatica:sybase://host_name:port_no;DatabaseName=

Verify that the connection string contains all the connection parameters required by your database system.

If you create a secure domain configuration repository, enter the parameters for the secure database.

If you create the domain configuration repository on a secure database, you must provide the truststore information for the database. You must also provide a JDBC connection string that includes the security parameters for the database.

The following table describes the options available to create a secure domain configuration repository database:

Property	Description
Database truststore file	Path and file name of the truststore file for the secure database.
Database truststore password	Password for the truststore file.
Custom JDBC Connection String	JDBC connection string to connect to the secure database, including the host name and port number and the security parameters for the database.

In addition to the host name and port number for the database server, you must include the following secure database parameters: You can use the following syntax for the connection strings:

EncryptionMethod: Required. Indicates whether data is encrypted when transmitted over the network. This parameter must be set to
SSL.
ValidateServerCertificate: Optional. Indicates whether Informatica validates the certificate that the database server sends.

If this parameter is set to True, Informatica validates the certificate that the database server sends. If you specify the HostNameInCertificate parameter, Informatica also validates the host name in the certificate.

If this parameter is set to False, Informatica does not validate the certificate that the database server sends. Informatica ignores any truststore information that you specify
HostNameInCertificate: Optional. Host name of the machine that hosts the secure database. If you specify a host name, Informatica validates the host name included in the connection string against the host name in the SSL certificate.
cryptoProtocolVersion: Required. Specifies the cryptographic protocol to use to connect to a secure database. You can set the parameter to
cryptoProtocolVersion=TLSv1.1
or
cryptoProtocolVersion=TLSv1.2
based on the cryptographic protocol used by the database server

Oracle:

jdbc:Informatica:oracle://host_name:port_no;ServiceName=service_name;EncryptionMethod=SSL;HostNameInCertificate=DB_host_name;ValidateServerCertificate=true_or_false

IBM DB2:

jdbc:Informatica:db2://host_name:port_no;DatabaseName=database_name;EncryptionMethod=SSL;HostNameInCertificate=DB_host_name;ValidateServerCertificate=true_or_false

Microsoft SQL Server:

jdbc:Informatica:sqlserver://host_name:port_no;SelectMethod=cursor;DatabaseName=database_name;EncryptionMethod=SSL;HostNameInCertificate=DB_host_name;ValidateServerCertificate=true_or_false

The installer does not validate the connection string. Verify that the connection string contains all the connection parameters and security parameters required by your database.

If the database contains a domain configuration repository for a previous domain, select to overwrite the data or set up another database.

The following table describes the options of overwriting the data or setting up another database when you create a domain configuration repository for a previous domain:

Option	Description
1 - OK	Enter the connection information for a new database.
2 - Continue	The installer overwrites the data in the database with new domain configuration.

In the

Domain Security - Encryption Key

section, enter the keyword and directory for the encryption key for the Informatica domain.

The following table describes the encryption key parameters that you must specify:

Property	Description
Keyword	Keyword to use to create a custom encryption key to secure sensitive data in the domain. The keyword must meet the following criteria: From 8 to 20 characters long Includes at least one uppercase letter Includes at least one lowercase letter Includes at least one number Does not contain spaces The encryption key is created based on the keyword that you provide when you create the Informatica domain.
Encryption key directory	Directory in which to store the encryption key for the domain. By default, the encryption key is created in the following directory: <Informatica installation directory>/isp/config/keys .

Property

Description

Keyword

Keyword to use to create a custom encryption key to secure sensitive data in the domain. The keyword must meet the following criteria:

From 8 to 20 characters long

Includes at least one uppercase letter

Includes at least one lowercase letter

Includes at least one number

Does not contain spaces

The encryption key is created based on the keyword that you provide when you create the Informatica domain.

Encryption key directory

Directory in which to store the encryption key for the domain. By default, the encryption key is created in the following directory:

<Informatica installation directory>/isp/config/keys

The installer sets different permissions to the directory and the files in the directory. For more information about the permissions for the encryption key file and directory, see Secure Files and Directories.

Press

Enter

to select OK.

The

Domain and Node Configuration

section appears.

Enter the information for the domain and the node that you want to create.

The following table describes the properties that you set for the domain and gateway node.

Property	Description
Domain name	Name of the Informatica domain to create. The default domain name is Domain_<MachineName>. The name must not exceed 128 characters and must be 7-bit ASCII only. The name cannot contain a space or any of the following characters: ` % * + ; " ? , < > \ /
Node name	Name of the node to create.
Node host name	Host name or IP address of the machine on which to create the node. If the machine has a single network name, use the default host name. If the a machine has multiple network names, you can modify the default host name to use an alternate network name. The node host name cannot contain the underscore (_) character. Do not use localhost. The host name must explicitly identify the machine.
Node port number	Port number for the node. The default port number for the node is 6005. If the port number is not available on the machine, the installer displays the next available port number.
Domain user name	User name for the domain administrator. You can use this user name to initially log in to Informatica Administrator. Use the following guidelines: The name is not case sensitive and cannot exceed 128 characters. The name cannot include a tab, newline character, or the following special characters: % * + / ? ; < > The name can include an ASCII space character except for the first and last character. Other space characters are not allowed.
Domain password	Password for the domain administrator. The password must be more than 2 characters and must not exceed 16 characters. Not available if you configure the Informatica domain to run on a network with Kerberos authentication.
Confirm password	Enter the password again to confirm. Not available if you configure the Informatica domain to run on a network with Kerberos authentication.

Select whether to display the default ports for the domain and node components assigned by the installer.

The following table describes the advanced port configuration page:

Prompt	Description
Display advanced port configuration page	Select whether to display the port numbers for the domain and node components assigned by the installer: 1 - No 2 - Yes If you select Yes, the installer displays the default port numbers assigned to the domain components. You can specify the port numbers to use for the domain and node components. You can also specify a range of port numbers to use for the service process that will run on the node. You can use the default port numbers or specify new port numbers. Verify that the port numbers you enter are not used by other applications.

Prompt

Description

Display advanced port configuration page

Select whether to display the port numbers for the domain and node components assigned by the installer:

1 - No

2 - Yes

If you select Yes, the installer displays the default port numbers assigned to the domain components. You can specify the port numbers to use for the domain and node components. You can also specify a range of port numbers to use for the service process that will run on the node. You can use the default port numbers or specify new port numbers. Verify that the port numbers you enter are not used by other applications.

If you display the port configuration page, enter new port numbers at the prompt or press Enter to use the default port numbers.

The following table describes the ports that you can set:

Port	Description
Service Manager port	Port number used by the Service Manager on the node. The Service Manager listens for incoming connection requests on this port. Client applications use this port to communicate with the services in the domain. The Informatica command line programs use this port to communicate to the domain. This is also the port for the SQL data service JDBC/ODBC driver. Default is 6006.
Service Manager Shutdown port	Port number that controls server shutdown for the domain Service Manager. The Service Manager listens for shutdown commands on this port. Default is 6007.
Informatica Administrator port	Port number used by Informatica Administrator. Default is 6008.
Informatica Administrator shutdown port	Port number that controls server shutdown for Informatica Administrator. Informatica Administrator listens for shutdown commands on this port. Default is 6009.
Minimum port number	Lowest port number in the range of dynamic port numbers that can be assigned to the application service processes that run on this node. Default is 6014.
Maximum port number	Highest port number in the range of dynamic port numbers that can be assigned to the application service processes that run on this node. Default is 6114.

If you selected the

Configure the Model Repository Service and Data Integration Service

option, configure the application services.

Configure the Model repository database properties.

Enter the Model Repository Service name.

If the Informatica domain uses Kerberos authentication and the service principal is at process level, enter the keytab file for the Model Repository Service.

Enter the Data Integration Service name.

If the Informatica domain uses Kerberos authentication and the service principal is at process level, enter the keytab file for the Data Integration Service.

Select the connection protocol for the Data Integration Service.

Enter one of the following values:

HTTP. Requests to the service uses an HTTP connection.

HTTPS. Requests to the service uses a secure HTTP connection.

HTTP&HTTPS. Requests to the service can use either an HTTP or an HTTPS connection.

When you select HTTPS or HTTP&HTTPS, you enable Transport Layer Security (TLS) for the service.

You can also enable TLS for each web service deployed to an application. When you enable HTTPS for the Data Integration Service and enable TLS for the web service, the web service uses an HTTPS URL. When you enable HTTPS for the Data Integration Service and do not enable TLS for the web service, the web service can use an HTTP URL or an HTTPS URL. If you enable TLS for a web service and do not enable HTTPS for the Data Integration Service, the web service does not start.

Enter the port number for HTTP or HTTPS or both, depending on the connection protocol you select.

If you selected HTTPS or HTTP&HTTPS, you can use the default Informatica SSL certificate files or custom SSL certificate files for the Data Integration Service.

Select whether to use the default Informatica SSL certificate files or to enter the location of SSL certificate files specific to the Data Integration Service.

If you choose to enter the location for SSL certificate files, enter the location of the keystore and truststore files and their passwords.

The keystore file and the truststore file must be in the .jks format.

The installer creates the Model Repository Service and Data Integration Service and starts the services.

The

Post-Installation Summary

section indicates whether the installation completed successfully. The summary also shows the status of the installed components and their configuration.

You can view the installation log files to get more information about the tasks performed by the installer and to view configuration properties for the installed components.

By default, the system services are disabled after the installation. You must enable them from the Administrator tool.

Updated April 24, 2019

How To Create Domain In Informatica After Installation

Source: https://docs.informatica.com/data-integration/powercenter/10-2/installation-and-configuration-guide/service-installation/informatica-services-installation/installing-the-informatica-services-in-console-mode/creating-a-domain.html

Posted by: levinespinat.blogspot.com