Informatica® MDM Cloud Edition2.0

AWS Environment Configuration Guide

Informatica MDM Cloud Edition AWS Environment Configuration Guide2.0January 2022

© Copyright Informatica LLC 2022

This software and documentation are provided only under a separate license agreement containing restrictions on use and disclosure. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC.

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation is subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License.

Informatica, the Informatica logo, and ActiveVOS are trademarks or registered trademarks of Informatica LLC in the United States and many jurisdictions throughout the world. A current list of Informatica trademarks is available on the web at https://www.informatica.com/trademarks.html. Other company and product names may be trade names or trademarks of their respective owners.

Portions of this software and/or documentation are subject to copyright held by third parties. Required third party notices are included with the product.

The information in this documentation is subject to change without notice. If you find any problems in this documentation, report them to us at infa_documentation@informatica.com.

Informatica products are warranted according to the terms and conditions of the agreements under which they are provided. INFORMATICA PROVIDES THE INFORMATION IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT.

Publication Date: 2022-03-28

Table of Contents

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Knowledge Base. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Product Availability Matrices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Informatica Velocity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Informatica Marketplace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Informatica Global Customer Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Chapter 1: MDM Cloud Edition AWS Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7MDM Cloud Edition AWS Environment Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Acronyms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2: Application Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Application Access Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Accessing Application through VGW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 3: MDM Database Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11MDM Database Access Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Database Write Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SSH Host and Database Configuration Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Update Host Files for Developer Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Create a SSH Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Create a Database Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Troubleshooting Tip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Connect to MDM Database using an On-Premises Application. . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 4: Accessing AWS Amazon S3 Bucket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20AWS Amazon S3 Bucket Access Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Application Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

AWS S3 Bucket Configuration Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Connect to the Add-ons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Connect to Amazon Private S3 Bucket. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Connect to AWS PrivateLink - VPC Endpoint Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Configure VPC Endpoint Service to Enable AWS PrivateLink Access. . . . . . . . . . . . . . . . . . 22

Connect to Amazon WorkSpaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Configure Amazon S3 Bucket Path using Cyberduck. . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Connect to Border Gateway Protocol (BGP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Table of Contents 3

Connect to AWS Direct Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Connect Using S3 Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Connect Using Cloudberry S3 Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Connect to S3 Bucket Using AWS CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Attach VPC to Transit Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Connect using PGP Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Chapter 5: Connect Using PuTTY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Connect Using PuTTY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

PuTTY Configuration Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Configuring PuTTY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Troubleshooting Tip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Transfer Files Using WinSCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Chapter 6: Configuring IDQ Developer Tool for Secure Domain. . . . . . . . . . . . . . . 42Configuring IDQ Developer Tool for Secure Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Connecting Informatica Developer Tool to Multiple MDM Cloud Edition Environments. . . . . . . . . . 44

Run MDM Batch Job Command Line Utility on IDQ Server Machine. . . . . . . . . . . . . . . . . . . . . . 44

Chapter 7: Backing Up and Recovering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 8: Loading Data into MDM Cloud Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Loading Data into MDM Cloud Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Batch Load Using S3 Bucket. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Batch Load from On-premise Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Real Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Chapter 9: Appendix A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Launch SOAP UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Resolving SOAP UI Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Restarting the MDM Cloud Edition JBoss Server in Development Environment. . . . . . . . . . . . . . . 49

Restarting the MDM Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

View Restart Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Updating the Properties Files in the MDM Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . 51

Viewing the Update Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Uploading Custom Parameter file in the IDQ Application Server. . . . . . . . . . . . . . . . . . . . . . . . 54

View Update Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Updating odbc.ini File in the IDQ Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

View Update Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Setting Up External Authentication for LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4 Table of Contents

PrefaceUse the Informatica® MDM Cloud Edition 2.0 AWS Environment Configuration Guide for information on environment access and configuration details required to provision the AWS MDM Cloud Edition 2.0 environment.

Informatica ResourcesInformatica provides you with a range of product resources through the Informatica Network and other online portals. Use the resources to get the most from your Informatica products and solutions and to learn from other Informatica users and subject matter experts.

Informatica NetworkThe Informatica Network is the gateway to many resources, including the Informatica Knowledge Base and Informatica Global Customer Support. To enter the Informatica Network, visit https://network.informatica.com.

As an Informatica Network member, you have the following options:

• Search the Knowledge Base for product resources.

• View product availability information.

• Create and review your support cases.

• Find your local Informatica User Group Network and collaborate with your peers.

Informatica Knowledge BaseUse the Informatica Knowledge Base to find product resources such as how-to articles, best practices, video tutorials, and answers to frequently asked questions.

To search the Knowledge Base, visit https://search.informatica.com. If you have questions, comments, or ideas about the Knowledge Base, contact the Informatica Knowledge Base team at KB_Feedback@informatica.com.

Informatica DocumentationUse the Informatica Documentation Portal to explore an extensive library of documentation for current and recent product releases. To explore the Documentation Portal, visit https://docs.informatica.com.

If you have questions, comments, or ideas about the product documentation, contact the Informatica Documentation team at infa_documentation@informatica.com.

Informatica Product Availability MatricesProduct Availability Matrices (PAMs) indicate the versions of the operating systems, databases, and types of data sources and targets that a product release supports. You can browse the Informatica PAMs at https://network.informatica.com/community/informatica-network/product-availability-matrices.

5

Informatica VelocityInformatica Velocity is a collection of tips and best practices developed by Informatica Professional Services and based on real-world experiences from hundreds of data management projects. Informatica Velocity represents the collective knowledge of Informatica consultants who work with organizations around the world to plan, develop, deploy, and maintain successful data management solutions.

You can find Informatica Velocity resources at http://velocity.informatica.com. If you have questions, comments, or ideas about Informatica Velocity, contact Informatica Professional Services at ips@informatica.com.

Informatica MarketplaceThe Informatica Marketplace is a forum where you can find solutions that extend and enhance your Informatica implementations. Leverage any of the hundreds of solutions from Informatica developers and partners on the Marketplace to improve your productivity and speed up time to implementation on your projects. You can find the Informatica Marketplace at https://marketplace.informatica.com.

Informatica Global Customer SupportYou can contact a Global Support Center by telephone or through the Informatica Network.

To find your local Informatica Global Customer Support telephone number, visit the Informatica website at the following link: https://www.informatica.com/services-and-training/customer-success-services/contact-us.html.

To find online support resources on the Informatica Network, visit https://network.informatica.com and select the eSupport option.

6 Chapter 1: Preface

C h a p t e r 1

MDM Cloud Edition AWS Environment

This chapter includes the following topics:

• MDM Cloud Edition AWS Environment Overview, 7

• Acronyms, 7

• Environment, 9

MDM Cloud Edition AWS Environment OverviewInformatica MDM Cloud Edition is a cloud-based master data management solution, hosted on Amazon Web Services (AWS). The MDM Cloud Edition architecture consists of development, QA, and production environments. The Informatica® MDM Cloud Edition 2.0 AWS Environment Configuration Guide provides access information for your environments and guides you to connect to your environments.

AcronymsThe following tables list the acronyms used in this document:

Informatica acronyms

Term Description

Dev Development

IDQ Informatica Data Quality

IDD Informatica Data Director

MDM Master Data Management

MRS Model Repository Service

7

Term Description

Prod Production

QA Quality Assurance

Industry acronyms

Term Description

CLI Command Line Interface

LDAP Lightweight Directory Access Protocol

SAML Security Assertion Markup Language

SSH Secure Shell

SSL Secure Socket Layer

VPN Virtual Private Network

Amazon acronyms

Term Description

AWS Amazon Web Services

CGW Customer Gateway

EBS Elastic Block Storage

EC2 Elastic Cloud Compute

IAM Identity and Access Management

RDS Relational Database Service

S3 Simple Storage Service

VPC Virtual Private Cloud

VGW Virtual Private Gateway

AZ Availability Zone

8 Chapter 1: MDM Cloud Edition AWS Environment

EnvironmentEnvironments are located either in the production or non-production network (VPC).

For the attributes of the environment and the proposed monthly maintenance downtime window, see the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

Note: Based on the allotted time slot, Informatica will execute a monthly maintenance activity that requires a 4-hour downtime window. During the maintenance downtime, the environment will not be available.

Environment 9

C h a p t e r 2

Application AccessThis chapter includes the following topics:

• Application Access Overview, 10

• Accessing Application through VGW, 10

Application Access OverviewThe Informatica team configures all the application and database instances of the MDM Cloud Edition environments. You can access the environments through a Virtual Private Gateway (VGW) or the public internet. Using the IPSec tunnel, VGW securely connects your network to the Informatica Virtual Private Cloud (VPC).

Private application URL access

All applications have private URLs that are only accessible through VGW. There is no option to disable private URLs.

Public application URL access

The MDM and IDQ applications have public URLs that are accessible through VGW or public internet. You have an option to disable MDM public URL access. IDQ applications do not have public URLs and are only accessible through VGW. Informatica Developer tool also connects to IDQ services through VGW.

Note: Informatica does not provide support or license to any of the tools that you use to connect to each application. Ensure that you purchase the license for the respective tools to access the application. The tools that this guide refers to are only for demonstration purpose. Informatica does not recommend any tools to access any application, and it is your responsibility to choose the right tool to access the application.

For each MDM Cloud Edition environment, you get separate Elasticsearch server configured on a machine that does not have MDM. You do not have access to the Elasticsearch server, and you do not require to configure Elasticsearch. To enable Elasticsearch setup, raise a request with the Informatica Global Customer Support.

Accessing Application through VGWFor accessing the application through private or public URLs, use the URLs and the application passwords provided in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide. For security purposes, application passwords are provided in a separate document.

10

C h a p t e r 3

MDM Database AccessThis chapter includes the following topics:

• MDM Database Access Overview, 11

• Database Write Access, 12

• SSH Host and Database Configuration Values, 12

• Update Host Files for Developer Tool, 12

• Create a SSH Host, 13

• Create a Database Connection, 15

• Connect to MDM Database using an On-Premises Application, 17

MDM Database Access OverviewFor secure access to the MDM database, you must connect to the bastion host and create a database connection using Oracle SQL Developer and other applications. You can access MDM database only through the virtual private gateway and not through the public internet.

For all the production and non-production environments, read-only access and limited write access are provided.

The non-production environments are development, QA, user acceptance testing (UAT), system integration testing (SIT), or any other environment that is not a production environment.

Note: Due to security compliance, you will have additional privileges in the non-production environments than in the production environments. Before you start the development process, ensure that you understand the read and write permissions for the MDM database users in the production and non-production environments.

For access permissions of the users in the production and non-production environments, see the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

11

Database Write AccessInformatica provides limited database write access to expedite development and testing activities in non-prod environments.

Use the following guidelines on how this access must be used:

• Modify various ORS tables for development activities. For example, to re-run a match job in MDM, user may set the consolidation indicator column to four in the base object. MDM has SetRecordState SIF API to set this indicator for a specific record, however, it doesn't support processing of multiple records. To set consolidation indicator for multiple records, user can run database update query using the database write access.

• Test small batch jobs. Users can insert few records in the landing tables and run all MDM batch processes.

• Update settings for configuration parameters using the database write access. Few MDM configuration parameters are only available in the database, for example, STRIP_CTAS_DELETE_RATIO and STRIP_CTAS_DELETE_UPPER_LIMIT in the C_REPOS_TABLE.

• Create custom index on an MDM table using regsiterCustomIndex SIF API. The API only registers custom index in the MDM metadata tables. Users can create the physical index in the database using the database write access.

• Use database write access to create backup tables before making changes to any ORS tables. Ensure these backup tables are deleted after completing the required tasks.

• You cannot use write access does to create tables in the ORS schema. Users may need to create tables for the following example tasks:

- A source table for the ExecuteBatchUnmerge or ExecuteBatchDelete API.

- A table required for custom application development for supporting MDM User exit or E360/C360 external calls.

Note: For these activities, create a landing table in the ORS schema for these activities. This will allow the user to maintain and load data into the table using MDM and IDQ application.

SSH Host and Database Configuration ValuesThe values for the MDM database configuration attributes required to create a bastion NLB endpoints database connection are provided in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide. For security purposes, application passwords are provided in a separate document.

Update Host Files for Developer ToolUse a reverse DNS lookup to obtain the hostname when you access the features within the DQ client. To fix the performance issues that arise due to reverse DNS lookup, MDM Cloud Edition recommends that you update the client-side host files.

1. To get the hostnames of the development, QA, and production environments that are available in the Hosted DQ server, contact Customer Success Professional (CSP).

12 Chapter 3: MDM Database Access

2. Navigate to the following location:c:\windows\system32\drivers\etc\hosts

3. Update the hostname and the IP address in the windows host file for every DQ client machine.To update the host files, you require administrator access. As a workaround, you can run notepad as administrator to obtain the administrator access.

You can refer to the following example to update the host files:

<127.0.0.1 localhost localhost.localdomain>10.21.153.39 10-21-153-39-aws.com

Create a SSH Host1. In Oracle SQL Developer, click View > SSH.

A list of SSH hosts appear.

2. Right-click SSH Host and then click New SSH Host.

Create a SSH Host 13

The New SSH Host dialog appears.

3. Refer to the SSH Host and Database Configuration Values table in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide and enter the following details:

• Name.

• Bastion NLB Endpoints.

• Username.

• Port.

14 Chapter 3: MDM Database Access

• Select Use key file.

• Click Browse and select the key file.

• Select Add a Local Port Forward.

• Name

• Host

• Port

• Select Automatically assign a local port.

• Click OK .

The SSH host details are saved.

Create a Database Connection1. Open Oracle SQL Developer.

2. Click View > Connections.

The Connections dialog box appears.

3.Click icon and select New Database Connection.

Create a Database Connection 15

The New / Select Database Connection dialog box appears.

4. Refer to the Database Configuration table and enter the following details:

• Connection Name.

• Username.

• Password.

• Select Save Password.

• Select SID.

• Click Connect.

The new database connection will appear under SSH Hosts.

5. To validate the database connection, right-click SSH Host and then click Connect.

16 Chapter 3: MDM Database Access

6. Click Connect. The Connection test successful message appears confirming a successful database connection.

Troubleshooting TipIf you cannot connect to the new database, request your IT network administrator to validate the connectivity from your workstation to the bastion host and bastion host port. From your workstation, enter the following command:

telnet <Bastion Host><Bastion Host Port>

If the command times out, request your IT network administrator to verify if the firewall allows connection to the bastion host and port. If you still cannot connect, please contact the Informatica customer support team.

Connect to MDM Database using an On-Premises Application

1. Go to the server running the on-premises application.

Connect to MDM Database using an On-Premises Application 17

2. From the server CLI, run the following command:

ssh -m hmac-sha2-256 -N -i <fully qualified SSH_KEY_FILE> -L 1522:MDM_DB_HOSTNAME:1521dbaccess_user@BASTION_NLB_ENDPOINTSNote: You cannot run the command in PuTTY and Windows.

To establish connection to the MDM database through the Bastion host, you can run the preceding command in the Linux interface tools, such as MobaXterm, Cygwin, and Git Bash from your local system. This command also establishes connection between the Informatica Developer tool and the MDM database.

Note: To run the command in background, use the -f option.

Refer to the SSH Host and Database Configuration Values table in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide to get the following details:

• BASTION_HOST_IP

• SSH_KEY_FILE

• MDM_DB_HOSTNAME

18 Chapter 3: MDM Database Access

3. To connect to the MDM database, the on-premises application can use its own server 127.0.0.1 and port 1522.

Note: Ensure that port 1522 is not used in your application server. If port 1522 is used, enter another unused port.

Use the following image to refer to the connection details and its properties:

Connect to MDM Database using an On-Premises Application 19

C h a p t e r 4

Accessing AWS Amazon S3 Bucket

This chapter includes the following topics:

• AWS Amazon S3 Bucket Access Overview, 20

• Application Log Files, 21

• AWS S3 Bucket Configuration Values, 21

• Connect to the Add-ons, 21

• Connect to Amazon Private S3 Bucket, 21

• Connect to AWS PrivateLink - VPC Endpoint Service, 22

• Connect to Amazon WorkSpaces, 22

• Connect to Border Gateway Protocol (BGP), 24

• Connect to AWS Direct Connect, 24

• Connect Using S3 Browser, 25

• Attach VPC to Transit Gateway, 31

• Connect using PGP Encryption, 32

AWS Amazon S3 Bucket Access OverviewThe Informatica MDM Cloud Edition team configures dedicated Amazon S3 buckets for each environment to download and store application log and user data files. Use Amazon S3 connector in IDQ mapping to transfer data from Amazon S3 bucket to the MDM landing table. You can connect to Amazon S3 buckets using S3 browser, AWS CLI, or any other tools.

Note: Informatica does not provide support or license to any of the tools that you use to connect to the Amazon S3 bucket. Ensure that you purchase the license for the respective tools to access Amazon S3 bucket. The tools that this guide refers to are only for demonstration purpose. Informatica does not recommend any tools to access Amazon S3 bucket, and it is your responsibility to choose the right tool to access Amazon S3 bucket.

20

Application Log FilesThe application server log files replicate to the S3 buckets every 5 minutes.

To view the path where the application log files are stored, refer to the table in Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

AWS S3 Bucket Configuration ValuesTo successfully configure connection to the S3 buckets, use the values provided in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide. For security purposes, application passwords are provided in a separate document.

Note: As per the Informatica's security policy, the Amazon S3 keys are rotated for every 90 days. Informatica generates new Amazon S3 keys for the default Amazon S3 bucket connection and updates them in the Informatica Administrator tool. The existing keys are valid only for 10 days. Informatica sends an email notification to disable the existing keys, and it is your responsibility to update the existing keys. If you miss to update the keys, you might encounter issues. For additional assistance, contact Informatica Global Customer Support.

Connect to the Add-onsMDM Cloud Edition supports the following add-ons:

• Amazon Private S3 bucket access

• Amazon PrivateLink - VPC Endpoint Service

• Amazon WorkSpaces access

• Border Gateway Protocol(BGP) access

• Amazon Direct Connect

Note: You must purchase the add-ons to access them in your MDM Cloud Edition environment.

Connect to Amazon Private S3 BucketYou can connect to Amazon PrivateLink S3 bucket from your VPC endpoint. MDM Cloud Edition enables Amazon private S3 bucket access using Aviatrix PrivateS3 bucket. The Amazon private S3 bucket access is enabled with high availability in the production environment. During the disaster recovery phase, Amazon privateS3 Bucket access is provisioned in the MDM Cloud Edition environment.

Note: To access Amazon private S3 bucket, you must purchase the feature. The operations team provisions your environment with the Amazon private S3 bucket access based on the add-ons questionnaire in the Informatica® MDM Cloud Edition 2.0 AWS Provisioning Kick-start High Level Architecture Guide.

Application Log Files 21

Connect to AWS PrivateLink - VPC Endpoint ServiceYou can connect to the MDM Cloud Edition environment through the AWS PrivateLink solution without using public internet. MDM Cloud Edition creates a VPC Endpoint Service for the AWS PrivateLink solution using the existing internal or private Network Load Balancer (NLB).

For more details about AWS PrivateLink, see https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html

Configure VPC Endpoint Service to Enable AWS PrivateLink AccessAfter MDM Cloud Edition creates the VPC Endpoint Service, you must configure your VPC endpoint.

1. Configure the VPC Endpoint to subscribe to the VPC Endpoint Service of MDM Cloud Edition based on the VPC Endpoint Service name that MDM Cloud Edition creates.

2. Enable the DNS hostname and DNS resolution for your VPC Endpoint.

3. Configure your VPC Endpoint security group to accept the traffic using the HTTPS port 443 from the IP range that sends request to access the MDM Cloud Edition service.

4. Provide the ID of the VPC Endpoint to Informatica MDM Cloud Edition team to access the environment.

Based on the VPC Endpoint ID, the Informatica MDM Cloud Edition team approves your request to enable access to AWS PrivateLink. After MDM Cloud Edition approves your request, perform the following steps to complete the configuration:

1. Enable private Domain Name System (DNS) name from your VPC Endpoint.

2. Ensure that you can connect to the MDM HTTPS internal URL that you use from the VPC that you have configured for the VPC Endpoint to access the MDM Cloud Edition service.

Connect to Amazon WorkSpacesYou can use the Amazon WorkSpaces solution to connect to a remote desktop that provides access to the MDM Cloud Edition environment. The Amazon WorkSpaces solution does not require VPN access to connect to the MDM Cloud Edition VPC.

Note: To access Amazon WorkSpaces, you must purchase the feature from Informatica.

Ensure that you understand the following points before you purchase the Amazon WorkSpaces solution:

• The operations team provisions your environment with Amazon WorkSpaces access based on the add-ons questionnaire in the MDM Cloud Edition 2.0 AWS Provisioning Kick-start High Level Architecture Guide.

• After the WorkSpace is created, ensure that all the users in your WorkSpace receive email to reset their password.

• By default, internet access is blocked in Amazon WorkSpaces. To gain access to certain sites, contact Informatica Global Customer Support to whitelist the required IPs.

• Informatica recommends that you use Cyberduck to configure access to Amazon S3 bucket in Amazon WorkSpaces. For more details, see the preceding steps on configuring Amazon S3Bucket path using Cyberduck.

• Since the Amazon WorkSpaces in the MDM Cloud Edition environment are not encrypted using custom key, you cannot include any sensitive data when you use Amazon WorkSpaces.

22 Chapter 4: Accessing AWS Amazon S3 Bucket

• The auto-backup functionality in Amazon WorkSpaces allows restoration of the workspaces based on the availability of the workspaces. For more details, see the AWS WorkSpaces document.

• Informatica does not monitor or manage the workspaces.

• During disaster recovery, Informatica creates new workspaces.

Note: Informatica does not retrieve any data that you have stored in the workspaces while reprovisioning the workspaces in the DR process.

Configure Amazon S3 Bucket Path using CyberduckTo access Amazon S3 bucket in Amazon WorkSpaces, use Cyberduck.

1. Download Cyberduck from the following link:

https://cyberduck.io/download/

2. In Cyberduck, click File > Open Connection.

The Open Connection dialog box appears.

3. Enter the access key ID and secret access key.

4. In the More Options section, enter the Amazon S3 bucket path.

5. Click Connect.

Note: You must configure Amazon S3 bucket path in Cyberduck to access Amazon S3 bucket in the MDM Cloud Edition environment through Amazon WorkSpaces.

Connect to Amazon WorkSpaces 23

Connect to Border Gateway Protocol (BGP)You can access the MDM Cloud Edition environments through the BGP routing tunnel, instead of the normal Site2Cloud tunnel. The BGP access is enabled with high availability in the production and QA network environments. MDM Cloud Edition provisions BGP during the disaster recovery (DR) run.

Note: Ensure that you understand the following points before you purchase the BGP access:

• The operations team provisions your environment with BGP access based on the add-ons questionnaire in the MDM Cloud Edition 2.0 AWS Provisioning Kick-start High Level Architecture Guide.

• If you are an existing customer, you must provide the downtime to the operations team.

• The new gateways are accessed through public IPs. You must configure the new tunnel IP from your side.

Connect to AWS Direct ConnectTo connect to the MDM Cloud Edition VPC through AWS Direct Connect, you must establish a physical connection through AWS.

Informatica uses the following AWS Direct Connect methods to access the MDM Cloud Edition environment:

• AWS Direct Connect connection

• AWS Direct Connect virtual interface

Note: To access AWS Direct Connect, you must subscribe to the service.

To access MDM Cloud Edition environment through AWS Direct Connect connection, you must understand the following process:

1. Using AWS or partner's AWS Direct Connect console, you must initiate a request for AWS Direct Connect connection with your Informatica account.

2. Informatica provides the Amazon account ID that is required for the request.

3. Your request for AWS Direct Connect connection appears in the Informatica account for approval.Informatica confirms whether your request is from the right partner and then approves your request. After approval, Informatica completes the configurations and setup related to AWS Direct Connection. To complete the setup, you must answer the add-ons questionnaire in the MDM Cloud Edition 2.0 AWS Provisioning Kick-start High Level Architecture Guide.

4. Informatica completes the setup and configurations related to Amazon Direct Connect connection and provides the required configuration files from the virtual interface and shares the files with the customer network team.

To establish connectivity to MDM Cloud Edition VPC using the AWS Direct Connect connection, use the configuration files to complete the setup.

Note: If you have the AWS Direct Connect connection setup in your AWS account, you can use the AWS Direct Connect virtual interface connection.

To access MDM Cloud Edition environment through AWS Direct Connect virtual interface connection, you must understand the following process:

1. Create a virtual interface for the AWS Direct Connect connection available in your AWS account and assign the ownership to the Informatica Amazon account ID.

2. Raise a request for AWS Direct Connect virtual interface connection with your Informatica account.

24 Chapter 4: Accessing AWS Amazon S3 Bucket

Upon request, Informatica provides the Amazon account ID that is required for the request.

3. Your request for AWS Direct Connect virtual interface appears in the Informatica account for approval.To complete the setup, answer the add-ons questionnaire in the Informatica® MDM Cloud Edition 2.0 AWS Provisioning Kickstart Highlevel Architecture Guide after Informatica confirms and approves your request.

To establish connectivity to MDM Cloud Edition VPC using the AWS Direct Connect virtual interface connection, use the configuration files to complete the setup.

Connect Using S3 BrowserYou can connect to the MDM Cloud Edition S3 buckets using S3 Browser, which is a free Windows client tool.

1. Download the S3 Browser executable file from the following link:

http://s3browser.com/

2. After you install and open S3 Browser, the Add New Account window appears.

3. Enter the information in the following fields:

Field name Description

Account Name Enter a name for your account.

Account Type Amazon S3 Storage is the default storage type. You can select the storage type from the list.

Connect Using S3 Browser 25

Field name Description

Access Key ID Enter the access keys data provided in the Configuration Values table.

Secret Access Key The secret access key data is provided in a separate document.

Use Secure Transfer(SSL/TLS)

Select this option if you want to encrypt all communications with the S3 bucket.

4. Click Add New Account.

All S3 buckets appear in the S3 Browser window.

Connect Using Cloudberry S3 BrowserYou can connect to the MDM Cloud Edition S3 Buckets using Cloudberry Explorer for AWS S3 tool, which is a free Windows client tool to manage your S3 Buckets browser. Cloudberry also has a paid professional version of the tool.

1. Download the Cloudberry executable file from the following link:

https://www.cloudberrylab.com/download.aspx

2. Open Cloudberry Explorer, and click File > New Amazon S3 Account.

26 Chapter 4: Accessing AWS Amazon S3 Bucket

The Add New Amazon S3 Account window appears.

3. Enter the information in the following fields:

• Display name: Display Name for this bucket. Enter a name for your account.

Connect Using S3 Browser 27

• Select Use Access and Secret Keys and enter the following information:

- Access key: Enter the access keys data provided in the Configuration Values table.

- Secret key: The secret access key data is provided in a separate document.

• Select the Use SSL option.

4. Click Advanced.

The Advanced Option dialog box appears.

5. Select a primary region for your S3 bucket and click OK.

The Registered Accounts window appears.

6. Click Close.

7. Under Source, select the Amazon S3 account you registered. After you select your account, there are no S3 buckets listed in the left pane as shown in the image below:

28 Chapter 4: Accessing AWS Amazon S3 Bucket

8. Click the green cube icon.

The Add External Bucket dialog appears.

9. Enter the S3 bucket name.

Connect Using S3 Browser 29

10. Click OK.

Your S3 buckets appear in the left pane.

11. Click the S3 buckets to browse bucket content.

30 Chapter 4: Accessing AWS Amazon S3 Bucket

Connect to S3 Bucket Using AWS CLIThe MDM Cloud Edition environment has a default S3 connector that connects the MDM database to the S3 bucket.

1. Download and install the AWS Command Line Interface (CLI).

To install AWS CLI on Windows, Linux and macOS, see the following AWS documentation links:

• Windows: https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html

• Linux: https://docs.aws.amazon.com/cli/latest/userguide/install-linux.html

• macOS: https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html

2. Configure AWS user access.

Open CLI and run the following commands:

C:\>aws configureAWS Access Key ID [****************KADA]: <Informatica provided Key ID>AWS Secret Access Key [****************1MJ3]:<Informatica provided Access Key>Default region name [us-west-2]: < Informatica provided bucket region>Default output format [None]: <Do not change >

The Informatica MDM Cloud Edition team provides the AWS Access Key ID, Secret Access Key and Region ID.

3. To list the content of the bucket, run the following command from CLI:

C:\>aws s3 ls s3://<INFA provided S3 bucket name>

Attach VPC to Transit GatewayYou can access the MDM Cloud Edition environments through the VPC attachment to the transit gateways instead of the normal Site2Cloud tunnel. MDM Cloud Edition also provisions the VPC attachment to the transit gateways during the disaster recovery (DR) run.

Attach VPC to Transit Gateway 31

Note: Ensure that the customer has enabled the add-on feature in the Informatica MDM Cloud Edition 2.0 Provisioning Kick-Start High-Level Architecture guide. You can check with the MDM Cloud Edition project management team whether the customer has enabled the add-on feature.

• The operations team provisions your environment with the VPC attachment to transit gateway access based on the add-ons questionnaire in the Informatica MDM Cloud Edition 2.0 AWS Provisioning Kick-start High Level Architecture Guide.

• The transit gateway must be mandatorily hosted by the customer and Informatica will only accept the connection and not host it.

• Customers need to share the transit gateway from the same region in which the environment is deployed.

• After sharing, the customer must inform Informatica that they have shared it with Informatica account.

After sharing the transit gateway invite to the Informatica AWS account by the customer, there is no downtime needed from the Operations team.

Connect using PGP EncryptionPretty Good Privacy (PGP) is an encryption method that provides cryptographic privacy and authentication for data communication between a customer and the hosted MDM environment. Informatica and the customer generate a pair of private and public PGP keys for encryption and decryption of data files.

The PGP encryption implementation includes the encryption key generation and key rotation using the S3 bucket for sharing the key between the customer and hosted MDM environment. The customer cannot use key to encrypt or decrypt the inbound or outbound files for data transition. You must implement the method to use the keys generated for data or file transition.

For more information about implementation of the PGP encryption, contact Informatica Global Customer Support.

32 Chapter 4: Accessing AWS Amazon S3 Bucket

C h a p t e r 5

Connect Using PuTTYThis chapter includes the following topics:

• Connect Using PuTTY, 33

• PuTTY Configuration Values, 34

• Configuring PuTTY, 34

• Troubleshooting Tip, 38

• Transfer Files Using WinSCP, 39

Connect Using PuTTYYou can establish a SSH connection to the MDM Cloud Edition environments using PuTTY, which is a free Windows client tool.

Note: You do not have access to perform this task in an environment residing in the production network (VPC). You can only perform this task in an environment residing in the non-production network (VPC). Do not develop any solution that is dependent on this access.

The following table lists the privileges the user has for SSH access to MDM and IDQ instances:

Server Instance Privileges

MDM server instance - Full access to JBOSS installation folder.- Full access to MDM installation folder.- Full access to JDK installation folder.

IDQ server instance - Full access to IDQ installation folder.

You get one private key to SSH into MDM and IDQ server instances for the development environment. Informatica does not provide any additional keys to customers. We do not take any key provided by the customer to use in the MDM Cloud Edition environment.

You can perform the following activities upon access:

• Stop and start the JBOSS application server to restart MDM application.

• Stop and start IDQ.

• Modify MDM application property files. For example, cmxserver.properties or cmxcleanse.properties.

• Deploy and test custom applications in JBOSS that supports MDM User exit or E360 or C360 External Calls.

33

You must not perform the following activities upon access:

• Modify application server instance configuration.

• Modify operating system configuration.

• Download any third-party packages.

• Develop any solution dependent on SSH access.

• Enable or modify any communication port configuration.

To successfully connect using PuTTY, see the attributes and values in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

PuTTY Configuration ValuesTo successfully connect using PuTTY, see the attributes and values in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

Configuring PuTTY1. Download the PuTTY client from the following link:

https://www.putty.org/

2. From your local machine, open the PuTTY Configuration dialog box.

34 Chapter 5: Connect Using PuTTY

3. Enter the following details from the SSH Host Configuration Values table:

Field Name Description

Host name Enter the username and the server IP address.

Port 22

Saved Session Enter a name to save the session.

4. Expand SSH and expand Auth.

Configuring PuTTY 35

5. Click Browse and select the private key file.

The private key file must be in PPK format. If it is in PEM format, use PuTTYgen to convert the PEM file to PPK file format.

6. Click Session.

The Saved Sessions text box appears.

36 Chapter 5: Connect Using PuTTY

7. Click Save.

Configuring PuTTY 37

8. Validate the connection.

Select the saved session and click Open.

Troubleshooting TipIf you cannot connect to the new database, request your IT administrator to validate the connection from your workstation to the server IP address and port number.

1. From your workstation, enter the following command to validate bastion host connection:

telnet<Server IP> <Server Port>2. If the command times out, request your IT administrator to verify if the firewall is enabled to connect to

the bastion host and port.

3. Confirm with your IT administrator if the IP address is part of the encryption domain for the VPN tunnel. If you still cannot connect, contact the Informatica Global Customer Support (GCS) team.

For installing Telnet in Windows, see the following link:

https://social.technet.microsoft.com/wiki/contents/articles/38433.windows-10-enabling-telnet-client.aspx

38 Chapter 5: Connect Using PuTTY

Transfer Files Using WinSCPWinSCP is a SSH File Transfer Protocol or Secure File Transfer Protocol (SFTP) client for Windows to securely transfer files.

Note: You do not have access to perform this task in an environment residing in production network (VPC). You can only perform this task in an environment residing in a non-production network (VPC). Do not develop any solution that is dependent on this access.

You get one private key to SFTP into the MDM and IDQ server instances for the development environment. Informatica does not provide any additional keys to customers and does not use keys provided by customers to use in the MDM Cloud Edition environment.

You can perform the following activities upon access:

• The non-production server instances have limited disk space so you can transfer small data files. You must use the following command to display the disk size:df -h

• Transfer application deployment files.

• Transfer application property files.

You cannot perform the following activities upon access:

• Upload any software or third-party packages.

• Since the disk space is limited, you cannot upload any large files that utilize high disk space.

Perform the following steps to transfer files using WinSCP:

1. Download WinSCP from the following link:

https://winscp.net/eng/index.php

2. Log in to WinSCP.

The Login screen appears.

3. Select New Site and enter the required values.

Transfer Files Using WinSCP 39

4. Enter the following details from the SSH Host Configuration Values table:

Field Name Description

File protocol Select SFTP

Host name Enter the server IP address.

Port 22

Saved Session Enter a user name.

5. Click the Advanced drop-down list.

6. Select Advanced.

The Advanced Site Settings window appears.

40 Chapter 5: Connect Using PuTTY

7. Under SSH, click Authentication.

8. Under Private key file, click Browse and select the private key file. The private key file must be in PPK format. If it is in PEM format, use PuTTYgen to convert the PEM file to PPK file format.

9. Click OK.

The Login window appears.

10. Click Save.

Transfer Files Using WinSCP 41

C h a p t e r 6

Configuring IDQ Developer Tool for Secure Domain

This chapter includes the following topics:

• Configuring IDQ Developer Tool for Secure Domain, 42

• Connecting Informatica Developer Tool to Multiple MDM Cloud Edition Environments, 44

• Run MDM Batch Job Command Line Utility on IDQ Server Machine, 44

Configuring IDQ Developer Tool for Secure DomainTo enable communications within the domain, you must secure connections between the IDQ developer tool installed in the on-premises environment and IDQ database in the MDM Cloud Edition environment.

1. Create a shipping request to install IDQ Developer client tool.

Refer to the following knowledge base link for steps to install the IDQ Developer tool using Informatica Client Installer:https://kb.informatica.com/howto/6/Pages/21/533893.aspx?myk=Data%20Quality%20Client%20Download

2. Get the following 2 truststore certificates from the passwords zip file.

• infa_truststore.jks • infa_truststore.pemNote: Password zip file is sent separately to your Project Manager listed in the Informatica® MDM Cloud Edition 2.0 AWS Provisioning Kickstart HighLevel Architecture Guide.

3. In your local machine, go to the folder where you have installed the IDQ Developer tool.

4. Place the truststore certificate files in the following directory:

<IDQ Developer Tool Installation Folder>\tools\shared\security\Note: The default IDQ SSL certificates are stored in the default truststore installation directory. You do not need to set INFA_TRUSTSTORE and INFA_TRUSTSTORE_PASSWORD environment variables in the Informatica Developer tool machine.

5. Launch the Informatica Developer tool application.

6. Right-click New and then click Project.

The Connect to Repository dialog box appears.

42

7. Click Configure Domains.

8. Under Domains, select New Domain > Edit.

The Edit Domain dialog appears.

9. In the Host Name field, enter your server IP address and in the Port Number field enter 6005.

For IDQ server IP address, see the SSH Host Configuration Values table in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide.

The server IP address must be customer specific.

The following message appears:

Connection Successful10. Click OK.

For additional details about configuring Informatica client applications, see the following link:https://docs.informatica.com/data-quality-and-governance/data-quality/10-5-1/security-guide/domain-security/secure-communication-within-the-domain/secure-communication-for-services-and-the-service-manager/configuring-the-informatica-client-applications-to-work-with-a-s.html

Configuring IDQ Developer Tool for Secure Domain 43

Connecting Informatica Developer Tool to Multiple MDM Cloud Edition Environments

All the MDM Cloud Edition environments use the common IDQ domain and service names.

To connect to the IDQ domain in all your environments, you must use one of the following approaches:

• Download and install Informatica Developer tool in a separate installation directory for each environment. For example, for development, QA, and production environments, you can install in the following directories:

<IDQ Developer Tool Installation Base Folder>\dev\<IDQ Developer Tool Installation Base Folder>\qa\<IDQ Developer Tool Installation Base Folder>\prod\

• Download and install Informatica Developer tool in a single directory. Use multiple workspaces to connect to the different MDM Cloud Edition environments. Create a separate workspace directory for each environment. For detailed instructions to set up multiple workspaces, see the following link:https://docs.informatica.com/data-quality-and-governance/data-quality/10-5-1/installation-for-powercenter-and-data-quality/part-5--informatica-client-installation/install-the-clients/after-you-install/configure-the-developer-tool-workspace-directory.html

Run MDM Batch Job Command Line Utility on IDQ Server Machine

The MDM batch job command line utility is installed on the IDQ server machine in the following location:

/vibeinsdir/Informatica/mdm_execute_batch_utility

Before you run the MDM batch jobs, ensure that you update the connection property files in the following location:

/vibeinsdir/Informatica/mdm_execute_batch_utility/script/SiperianConnection. properties

To run the MDM batch jobs on the IDQ node, see the following sample MDM commands:

#sample sh command to run batch job

cd /vibeinsdir/Informatica/mdm_execute_batch_utility/scripts./mdm_exec_batch_proc.sh -username admin -password <encrypted admin password> - action stage -tablename C_SG_LGC_PARTY -mdmconnectionproperties/vibeinsdir/Informatica/mdm_execute_batch_utility/scripts/SiperianConnection.properties

#sample java command to run batch job

cd /vibeinsdir/Informatica/mdm_execute_batch_utility/jdk/bin./java -cp "/vibeinsdir/Informatica/mdm_execute_batch_utility/lib/*" com.informatica.mdm.tools.MDMExecuteBatch -username admin -password <encrypted admin password> -action stage -tablename C_SG_LGC_PARTY -mdmconnectionproperties /vibeinsdir/Informatica/mdm_execute_batch_utility/scripts/SiperianConnection.properties

#sample curl REST call

curl -s --connect-timeout 20 -X POST -H 'Content-type: text/xml' -d '<SIPERIAN_CLEANSE_REQUEST><TYPE>PING</TYPE></SIPERIAN_CLEANSE_REQUEST>' http://10.0.131.70:8080/cleanse/ | tr -d '\r'

44 Chapter 6: Configuring IDQ Developer Tool for Secure Domain

#sample curl SOAP call

curl --connect-timeout 20 --insecure -H 'Content-Type: text/xml;charset=UTF-8' -H 'SOAPAction: customer_authentication' -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:siperian.api"><soapenv:Header/><soapenv:Body><urn:authenticate><urn:username>admin</urn:username><urn:password><urn:password>'123@abc'</urn:password</urn:password></urn:authenticate></soapenv:Body></soapenv:Envelope>' https://10.0.131.70:8443/cmx/services/SifService | grep "<administrator>true"

Run MDM Batch Job Command Line Utility on IDQ Server Machine 45

C h a p t e r 7

Backing Up and RecoveringData in the MDM Cloud Edition environment is stored and automatically backed up in your primary region and the disaster recovery (DR) region.

The following table lists the data storage location with the backup and recovery strategy:

Data Storage Location

Backup and Recovery Strategy

EBS Volumes Application installation and configuration data are stored on EBS volumes. EBS volume back up is performed every 24 hours in the primary and DR region. A snapshot is retained for up to seven days. Application installation and configuration data is recovered by restoring EBS snapshots from the last seven days.

RDS Database RDS database backup is performed every 24 hours in the primary and DR region. A snapshot is retained for up to seven days. RDS database is recovered by restoring RDS snapshots from the last seven days.

S3 Buckets Versioning is enabled in all S3 Buckets. The S3 Bucket retains versions of all the objects for up to seven days. All objects in S3 buckets is recovered for up to seven days.

:

46

C h a p t e r 8

Loading Data into MDM Cloud Edition

This chapter includes the following topic:

• Loading Data into MDM Cloud Edition, 47

Loading Data into MDM Cloud EditionYou can load data in the MDM Cloud Edition database tables using the following approaches:

Batch Load Using S3 BucketYou can drop data files into S3 buckets and create a mapping in the IDQ application to load data from the S3 buckets to the MDM landing or staging tables.

If you purchase the IICS S3 connector, you can configure the S3 connector to read data from the on-premises database and create data files in the S3 bucket.

Batch Load from On-premise DatabaseTo transfer data from your on-premises database instance, configure a database connection and a mapping in hosted IDQ application. You cannot use the on-premises IDQ application to load data directly into the MDM landing or staging table.

Real TimeYou can use MDM application URLs listed in the table in VGW Access in the Informatica® MDM Cloud Edition 2.0 AWS Environment Reference Guide to consume real time APIs.

47

C h a p t e r 9

Appendix AThis chapter includes the following topics:

• Launch SOAP UI, 48

• Resolving SOAP UI Errors , 48

• Restarting the MDM Cloud Edition JBoss Server in Development Environment, 49

• Restarting the MDM Application Server, 50

• Updating the Properties Files in the MDM Application Server, 51

• Uploading Custom Parameter file in the IDQ Application Server, 54

• Updating odbc.ini File in the IDQ Application Server, 57

• Setting Up External Authentication for LDAP, 59

Launch SOAP UIMDM Cloud Edition supports Simple Object Access Protocol (SOAP) endpoint calls to make business entity services available as web services. You must import the WSDL file into the SOAP UI to run the authentication requests.

1. Download the latest version of the SOAP UI from the following link:

https://www.soapui.org/

2. Import the WSDL file into the SOAP project using the endpoint URL.

Use the following format of the endpoint URL:

<hub console URL>/services/SifServiceFor example, if the Hub Console URL is:

https://xxx-prodint.mdm.informaticahosted.com/cmx/The final endpoint URL is as follows:

https://xxx-prodint.mdm.informaticahosted.com/cmx/services/SifService3. Run the Authentication request in the SOAP UI.

Resolving SOAP UI ErrorsWhile installing the SOAP UI, you might encounter the following fatal error:

48

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Due to TLS v1.2 protocol compliance introduced in MDM 9.6.1 HotFix4, you can get the javax.net.ssl.SSLHandshakeException error. To resolve this issue, you must update the SOAP UI configuration to ensure TLS v 1.2 protocol is used.

1. From the command link, navigate to the following directory:

C:\Program Files\SmartBear\SoapUI-5.2.1\bin folder2. Open the SoapUI-5.2.1.vmoptions file with any text editor.

3. Add the following entry:

Dsoapui.https.protocols=TLSv1.2If required, you can enable other TLS versions using comma separated values. For example:

Dsoapui.https.protocols=TLSv1.0, TLSv1.1, TLSv1.24. Close and re-launch Soap UI.

Restarting the MDM Cloud Edition JBoss Server in Development Environment

Stop the MDM Application Server.

1. In the MDM application server, log in with the following user name:customer_user

2. From the command line, navigate to the following directory:/mdminsdir/jboss-eap/bin

3. Run the following command:./stop.shIf the process does not stop in about 3 minutes, perform the following steps:

1. Find the process to kill the JBOSS virtual machine.From the command line, enter the following command:

ps -ef | grep "/mdminsdir/jboss-eap/jboss-modules.jar"2. Kill PID identified in the preceding step. If there is a separate Smart Search, you will find two PID's.

Start the MDM Application Server.

1. Log in as customer_user through the MDM application server.

2. From the command line, navigate to the following directory:/mdminsdir/jboss-eap/binNote: For 10.3 GA environments and prior, use jboss-eap-6.4 command instead of jboss-eap.

3. Execute the following command:./run.shNote: Smart Search runs on a different application server and not on the MDM server. You do not have access to the Smart Search server.

Restarting the MDM Cloud Edition JBoss Server in Development Environment 49

Restarting the MDM Application ServerYou can restart the MDM application server for all the single node environments. You must create the execcommands.txt file and configure parameters to perform the restart operation.

1. Navigate to the following Amazon S3 bucket directory:operations/mdm/mdm_server_restart/customer/

2. Add a file named execcommands.txt.Use the sample.txt file as a template for the execcommands.txt file. You can find the file in the following AmazonS3 bucket location:

operations/mdm/mdm_server_restart/current/sample.txt3. Configure the following properties in the execcommands.txt file:

• username: Name of the administrator user to access the MDM Hub.

Note: Only administrator can restart the MDM application server.

• password : Password of the specified user name. Specify the password based on the value that you set in the encryption property.To get the encrypted password for the MDM version 10.4, run the following command in the development environment:

java -classpath /mdminsdir/hub/server/lib/siperian- api.jar:/mdminsdir/hub/server/lib/siperian- common.jar:/mdminsdir/hub/server/lib/siperian-server.jar com.delos.util.PublicKeyBasedEncryptionHelper <password>/mdminsdir/hub/server | grep Encrypted | cut -d ' ' -f 3

Replace <password> with the actual password.

To get the encrypted password for the MDM version10.3, run the following command in the development environment:

java -classpath /mdminsdir/hub/server/lib/siperian- common.jar:/mdminsdir/hub/server/lib/commons-validator-1.4.0.jar com.siperian.common.security.Blowfish PASSWORD_KEY <password> | grepEncrypted | cut -d ' ' -f 3

Replace <password> with the actual password.

• action: Required action to perform on the application server. The supported action is restart.

• app_server: Specify the application server name. The supported value is mdm.

• encryption: Specify whether you want to use an encrypted or actual password. Set true to use an encrypted password.

The following sample configuration restarts the application server that the MDM Hub uses:

username:<enter username here> password:<enter password here> action:restartapp_server:mdm encryption:false

Note: Ensure that you do not add any space in the file and use : as a separator between the field name and field value. You must enter all the field values in lowercase except the user name and password. You must not enclose the values in " ".

Restart begins within a maximum of five minutes after you add the execcommands.txt file.

After you add the execcommands.txt file, the following directory includes different files that indicate the status of the restart operation:

operations/mdm/mdm_server_restart/customer/

50 Chapter 9: Appendix A

The following table lists the different files that you might see in the customer directory:

Field Name Description

readme.txt File that contains details about the MDM application server restart operation.

execcommands.txt File that you upload to perform the restart operation.Note: After the restart operation begins, the execcommands.txt file is automatically deleted.

execcommands.txt_failed File that the application server adds if the restart operation fails.

execcommands.txt_processed File that the application server adds if the restart operation succeeds.

processing.txt File that indicates that the restart request is in progress.Note: If you have the processing.txt file in the folder, do not perform any other operation.

wait.txt File that the server adds if the restart request cannot be processed at that point of time.Note: If you want to begin the restart process, upload the execcommands.txt file after the wait.txt file is removed.

Note: The execcommands.txt_failed and execcommands.txt_processed files are deleted when you again perform the restart operation. Add the execcommands.txt file to trigger the restart operation.

View Restart Log FileThe mdm_server_restart.log file contains logs of the restart operation that the execcommands.txt file triggers. You can view the mdm_server_restart.log file in the following Amazon S3 bucket location:

operations/mdm/mdm_server_restart/logs/

Note: The last line in the log file must specify <Operation Successful> or <Operation Failed>. If you do not find this message, the restart process might have encountered an exception. For more details, contact Informatica Global Customer Support.

For more details about restarting the MDM application server, see https://youtu.be/LW1_JKMhMEY

Updating the Properties Files in the MDM Application Server

You can read and write property files in the MDM application server for all the single node environments. Perform the following steps to update the cmxserver.properties and cmxcleanse.properties files:

1. Navigate to the following AmazonS3 bucket directory to view all the files related to the MDM update property functionality:operations/mdm/mdm_readwrite_properties/*

Updating the Properties Files in the MDM Application Server 51

2. View a copy of the cmxserver.properties and cmxcleanse.properties files in the following Amazon S3 bucket location.operations/mdm/mdm_readwrite_properties/current/

3. Create a new file with the same file name as mentioned in the execcommands.txt file.

Note: Download the property file from the Amazon S3 bucket directory and modify the required changes in the new property file. The new file is the modified version of the existing property file.

4. Navigate to the following directory:operations/mdm/ mdm_readwrite_properties /customer/

5. Upload the modified file in the following location:operations/mdm/mdm_readwrite_properties/customer/Note: Ensure that you mention correct attributes and values before updating the cmxserver.properties or cmxcleanse.properties file. The ssl.keystore.password and ssl.truststore.password is masked for security reasons. Ensure that you do not alter the password fields. Contact Informatica Global Customer Support to update the password.

6. Prepare the execcommands.txt file by configuring the following properties in the execcommands.txt file:

• username: Name of the administrator user to access the MDM Hub.

Note: Only the administrator can update the read and write properties in the MDM application server.

• password : Password of the specified user name. Enter the password based on the value that you set in the Encryption field.To get the encrypted password for the MDM version 10.4, run the following command in the development environment:

java -classpath /mdminsdir/hub/server/lib/siperian- api.jar:/mdminsdir/hub/server/lib/siperian- common.jar:/mdminsdir/hub/server/lib/siperian-server.jar com.delos.util.PublicKeyBasedEncryptionHelper <password>/mdminsdir/hub/server | grep Encrypted | cut -d ' ' -f 3

Replace <password> with the actual password.

To get the encrypted password for the MDM version10.3, run the following command in the development environment:

java -classpath /mdminsdir/hub/server/lib/siperian- common.jar:/mdminsdir/hub/server/lib/commons-validator-1.4.0.jar com.siperian.common.security.Blowfish PASSWORD_KEY <password> | grep Encrypted | cut -d ' ' -f 3

Replace <password> with the actual password

• action: Required action to perform on the application server. The supported action is update.

• app_server: Name of the application server that contains the properties file. The supported application server is mdm.

• file: Name of the file to update. The supported files are cmxserver.properties and cmxcleanse.properties.

• restart: Specify whether you want to restart the application server after you update the property files. The supported values are true and false.

• encryption: Specify whether you want to use an encrypted or actual password. The supported values are true and false.

Note:

• If the encryption field is set to true, enter the encrypted password.

• If encryption field is set to false, enter the password.

A sample execcommands.txt file is available in the following Amazon S3 bucket location:

operations/mdm/mdm_readwrite_properties/current/sample.txt

52 Chapter 9: Appendix A

The following sample configuration updates the property file in the application server that the MDM Hub uses:

username:<enter username here> password:<enter password here> action:updateapp_server:mdm file:cmxserver.properties restart:false encryption:true

Note: Ensure that you do not add any space in the file and use : as a separator between the field name and field value. You must enter all the field values in lowercase except the user name and password. You must not specify the values using " " .

7. Add the execcommands.txt file in the following Amazon S3 bucket location:operations/mdm/mdm_readwrite_properties/customer/

The update begins within a maximum of five minutes after you add the execcommands.txt file. The update process is started when you see a file named processing.txt is added to the customer folder.

You can view a list of files in the following Amazon S3 bucket directory:

operations/mdm/mdm_readwrite_properties/customer/

The following table lists the different files that you might see in the customer directory:

Field Name Description

readme.txt File that contains details about updating the property file in the MDM application server.

execcommands.txt File that you add to perform the update process.Note: After the update operation begins, the execcommands.txt file is automatically deleted.

execcommands.txt_failed File that the server adds if the update process fails.

execcommands.txt_processed File that the server adds if the update process succeeds.

cmxserver.properties or cmxcleanse.properties

Modified property file uploaded in the Amazon S3 bucket location.Note: If the update process begins, the file is automatically deleted.

processing.txt File that indicates that the update request is in progress.Note: If you have the processing.txt file in the folder, do not perform any other operation.

wait.txt File that the server adds if the update request cannot be processed at that point of time.Note: If you want to begin the update process, upload the execcommands.txt file after the wait.txt file is removed.

Note: The execcommands.txt_failed and execcommands.txt_processed files are deleted when you again perform the update operation. Add the execcommands.txt file to trigger the update operation.

You can view a list of files in the following Amazon S3 bucket location:

Updating the Properties Files in the MDM Application Server 53

operations/mdm/mdm_readwrite_properties/current/

File name Description

sample.txt Sample file for execcommands.txt file that is specific to the MDM read and write properties.

cmxserver.properties or cmxcleanse.properties

The recent property files present in the MDM application server.Note: After updating the files, if you skip to restart the MDM application server the updated properties file is reflected in the specified location. In this case, the updated file is not effective in the MDM application server, unless you restart the application server.

Viewing the Update Log FileThe mdm_readwrite_properties.log file contains logs of the update operation that the execcommands.txt file triggers.

You can view the mdm_readwrite_properties.log file in the following Amazon S3 bucket location:

operations/mdm/mdm_readwrite_properties/logs/

Note: The last line in the log file must specify <Operation Successful> or <Operation Failed>. If you do not find this message, the update process might have encountered an exception. For more details, contact Informatica Global Customer Support.

Uploading Custom Parameter file in the IDQ Application Server

You can upload the parameter file to a specific location in the IDQ application server for all the single node environments. To perform the upload operation, you must provide the parameter file and specify the location in the IDQ machine to upload the file.

Before you upload the parameter file, understand the following supported functions:

• If you have an existing parameter file in the specified location in the IDQ machine, the newly uploaded parameter file overwrites the existing file.

• If the specified directory does not exist in the IDQ machine, your upload request cannot be processed.

• If the specified directory exists but the specified parameter file does not exists, then the newly uploaded file is copied to the specified location.

To upload the custom parameter file in the IDQ application server, perform the following steps:

1. Connect to all the files in the AmazonS3 bucket location:operations/idq/idq_upload_parameters/*

2. Prepare the parameter file in the .xml format.

Note: The supported file format is .xml and the file size must be less than 1 MB. The uploaded parameter file is validated against the existing .xsd schema file. The .xsd file is available in the following AmazonS3 bucket location:

operations/idq/idq_upload_parameters/current/parameter_file_schema_1_0.xsd

54 Chapter 9: Appendix A

3. Add the parameter file in the following Amazon S3 bucket location:operations/idq/idq_upload_parameters/customer/

4. Prepare the execcommands.txt file by configuring the following properties in the execcommands.txt file:

• username: Name of the administrator user to access the IDQ domain.

Note: Only the administrator can upload the parameter file in the IDQ application server.

• password: Password of the specified user name.

• action: Required action to perform on the application server. The supported action is upload.

• app_server: Name of the application server. The supported application server is idq.

• file: Absolute file location in the IDQ application server where you want to upload the parameter file.

Note: Ensure that the file location is within the application volume. It must be under /vibeinsdir/*. The file location must not be within the following IDQ installation folder: /vibeinsdir/Informatica/* If the file location is specified the preceding folder, the upload request cannot be processed.

The parameter file name that you define in the file location and the name of the file that you upload must match.

A sample execcommands.txt file is available in the following Amazon S3 bucket location:

operations/idq/idq_upload_parameters/current/sample.txtThe following sample configuration uploads the parameter file in the IDQ application server:

username:<enter user name here> password:<enter password here> action:uploadapp_server:idq file:<Absolute file path>

Note: Ensure that you do not add any space in the file and use : as a separator between the field name and field value. You must enter all the field values in lowercase except the user name, password, and the file path. You must not specify the values using " ".

5. Upload the execcommands.txt file to the following AmazonS3 bucket location:operations/idq/idq_upload_parameters/customer/Note: Ensure that you upload the parameter file first and then the execcommands.txt file.

The upload process begins within a maximum of five minutes.

Note: You cannot append the same names for the two parameter files even if the directories are different. For example, if you have uploaded pathto/directory/file.xml using the upload feature. You cannot upload another file with the same name pathto/differentdir/file.xml.

You can view a list of files in the following Amazon S3 bucket location:

operations/idq/idq_upload_parameters/customer/

File name Description

readme.txt File that contains details about uploading parameter files to the IDQ application server.

execcommands.txt File that you add to perform the upload process.

execcommands.txt_f ailed

File that the server adds if the upload process fails.

Uploading Custom Parameter file in the IDQ Application Server 55

File name Description

execcommands.txt_ processed

File that the server adds if the upload process succeeds.Note: If the upload operation is started the next time, the execcommands.txt_processed file is automatically deleted.

parameter file in .xml format

Parameter file that is uploaded in the Amazon S3 bucket location.Note: If the upload process begins, the file is automatically deleted.

processing.txt File that indicates that the upload request is in progress.Note: If you have the processing.txt file in the folder, do not perform any other operation.

wait.txt File that the server adds if the upload request cannot be processed at that point of time.Note: If you want to begin the upload process, add the execcommands.txt file after the wait.txt file is deleted.

Note: The execcommands.txt_failed and execcommands.txt_processed files are deleted when you again perform the upload operation.

You can view a list of files in the following Amazon S3 bucket location:

operations/idq/idq_upload_parameters/current/

File name Description

sample.txt Sample file for execcommands.txt file that is specific to the IDQ parameter file upload feature.

parameter file in .xml format If the upload process succeeds, the parameter file is uploaded to the IDQ application server. The parameter file is uploaded back to the above location with the same file name.

parameter_file_schema_1_0.xsd File that validates the uploaded parameter file in .xml format.

DONT_EDIT_OR_REMOVE.txt File that contains the location of the parameter files that were previously uploaded. The location of the parameter files is used to sync the parameter files to the Amazon S3 bucket.Note: You must not edit or delete this file to avoid discrepancies while syncing the parameter files.

View Update Log FileThe idq_upload_parameters.log file contains logs of the upload process that the execcommands.txt file within the IDQ application server.

You can view the log file of the IDQ property file upload process in the following directory:

operations/idq/idq_upload_parameters/logs/

Note: The last line in the log file must denote <Operation Successful> or <Operation Failed>. If you do not find this message, the upload process might have encountered an exception. For more details, contact Informatica Global Customer Support.

For more details about uploading the parameter file in the IDQ application server, see https://youtu.be/oW9bgDSNGNs

56 Chapter 9: Appendix A

Updating odbc.ini File in the IDQ Application ServerYou can update the odbc.ini file in the IDQ application server for all the single node environments.

You must understand the following points when you update the odbc.ini file:

• You cannot modify or delete the default sections in the odbc.ini file You can only add, modify, and delete the custom sections that you create in the odbc.ini file.You can view the following default sections in the odbc.ini file:

•ODBC Data Sources

•MYSQL Wire Protocol

•Progess OpenEdgeWire Protocol

•OpenEdge Wire Protocol

•Greenplum Wire Protocol

• Informix Wire Protocol

•Sybase Wire Protocol

•DB2 Wire Protocol

•Oracle Wire Protocol

•EnterpriseDB Wire Protocol

•SWL Server Wire Protocol

•Teradata

•ODBC

• The default sections in the myodbc.ini file that you upload is deleted from the myodbc.ini file.

• All the custom sections that you add in the myodbc.ini file in the Amazon S3 bucket is replaced with the custom sections available in the odbc.inifile in the IDQ node.

• You can view the custom sections that are available in the odbc.ini file in the following Amazon S3 bucket directory:operations/idq/idq_update_odbc/current/myodbc.ini

1. Connect to all the file in the following Amazon S3 bucket location:operations/idq/idq_update_odbc/*

2. Create a file named myodbc.ini.

Note: myodbc.ini file contains custom sections that you can add to the odbc.ini file. If you are modifying a particular section, update the section and include all the custom sections in the myodbc.ini file. All the custom sections in the odbc.ini file is replaced with the custom sections in the myodbc.ini file. Only the custom sections that are available in the myodbc.ini file are added to the odbc.inifile.

3. Upload the myodbc.ini file in the following location:operations/idq/idq_update_odbc/customer/You can check the example scenarios for the myodbc.ini file in the sample.txt file.

4. Prepare a file named execcommands.txt file. Use the sample.txt as a template for the execcommands.txt file.

5. Configure the following properties in the execcommands.txt file:

• username: Enter the administrator name for the IDQ domain.

Note: Only the administrator users can update the odbc.ini file in the IDQ application server.

Updating odbc.ini File in the IDQ Application Server 57

• password: Enter the password for the administrator username here.

• action: Required action to perform on the IDQ application server. The supported action is update.

• app_server: Name of the application server that contains the odbc.ini file. The supported application server is idq.

A sample execcommands.txt file is available in the following Amazon S3 bucket location:

operations/idq/idq_update_odbc/current/sample.txtThe following sample configuration of execcommands.txt file updates the odbc.ini file in the IDQ application server:

username:<enter user name here> password:<enter password here> action:updateapp_server:idq

Note: Ensure that you do not add any space in the file and use : as a separator between the field name and field value. You must enter all the field values in lowercase except the user name and password. You must not specify the values using " ".

6. Upload the execcommands.txt file in the following Amazon S3 bucket location:operations/idq/idq_update_odbc/customer/Note: Ensure that you upload the myodbc.ini file first and then the execcommands.txt file.

The update process begins within a maximum of five minutes.

You can view a list of files in the following Amazon S3 bucket location:

operations/idq/idq_update_odbc/customer/

Field Name Description

readme.txt File that contains details about updating the odbc.ini file to the IDQ application server.

execcommands.txt File that you add to trigger the update operation.

execcommands.txt_failed File that the server adds if the update process fails.

execcommands.txt_processed File that the server adds if the update process succeeds.

myodbc.ini File that contains the custom sections that you want to add or modify in the odbc.ini file.Note: The custom sections in the odbc.ini file is replaced with the custom sections in the myodbc.ini file. After the update process begins, the myodbc.ini file is deleted from Amazon S3 bucket.

processing.txt File that indicates that the update request is in progress.Note: If you have the processing.txt file in the folder, do not perform any other operation.

wait.txt File that the server adds if the update request cannot be processed at that point of time.Note: If you want to begin the update process, upload the execcommands.txt file after the wait.txt file is removed.

Note: The execcommands.txt_failed and execcommands.txt_processed files are deleted when you again perform the update operation.

You can view a list of files in the following Amazon S3 bucket location:

58 Chapter 9: Appendix A

operations/idq/idq_update_odbc/current/

File name Description

sample.txt File that contains a sample of the execcommands.txt file and two example scenarios.Note: You can refer to the example cases before you update the odbc.ini file.

myodbc.ini File that contains the custom sections available in the odbc.ini file in the IDQ application server.

View Update Log FileThe idq_update_odbc.log file contains logs of the update process that was triggered by the execcommands.txt file.

You can view the log files in the following directory:

operations/idq/idq_update_odbc/logs/

Note: The last line in the log file must denote <Operation Successful> or <Operation Failed>. If you do not find this message, the update process might have encountered an exception. For more details, contact Informatica Global Customer Support.

For more details about updating odbc.ini on HMDM IDQ application server, see https://youtu.be/wQkxNz836Ak

Setting Up External Authentication for LDAPYou can set up external authentication in the MDM Cloud Edition environment using the LDAP authentication standard. For more information, see the External Authentication topic in the following Informatica®

Multidomain MDM Security Guide:

https://docs.informatica.com/master-data-management/multidomain-mdm/10-4-hotfix-2/security-guide/security-providers/external-authentication/adding-a-login-module.html

Setting Up External Authentication for LDAP 59