Secure Communication Requirements

Similar documents
How to Create Keystore and Truststore Files for Secure Communication in the Informatica Domain

HTTPS Configuration for SAP Connector

Migrating the Domain Configuration Repository During an Upgrade

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

How to Implement Two-Way SSL Authentication in a Web Service

How to Configure a Secure Connection to Microsoft SQL Server

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

Configuring TLS Security for Cloudera Manager

How to Resolve the POODLE Vulnerability in Native Connection to Oracle

Configure an ODBC Connection to SAP HANA

CA Nimsoft Unified Management Portal

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION WITH CLIENTS

DOCUMENTUM CONTENT SERVER CERTIFICATE BASED SSL CONFIGURATION AND TROUBLESHOOTING

Using LDAP Authentication in a PowerCenter Domain

Application Note AN1502

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release [August] [2014]

Secure Agent Quick Start for Windows

Configuring IBM WebSphere Application Server 7 for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Marriott Enrollment Server for Web User Guide V1.4

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

KMIP installation Guide. DataSecure and KeySecure Version SafeNet, Inc

Configure Managed File Transfer Endpoints

Configuring Notification for Business Glossary

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

What in the heck am I getting myself into! Capitalware's MQ Technical Conference v

Configuring Hadoop Distributed File Service as an Optimized File Archive Store

PowerChute TM Network Shutdown Security Features & Deployment

Galaxy Software Addendum

SolarWinds Technical Reference

Chapter 1: How to Configure Certificate-Based Authentication

Go to Policy/Global Properties/SmartDashboard Customization, click Configure. In Certificates and PKI properties, change host_certs_key_size to 2048

To install and configure SSL support on Tomcat 6, you need to follow these simple steps. For more information, read the rest of this HOW-TO.

Configuring Secure Socket Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Systems That Use Oracle WebLogic 10.

Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22

Domino and Internet. Security. IBM Collaboration Solutions. Ask the Experts 12/16/2014

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Enterprise Content Management System Monitor 5.1 Security Considerations Revision CENIT AG Brandner, Marc

SSL Certificate Generation

Configuring IBM Cognos Controller 8 to use Single Sign- On

ADOBE CONNECT ENTERPRISE SERVER 6

Exchange Reporter Plus SSL Configuration Guide

Installation Procedure SSL Certificates in IIS 7

Agenda. How to configure

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

Certificate technology on Pulse Secure Access

Informatica (Version 9.1.0) PowerCenter Installation and Configuration Guide

Obtaining SSL Certificates for VMware View Servers

Installing Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1

Certificate technology on Junos Pulse Secure Access

HP Device Manager 4.7

VMware vrealize Operations for Horizon Security

SSL Configuration on WebSphere Oracle FLEXCUBE Universal Banking Release [September] [2013] Part No. E

Obtaining SSL Certificates for VMware Horizon View Servers

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Enabling Single-Sign-On between IBM Cognos 8 BI and IBM WebSphere Portal

Scenarios for Setting Up SSL Certificates for View

VMware vrealize Operations for Horizon Security

Service Manager 9.32: Generating SSL Profiles for an F5 HWLB

LoadMaster SSL Certificate Quickstart Guide

DEPLOYMENT ROADMAP March 2015

Enable SSL in Go2Group SOAP Server

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

PowerCenter Real-Time Development

Secure IIS Web Server with SSL

EMC Data Protection Search

Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER

Connect to an SSL-Enabled Microsoft SQL Server Database from PowerCenter on UNIX/Linux

This section includes troubleshooting topics about certificates.

Generating and Installing SSL Certificates on the Cisco ISA500

Cisco SSL Encryption Utility

Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Protect your CollabNet TeamForge site

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

IBM i Version 7.3. Security Digital Certificate Manager IBM

Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS 9.3 Enterprise BI Server Web

Implementing SSL Security on a PowerExchange Network

How to Optimize MS Outlook Exchange Traffic Over SSL

Director and Certificate Authority Issuance

LDAP User Guide PowerSchool Premier 5.1 Student Information System

How to Implement Transport Layer Security in PowerCenter Web Services

DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES *

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

TIBCO Spotfire Platform IT Brief

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December Document issue: 2.0

2014 IBM Corporation

C O N F I G U R I N G O P E N L D A P F O R S S L / T L S C O M M U N I C A T I O N

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

ACE Management Server Deployment Guide VMware ACE 2.0

Informatica (Version 9.0.1) PowerCenter Installation and Configuration Guide

Wildcard Certificates

Server Installation ZENworks Mobile Management 2.7.x August 2013

Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet

MadCap Software. Upgrading Guide. Pulse

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Netop Remote Control Security Server

Transcription:

Secure Communication Requirements 1993-2016 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica Corporation. All other company and product names may be trade names or trademarks of their respective owners and/or copyrighted materials of such owners.

Abstract Informatica uses the SSL/TLS protocol to secure communication between components in the domain and between the domain and client components. The following article discusses the types of secure communication and their requirements. Supported Versions Informatica 9.6.x Table of Contents Overview.... 2 SSL/TLS Protocol.... 3 Secure Communication Requirements.... 4 Requirements for Secure Communication within the Domain.... 4 Requirements for Secure Connections to the Administrator Tool.... 5 Requirements for Secure Connections to a Web Application Service.... 6 Overview In the Informatica domain, you can set up the following types of secure communication: Secure communication between services and between services and clients Secure connections to web application services Informatica uses the SSL/TLS protocol to secure communication. The SSL/TLS protocol encrypts network traffic to protect it from potential threats such as man-in-the-middle attacks or packet sniffers. Since secure communication uses the SSL/TLS protocol, you must provide keystores and truststores. The requirements for a keystore or truststore depend on the type of security you set up. Secure Communication within the Domain When you enable secure communication within the domain, you secure the following connections: Connections within the domain Secures the connection between services. Requires a keystore and truststore to provide and verify credentials because the components in the domain can act as server or client. Connections between the domain and Informatica client applications Secures the connection between the domain and client applications, such as the Developer tool. The clients use a copy of the truststore that is used to secure connections within the domain to verify credentials. To secure these connections when you install Informatica, select the Secure communication for the domain option. To secure these connections after you install Informatica, use the command line programs. Secure Connections to Web Application Services You can secure the following connections: 2

Connections to the Administrator tool Secures the connection between the Administrator tool and the browser. When you configure the Administrator tool, specify a keystore to provide credentials that the browser can accept. To secure this connection, select Enable HTTPS for Informatica Administrator during installation or use the infasetup UpdateGatewayNode command after installation. Connections to web application services Secures the connection between a web application service, such as the Analyst Service, and the browser. When you configure a service, specify a keystore to provide credentials. To secure these connections, select an HTTPS connection when you create or configure the service. Secure Connections to Sources and Targets You can secure the connection to the following relational sources or targets: Oracle Microsoft SQL Server IBM DB2 For more information about how to secure the connection to a relational database, see the documentation for that database and the Informatica Security Guide. SSL/TLS Protocol The SSL/TLS protocol uses public key cryptography to encrypt and decrypt network traffic. The public key used to encrypt and decrypt traffic is stored in an SSL certificate that can be self-signed or signed by a certificate authority (CA). A self-signed certificate is signed by the creator of the certificate. Because the identity of the signer is not verified, a self-signed certificate is less secure than a signed certificate. A signed certificate is an SSL certificate that has the identity of the person who requested the certificate verified by a CA. Informatica recommends CA signed certificates for a higher level of security. Note: Informatica requires that SSL certificates created with RSA encryption use more than 512 bits. A keystore contains private keys and certificates. It is used to provide a credential. A truststore contains the public key, which is a list of certificates of trusted SSL/TLS servers. It is used to verify a credential. To secure connections, Informatica requires keystores and truststores in PEM and JKS formats. You can use the following programs to create the required files: keytool Use keytool to create an SSL certificate or a Certificate Signing Request (CSR) as well as keystores and truststores in JKS format. For more information about keytool, see the documentation on the following website: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html. OpenSSL You can use OpenSSL to create an SSL certificate or CSR as well as convert a keystore in JKS format to PEM format. For more information about OpenSSL, see the documentation on the following website: https://www.openssl.org/docs/. The type of connection that you secure determines the files required. 3

Secure Communication Requirements The requirements for secure communication depend on the connection. You can secure the following connections: Connections within the domain and between the domain and Informatica client applications Connections to the Administrator tool Connections to the web application services Requirements for Secure Communication within the Domain You enable secure communication within the domain during installation when you select the Enable secure communication for the domain option. Alternatively, you can enable it after installation with the command line programs. Before you enable secure communication within the domain, ensure that the following requirements are met: Note: Informatica provides default SSL certificates, keystores, and truststores for evaluating secure communication within the domain. These files are shared with all Informatica installations. Do not use them in a production environment. You created a certificate signing request (CSR) and private key. You can use keytool or OpenSSL to create the CSR and private key. If you use RSA encryption, you must use more than 512 bits. You have a signed the SSL certificate. The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate. You imported the certificate into keystores. You must have a keystore in PEM format named infa_keystore.pem and a keystore in JKS format named infa_keystore.jks. Note: The password for the keystore in JKS format must be the same as the private key pass phrase used to generate the SSL certificate. You imported the certificate into truststores. You must have a truststore in PEM format named infa_truststore.pem and a truststore in JKS format named infa_truststore.jks. The keystores and truststores are in the correct directory. If you enable secure communication within the domain during installation, the keystores and truststores must be in a directory that is accessible to the installer. If you enable secure communication after installation, the directory must be accessible to the command line programs. For information about how to create a custom keystore and truststore, see the Informatica How-To Library article 0700- How to Create Keystore and Truststore Files for Secure Communication in the Informatica Domain: https://kb.informatica.com/h2l/howto%20library/1/0700-createkeystoresandtruststores-h2l.pdf For information about how to enable secure communication within the domain, see the Informatica Installation and Configuration Guide or the Informatica Security Guide. Requirements for Secure Communication Between the Domain and Client Applications When you enable secure communication within the domain, you also secure connections between the domain and Informatica client applications, such as the Developer tool. Secure connections between the domain and client 4

applications uses the same truststores as secure communication within the domain. Additionally, you must configure the clients to work with a secure domain. After you install the client applications, verify the following requirements are met: The truststore files exist on the machine where the clients run. Use the truststores in PEM and JKS formats that you used to enable secure communication within the domain. Copy them to a directory on the machine on which the client runs. You configured the environment variables. You must configure the INFA_TRUSTSTORE and INFA_TRUSTSTORE_PASSWORD environment variables. Set INFA_TRUSTSTORE to the directory where the truststores are located on the machine where the clients run. Set INFA_TRUSTSTORE_PASSWORD to the encrypted password for the truststore in JKS format. Use the pmpasswd command to encrypt the password. Note: If you use the default SSL certificate, keystore, and truststore, you do not need to copy the truststore files to the machine where the client runs or provide the truststore directory or password. For more information about configuring the client to work with a secure domain, see the Informatica Installation and Configuration Guide or the Informatica Security Guide. Requirements for Secure Connections to the Administrator Tool You can secure the connection to the Administrator tool during installation or after. If you select Enable HTTPS for Informatica Administrator during installation, you can provide a SSL certificate and keystore or the installer can generate a self-signed certificate and keystore. If you use the installer generated certificate and keystore, no further action is required. Note: Informatica recommends you use a certificate that is signed by a CA. After you install Informatica, you can secure the connection to the Administrator tool ith the infasetup UpdateGatewayNode command. Before you secure the connection to the Administrator tool, ensure the following requirements are met: You created a certificate signing request (CSR) and private key. You can use keytool or OpenSSL to create the CSR and private key. If you use RSA encryption, you must use more than 512 bits. You have a signed SSL Certificate. The certificate can be self-signed or CA signed. You imported the certificate into a keystore. The certificate must be in a keystore in JKS format. Informatica requires that a keystore contain only one certificate. If you use multiple gateway nodes, you can use the same certificate and keystore for all the gateway nodes or a unique SSL certificate and keystore for each gateway node. The keystore is in the correct directory. If you enable secure connections to the Administrator tool during installation, the keystore must be in a directory that is accessible to the installer If you enable secure connections to the Administrator tool after installation, the keystore must be in a directory that is accessible to the command line programs. 5

For information about how to secure the connection to the Administrator tool during installation, see the Informatica Installation and Configuration Guide. For information about how to secure the connection to the Administrator tool after installation, see the Informatica Security Guide. Requirements for Secure Connections to a Web Application Service You can secure the connection to a web application service, such as the Analyst service. Before you secure the connection to a web application service, ensure that the following requirements are met: You created a certificate signing request (CSR) and private key. You can use keytool or OpenSSL to create the CSR and private key. If you use RSAP encryption, you must use more than 512 bits. You have a signed SSL Certificate. The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate. Each web application service can use a unique certificate or a shared one. You imported the certificate into a keystore in JKS format. A keystore must contain only one certificate. Web application services can share a keystore if they use the same certificate. If you use a unique certificate for each web application service, create a separate keystore for each certificate. The keystore is in a accessible directory. The keystore must be in a directory that is accessible to the Administrator tool. For more information about enabling secure communication for web client services, see the Informatica Installation and Configuration Guide or the Informatica Security Guide. Authors Brian Le Technical Writer 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information