Académique Documents
Professionnel Documents
Culture Documents
5
Level I Administrator
Student Guide
Version L1A_20080313
Preface
iii
Audience
This course is designed for PowerCenter administrators or developers with minimal experience using
PowerCenter 8 or 8.5. You should also be familiar with basic database and data integration terminology
and comfortable with the use of the Microsoft Windows operating system.
Document Conventions
This guide uses the following formatting conventions:
If you see
It means
Example
>
boldfaced text
UPPERCASE
T_ITEM_SUMMARY
italicized text
Note:
Tip:
Informatica Documentation
Informatica Customer Portal
Informatica web site
Informatica Developer Network
Informatica Knowledge Base
Informatica Professional Certification
Informatica Technical Support
The site contains information on how to create, market, and support customer-oriented add-on solutions
based on interoperability interfaces for Informatica products.
Providing Feedback
Email any comments on this guide to education@informatica.com.
WebSupport requires a user name and password. You can request a user name and password at
http://my.informatica.com.
North America / South America
Asia / Australia
Informatica Corporation
Headquarters
100 Cardinal Way
Redwood City, California
94063
United States
Toll Free
877 463 2435
Toll Free
00 800 4632 4357
Toll Free
Australia: 00 11 800 4632 4357
Singapore: 001 800 4632 4357
Standard Rate
United States: 650 385 5800
Standard Rate
Belgium: +32 15 281 702
France: +33 1 41 38 92 26
Germany: +49 1805 702 702
Netherlands: +31 306 022 797
United Kingdom: +44 1628 511 445
Standard Rate
India: +91 80 5112 5738
0.1
Course Introduction
0.2
Course Introduction
Module Agenda
> This module provides an introduction to:
Instructor and class participants
Training site information
Course:
> Audience and prerequisites
> Goal and objectives
> Methodology and materials
> Agenda
> Document conventions
2 of 26
0.3
Course Introduction
3 of 26
0.4
Course Introduction
> Telephones
> Questions?
4 of 26
0.5
Course Introduction
Course Audience
> This course is designed for Administrators of
PowerCenter 8.5
Server Administrators
PowerCenter Developers
5 of 26
0.6
Course Introduction
Course Prerequisites
> Skills assumed by the course material/required to
successfully complete the course
6 of 26
0.7
Course Introduction
Course Goal
> To enable participants to administer the
PowerCenter 8 Service-Oriented Environment
7 of 26
0.8
Course Introduction
Course Objectives
Describe, create and implement the primary elements
of PowerCenters Service Oriented Architecture.
Create and implement a PowerCenter Security Domain
Create and implement Deployment Strategies
Use Command-Line Scripting to perform many
administrative functions
Develop and implement a PowerCenter Recovery
Strategy
8 of 26
0.9
Course Introduction
Course Methodology
> Subject matter is delivered via:
Lecture and slide presentations
Software demonstrations
Class discussions
Hands-on labs
Simulated exercises
9 of 26
0.10
Course Introduction
Course Materials
> Student Guide
All slides presented during lecture
Notes that provide additional information and
references
> Media
Best Practices PDF
10 of 26
0.11
Course Introduction
Unit 2.
Best Practices
Unit 3.
Implement
Environment
Unit 4.
Configuring
Services
Unit 5.
Unified Security
Unit 6.
Repository
Management
Unit 7.
Deployments
Unit 8.
Command-Line
Programs
Unit 7.
Subject Areas
11 of 26
0.12
Course Introduction
Document Conventions
If you see
It means
Example
>
Boldfaced text
UPPERCASE
T_ITEM_SUMMARY
Italicized text
Note:
Tip:
12 of 26
0.13
Course Introduction
13 of 26
0.14
Course Introduction
Informatica Documentation
> Can be accessed:
From the product CD
Using online help
14 of 26
0.15
Course Introduction
15 of 26
0.16
Course Introduction
16 of 26
0.17
Course Introduction
17 of 26
0.18
Course Introduction
18 of 26
0.19
Course Introduction
> Specific
19 of 26
0.20
Course Introduction
20 of 26
0.21
Course Introduction
Informatica Technical
Support Centers
21 of 26
Informatica Corporation
Headquarters
100 Cardinal Way
Redwood City, CA, 94063 United
States
Toll Free 877 463 2435
Standard Rate US 650 385 5800
Europe/Middle East/Africa
45
Asia/Australia
0.22
Course Introduction
22 of 26
0.23
Course Introduction
23 of 26
0.24
Course Introduction
24 of 26
0.25
Course Introduction
Summary
> This module provided an introduction to:
Instructor and class participants
Training site information
Course:
> Audience and prerequisites
> Goal and objectives
> Methodology and materials
> Agenda
> Document conventions
25 of 26
Course Introduction
0.26
1.1
1.2
Module Objectives
After completing this module you will be able to:
Discuss the essentials of the PowerCenter 8.5 Architecture
2 of 18
1.3
1
Sources
Native drivers/
ODBC
Domain
Integration
Service
Native drivers/
ODBC
Targets
TCP/IP
TCP/IP
ODBC
TCP/IP
Repository
Service
Repository
Service Process
PowerCenter Client
HTTPS
Administration
Console
Security Domain
Native drivers
Repository
3 of 18
1.4
Domain Node
A logical name assigned to a physical machine
Node has physical attributes (HostName, PortNo)
4 of 18
1.5
Gateway Node
Created during installation
Additional Gateway Nodes can be created as
backups
One Gateway Node serves as the Master
The Master Gateway Node receives requests from
clients and routes them to the appropriate services
Purpose of the Gateway node:
Note
5 of 18
Every domain must have one and only one node designated as the Gateway
node. However, with the High Availability feature, one or more backup gateway
nodes may also be designated for failover.
1.6
Worker Node
Can run Application Services
Can not act as a Gateway
Uses information from the nodemeta.xml file to connect
to the domain
6 of 18
1.7
PowerCenter 8 Services
The functionality of PowerCenter 8 is provided by
services, including:
Service Manager
Manages application services
Provide functions internal to the workings of the product
Always required and running
Application Services
Configured by Informatica Administrator
Provides key visible functions
External clients directly interact with these services
7 of 18
Note
The terms PowerCenter Server and Repository Server are no longer used in
PowerCenter 8.
Application Services
1.8
Service Manager
Primary control point for PowerCenter Services
Runs as a lightweight service on a Web application
server - Tomcat
Provides functions including:
Security: authentication and authorization
Configuration: domains and nodes
General functionality: alerts, licensing, and logging
8 of 18
1.9
PowerCenter
Service
Manager
Repository
Database
Web Services
Hub Service
Gateway
(Backup)
SAP BW
Service
Logs
Integration
Service
Grid
Gateway
(Primary)
Domain
Metadata
Log
Operation
9 of 18
1.10
Repository
Database
Web Services
Hub Service
Repository
Service (P)
Logs
SAP BW
Service
Integration
Service
Grid
Master
Gateway
Domain
Metadata
Integration
Service (P)
Repository
Service (B)
Note
10 of 18
1.11
11 of 18
Log Manager runs on the master gateway node. It collects and processes log events for
Service Manager domain operations and application services. The log events contain
operational and error messages for a domain. The Log Manager receives log events from
the Service Manager and the application services. When the Log Manager receives log
events, it generates log event files. Those log events files are viewable in the
Administration Console.
The Log Agent runs on the nodes to collect and process log events for session and
workflows. Sessions log events include information about the tasks performed by the
Integration Service, session errors, and load summary and transformation statistics for
the session. Workflow log events include information about tasks performed by the
Integration Service, workflow processing, and workflow errors. Session and Workflow log
events are viewable with the Log Events window in the Workflow Monitor.
1.12
Domain Administration
Single primary PowerCenter Administrator
Created during installation
Other Administrators can be assigned ownership
(write permission) for:
Nodes
Services
Folders, including nested folders
12 of 18
1.13
Domain Metadata
Domain metadata is stored in an RDBMS
Stored in small set of tables using BLOBs
Upgrade plan must include a schema for these
tables
Typically <10Mb
Domain Metadata
Authentication
Configuration
Resource Map
13 of 18
Note
Slide 13
IC3
Why do you say that there are only 4 tables? It looks to me that there are 11 tables comprising the domain
metadata.
1.14
PCSF_CPU_USAGE_SUMMARY
PCSF_DOMAIN
PCSF_MASTER_ELECTION
PCSF_MASTER_ELECT_LOCK
PCSF_REPO_USAGE_SUMMARY
PCSF_RUN_LOG
14 of 18
Each time you make a change to the domain, the Service Manager writes the change to the domain
configuration. For example, when you add a node to the domain, the Service Manager adds the node
information to the domain configuration. The gateway nodes use a JDBC connection to access the domain
configuration database.
Perform the following domain configuration management tasks:
Back up the domain configuration
Restore the domain configuration
Migrate the domain configuration
Configure the connection to the domain configuration database
Custom properties - Use custom properties only if Informatica Global Customer Support instructs
you to do so
Slide 14
IC4
Same here, it looks to me that there are 11 tables comprising the domain metadata. The new security tables
are not included here.
1.15
15 of 18
1.16
16 of 18
1.17
Summary
This module showed you how to:
17 of 18
1.18
2.1
Best Practices
2.2
Best Practices
Module Objectives
After completing this module you will be able to:
Configure a PowerCenter 8.5 environment using
recognized Best Practices
2 of 20
2.3
Best Practices
Naming Conventions
Velocity Best Practices recommend naming
conventions for Administrative objects
Smoothes migrations
Improves readability
3 of 20
2.4
Best Practices
Repository Objects
Should be named descriptively
L for Local or G for Global
Service Type prefix
Velocity Recommends REPO_SVC
4 of 20
2.5
Best Practices
5 of 20
2.6
Best Practices
6 of 20
If ODBC DSNs are different across multiple machines, there is a risk of analyzing the same table
using different names. For example, machine1 has ODBS DSN Name0 that points to database1.
TableA gets analyzed in on machine 1. TableA is uniquely identified as Name0.TableA in the
repository. Machine2 has ODBS DSN Name1 that points to database1. TableA gets analyzed in on
machine 2. TableA is uniquely identified as Name1.TableA in the repository. The result is that the
repository may refer to the same object by multiple names, creating confusion for developers,
testers, and potentially end users.
Also, refrain from using environment tokens in the ODBC DSN. For example, do not call it
dev_db01. When migrating objects from dev, to test, to prod, PowerCenter can wind up with
source objects called dev_db01 in the production repository. ODBC database names should
clearly describe the database they reference to ensure that users do not incorrectly point sessions
to the wrong databases.
2.7
Best Practices
7 of 20
2.8
Best Practices
Database Connections
Ideally should be User_DatabaseName
However, security considerations may apply follow those
first and foremost
Do not use
Machine names
Project phase descriptors (Dev, Test or Prod)
8 of 20
2.9
Best Practices
9 of 20
2.10
Best Practices
Nodes
DOM_Project_ProjectPhase Descriptor
or
DMN_Project_ProjectPhaseDescriptor
NODE(#)_ServerName_(optional descriptor)
Integration Services
INT_SVC_ProjectPhaseDescriptor_(optional
descriptor)
Repository Services
REPO_SVC_ProjectPhaseDescriptor_(optional
descriptor)
Web Services
WEB_SVC_ProjectPhaseDescriptor_(optional
descriptor)
10 of 20
2.11
Best Practices
Domain Configurations
PC8.5 Domain Architecture
Simplified administration of disparate PowerCenter services
across the enterprise
Allows for grouping of services and objects based on
ownership
11 of 20
2.12
Best Practices
DOM_MyCompany
Master Gateway
Service
Manager
Web
Services
Hub
Log
Service
Integration
Service
Repository
Service
Single PowerCenter
Domain for Dev, Test
and Prod
Multiple Divisions
within the company
have projects on single
installation
Node_01
Repository
12 of 20
2.13
Best Practices
DOM_MyCompany
Master Gateway
Service
Manager
Log
Service
Service
Manager
Integration
Service
Repository
Service
Node_01_HR
Single Domain
Installation exists on
more than one node
Grid Functionality
available
Distributed Services
Node_02_HR
Services can be
distributed on several
nodes within a single
domain
13 of 20
2.14
Best Practices
Dev/Test Domain
Master Gateway
Log
Service
Service
Manager
Integration
Service
Repository
Service
Node_01_HR_Dev
Services can be
distributed across
domains
14 of 20
2.15
Best Practices
Service
Manager
Service
Manager
Integration
Service
Repository
Service
Node_01_HR_Prod
Node_02_HR_Prod
15 of 20
2.16
Best Practices
Security Configurations
Domain Folders can be used to
better secure domain objects
and services
Can contain Nodes, Services,
Grids, Licenses, and other Folders
16 of 20
2.17
Best Practices
Domain Documentation
Host Directory Structure Document
Velocity Document used to detail the organizations
PowerCenter Environment
17 of 20
2.18
Best Practices
18 of 20
2.19
Best Practices
19 of 20
2.20
Best Practices
Summary
This module showed you how to:
Configure a PowerCenter 8.5 environment using
recognized Best Practices
20 of 20
3.1
3.2
Module Objectives
After completing this module you will be able to:
Prepare for and Install PowerCenter 8.5.
Why you need to know:
This module will enable the Administrator to smoothly
implement PowerCenter 8.5 components.
2 of 29
3.3
3 of 29
3.4
4 of 29
3.5
2
3
4
5
6
5 of 29
3.6
6 of 29
3.7
7 of 29
3.8
8 of 29
3.9
9 of 29
3.10
HTTPS Configuration
Create or use existing keystore
Select this
option to use
a keystore file
you specify.
The keystore
file can be
self signed or
signed by a
certification
authority.
Select this
option to
use a selfsigned
keystore file
generated
by the
PowerCenter
installer.
Specify the
port number
to use.
Specify the
port number
and the
location and
password of
the keystore.
10 of 29
3.11
HTTPS
Domain.
Create or specify a keystore file to configure HTTPS
Configure an HTTPS port for the Administration Console
Or use the defineDomain, defineGatewayNode or
defineWorkerNode command line programs.
Metadata Manager
Specify the HTTPS ports for Metadata Manager and Reporting
Service when you create the services in the Administration Console.
Data Analyzer.
Create or specify a keystore file to configure HTTPS.
When you create a Reporting Service in the PowerCenter
Administration Console, you specify the HTTPS port for Data
Analyzer.
Module 3: Implementing a PC 8.5 Environment
11 of 29
3.12
12 of 29
3.13
13 of 29
3.14
Choose to join
a domain if you
have created a
PowerCenter
domain on
another
machine and
you want to
add the current
machine as a
node in the
domain.
Choose to
create a
domain if
you are
installing
PowerCenter
for the first
time or you
are installing
PowerCenter
on a single
machine.
14 of 29
3.15
15 of 29
3.16
Domain Configuration
Name the domain, provide host name, port no, etc
16 of 29
3.17
Node Configuration
Progress Screen
17 of 29
3.18
18 of 29
3.19
19 of 29
3.20
20 of 29
3.21
Welcome Screen
Introduction to install
21 of 29
3.22
Installation Prerequisites
Space Requirements, Preinstallation tasks
22 of 29
3.23
Installation Directory
23 of 29
3.24
Pre-Installation Summary
Product Name, Installation Directory, Shortcut folder, Disk
Space Information
24 of 29
3.25
25 of 29
3.26
26 of 29
3.27
Installation Complete
Select Client Applications to launch
27 of 29
3.28
28 of 29
3.29
Summary
This module showed you how to:
Prepare for and Install PowerCenter 8.5.
29 of 29
3.30
4.1
4.2
Module Objectives
After completing this module you will be able to:
Configure a PowerCenter 8.5 application services using
Best Practice standards
Why you need to know:
This module will enable the Administrator to properly
create and configure PowerCenter 8.5 Services
2 of 50
4.3
3 of 50
4.4
Logs Tab
Permissions Tab
Reports Tab
Upgrade Tab
Manage Account Tab
4 of 50
4.5
4
Main Window
Legend
5 of 50
4.6
6 of 50
4.7
7 of 50
4.8
8 of 50
4.9
9 of 50
4.10
10 of 50
4.11
11 of 50
4.12
Nodes
When Powercenter services are installed a machine is
added to the domain as a node
Multiple nodes can be added to a domain
Each node in the domain runs a Service Manager
Service Manager manages domain operations on that node
The operations that the Service Manager performs depend on
the type of node
12 of 50
4.13
Gateway Node
One node acts as the gateway for the domain at any given
time
Can execute application services
Can serve as a master gateway node
13 of 50
4.14
Worker Node
Any node not configured to serve as a gateway
Can run application services, but it cannot serve as a
gateway.
The Service Manager performs limited domain
operations on a worker node.
14 of 50
4.15
Node
Properties
15 of 50
4.16
16 of 50
4.17
17 of 50
4.18
18 of 50
4.19
Application Services
Application services represent PowerCenter serverbased functionality.
Application services include:
Repository Service
Integration Service
Reporting Service
Metadata Manager Service
Web Services Hub
SAP BW Service.
19 of 50
4.20
Repository Service
Manages the repository
Retrieves, inserts, and updates metadata in the
repository database tables
If the service process fails or the node becomes
unavailable, the service fails
The high availability option allows the administrator to
configure the service to run on primary and backup
nodes
By default, the service process runs on the primary
node
If the service process fails, a new process starts on the
same node. If the node becomes unavailable, a service
process starts on one of the backup nodes.
Module 4: Configuring PC 8.5 Services
20 of 50
4.21
21 of 50
4.22
22 of 50
4.23
23 of 50
4.24
24 of 50
4.25
25 of 50
4.26
26 of 50
4.27
27 of 50
4.28
28 of 50
4.29
29 of 50
4.30
30 of 50
4.31
PowerCenter
Clients
Node A
(Gateway)
Node B
Service
Manager
Service
Manager
App Services
App Services
Repository
Service
4
Repository
31 of 50
4.32
Integration Service
Moves data from sources to targets based on workflow
and mapping metadata stored in a repository
When a workflow starts, the Integration Service
retrieves mapping, workflow, and session metadata
from the repository
It extracts data from the mapping sources and stores
the data in memory while it applies the transformation
rules configured in the mapping
The Integration Service loads the transformed data into
one or more targets.
32 of 50
4.33
33 of 50
4.34
34 of 50
4.35
35 of 50
4.36
36 of 50
4.37
37 of 50
4.38
38 of 50
4.39
39 of 50
4.40
Service Process
Variables
40 of 50
4.41
Reporting Service
Executes the Data Analyzer application in a PC domain.
The Data Analyzer can be used to create and execute
reports on data in a relational database or to run the
following PowerCenter reports:
41 of 50
4.42
42 of 50
4.43
43 of 50
4.44
SAP BW Service
Listens for RFC requests from SAP BW
Initiates workflows to extract from or load to SAP BW
Not a highly available service
However can configured it to run on one node.
44 of 50
4.45
Add Incremental
Key
Edit License
Properties
45 of 50
4.46
46 of 50
4.47
47 of 50
4.48
48 of 50
4.49
49 of 50
4.50
Summary
This module showed you how to:
Configure a PowerCenter 8.5 application services using
Best Practice standards
50 of 50
5.1
Unified Security
5.2
Unified Security
Module Objectives
After completing this module you will be able to:
Differentiate between the following PowerCenter Security
Elements of Users, Groups, Roles, Privileges and OS
Profiles
2 of 71
5.3
Unified Security
5
Module 5: Unified Security
3 of 71
5.4
Unified Security
Security Administration
Users and groups
Can be created in PowerCenter Administration Console and
use PowerCenter authentication
Can be imported/synchronized from external Enterprise
Directory System and use LDAP authentication
Privileges
Defined in the Security Domain Page of the Administration
Console
Defined for each service type (such as Repository Service,
Reporting Service, Metadata Manager Service etc..)
Can be assigned to a custom role or directly to users/groups
4 of 71
5.5
Unified Security
Roles System
Defined and Custom
5
Module 5: Unified Security
5 of 71
5.6
Unified Security
Security Administration
Encryption
When you log into a PowerCenter Application,
PowerCenter encrypts the password
Authentication
When you log in to a PowerCenter application, the
Service Manager authenticates your user account
based on your user name and password or on your
user authentication token
Authorization
When you request an object in a PowerCenter
application, the Service Manager and application
services authorizes the request based on your
privileges, roles and permissions
6 of 71
5.7
Unified Security
Security Administration
5
Module 5: Unified Security
7 of 71
5.8
Unified Security
Users
5.9
Unified Security
Users
A PowerCenter domain can have the following types of
user accounts:
Default administrator
Domain administrator
Application administrator
User
5
Module 5: Unified Security
9 of 71
5.10
Unified Security
Create User
10 of 71
5.11
Unified Security
Edit User
Properties
5
Module 5: Unified Security
11 of 71
5.12
Unified Security
Verify Privileges
12 of 71
5.13
Unified Security
LDAP Integration
Users can also be created using LDAP
Requires a registered plug-in
Enterprise Directory integration
Import both users and groups for LDAP authentication
Secure option to connect (through SSL)
Can specify multiple search bases and filters to use when
importing
Configure frequency of synchronization
5
Module 5: Unified Security
13 of 71
5.14
Unified Security
LDAP
Connectivity
Properties
14 of 71
5.15
Unified Security
Security
Domain
Properties
5
Module 5: Unified Security
15 of 71
5.16
Unified Security
LDAP
Synchronization
Times
16 of 71
5.17
Unified Security
5
Module 5: Unified Security
17 of 71
5.18
Unified Security
Groups
5.19
Unified Security
Create Group
5
Module 5: Unified Security
19 of 71
5.20
Unified Security
20 of 71
5.21
Unified Security
5
Module 5: Unified Security
21 of 71
5.22
Unified Security
Group
Properties
and Users
22 of 71
5.23
Unified Security
Group
Privileges
5
Module 5: Unified Security
23 of 71
5.24
Unified Security
24 of 71
5.25
Unified Security
Privileges
5.26
Unified Security
Privileges
Privileges determine the actions a user can perform on
Domain objects
The Domain and Application Service Privileges are
grouped into Privilege Groups
A Privilege Group is an organization of Privileges that
define common user actions.
The Privilege Groups are as follows:
Domain
Repository
Metadata Manager
Reporting Service
26 of 71
5.27
Unified Security
Domain Privileges
Domain Privileges determine the actions that users
can perform using the
Administration Console
infacmd and pmrep command line programs
Security Administration
Manage Users & Groups
Grant Privileges & Permissions
Tools Access
Administration Console
Module 5: Unified Security
5
27 of 71
5.28
Unified Security
Users
Domain
Privileges
Selected
User
28 of 71
5.29
Unified Security
5
Module 5: Unified Security
29 of 71
5.30
Unified Security
30 of 71
5.31
Unified Security
Users
Repository
Service
Privileges
Selected
User
5
Module 5: Unified Security
31 of 71
5.32
Unified Security
32 of 71
5.33
Unified Security
Users
Reporting
Service
Privileges
Selected
User
5
Module 5: Unified Security
33 of 71
5.34
Unified Security
34 of 71
5.35
Unified Security
Roles
5.36
Unified Security
Roles
A Role is a collection of Privileges.
Two types of roles can be assigned
System Defined
Created by PowerCenter
Cannot be deleted or edited (e.g. - Service Administrator;
Domain Administrator)
Custom
Canned Custom Roles created by PowerCenter
Can be edited or deleted
Can create additional custom roles (e.g. - PowerCenter
Developer; PowerCenter Operator)
Roles can be assigned to either a group or a user on a taskspecific basis to one or more services
Module 5: Unified Security
36 of 71
5.37
Unified Security
Roles (contd)
System roles cant be deleted
Administrator role is a super-user for a service
Domain Administrator role is a super-user of all
application services, nodes, grids in domain
5
Module 5: Unified Security
37 of 71
5.38
Unified Security
38 of 71
5.39
Unified Security
5
Module 5: Unified Security
39 of 71
5.40
Unified Security
Create Role
Create Role
Custom Roles
40 of 71
5.41
Unified Security
Role Properties
5
Module 5: Unified Security
41 of 71
5.42
Unified Security
Privilege Groups
42 of 71
5.43
Unified Security
5
Module 5: Unified Security
43 of 71
5.44
Unified Security
44 of 71
5.45
Unified Security
5
Module 5: Unified Security
45 of 71
5.46
Unified Security
46 of 71
5.47
Unified Security
Custom Roles
Custom
Role
Properties
5
Module 5: Unified Security
47 of 71
5.48
Unified Security
Edit
Group
48 of 71
5.49
Unified Security
5
Module 5: Unified Security
49 of 71
5.50
Unified Security
50 of 71
5.51
Unified Security
5
Module 5: Unified Security
51 of 71
5.52
Unified Security
52 of 71
5.53
Unified Security
5.54
Unified Security
Permissions by
Object
54 of 71
5.55
Unified Security
5
Module 5: Unified Security
55 of 71
5.56
Unified Security
56 of 71
5.57
Unified Security
5
Module 5: Unified Security
57 of 71
5.58
Unified Security
Inherited Permissions
58 of 71
5.59
Unified Security
Add User
or Group
5
Module 5: Unified Security
59 of 71
5.60
Unified Security
Select additional
User to grant Folder
Permissions
60 of 71
5.61
Unified Security
Select newly
assigned
User or
Group
Assign Folder
Permissions
to selected
User or
Group
5
Module 5: Unified Security
61 of 71
5.62
Unified Security
62 of 71
5.63
Unified Security
Modify an OSProfile
User must have the Domain Privilege of Manage Users
and Groups with Permissions on the OSprofile
Attributes that can be modified are:
Integration service parameters
Environment variables
5
Module 5: Unified Security
63 of 71
5.64
Unified Security
To use OS profile
Configure pmimpprocess on every node configured to run the
Integration Service
Enable OS profile attribute for the Integration Service
64 of 71
5.65
Unified Security
DI Service
Workflow Logs
(INFA Service
User ID)
Workflow I/O
(OS User ID2)
(INFA Service
User ID)
Workflow
(OS User ID2)
DTM / Sessions
(OS User ID2)
Workflow Tasks
(OS User ID2)
5
Module 5: Unified Security
65 of 71
5.66
Unified Security
66 of 71
5.67
Unified Security
5
Module 5: Unified Security
67 of 71
5.68
Unified Security
OS Profile Permissions
Configure permissions (who can use the profile)
68 of 71
5.69
Unified Security
5
Module 5: Unified Security
69 of 71
5.70
Unified Security
Summary
This module showed you how to:
Differentiate between the following PowerCenter Security
Elements of Users, Groups, Roles, Privileges and OS
Profiles
70 of 71
Unified Security
5.71
Unified Security
5.72
6.1
Repository Management
6.2
Repository Management
Module Objectives
After completing this module you will be able to:
Describe the architecture of the PowerCenter
repository
Administer the PowerCenter repository
Why you need these skills/Why you need to know:
Enable the student to understand and execute the
tasks required to properly administer a PowerCenter
repository
2 of 22
6.3
Repository Management
The Repository
The PowerCenter repository is a specialized schema
residing in a relational database
Its tables contain metadata, instructions for extracting,
transforming, and loading data
Repository
Service
Repository
Service Process
Repository
3 of 22
6.4
Repository Management
Database Connections
Folders
Sessions
Workflows
Designer Objects
Workflow Tasks
Repository
Source Definitions
Worklets
Target Definitions
Transformations
Global Objects
Mappings
Labels
Mapplets
Deployment Groups
User-defined Functions
Object Queries
Multi-dimensional Metadata
Connection Objects
4 of 22
6.5
Repository Management
Repository Domains
Local
Global
cut
ort
h
ls
ba
o
l
G
Local
Shared metadata
Local repo
connection info
Local
Local
5 of 22
6.6
Repository Management
Repository Domains
Allows sharing of metadata between repositories using
shortcuts
Saves time and work by reusing metadata
Enforces standards among departments
6 of 22
6.7
Repository Management
7 of 22
6.8
Repository Management
Folders
Help organize objects
repository objects.
Are created via the
Repository Manager
Can be used to group
objects (sources, targets,
mappings, workflows, etc.)
by project or user
You can copy objects from
folder to folder
8 of 22
6.9
Repository Management
Folder Properties
When you create a folder,
you set its properties
You can configure folders
to be shared
Enables users to create
shortcuts to objects in the
folder
On Properties tab, set
Allow Shortcut
9 of 22
Folder Property
Description
Name
Description
Owner
Defaults to creator
OS Profile
Allow shortcut
Status
6.10
Repository Management
Permissions
Permissions control the level of access a user (or group)
has to the objects in a folder
Access is divided into three kinds of permission:
Read user can view the folder and objects in it
Write user can create or edit objects in a folder
Execute user can run or schedule workflows
10 of 22
6.11
Repository Management
Setting Permissions
Select the Permissions
tab
Click Add to add users
or groups
With a user highlighted,
select the checkboxes for
the appropriate
permissions
On the Permissions tab,
you can also change the
folders owner
Defaults to folders creator
11 of 22
6.12
Repository Management
12 of 22
6.13
Repository Management
Organize by environment
Suitable for small development teams working with a minimal number of
mappings
13 of 22
6.14
Repository Management
Connection Objects
Connection objects enable workflow sessions to
communicate with data sources and targets
A connection object exists as a global object defining a
single connection in the repository
Connection objects can establish connections to
Relational databases
Queues
FTP servers
Applications
External loaders
14 of 22
6.15
Repository Management
FTP Connection
Create FTP connection
Enable SFTP attribute in
connection properties to
enable secure FTP
Provide public and private
key files
Public and private key files
must be accessible on nodes
where session runs
15 of 22
6.16
Repository Management
16 of 22
6.17
Repository Management
17 of 22
6.18
Repository Management
18 of 22
6.19
Repository Management
19 of 22
6.20
Repository Management
20 of 22
6.21
Repository Management
21 of 22
6.22
Repository Management
Summary
This module showed you how to:
Describe the architecture of the PowerCenter
repository
Administer the PowerCenter repository
Why you need to know:
Enable the student to understand and execute the
tasks required to properly administer a PowerCenter
repository
22 of 22
7.1
Deployments
Module 7: Deployments
7.2
Deployments
Module Objectives
After completing this module you will be able to:
Deploy Powercenter metadata from development to test and
then production environments
Why you need these skills/Why you need to know:
Smoothly migrate Powercenter metadata between phases
of a project
Module 7: Deployments
2 of 31
7.3
Deployments
Deployments
Migration of PowerCenter metadata
repositories from Development to Test, and
Production Environments
Protect the integrity of the metadata for
each project phase as the system evolves
Module 7: Deployments
3 of 31
7.4
Deployments
Deployment Strategy
A process that ensures the smooth and precise
deployment of repository metadata.
To define a strategy you must analyze the
following factors:
How is the PowerCenter environment architected?
How are the repository folders defined?
Module 7: Deployments
4 of 31
7.5
Deployments
Standalone Repositories
All work is performed in a single
PowerCenter repository that serves
as the metadata store
Separate folders are used to
represent the development, test,
and production workspaces
Folders are used to segregate work
This type of architecture within a
single repository ensures seamless
migration from development to QA,
and from QA to production
Module 7: Deployments
5 of 31
7.6
Deployments
Confusion:
A single repository structure can create uncertainty as the same
users and groups exist in all environments and the number of
project folders can increase exponentially.
Module 7: Deployments
6 of 31
7.7
Deployments
Distributed Repositories
Maintains separate, independent
repositories, hardware, and software for
development, test, and production
environments.
Segregated environments permit work
in development without impacting test
or production.
Each repository has a similar name, like
the folders in the standalone
environment.
Module 7: Deployments
7 of 31
7.8
Deployments
Deployment Options
Folder Copy
Object Copy
XML Export/Import
Repository Copy
PMREP
Module 7: Deployments
8 of 31
7.9
Deployments
Folder Copy
Copying an entire folder allows you to quickly promote
all of the objects located within that folder
Including sources, targets, mappings, workflows, etc.
Module 7: Deployments
9 of 31
7.10
Deployments
Module 7: Deployments
10 of 31
7.11
Deployments
Module 7: Deployments
11 of 31
7.12
Deployments
Module 7: Deployments
12 of 31
7.13
Deployments
Module 7: Deployments
13 of 31
7.14
Deployments
Object Copy
The Workflow Manager, Designer, and
Repository Manager provide a Copy Wizard that
you use to copy repository objects
You can copy repository objects such as
workflows, worklets, tasks, sessions,
mappings, mapplets, sources, targets, and
transformations. You can also copy segments
of workflows or mappings
You can copy objects within the same folder, to
a different folder, or to a different repository
Object Copy is typically used for incremental
deployments of a project phase
Module 7: Deployments
14 of 31
7.15
Deployments
Disadvantages:
Much more work to deploy an entire group of
objects
Shortcuts must exist prior to importing/copying
mappings
Module 7: Deployments
15 of 31
7.16
Deployments
XML Export/Import
Similar to copying an object from one
folder or repository to another
For example, when you copy an object
between folders or export and import that
object, you can resolve object name conflicts
Module 7: Deployments
16 of 31
7.17
Deployments
XML Export/Import
User can complete the following tasks using
XML Export/Import:
Deploy metadata between project phases (e.g.
development to test, then test to production)
Archive metdata
Share metadata
Search and replace property names in an entire
repository object
Copy metadata between repositories.
Create mappings.
Export and import of relational sources and targets
can be used to share metadata with other business
intelligence and data modeling tools.
Module 7: Deployments
17 of 31
7.18
Deployments
Module 7: Deployments
18 of 31
7.19
Deployments
Module 7: Deployments
19 of 31
7.20
Deployments
Repository Copy
From one repository into another repository
without contents
Provides a quick way to copy a repository for
use as the basis of a new repository
Can be used as a way of preserving the
original repository before upgrading
Can also utilized when deploying a repository
from development into production.
Module 7: Deployments
20 of 31
7.21
Deployments
Module 7: Deployments
21 of 31
7.22
Deployments
Module 7: Deployments
22 of 31
7.23
Deployments
Module 7: Deployments
23 of 31
7.24
Deployments
24 of 31
7.25
Deployments
PMREP
A command line program that you use to update repository
information and perform repository functions
Installed in the PowerCenter Client and Services bin
directories.
Perform repository administration tasks such as:
Exporting/importing XML
Deploy/Rollback a deployment group
Backing up and restoring repositories
Copy folders
updating session-related parameters
Updating security information in the PowerCenter repository.
25 of 31
7.26
Deployments
Versioned Repositories
Powercenter team-based development
(licensed) option that allow the repository to
store multiple versions of objects
Store copies of previous versions of objects in
development, track changes to those objects,
and prepare them for deployment to a
production environment.
Each time an object is checked in, the
repository increments the version number by
one and stores a new version of the object in
the repository database
Allows for the use of Deployment Groups for
migrating metadata between repositories
Module 7: Deployments
26 of 31
7.27
Deployments
Deployment Groups
Deployment Groups are containers that hold
references to objects that need to be migrated.
Static
A deployment group populated by manually selecting the
objects
Create a static deployment group when the set of
deployment objects is not expected to change.
Dynamic
The result set from an object query is used to populate this
type deployment group. Create a dynamic deployment
group when the set of deployment objects is expected to
change frequently
The dynamic deployment group query multiple times and
add new objects to the group each time the query is
executed
Module 7: Deployments
27 of 31
7.28
Deployments
Module 7: Deployments
28 of 31
7.29
Deployments
Module 7: Deployments
29 of 31
7.30
Deployments
Module 7: Deployments
30 of 31
7.31
Deployments
Summary
This module showed you how to:
Deploy Powercenter metadata from development to test and
then production environments
Why you need to know:
Smoothly migrate Powercenter metadata between phases
of a project
Module 7: Deployments
31 of 31
Deployments
7.32
8.1
8.2
Module Objectives
After completing this module you will be able to:
Use PowerCenter command line programs to administer
the domain
2 of 16
8.3
Program
Description
infacmd
infasetup
pmcmd
pmrep
3 of 16
8.4
Modes
Command Line Mode
Can issue commands directly from the operating system
command line.
Use to script commands.
Interactive Mode
Can issue commands from an interactive prompt. The program
does not exit after it completes a command.
Command Line
Interactive
infacmd
infasetup
pmcmd
pmrep
4 of 16
8.5
5 of 16
8.6
Scripting Commands
Use scripts for tasks you perform often
E.g. daily backup for a repository
6 of 16
8.7
infacmd
Use to administer PowerCenter domains and services
Run from <install_dir>\server\bin directory
Administer:
7 of 16
8.8
infacmd Example
Windows:
infacmd AddNodeResource -dn MyDomain
-un AdminUser -pd password -nn Node1
-rt "File Directory" -rn BkupDir
UNIX:
infacmd.sh AddNodeResource -dn MyDomain -un
AdminUser -pd password -nn Node1
-rt "File Directory" -rn BkupDir
8 of 16
8.9
AssignRoleToGroup
RemoveUser
RemoveUserFromGroup
RemoveGroup
RemoveRole
ResetPassword
9 of 16
8.10
RemoveRolePrivilege
RemoveGroupPrivilege
RemoveUserPrivilege
10 of 16
8.11
infasetup
Use to modify domain and node properties after you
install PowerCenter Services
E.g. change port number for a node
BackupDomain, RestoreDomain, DefineWorkerNode,
DefineGatewayNode, and more
<install_dir>\server directory
Windows example:
infasetup UpdateWorkerNode -nn Node1 -na
Host1:9090
11 of 16
8.12
pmcmd
Communicates with Integration Service
Use to perform some Workflow Manager tasks
E.g. start, stop, and abort workflows, get session statistics, get
service properties, and more
<install_dir>\server\bin directory
Example:
pmcmd startworkflow -sv MyIntService
-d MyDomain -u seller3 -p jackson
-f SalesEast wf_SalesAvg
12 of 16
8.13
pmrep
Use to update repository information and perform
repository functions
E.g. list objects, users, and groups; export and import objects;
create folders, users, and group; and more
<install_dir>\server\bin or <install_dir>\client\bin
directory
Example:
pmrep ObjectImport -i newworkflows.xml -c
mycontrolfile -l importlog.txt
13 of 16
8.14
Example of restoring:
pmrep restore -u AdminUser
-p AdminPassword i repo_backup.rep
-y -v repo_user -x repo_password
14 of 16
8.15
15 of 16
8.16
Summary
This module showed you how to:
Use PowerCenter command line programs to administer
the domain
16 of 16
9.1
9.2
Module Objectives
After completing this module you will be able to:
Define a Subject Area
Implement a Subject Area into the PowerCenter
architecture.
Why you need these skills/Why you need to know:
Quickly and efficiently create a subject area for a new
project within Powercenter that is totally encapsulated by
security.
2 of 22
9.3
Subject Area
A Subject Area is:
A distinct project or logical grouping of work inside the
PowerCenter Domain
Organized within Domain folders
Protected by Domain & Host Security
Extends to include Repository Folders and input/output files
generated by PowerCenter & stored on host machine
Includes the source and target connections used to access
project data
3 of 22
9.4
Repository Service
Separately store metadata pertaining to each subject area for better
security
Integration Service
Execution statics can be used for departmental chargeback
Process variables can be better configured to secure sensitive output/input
files
Nodes
Separate nodes can be installed for each subject area.
4 of 22
9.5
Domain Folders
Created for each Subject Area to organize and secure
services and other project objects
The owner of the Subject Area should be an
administrative user defined in the Security Domain
The owner should belong to a distinct PowerCenter
domain security group
The owner should be granted full privileges and
permissions on the Subject Area Domain folders
5 of 22
9.6
Integration Service
Each Integration Service process uses run-time files to
process workflows and sessions
If you configure an Integration Service to run on a grid or
to run on backup nodes, the run-time files must be stored
in a shared location.
By default, the installation program creates a set of
Integration Service directories in the server\infa_shared
directory on the host machine.
PowerCenter uses process variables to point to the
common directory structure on the host machine.
An integration Service should be created for each Subject Area.
6 of 22
9.7
7 of 22
9.8
Integration Service
Process Variables - Definitions
Directory
Service Process
Variable
Description
Root directory
$PMRootDir
$PMSessionLogDir
$PMBadFileDir
$PMCacheDir
$PMTargetFileDir
$PMSourceFileDir
$PMExtProcDir
Temporary subdirectory
$PMTempDir
$PMWorkflowLog
Dir
$PMLookupFileDir
Storage subdirectory
$PMStorageDir
8 of 22
9.9
Host Directories
infa_shared
Example of host directories created by
PowerCenter Installation
Developers & Administrators from all
projects need access to these folders
to view log results, review cache files
for accuracy, deliver target files,
receive source files etc
9 of 22
9.10
Integration Service
Process Variables The Problem
By default, all users are sharing and have access to the common
directory structure
Data contained within these directories may be sensitive and
should not be accessed by all users
Inadvertent deletion/overwrite of important files may occur
This arrangement is not conducive to accurate departmental
chargeback
This arrangement may not comply with the organizations
Sarbanes-Oxley procedures
10 of 22
9.11
Integration Service
Process Variables The Solution
Each Subject Area should have its own distinct directory
structure on the host machine to store files and data related to
the Subject Area
These structures should be secured and access should be
limited using host-based security groups
Individual network IDs should be granted access through named
shares by local host groups
The process variables of the Integration Service should then be
pointed to the secured host share.
11 of 22
9.12
Subject Area
Integration Service - Example
Process variables should be set to Host directory structure
shared by those in the Domain and Host security group.
12 of 22
9.13
13 of 22
9.14
Repository Folders
Created for each Subject Area to ease management of
project content
The Administrator and project group should be given
permissions and privileges on the Subject Area repository
folder
The level of permissions that the project group has on the
project folder is determined by the security requirements
of the organization
14 of 22
9.15
Database Connections
PowerCenter stores the information necessary to connect
to the source/target within the repository in the form of a
connection definition
Assigning a specific owner to the connection definition
prevents others from modifying the connection properties
Subject Area security can be applied to the connection by
assigning permissions to the Subject Area Domain
Security group.
15 of 22
9.16
Database Connections
Privileges and Permissions
Privileges to create connections are
assigned in the Administrator Console
16 of 22
9.17
Host Security
Governs access to the host file directories and individual
data files such as those generated for use by
PowerCenter
Access to the file directories can be restricted by creating
local host security groups
Host security groups should have individual network
accounts (corresponding to those in the PowerCenter
Security Domain) assigned to them for each Subject Area
Each host security group will be given access to its
Subject Area share, therefore restricting any other users
on the machine for viewing sensitive files.
Informatica runtime host id should be added to the host
security group
17 of 22
9.18
Host Security
Host Security Group Example
18 of 22
9.19
19 of 22
9.20
20 of 22
9.21
Summary
This module showed you how to:
Define a Subject Area
Implement a Subject Area into the PowerCenter
architecture.
Why you need to know:
Quickly and efficiently create a subject area for a new
project within Powercenter that is totally encapsulated by
security.
21 of 22
9.22