Beruflich Dokumente
Kultur Dokumente
© 1993-2016 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any
means (electronic, photocopying, recording or otherwise) without prior consent of Informatica LLC. All other
company and product names may be trade names or trademarks of their respective owners and/or copyrighted
materials of such owners.
Abstract
You can use the SSL protocol to configure a secure connection between Informatica clients and an SAP HANA server.
This article describes how to configure Informatica clients for SSL communication with a HANA server.
Supported Versions
• Data Explorer 9.6.1 HotFix 1 and later
• Data Quality 9.6.1 HotFix 1 and later
• Data Services 9.6.1 HotFix 1 and later
• PowerCenter 9.6.1 HotFix 1 and later
Table of Contents
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
SSL Configuration for Informatica Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SSL Configuration for Informatica Clients on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SSL Configuration for Informatica Clients on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Additional Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview
Effective in version 9.6.1 HotFix 1, you can use the SSL protocol to configure a secure connection between Informatica
clients and an SAP HANA server.
SAP HANA supports OpenSSL and the SAP Cryptographic Library to enable a secure connection through SSL.
Informatica uses the OpenSSL standard to enable a secure connection through SSL.
Prerequisites
Before you configure the Informatica clients for SSL communication, perform the following tasks:
2
SSL Configuration for Informatica Clients
After you configure the SAP HANA server for SSL communication, you can configure the Informatica clients for SSL
communication with the HANA server.
The SSL configuration steps differ based on whether you use Windows or UNIX.
On Windows, perform the following steps to configure the Informatica clients for SSL communication:
1. Import the trust.pem certificate file to the Informatica client machine where you want to configure a secure
connection.
2. Define the SSL configuration properties for the ODBC data source that you created to connect to the HANA
server.
1. Click Start, type mmc in the Search box, and press Enter.
The Console window appears.
2. Click File > Add/Remove Snap-in.
The Add/Remove Snap-ins window appears.
3
3. From the Available snap-ins list, select Certificates, and then click Add.
4
5. Click Local computer and then click Finish.
6. Click OK.
The Certificates snap-in is added to the console tree.
5
8. Right-click the Trusted Root Certification Authorities store, and then click All Tasks > Import.
6
9. Click Next.
7
10. Click Browse to import the trust.pem certificate file.
Note: By default, the wizard does not display the trust.pem certificate file. To view the file, click the file type
list and select All Files.
11. Select the trust.pem certificate file and click Open to import the file.
Step 2. Define SSL Configuration Properties for the ODBC Data Source
After you import the trust.pem certificate file, define the SSL configuration properties for the ODBC data source that
you created to connect to the SAP HANA server.
8
3. Select the Connect using SSL and Validate the SSL certificate options.
On UNIX, perform the following steps to configure the Informatica clients for SSL communication:
1. Install the OpenSSL libraries and the soft link for the libssl.so file.
2. Define the library path environment variable based on the operating system that you use.
9
The following table lists the library path variable that you must define for each operating system:
HP-UX SHLIB_PATH
Linux LD_LIBRARY_PATH
Solaris LD_LIBRARY_PATH
3. Set the library path environment variable to the directory where the OpenSSL libraries are installed.
4. Restart the Informatica services for the environment variable to take effect.
Step 2. Copy the SAP HANA Server Certificate Files to the Client Machine
Access the SAP HANA server and download the trust.pem and key.pem certificate files. Copy the certificate files to
the Informatica client machine where you want to configure a secure connection. If you want to connect to the HANA
server from different nodes of an Informatica domain, you must copy the certificate files to all the nodes.
Property Description
sslCryptoProvider Provider of the cryptographic library that will be used for SSL communication
Set this property to openssl because Informatica uses the Open SSL libraries to establish a
secure connection with the HANA server.
sslKeyStore Path and file name of the key store file that contains the private key of the HANA server.
Set this property to the path and file name of the key.pem file.
sslTrustStore Path and file name of the trust store file that contains the public certificate of the HANA
server.
Set this property to the path and file name of the trust.pem file.
The following example shows the SSL configuration entries in an odbc.ini file.
[hanasource]
Driver=/usr/sap/hdbclient/libodbcHDB.so
DriverUnicodeType=1
ServerNode=<hana server name>:<Port No>
10
encrypt=1
User=<Username>
Password=<Password>
sslCryptoProvider=openssl
sslKeyStore=/export/home/adputf_9/key.pem
sslTrustStore=/export/home/adputf_9/trust.pem
sslValidateCertificate=false
ConnectionRetryCount=3
ConnectionRetryDelay=30
Additional Resources
For more information about SAP HANA security configuration, see the following document:
http://help.sap.com/hana/SAP_HANA_Security_Guide_en.pdf
Author
Anu Chandrasekharan
Senior Technical Writer
Acknowledgements
The author would like to acknowledge Rajesh Thalluru, Software QA Engineer, for his technical assistance.
11