Infrastructure V6 Reference Guide
User Manual:
Open the PDF directly: View PDF 
.
Page Count: 56
| Download | |
| Open PDF In Browser | View PDF |
Infrastructure REFERENCE GUIDE Major Version: 6 Document Revision 1.0 For more information please contact: info@blueprism.com | UK: +44 (0) 870 879 3000 | US: +1 888 757 7476 www.blueprism.com Contents 1. Introduction ................................................................................................................................................................................. 3 2. Blue Prism Architecture Overview .......................................................................................................................................... 4 3. Component Architecture Examples........................................................................................................................................ 5 4. Blue Prism Interactive Client Guide ...................................................................................................................................... 16 5. Blue Prism Runtime Resource Guide .................................................................................................................................... 19 6. Blue Prism Application Server Guide .................................................................................................................................... 26 7. Blue Prism Database Server Guide........................................................................................................................................ 31 8. User Accounts, Remote Access and Security Guide.......................................................................................................... 38 9. Active Directory Integration Guide ....................................................................................................................................... 43 10. Blue Prism Network Connectivity Guide.............................................................................................................................. 45 11. High Availability and Redundancy Guide ............................................................................................................................. 53 12. Blue Prism Virtualization Guide ............................................................................................................................................. 54 13. Blue Prism Monitoring Guide ................................................................................................................................................. 55 14. Appendix..................................................................................................................................................................................... 56 The information contained in this document is the proprietary and confidential information of Blue Prism Limited and should no t be disclosed to a third party without the written consent of an authorised Blue Prism representative. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying without the written permission of Blue Prism Limited. © Blu e Prism Limited, 2001 – 2017 ®Blue Prism is a registered trademark of Blue Prism Limited All trademarks are hereby acknowledged and are used to the benefit of their respective owners. Blue Prism is not responsible for the content of external websites referenced by this document. Blue Prism Limited, Centrix House, Crow Lane East, Newton-le-Willows, WA12 9UY, United Kingdom Registered in England: Reg. No. 4260035. Tel: +44 870 879 3000. Web: www.blueprism.com Commercial in Confidence Page 2 of 56 1. Introduction 1.1. Intended audience This reference guide is intended for use by system architects and designers who are seeking to gain an understanding of the product architecture, and the implementation options available when deploying the solution. 1.2. About this document The document provides an introduction to each of the components within a Blue Prism environment and provides detailed information relating to the various options and design decisions that can be considered as part of the implementation. It is recommended that, to start, readers should become familiar with the various components that feature within a Blue Prism environment and identify the architecture most suited to the deployment being considered. The relevant guides can then be used to provide supplementary information and design considerations for the chosen deployment model. 1.3. Information Summary information about the Blue Prism components and examples architectures are provided, followed by a series of guides; each dedicated to the specific features, functionality and consideration of each: Blue Prism Interactive Client Guide. Blue Prism Runtime Resource Guide. Blue Prism Application Server Guide. Blue Prism Database Server Guide. A number of supplementary guides also provide guidance and include: User Accounts, Remote Access and Security Guide. Active Directory Integration Guide. Blue Prism Network Connectivity Guide. Blue Prism Virtualization Guide. Blue Prism Monitoring Guide. Within this document there are a number of external references to data sheets and user guides that focus on specific topics – such references will be presented underlined and colored blue for ease of identification. Commercial in Confidence Page 3 of 56 2. Blue Prism Architecture Overview Each implementation of a Blue Prism environment consists of a database along with any of the composite components, each of which provides optional functionality based on the requirements of the business. Blue Prism Runtime Resource Persistent, typically virtualised, instances of a standard end-user desktop responsible for running the automated processes – commonly referred to as software robots. These components also typically require enhanced physical and remote access security. Ac tive Directory Domain Controller Blue Prism can be integrated with an existing Active Directory domain to provide user access control to Blue Prism components. Blue Prism Interactive Client (Development or Controlling and Monitoring) End-user desktop build (physical or virtual) that facilitates the setup, development, configuration and monitoring of Blue Prism processes across the environment. Typically virtualized in the data-center alongside other Blue Prism components, but can be deployed directly onto end user’s desktops. Blue Prism Application Server The Blue Prism Server service marshals all connectivity between the Blue Prism components and the database. The key features enabled by this component, which is typically provisioned as a physical or virtual Windows Server, include: secure credential management; database connection marshalling; data encryption; and scheduled process execution. Commercial in Confidence SQ L Server Database A Microsoft SQL Server database is used as centralized repository that holds process definitions, logs, audit and user information. Connections from the Blue Prism components will be via the Blue Prism Application Server. Page 4 of 56 3. Component Architecture Examples 3.1. Overview There are a large number of configurations that can be applied to a Blue Prism deployment and these should be reviewed to determine the features, scalability and resilience required of the environment(s) being deployed. Having an indication of the required features of the deployment will assist with the understanding of the subsequent informational guides. This section provides a series of examples which illustrate some of the configurations that could be applicable dependant on a number of factors such as the size and business criticality of the proposed system. Information about the minimum specifications of each Blue Prism component can be found within the respective guides such as the B lue Prism Database Server Guide. The Blue Prism Network Connectivity Guide provides an overview of the typical communication that occurs between each of the Blue Prism components. In each of the following examples the specifications for the B lue Prism Runtime Resources and B lue Prism Interactive Clients remain static: B lue Prism Component Interactive Clients (Controlling and Monitoring) Minimum Recommended Requirements Interactive Clients (Development) Runtime Resources (Robots) Intel Processor 2GB RAM Minimum 10GB free disk space (after install of Operating System and standard software) Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. .NET Framework 4.7 Interactive Clients (Controlling and Monitoring) plus: Access to all in-scope applications Intel Processor 2GB RAM Minimum 10GB free disk space (after install of Operating System and standard software) Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. .NET Framework 4.7 Access to in-scope applications The specification of Interactive Clients used for development and the Runtime Resources must meet the collective recommendations of the in-scope target applications. (E.g. SAP, Office, Kana etc.) A useful indicator is to base the specification on an equivalent device used by an end-user to automate those same applications. Commercial in Confidence Page 5 of 56 3.2. Interim pilot desktop-based, IT secured: 5 Runtime Resources A desktop-based scenario that is quick to provision but not suitable for production scenarios. Interactive Client 1 per developer / controller Combined Blue Prism Application Server and database Server 1 x Dual Intel Processor 4GB RAM Windows Installer v3.1 Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions .NET Framework 4.7 Data file: 50 GB, Log file: 25 GB Advantages Very quick to implement / provision Re-uses existing desktops Requires minimal investment Low level of dependency on IT C onstraints No separate development or test environment - production resources must be sacrificed for development and test activities There must be commonality across desktop builds SQL Server Express database may be used, but performance and capacity may be limiting Physical security of components must be considered Commercial in Confidence Page 6 of 56 3.3. Desktop-based, IT secured: 10 Runtime Resources A desktop-based deployment where all Blue Prism components (excluding the database) are deployed to desktops that are physically secured by IT. Blue Prism Application Server 1 x Dual-core Intel Processor 4GB RAM & 10GB free disk space Windows Installer v3.1 .NET Framework 4.7 Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Advantages Database Server 1 x Dual-core Intel Processor 4GB RAM SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions. Production Data file: 100GB, Log file: 50GB Development Data file: 50GB, Log file: 25GB Test Data file: 50GB, Log file: 25GB C onstraints Fast to implement / provision Some re-use of existing desktops Database is secured and managed by IT Process development and test can be delivered without constraining production (separate development and test environments and dedicated runtime resources) Separate Application Servers for Dev/Test versus Production allows product releases to be applied separately. Requires commonality across desktop builds Physical security of components must be considered Application server may receive a lower level of IT support than required (treated like a workstation vs server) Commercial in Confidence Page 7 of 56 3.4. Data-center secured: 25 Runtime Resources Use of virtualized devices for Runtime Resources and a virtualized Application Server. Controllers and developers use their own physical PC as Interactive Clients. Blue Prism Application Server Advantages Database Server 1 x Quad-core Intel Processor 8GB RAM SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions. Production Data file: 250GB, Log file: 125GB Development Data file: 50GB, Log file: 25GB Test Data file: 50GB, Log file: 25GB 1 x Dual-core Intel Processor, 4GB RAM & 10GB free disk space Windows Installer v3.1 .NET Framework 4.7 Windows 7 SP1, 8.1, 10 Anniversary Update. 32bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. C onstraints Quick to scale – as already virtualized Database performance and capacity easily scaled Process development and test can be delivered without constraining production (separate development and test environments and dedicated runtime resources) Virtualization aids commonality across components Separate Application Servers for Dev/Test versus Production allows product releases to be applied separately. There may not be an IT support model in place for virtualized desktop devices Speed to implement / provision Cost of virtualization technology Commercial in Confidence Page 8 of 56 3.5. Data-center secured with DR: 100 Runtime Resources A fully virtualized environment which is entirely secured within the data-center and which illustrates: Two sets of 50 virtualized Runtime Resources, each with a dedicated Application Server. Virtualized Interactive Clients which are used remotely. A DR site with up to 100 Runtime Resources and a single Application Server connected to a replicated copy of the database. Blue Prism Application Server 1 x Dual-core Intel Processor, 4GB RAM & 10GB free disk space Windows Installer v3.1 .NET Framework 4.7 Windows 7 SP1, 8.1, 10 Anniversary Update. 32bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Advantages Database Server 2 x Quad-core Intel Processors 16GB RAM SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions. Production Data file: 1TB, Log file: 500GB Development Data file: 50GB, Log file: 25GB Test Data file: 50GB, Log file: 25GB C onstraints Highly resilient and scalable – full capability on standby suitable for business critical processing No geographic constraints across development, test or production Consistency across developers and environments that reduces support overhead There may not be an IT support model in place for virtualized desktop devices Speed to implement / provision Cost of virtualization technology Development / Test environments to be provisioned separately. Commercial in Confidence Page 9 of 56 3.6. Data-center secured: 500 Runtime Resources A fully virtualized environment which is entirely secured within the data-center and which illustrates: Five sets of 100 virtualized Runtime Resources, each with a dedicated Application Server. Virtualized Interactive Clients which are used remotely. Blue Prism Application Server 1 x Dual-core Intel Processor 4GB RAM & 10GB free disk space (after install of OS and standard software) Windows Installer v3.1 .NET Framework 4.7 Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Advantages Database Server 4 x Quad-core Intel Processor 64GB RAM SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions. Production Data file: 5TB, Log file: 2.5TB Development Data file: 100GB, Log file: 50GB Test Data file: 100GB, Log file: 50GB C onstraints Quick to scale – as already virtualized Database performance and capacity easily scaled Virtualization aids commonality Basic level of contingency in case of Application Server failure There may not be an IT support model in place for virtualized desktop devices Speed to implement / provision Cost of virtualization technology Development / Test environments to be provisioned separately. Commercial in Confidence Page 10 of 56 3.7. Architecture considerations 3.7.1. Active Directory integrated Blue Prism can be integrated with Active Directory for the management of user access and control. This functionality is documented in the Active Directory Integration Guide. Commercial in Confidence Page 11 of 56 3.7.2. Access to Line of Business applications The Blue Prism components that require access to the line of business applications that are automated as part of a process are the: B lue Prism Runtime Resources B lue Prism Interactive Clients – however this is only necessary for those that are used for specifically developing and configuring the processes. For example the Interactive Clients in the development environment are used to design and configure the process and will need to be able to access the line of business applications, whereas the Interactive Clients in the production and test environment could only be used for monitoring and controlling the Runtime Resources so would not need this access. (Illustrated below). It is also common for the components in each environment to be configured to interact with appropriate instances of the applications. For example, the Runtime Resources in the development and test environment would ideally be configured to interact with non-production instances of the line of business applications. Commercial in Confidence Page 12 of 56 3.7.3. Disaster recovery scenarios Blue Prism can be deployed to cater for a range of disaster recovery scenarios and can operate as part of Active/Active and Active/Passive infrastructures. The following considerations are relevant to both types of deployment: Any cases being worked at the time of failure will be reported as exceptions and must be either reset or referred for manual attention. Commonly these are reviewed as part of the business as usual management that is carried out by the Controllers who oversee the platform. Each Blue Prism Server must be configured with identical encryption schemes. Runtime Resources are resolved by their network name, which is typically the machine ID. The machines on Site B will have different IDs to those in Site A, so alternative DR schedules may be required to start the processes on these alternative VMs. Resource Pools may be used to aid this process. The database must be replicated accurately and frequently in order to maintain the state of the cases being worked in the Blue Prism queues. Latency considerations must be reviewed if routing Application Server or Database traffic across sites. 3.7.3.1. Active/Passive In addition to the general considerations, the following considerations may also be relevant When Site B is activated, the network names of devices must either match those in Site A or the Interactive Clients and schedules must resolve the names to the new network address – this is outside the scope of Blue Prism It may be necessary to configure alternative schedules that use the identifiers of the DR Runtime Resources in the event of failover. Figure 1: Active/Passive with statically allocated Application Server Commercial in Confidence Page 13 of 56 Figure 2: Active/Passive with balanced Application Servers 3.7.3.2. Active/Active In addition to the general considerations, the following considerations may also be relevant The database connectivity for both sites should be considered: o Where there is a high latency connection between sites, only Application Servers with a low latency database connection should be used. o Interactive Clients must have a low latency connection with Application Servers. If only a subset of Runtime Resources are available, any schedules must be considered. Resource pools can assist in this process by masking the location of the resources and using an available resource from the specified pool. Figure 3: Active/Active with balanced Application Servers Commercial in Confidence Page 14 of 56 3.7.4. Virtualization host specifications Specifications of virtualization servers hosting a given number of Blue Prism components are provided to illustrat e the appropriate hardware that is required. Further information on Virtualization options are documented within the Blue Prism Virtualization Guide. The choice of virtualization technology and the method in which it is deployed will determine the maximum number of virtual images that can be provisioned on a given host. Guidance should be sought from the technology provider in relation to specific advice or limitations, particularly where high availability (HA) is being implemented as part of the virtualization solution. The specifications below assume that the following hardware requirements is appropriate for the Blue Prism Runtime Resources: This specification must be reviewed to ensure that it is Example: Blue Prism Runtime Resource appropriate to meet the collective recommendations of the in-scope target applications (E.g. SAP, Office, Kana Single Processor etc.) and the Operating System used. 2 GB RAM 35 GB Hard Disk Drive Windows desktop Operating System A useful indicator is to base the specification on an equivalent PC used by an end-user to automate those same applications. Further information on the minimum requirements for this component can be found within the B lue Prism Runtime Resource Guide. Up to 12 Runtime Resources Up to 48 Runtime Resources 1 x Intel Xeon Quad Core 32 GB RAM 70 GB Hard Disk Array (OS) 420 GB Hard Disk Array (Images) 2 x 1 GB Network Interface Card Hypervisor (eg VMware ESX, Citrix Xendesktop or Windows Hyper-V 4 x Intel Xeon Quad Core 128 GB RAM 70 GB Hard Disk Array (OS) 1.7 TB Hard Disk Array (Images) 2 x 1 GB Network Interface Card Hypervisor (eg VMware ESX, Citrix Xendesktop or Windows Hyper-V CPU: Assumes that 1:3 physical: virtual ratio is appropriate RAM: Assumes 4 GB for the Host OS, and 2 GB per Runtime Resource HDD: The space stated represents the amount of available space required after RAID configuration and assumes that the assumed amount is appropriate for the Operating System and software that will be configured. The hard disks should be provided as a RAID array which offers failover and redundancy. Host Operating System: The operating systems specified are for illustration only. The requirements above should be reviewed in light of the operating systems used within the virtualized images, and on the virtualization host. 3.7.5. High availability and redundancy See the High Availability and Redundancy Guide section within this document for information. Commercial in Confidence Page 15 of 56 4. Blue Prism Interactive Client Guide 4.1. Overview Interactive Clients are used for developing processes and for controlling and monitoring the Blue Prism resources. The core purpose and features offered by an Interactive Client is dependent on whether it is used within a Development or Production environment (or both). D evelopment Environment Production Environment Design connections to third party applications and systems Develop, troubleshoot, test processes based on those connections Package releases for transfer to live Define system settings and configurations Initiate processes Monitor and control runtime resources Manage work queues Review business referrals Review logs and audit and generate reports Commercial in Confidence Page 16 of 56 4.2. Minimum requirements 1 Interactive Clients can either be deployed to existing user desktops or to a virtualized end-user desktop instance. Each interactive client requires the Blue Prism runtime to be installed. Where the Interactive Client is used for developing and configuring Blue Prism processes, access must be granted to all in-scope applications and all pre-requisites specifically required for automating the target application(s) must be installed. Additionally refer to the B lue Prism Runtime Resource Guide for settings that may need to be applied on the Interactive Clients used for development. Intel Processor 2GB RAM 10GB free disk space (after install of standard operational software*) Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Windows Installer v3.1 .NET Framework 4.7 The specification of Interactive Clients used for development must meet the collective recommendations of the in-scope target applications. (E.g. SAP, Office, Kana etc.) A useful indicator is to base the specification on an equivalent PC used by an end-user to automate those same applications. 4.3. Frequently asked questions How are Interactive Clients typically deployed? It is common for Interactive Clients to be deployed to existing users’ desktops in the first instance, particularly where all of the users who will be developing and controlling Blue Prism are geographically local to the Blue Prism environment(s). For larger, or enterprise strength, deployments it is recommended tha t these should be virtual rather than physical. What are the advantages of virtualizing this component? The B lue Prism Virtualization Guide provides detailed information about the benefits of virtualizing this component. What are the security implications of this component? There are no specific security implications for this component as only authorised users can access the installed Blue Prism software installed. Therefore, as a minimum, this component should be subject to standard organization desktop security protocols. 1 All minimum requirements must consider the selected operating system as well as the applications to be automated. * Examples of standard operational software includes: anti-virus; device monitoring or remote access tools; Microsoft Office; email clients. Commercial in Confidence Page 17 of 56 C an a single Interactive Client be used across multiple environments? Irrespective of whether the device is provisioned physically or virtually, a single Interactive Client can be configured to connect to multiple Blue Prism environments (e.g. Dev/Test/Production). The user selects which environment they wish to connect to as part of the logon procedure. D oes this component need to be backed up? Typically there is no important information or configuration stored on a Blue Prism Interactive Client unless a local database is in use (e.g. for development purposes). It is however recommended that where possible a clone of the client should be retained. 4.4. Networking The main components that Interactive Clients initiate communications with include: Runtime Resources For the purposes of monitoring, controlling and manually triggering processes on a given Runtime Resource (TCP). Application Server The Application Server is used for all database connectivity. Third Party Applications See the B lue Prism Runtime Resource Guide for network considerations where the Interactive Client is used for developing and configuring processes. Sample diagrams and default port settings are provided within the B lue Prism Network Connectivity Guide. Commercial in Confidence Page 18 of 56 5. Blue Prism Runtime Resource Guide 5.1. Overview Blue Prism Runtime Resources are persistent, typically virtualized, instances of standard end-user desktops running automated processes within a secure environment. The key features of Runtime Resources are that they: Are centrally controlled. Execute assigned processes. Connect to the line to business application(s). Capture log information (which is then stored within the database). Blue Prism Runtime Resources effectively operate a device as if a human operative was sat working it. Explicitly this means that the Runtime Resources must be logged in for processes to run, and furthermore, each transaction that is processed would be visible if a screen was connected. This guide contains a number of considerations to mitigate any potential security and governance concerns that this may raise. Commercial in Confidence Page 19 of 56 5.2. Minimum requirements 2 Runtime Resources are typically deployed to virtualized instances of standard end-users desktops although for smaller or initial deployments, physical desktops can be used. Each Runtime Resource requires the Blue Prism runtime to be installed along with all pre-requisites specifically required for automating the target application(s). Access must also be granted to all in-scope applications. Additionally there are a number of settings and profile configurations that need to be applied. See the following sections for information. Intel Processor 2GB RAM 10GB free disk space (after install of standard operational software*) Windows 7 SP1, 8.1, 10 Anniversary Update. 32-bit or 64-bit versions. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Windows Installer v3.1 .NET Framework 4.7 The B lue Prism Virtualization Guide provides advice for provisioning a server to host virtual Runtime Resources. The specification of Interactive Clients used for development must meet the collective recommendations of the in-scope target applications. (E.g. SAP, Office, Kana etc.) A useful indicator is to base the specification on an equivalent PC used by an end-user to automate those same applications. 5.3. Frequently asked questions How are Blue Prism Runtime Resources typically deployed? Typically they are deployed into a secure, virtual environment to provide security and scalability. There is the option to deploy to physical end-user desktops but this increases complexity from a commonality and security perspective. What are the advantages of virtualizing this component? The B lue Prism Virtualization Guide provides detailed information about the benefits of virtualizing this component. What are the security implications of this component? As the Runtime Resources are responsible for executing the automated processes their security is paramount. The Physical Security section contains further information on this topic. C an a single Runtime Resource be used across multiple environments? Whilst it is possible to reconfigure a Runtime Resource to be connected to a different environment, it is not recommended to frequently switch which environment a specific Runtime Resource is assigned to. D oes this component need to be backed up? Typically there is no important information or configuration stored on a Blue Prism Runtime Resource. It is however recommended that where possible a clone of the desktop should be retained, and consider ation given to whether any of the Runtime Resources are used for business critical processing. 2 All minimum requirements must consider the selected operating system as well as the applications to be automated. * Examples of standard operational software includes: anti-virus; device monitoring or remote access tools; Microsoft Office; email clients. Commercial in Confidence Page 20 of 56 5.4. Networking The main components that Runtime Resources initiate communications with include: Application Server The Application Server is used for all database connectivity. Third-Party Applications The type of connectivity required between the Runtime Resources and third party applications will depend on the nature of the automation. The majority of Blue Prism automation takes place via the GUI and therefore the runtime resources simply need the same level of access as a typical end-user of the given application. Where deeper connections (e.g. direct database, web service, message queues) are required the appropriate ports and access will need to be configured. Sample diagrams and default port settings are provided within the B lue Prism Network Connectivity Guide. 5.5. Device setup: user accounts There are a variety of options and settings to be considered and configured for the Runtime Resources. 5.5.1. User accounts Each Runtime Resource can be allocated an independent user account to allow it to be appropriately secured, and provides opportunities for comprehensive audit and monitoring. The type of account used to log the respective Runtime Resource onto the network should be carefully considered as this could restrict the type of applications that can be automated by each of the Runtime Resources. It should be noted however, that for applications which are not secured using Active Directory integrated authentication, the Runtime Resources can be configured to use credentials independent of those used to authenticate the device onto the network. Native Authentication If using native authentication the Blue Prism Runtime Resource will not be able to authenticate with the applications that use Active Directory integrated authentication (single sign-on). D omain Account If an Active Directory domain account is used to log on to each Blue Prism Runtime Resource there are increased options for connecting to applications which are secured using either native or Active Directory integrated authentication (single sign-on). Additionally the Blue Prism Runtime Resource can used the configured domain account to authenticate against Blue Prism environments that are configured to use single sign-on. The access and permissions assigned to the accounts used by the Runtime Resources should be evaluated to see if: The accounts are configured to allow access to the necessary applications and network resources that may be required by the processes (including network locations etc.). The accounts need to be members of appropriate Active Directory groups. The accounts are restricted from performing certain types of action on the local machine that may be required as part of an automated process. (e.g. logging to the event viewer; using the command prompt etc.) 5.5.2. Login methodology Blue Prism Runtime Resources must be logged in and listening, to be able to receive instructions and execute processes. It is therefore necessary to consider the options for how the login will take place each day and following system restarts. Commercial in Confidence Page 21 of 56 The login options should be considered alongside the subsequent authentication methods that will be used as part of process execution when the Runtime Resources authenticate with third-party systems. For example, if the processes automate applications which are secured using Active Directory, it will be necessary for the Runtime Resources to be logged in using Active Directory domain user accounts. The authentication options for the Runtime Resources may include: No authentication Removing the need for these components to follow an authentication procedure allows each device to launch the operating system without the need for any manual or automated login interaction. If the applications to be automated use Active Directory integrated authentication this option may not be appropriate. Automatic authentication Configuring the devices to log in automatically using locally stored credentials allows the respective device to launch the operating system without the need for any manual intervention; however the security of the credentials would need to be considered. If the applications to be automated use Active Directory integrated authentication, the automatic login would need to log the resource on to the network using an appropriate domain account. Consideration should also be given to whether the password(s) should be set to expire. Manual authentication Named users could be responsible for manually restarting the devices and entering the relevant credentials. Consideration should be given to: the availability of users to carry out the task; the impact this would have on the speed of restarting a machine; the security of the credentials; the impact if it is required out of hours; the suitability of remote connectivity tools for this task. Automated authentication using the Blue Prism Login Agent (recommended) Each Runtime Resource which has been appropriately configured 3 and where Blue Prism Login Agent has been installed, can be automatically logged in by Blue Prism. Blue Prism Login Agent is used to securely store the credentials for each Runtime Resource and use these to automatically log in, or unlock the device. It additionally provides functionality for managing the passwords and can adhere to password history and complexity rules. This option may be the most suitable where the Runtime Resources authenticate directly against a secure Active Directory domain and where the processes include automating applications which are secured using Active Directory authentication (single sign-on). Further information on Blue Prism Login Agent is available within the following collateral: 3 o Blue Prism Data Sheet - Secure Windows Authentication o Blue Prism User Guide - Login Agent The pre-requisites for Login Agent must be considered to ensure its suitability in a given environment. Commercial in Confidence Page 22 of 56 5.6. Device setup: user profile A number of user and computer account profile settings that should also be considered are discussed in the following sub-sections. Many of these can be enforced through use of standard IT tools such as Group Policy. It is recommended that where possible, consistent settings should be applied across all of the Blue Prism Runtime Resources to ensure commonality and therefore reduce the complexity of process development. 5.6.1. Screensaver and auto-lock The Runtime Resources should be configured to allow arbitrary periods of inactivity without entering a locked state, and without the screen being taken over by a screensaver. Application behaviour behind a screen-lock is unpredictable and could cause exceptions which are difficult to diagnose. The Blue Prism security recommendations include ensuring that the Runtime Resources are inaccessible to users therefore removing the security implications of such settings. Where processes are scheduled to automatically start early in the morning, the Runtime Resources should be allowed to remain in an idle state overnight. Some processes may involve inherent periods of idleness whilst the applications remain on screen. This too should not result in a lock-out. 5.6.2. Power saver options The device power saver options should be reviewed to prevent the hardware from being automatically turned off, or scaled down, after periods of inactivity. 5.6.3. Surface automation considerations (font smoothing and display themes) Where surface automation techniques are to be used as part of process automation, it is necessary for font smoothing to be disabled for the user and computer accounts used by the Runtime Resources that are responsible for executing those processes. Display themes should be set to not use transparent or opaque window borders. It may also be necessary to remove or reduce compression, as this can affect the way that the graphical interface is presented to the end user, which in turn can have a negative impact on the interpretation of the screens by the Runtime Resources. 5.6.4. Pre-login requirements It is often desirable to implement auto-login functionality for the Blue Prism Resources (discussed as part of the Login methodology however common configurations that can cause problems and that will need to be disabled for the applicable devices include: Requiring ctrl, alt, delete to be pressed prior to being able to login. Acknowledge acceptance of a Usage/Access Policy as part of the login procedure. 5.6.5. Default remote access settings It is often necessary to disable the default remote access settings for Blue Prism Runtime Resources. The User Accounts, Remote Access and Security Guide contains information on the recommended approach for achieving remote connectivity with Blue Prism Runtime Resources. 5.6.6. SAP GUI Scripting This setting should be enabled for the appropriate users if automating SAP via the GUI. Commercial in Confidence Page 23 of 56 5.7. Device setup: start-up configuration Blue Prism Runtime Resources must be logged in and listening in order to be able to receive instructions and execute processes. It is therefore necessary to consider the following items: The login options for the Runtime Resources. The steps required to automatically start Blue Prism. 5.7.1. User account login options There are a number of options for authenticating the devices onto the network either manually or automatically. These are referenced within the D evice setup: user accounts section. 5.7.2. Automatically starting Blue Prism Once a Runtime Resource has successfully loaded into windows the Blue Prism client can be started silently using a command line method. This can either be configured to start automatically through use of: the Windows Start -Up Group; or Windows Task Scheduler. Alternatively it may be appropriate to use Group Policy to distribute the startup task to all Runtime Resources. The command line method is: [Blue Prism Install Location]\automate.exe /resourcepc /public E.g. “C:\Program Files\Blue Prism Limited\Blue Prism Automate\automate.exe” /resourcepc /public It is strongly recommended to additionally configure the Runtime Resources to authenticate against the Blue Prism platform by specifying valid Blue Prism credentials. Blue Prism native authentication environments: /user [username] [password] Blue Prism Single Sign-on environments: /sso For information about configuring multiple Runtime Resources on a single Runtime Resource see the Running multiple Runtime Resources section. 5.8. Physical Security The security of the Blue Prism Runtime Resources is paramount as these resources are responsible for executing the automated processes and where relevant will be logged on, and interacting with third-party applications, on screen, via the respective graphical user interfaces (GUI). It is essential that physical access to these components is restricted to prevent unauthorised users from directly monitoring the actions being taken, and getting access to the data that is being processed. Additionally this helps to prevent users from being able to interrupt the process and take control of the data and applications that the Runtime Resources have authenticated against. For security reasons, granting access to the Runtime Resources once established is not recommended – the ability to restart, shut-down and start up the instances should be sufficient. Where remote access is granted to the Runtime Resources, such access should be subject to appropriate control and monitoring. Further information is available within the User Accounts, Remote Access and Security Guide. Commercial in Confidence Page 24 of 56 5.9. Running multiple Runtime Resources on a single device In certain circumstances, a single Runtime Resource can host multiple Blue Prism Runtime Resources (i.e. multiple robots can operate simultaneously within a single instance of a windows desktop operating system). This is dependent on the technologies that are automated as part of the processes, which in turn must be developed with this execution approach in mind. There are a number of potential challenges with this approach: Each process that runs simultaneously on a single Runtime Resource must be able to successfully identify the application(s) that were launched for its use. (E.g. if there are 5 processes each using Internet Explorer, each process must be able to successfully identify which is the appropriate one to use). Conflicts can occur if a thick client application is used as part of processes that run simultaneously, particularly where only one instance of the application can be launched at a given time (e.g. Microsoft Outlook). Where multiple instances of a single application are used simultaneously, it is necessary that actions taken in one instance, do not affect the others. (i.e. logging out in one instance should not automatically log the user out of all instances). It may not be possible to use this approach where the processes use thin client technologies. Where the Runtime Resource connect to an Application Server, the connection must be configured to use dynamic ports for callback to avoid conflicts. If the callback port is statically defined, it will not be possible to operate multiple Runtime Resources on a single Runtime Resource unless a separate connection is configured for each. To configure a single Runtime Resource to have multiple Runtime Resources it is necessary to modify the start up configuration to initialise multiple instances of Blue Prism, each with its own listening port. The v6 User Guide – Installing Enterprise Edition provides instructions on how setup this configuration. 5.10. Event log Typically any errors and warnings generated on the Blue Prism Runtime Resources are written to the Windows Event Log – it is therefore necessary for the accounts used on these resources to have permissions to create the appropriate entries. Additionally the Windows User Account Control can somet imes restrict this capability. It is also necessary for the amount of space required by the Event Log to regularly reviewed and for appropriate maintenance to take place. Further details on monitoring are contained within the v6 Data Sheet - Monitoring. Commercial in Confidence Page 25 of 56 6. Blue Prism Application Server Guide 6.1. Overview The Blue Prism Application Server is an optional, but strongly-recommended, component within a Blue Prism environment. The key features that are provided by the Blue Prism Application Server include: Marshalling all connectivity between the Blue Prism components and the database. Provision of the Secure Credential Store. Data encryption and decryption capabilities. Scheduled process execution. Commercial in Confidence Page 26 of 56 6.2. Minimum requirements 4 Blue Prism Application Servers are typically deployed to virtualized instances of Windows Server although for smaller or initial deployments, physical desktops can be used. Each Application Server requires the Blue Prism runtime to be installed, and will require additional setup to enable the data encryption facility. The v6 User Guide – Installing Enterprise Edition provides further information. Intel Dual Core Processor 2GB RAM 20GB free disk space (after install of standard operational software*) Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. .NET Framework 4.7 x64 installs run in 32-bitmode The specification assumes a single Application Server that will service between 1 and 50 Blue Prism Runtime Resources. Whilst an increased specification can enable greater numbers of Runtime Resources to be serviced, it is recommended that a given Blue Prism Application Server should not be configured to be responsible for more than 100 Blue Prism Runtime Resources. 6.3. Frequently asked questions How are Blue Prism Application Servers typically deployed? Typically they are deployed on to a dedicated, virtualized, Windows Server to provide security and scalability. There is the option to deploy to physical end-user desktops for smaller implementations. What are the advantages of virtualizing this component? Virtualizing the Application Server provides greater options for scalability and disaster recovery scenarios. What are the security implications of this component? Each Blue Prism Application Server instance holds the database connection information and the encryption key for the respective environment and by default this information is available to any user who can connect to the server file system. Common mitigations include: Using Windows Authentication for the database connection which negates the requirement to store the username and password within a Blue Prism configuration file. Storing the encryption keys within individual files and manually applying additional controls such as use of transparent encryption and restricting access to the files. It is important to note that where access is granted to this component, a given user will have access to this potentially sensitive configuration information for each environment - it is therefore important that this component is suitably secured and subject to restrictions in terms of physical and remote access. C an a single Blue Prism Application Server be used across multiple environments? An instance of a Blue Prism Application server services a single environment, however it is possible to co-host multiple Application Server instances on a single Windows Server. The Multiple Blue Prism Application Servers section contains further information. D oes this component need to be backed up? Yes, it is important to ensure that as a minimum the data encryption (credentials) key is backed up and stored securely. 4 All minimum requirements must consider the selected operating system as well as the applications to be automated. * Examples of standard operational software includes: anti-virus; server performance monitoring tools; remote access technology Commercial in Confidence Page 27 of 56 6.4. Networking The main components that Application Servers initiate communications with include: Runtime Resources For the purposes of triggering scheduled processes on a given Runtime Resource (TCP). D atabase Connectivity with the database server uses SQL Server drivers and is therefore configurable. By default connectivity occurs using TCP. Due to the high levels of communication between the Application Server and Database it is necessary for Application Servers and the respective Databases to be physically located locally to minimise latency between the components. 6.5. Application Server configuration The v6 User Guide – Installing Enterprise Edition provides instructions on how to configure an installation of Blue Prism to take on the role of a Blue Prism Application Server. Commercial in Confidence Page 28 of 56 6.6. Multiple Blue Prism Application Servers As part of a Blue Prism infrastructure there may be a number of Blue Prism Application Servers for the purposes of: providing resilience and availability; or to provide functionality to a number of different environments (Development, Test, Production). The common configurations for provisioning multiple Blue Prism Application Servers include: D istributed Servers: many servers for a single environment A single environment (e.g. Production) may have a number of Application Servers to allow the workload to be distributed across them and/or for the purposes of introducing resilience. In this scenario each Blue Prism Application Server would be setup with an identical configuration and would be connected to the same database. Shared Servers: one server for multiple environments A single Windows Server can be configured to host multiple Blue Prism Applications, each of which is responsible for an independent environment (albeit within the same network). When configuring multiple Blue Prism Application Servers on a single Windows server it is important to review the combined maximum number of Blue Prism Runtime Resources that will need to be serviced concurrently. Commercial in Confidence Page 29 of 56 6.6.1. Hybrid: many servers for multiple environments A hybrid approach can be taken to provide both resilience and the ability to service a high number of Blue Prism Runtime Resources across multiple environments. The example below shows a scenario where it has been decided to have a separate Blue Prism environment (with a dedicated database) for each core business area and therefore there are a number of production environments to be serviced. Considerations for deploying multiple Application Servers When deploying multiple Application Servers to for a single environment (e.g. Production), it is necessary to consider the following: Where multiple Blue Prism servers are deployed for the same environment each one must be configured to use the same time zone. The configuration of the encryption schemes on each server must be identical to allow all servers to perform consistent encryption and decryption of sensitive data. 6.7. High availability and redundancy See the High Availability and Redundancy Guide within this document for information. Commercial in Confidence Page 30 of 56 7. Blue Prism Database Server Guide 7.1. Overview Each Blue Prism environment uses a Microsoft SQL database as a central repository of configuration da ta, settings, runtime transactions and logs. The solution permits any number of instances of the Blue Prism schema to be deployed within a given SQL instance on Microsoft SQL Server, allowing multiple Blue Prism environments to be configured within a single Microsoft SQL instance. Support is also provided for Microsoft SQL Azure. Refer to the Blue Prism Reference Architecture for Microsoft Azure for further details. Key Features: Central repository for all Blue Prism configuration information such as processes, objects and workflow configuration. Third-party system user credentials store. Work queue repository. Stores audit information and production process log data – a transaction log of each process running in the environment. Commercial in Confidence Page 31 of 56 7.2. Minimum requirements Server Database 7.2.1. Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016. 64-bit versions only. Intel Quad Core Processor 4GB RAM 10,000 RPM SAS Hard Drives (with appropriate RAID configuration) Network card matched to environment SQL Server 2012, 2012 R2, 2014, 2016. 32-bit or 64-bit versions. Standard or Enterprise Editions (x86/x64 (recommended)) Non-clustered or clustered architecture SQL AlwaysOn Availability Groups Supports shared service infrastructure (e.g. rented space in a shared datacenter) Multiple Blue Prism databases instances supported per server (for multiple environments) SQL collation must be case insensitive and support the 1252 code page (Common examples include: Latin1_CI_AS, SQL_Latin1_CI_AS) Sizing The requirements of the database server directly correlate to the number of deployed Blue Prism Runtime Resources. Environment D ata File Log File Development 50 GB 25 GB Test 50 GB 25 GB UAT 10 GB 5 x No of Runtime Resources 10 GB 1 x No of Runtime Resources 50% of Data File6 50% of Data File2 Production Sizing Notes Data file minimum size: 100 GB Data file minimum size: 200 GB 5 Data File size should be reviewed during implementation according to logging requirements, running hours and data retention policy as this will vary if data is retained for prolonged periods. 6 Backup and log truncation should be reviewed according to business criticality. Commercial in Confidence Page 32 of 56 7.3. Frequently asked questions How are Blue Prism Databases typically deployed? Typically they are deployed to a physical SQL Server instance. It is common for non-production databases to be contained within a single SQL instance, and for the production databases to be hosted within a production strength SQL instance (often one which offers redundancy through mirroring, clustering or use of AlwaysOn Availability Groups (SQL AAG)). What are the advantages of virtualizing this component? Refer to the v6 Reference Guide - Virtualization before considering virtualizing this component. What are the security implications of this component? As with all application databases, the Blue Prism Database(s) must be secured as this database is the main repository for a range of information including: process configuration; credentials for third-party systems; work queues; logs and audit information. The sensitive data is encrypted prior to storage however this is not a substitute for database security. C an a single Blue Prism Database Server be used across multiple environments? A single Blue Prism Database Server can be used across multiple Blue Prism environments as each environment requires an independent database which can be co-hosted with other Blue Prism databases on a single SQL instance. D oes this component need to be backed up? Yes, it is important to ensure that the database and logs are subject to frequent backups in line with any data recovery policies. 7.4. Provisioning a Blue Prism database server There are a number of settings and considerations to be applied when designing and provisioning a Blue Prism Database Server. These considerations include topics such as: Selecting an appropriate server or instance. Disk space configuration and utilisation. CPU and RAM allocation. Database growth. Recommended database settings. Further information is provided with in the v6 Data Sheet – Provisioning a Blue Prism Database Server. 7.4.1. Creating/Upgrading a Blue Prism database There are two main options for creating or updating a Blue Prism Database: Product Driven The software will create and maintain the database during installation and upgrades. CREATE and ALTER TABLE privileges are required by the Blue Prism Server. Script Driven SQL scripts for database creation and updates can be provided by the product support team. Commercial in Confidence Page 33 of 56 7.5. SQL Permissions The minimum SQL permissions required on the Blue Prism database for business as usual or normal operation are listed below: Datareader Datawriter [All roles prefixed with bpa_] E.g. o bpa_ExecuteSP_DataSource_bpSystem o bpa_ExecuteSP_DataSource_custom o bpa_ExecuteSP_System The roles prefixed “bpa_” are only available once the database has been configured using the in-product Create Database functions or manually using the CreateScript. The minimum SQL permissions do not provide appropriate privileges to carry out Create, Configure or Upgrade database actions, therefore an appropriate administrator account will need to be used when any of these actions are required: Create Database: dbcreator (server role) or sysadmin (server role) Configure Database: sysadmin (server role) or dbowner (database role) Upgrade Database: sysadmin (server role) or dbowner (database role) To manually execute the Create or Upgrade database scripts (available via Blue Prism Support) against an existing database, the following SQL permissions are required by the user carrying out the actions: 7.6. DBCreate: sysadmin (server role) or dbowner (database role) DBUpgrade: sysadmin (server role) or dbowner (database role) Maintaining a Blue Prism database server It is important to ensure that there is regular maintenance of the SQL server to: facilitate a stable platform; highlight potential issues; and proactively ensure maximum performance based on the hardware resources available. The key maintenance topics include: Backups. General server maintenance. Database maintenance and recommended settings. Blue Prism in-product maintenance. Further information is provided with in the v6 Data Sheet – Maintaining a Blue Prism Database Server. Commercial in Confidence Page 34 of 56 7.7. Database usage patterns Communication between the Blue Prism Runtime Resources, Application Servers and Database is typically moderate to high in volume, and transactional in nature as records are frequently inserted into the session log, along with look-ups and updates being performed within workflow tables. Consideration should be given to the proximity of the Database Server to the Blue Prism Application Server and Runtime Resources, particularly when implemented across large or multi-site networks. Where network latency is an issue, it will be made more prominent by the frequency of the queries performed. Commonly the Blue Prism database will receive direct connections only from each Blue Prism Application Server within a given environment. In some circumstances, such as where Application Servers are not deployed, any Blue Prism component can be configured to establish a direct database connection. This will be subject to the application of appropriate routing, authorization and access settings. The number of connections that will be established by each directly connecting device is managed by the .NET Framework through use of SQL connection pools. Commercial in Confidence Page 35 of 56 7.8. Blue Prism data This section introduces a number of the key types of transactional data such as logs and history that are stored within the database as part of ongoing use and operation of Blue Prism. Further information on the key tables within the Blue Prism database is provided within the Appendix. 7.8.1. Sessions and Logging Blue Prism processes contain a number of steps (or stages) that the runtime resources follow as part of executing the process. These stages can represent a variety of actions including: calculations, decisions, reading data from a user interface element, executing a sub-process or action etc. Sessions are used by Blue Prism to record all of the appropriate stages followed by a runtime resource as part of executing a business process. The amount of logging for each stage is configured as part of the process design but typically each log generated will include: the execution time. the context in which it the process is being run. any input/output parameters from the stage. Overtime, and based on the level of logging that has been configured, the data collected as a result of session logging is often the largest data set within a production Blue Prism environment and the archiving facility can be used to restrict the impact of this. In order to maintain integrity, the generation of sessions and associated session logs occurs synchronously as part of process initiation and execution. Whilst the amount of data per transaction is low, the frequency and requirement for rapid processing by the database is paramount. 7.8.2. Work Queues Work queues provide the storage and workflow capabilities for processes. Each work item typically represents an individual record - its data, status and history. A work item has a number of statuses including: pending, deferred, locked, completed, and terminated. If a work item is terminated by the process, it may be retried automatically each queue can be configured with a set number of automatic retries. Each work item attempt is represented by an individual record in the BPAWorkQueueItem table, therefore if a work item is worked, terminated and a retry action generated, it will be represented by two rows in the table. Work items can be assigned tags which provide supplementary information such as categorisation and these are defined in the BPATag table and each assignment of a tag to a work item attempt is represented by a record in the BPAWorkQueueItemTag table. The BPAWorkQueueLog is used to record each operation which alters a work item (e.g. additions, status change, deletions). Commercial in Confidence Page 36 of 56 7.8.3. Audit Logs Audit Logs are used to record all of the following actions: Login / Logout Changes to environment-wide settings Create/Update/Delete of: business objects; processes; queues When recording changes to processes and objects all details of the changes being applied are capture d to allow for comparison or rollback at a later date. The audit log table (BPAAuditEvents) can grow to be quite large where there is a high frequency of updates to processes or objects. This typically does not affect production databases as the largest number of changes take place in development or test environments. 7.8.4. Schedule Logs Schedule logs are created for each schedule that is initiated and record the time and outcome for all tasks and sessions that form part of that schedule. Whilst the number of schedule logs may grow to be quite large (the most basic schedule would create a minimum of 6 log records), the amount of information per row is very small so it is unlikely to be cause for concern. 7.8.5. Alerts Alerts can be configured to indicate to end-users when certain events are detected within sessions or schedules. An alert is targeted to a particular user and has a delivery method (e.g. pop-up box, system sound etc.). Each individual alert is stored in a record on the BPAAlertEvent table. Commercial in Confidence Page 37 of 56 8. User Accounts, Remote Access and Security Guide 8.1. Overview There are a number of interactions for which user accounts are required as part of a Blue Prism implementation. Examples of these interactions include: The user accounts used by the runtime resources to authenticate against the network or workgroup. The user accounts the Runtime Resources will use to access and automate the line of business applications. The user accounts used by Blue Prism controllers, and developers to configure, develop, release, deploy processes and the associated queues, schedules and settings. Security should also be considered in reference to: Access (including remote access) to the various Blue Prism components (e.g. Application Server, Runtime Resources, Interactive Clients, Database Server etc.) The logical access permissions granted to each user in relation to the actions available to them within a given Blue Prism environment. 8.2. User Accounts: Runtime Resource network authentication Considerations for the user accounts to be used when Runtime Resources are authenticated to the domain or workgroup include: Whether auto-login is required, and how this will be achieved. The authentication methods required for the applications that are to be automated (e.g. whether they use Active Directory integrated authentication commonly referred to as Single Sign-On (SSO)). Whether the out of the box functionality is to be implemented that allows Blue Prism to automatically manage the credentials used; including periodically resetting these user account passwords (whilst adhering to password complexity and history policies). Further information is provided in relation to the user accounts and auto-login options within the B lue Prism Runtime Resource Guide. Commercial in Confidence Page 38 of 56 8.3. User Accounts: Line of business applications It is necessary for the Blue Prism Runtime Resources to have appropriate access to each of the line of business or third-party applications that are automated within Blue Prism processes. It is recommended that a user account with appropriate permissions is made available for each of the Blue Prism Runtime Resources that will have a concurrent connection to a given application although there is support for Blue Prism Runtime Resources to use shared credentials if required. The credentials for the user accounts used as part of a Blue Prism process are securely stored, independently of the process definition, within a centralised Credential Management repository. Access to specific credentials is restricted to specific Runtime Resources, processes and users in order to prevent authorised use within the environment. Blue Prism processes can be configured to periodically change the line of business application password(s), taking account of necessary password complexity requirements, which ensures that the credentials are not known by any human operator. 8.4. User Accounts: Blue Prism users (controllers / developers) By default, Blue Prism’s native authentication is used to manage user access to the Blue Prism application and for assigning appropriate controls and permissions to each user. Alternatively Blue Prism can be integrated with Active Directory Domain Services for controlling and configuring user access and control. See the Active Directory Integration Guide for more information. Commercial in Confidence Page 39 of 56 Irrespective of the type of authentication selected, user access is role-based and configured independently for each environment allowing specific users to have different access dependent on the environment. This further supports the ability to restrict any one user having ubiquitous access across all environments. Commercial in Confidence Page 40 of 56 8.5. Security: Access (including remote access) Typically it should be appropriate for all components of the Blue Prism solution (excluding the Blue Prism Interactive Clients) to be locked down to prevent any access by Blue Prism administrators or users. The only functions required are those typically used by administrators such as: restart; shutdown; start-up; purge event log etc. 8.5.1. Remote Access If there is a desire to implement remote access for any of the Blue Prism components, the various security implications for each component should be considered – further information is provided within the respective components guides: B lue Prism Runtime Resource Guide B lue Prism Application Server Guide B lue Prism Database Server Guide It is also important to select a suitable tool for providing remote access which interacts with the target system in an appropriate manner (e.g. without interrupting the current session), and which provides a suitable level of security and governance – particularly considering that typically a number of the components will already be logged on and available. Microsoft Remote Desktop Connection (RDP) is explicitly specified as being unsuita ble for remote control of a Runtime resource, as the remoting connections are intrusive – meaning that the RDP session would interrupt ongoing automated processing. Considerations for selecting a suitable remote access tool are detailed within the v6 Data Sheet – Remote Access Tools. Commercial in Confidence Page 41 of 56 8.6. Security: Logical access permissions The logical access permissions that need to be configured are typically defined as part of the project initiation and Blue Prism supports using a mixture of bespoke and out-of-the-box security roles to allow each user to be allocated the appropriate access in each environment. Examples of roles that are often reviewed as part of this definition are included below: Create, read, edit, delete processes Create, read, edit, delete business objects Compare, export, import processes or business objects Define release package, create release Create, edit, delete schedules Full or read-only access to queues / sessions Access to define system settings, users, credentials etc. It is necessary to establish any logical access restrictions that will be implemented to provide an appropriate level of control and governance across the various environments. These may include: Preventing any development from taking place in the production environment. Restricting which users are able to migrate processes (and associated items) between various environments. Identifying which users will be responsible for the settings, configuration, user access etc. Identifying which users will have access to the various types of audit and logs. Information about auditing the Blue Prism platform and change management is contained within the v6 Data Sheet – Operational Audit Overview. Further guidance on establishing appropriate logical access permissions is provided as part of the Blue Prism implementation methodology. Commercial in Confidence Page 42 of 56 9. Active Directory Integration Guide There are a number of common considerations when deploying Blue Prism within an Active Directory Network Infrastructure: 1. How Runtime Resources can authenticate against target business applications using single sign-on. 2. A common Active Directory Network Infrastructure allows native encryption of internal Blue Prism communications. 3. User access to the Blue Prism platform can be configured to use Single Sign-on where all Blue Prism users and devices reside within a single Active Directory Forest. 9.1. Runtime Resources accessing target applications using single sign-on The Blue Prism Runtime Resources are responsible for executing the processes designed and configured within the platform. Typically processes will require interaction with various applications and systems, some of which may be integrated with Active Directory for single sign-on (SSO). Using a domain account to authenticate the Runtime Resources against the network allows a process to authenticate with relevant target systems using single sign-on. This simplifies the security model and accelerates development. Additional benefits of using a domain account to authenticate a Runtime Resource include: Enforces existing security policies for the Runtime Resources (e.g. password reset and complexity requirements). Allows Active Directory Group Policy Objects (GPO) to be used to enforce user specific settings. Provides auditability and control of the account via Active Directory. Simplifies access to network resources such as shared drives, mailboxes, printers etc. 9.2. Active Directory allows natively secured internal Blue Prism communications When the Blue Prism components are deployed within an Active Directory Network Infrastructure configured with appropriate domain trusts, communication message security is enabled by default for the necessary inter component communication. Further information on securing connections by enabling message security is provided within the Securing Network Connectivity Data Sheet. 9.3. Configuring the Blue Prism Platform to authenticate user access via Single Sign-on Where Blue Prism is deployed within a single Active Directory Forest, it can be configured to allow users to authenticate against the platform using Single Sign-on. It essentially requires an Active Directory Security Group to be mapped to each relevant Blue Prism security role after which users will be granted access to the platform based on their Active Directory Security Group membership. Valid scenarios for deploying Blue Prism with Single Sign-on include 1. Where all user accounts and all Blue Prism components reside within a single Active Directory Forest with appropriate trusts between all relevant domains. 2. Where all user accounts and all Application Servers and Interactive clients reside within a single Active Directory Forest with appropriate trusts between all relevant domains, and where Blue Prism Runtime Resources reside outside the domain and network. These Blue Prism Runtime Resources will not be able to carry out authentication tasks e.g. they cannot be used to host Blue Prism Web Services, and they Blue Prism Interactive Client on these devices cannot be used. Commercial in Confidence Page 43 of 56 Where it is not appropriate to use Single Sign-on for Blue Prism, native Blue Prism authentication can be used. Active Directory Integration for user authentication must be configured as part of the database creation therefore it is important to establish whether this is required prior to installing and configuring Blue Prism. 9.3.1. Configuring Active Directory integration There following steps are required to configure Active Directory integration: 1. Select to use Microsoft Active Directory authentication as part of the database creation action. This option is provided as part of the database creation wizard, and is irrespective of the method of authentication selected for authenticating with the SQL Server. As part of the configuration it is necessary to select which domain will host the Security Groups that will be mapped to Blue Prism, and also the Security Group whose members will be granted System Administrator access. 2. C onfigure the required Active Directory security groups. Within the selected Active Directory domain a Security Group should be created for each Blue Prism role that will be used. Commonly an independent set of Security Groups will be configured for each Blue Prism environment (E.g. Dev, UAT, Production). The group membership for each fo the created Security Groups should then be setup to ensure that the correct AD User Accounts are members of the appropriate groups. Commonly the Security Groups will be configured with a Domain Local or Universal Scope, and users from any trusted domain withn the same forest will either be added directly to the Security Group, or they will be member of a Universal Group which itself is a member of the configured group. Built-in Groups or Groups with derived membership such as Domain Users and Authenticated Users should not be used. It is recommended specific Security Groups are created and these should be mapped to Blue Prism Security Roles. Likewise if using nested group membership, the nested groups should not be built-in groups. Additionally Active Directory Security Groups that contain Foreign Security Principals or members with unresolved SIDs can present querying difficulties and therefore such configurations are not recommended. 3. Associate each Blue Prism Role with the respective Active Directory security group. Within Blue Prism each Blue Prism Role should be linked with the appropriate Activity Directory Security Group. It should be noted that it is possible for there to be a different number of security roles based on the environment (E.g. a Production Environment will not normally have a Developer role configured as development should not take plcae directly within production). Further information on Active Directory configuration is provided in the v6 User Guide – Installing Enterprise Edition. Commercial in Confidence Page 44 of 56 10. Blue Prism Network Connectivity Guide 10.1. Overview The diagram provides an overview of the common communication that occurs with the Blue Prism platform. F D F B A E B A C Communication Description Encryption options Natively encrypted by default. Details of connection security vary dependent on usage of Active Directory within the Network Infrastructure. Blue Prism connections to Application Server A Primary communication stream for the devices to send data to, and receive data from the database (via the Application Server) Instructional connection to Runtime Resources B E Instructions received by Runtime Certificate-based encryption can be applied by Resources. E.g. to start/stop processing; or manually deploying an appropriate certificate to to provide a status update each Runtime Resource and updating the device start-up parameters. Blue Prism database connection C The read/write connection between the Application Server and database Certificate-based encryption can be applied to the connection by leveraging SQL Server functionality which can auto-generate self-signed certificates or leverage an existing verifiable certificate. Runtime Resources connecting to target applications D Runtimes interact with business applications as part of the process automations. Dependent on the security provided by each respective third-party target application based on the nature of each connection. Remote connectivity F The users who control the platform will commonly use a remote connectivity tool to access centrally deployed devices. Leverages the security provided by the respective third-party remote connectivity tool. Commercial in Confidence Page 45 of 56 10.2. Inter-component Communication This guide provides an overview of the key communication channels that are used between the various Blue Prism components. B A C E D Further informaton about the typical communication that takes place between the Blue Prism components is detailed in the table below. Application Server A B Interactive Client C D Runtime Resource E Instructional: Schedule Robots (TCP) Communicates with the appropriate Runtime Resource to advise that a specific process is scheduled to be run. Once advised, the Runtime Resource then establishes a connection with the Application Server via WCF to retrieve the process configuration and for on-going communication. Database Communication (TCP - optionally leveraging certificate-based encryption) Connects directly to the database for read/write operations as requested by the various Blue Prism components. The connection security is defined by: the connection to SQL Server; the configuration of the SQL Server instance, or through use of external technologies such as IPSec. Instructional: Configure and Control Robots (TCP) Communicates with the appropriate Runtime Resource to advise that a specific process is to be run. Once advised, the Runtime Resource then establishes a WCF connection with the Application Server to retrieve the process configuration and for on-going communication. O perating Communications (WCF) Communication such as: process configuration retrieval; submitting system or process logs; saving changes; and requesting a single-use token prior to communicating with a Runtime Resource; takes place over a secure connection, which is established with the Application Server via WCF. O perating Communications (WCF) Communication such as: process configuration retrieval; submitting system or process logs; saving changes; and requesting a single-use token prior to communicating with a Runtime Resource; takes place over a secure connection, which is established with the Application Server via WCF. Instructional: Resource Pool Communications (TCP) Where implemented, Runtime Resources communicate with members of the same resource pool for the purpose of distributing process execution tasks. Commercial in Confidence Page 46 of 56 10.2.1. Default Ports Whilst all ports used by each component are configurable, the default ports are detailed below: C omponent D efault Port Information Application Server Listens for TCP traffic on 8 199 (configurable) Interactive Client Retrieves information from the server via WCF. Runtime Resource Listens for TCP traffic on 8 181 (configurable) Retrieves information from the server via WCF. Where there are multiple Application Servers co-hosted on a single operating system it is common for each to use an independent, dedicated port. This may be common where there are multiple Blue Prism environments. Where there are a multiple Runtime Resources configured on a single Runtime Resource, each will be configured to listen on an independent, dedicated port. 10.2.2. Latency Consideration should be given to the connectivity between the Blue Prism components, as any network latency will be made more prominent by the frequency of the queries performed. Latency must be minimal between the following components: Application Server(s) and the respective Database Servers Interactive Clients and Application Server(s) The only communication channels that are designed to support high-latency connections are those to/from the Blue Prism Runtime Resources, however consideration to this should be applied when designing the process automations to ensure appropriate performance. E.g. in terms of the frequency of communication with the other components such as requesting or writing items from the database, writing logs, updating queue items, auto-save settings etc. Commercial in Confidence Page 47 of 56 10.2.3. Name Resolution The communication that takes place between Blue Prism components requires the ability t o resolve the IP address of the target machine using its name. An example of such communication is when the Application Server instructs a Runtime Resource to start a process based on the configured schedule, or when a Runtime Resource communicates with another in the same Resource Pool. By default, the communication takes place using the short-name of the target machine (e.g. using robot001, not robot001.mydomain.local) and requires DNS to be configured appropriately. System Administrators can optionally change this setting if appropriate for the deployment: Register and communicate using machine (short) name – default Register using machine (short) name, communicate using FQDN 7 Register and communicate using FQDN Register: The name format used when registering Runtime Resources is the one which is featured when managing and configuring the platform (e.g. within session logs, schedules and control room etc.). Changing the name format used for registering components will require each to register as new devices within the environment meaning that any previous Runtime Resource configuration may need to be repeated (e.g. configuring Resource Groups and Resource Pools, assigning access to credentials, schedule configuration etc.). Connect: The name format used when connecting to the devices and is therefore the name that must be resolvable to an IP address from each of the devices were connections can be initialized. 10.2.4. IP Layer Security In addition to the controls natively provided by the platform, additional network protection can be achieved through use of industry-standard technologies such as IPSec which is able to protect all application traffic over an IP network. 7 Resource Management. Following the reset, the affected Runtime Resources and all Controllers should be restarted. Commercial in Confidence Page 48 of 56 10.3. Advanced Information 10.3.1. Instructional Communication The instructional communication represents the frequent, lightweight, communications received by the Runtime Resources. Examples include scenarios such as where the Runtime Resource receives a request from: the Application Server informing it to initiate the start process procedure. an Interactive Client manually instructing it to initiate the start process procedure. another Runtime Resource in a ResourcePool to initiate the start process procedure. the Interactive Client requesting a status update. a third party system accessing a Blue Prism web service. Within the Blue Prism platform, these connections are established from each operational Interactive Client and Application Server, to each available Runtime Resource using its configured listening port (default 8181). 10.3.1.1. Data Security and Controls Protocol: Native TCP (default); TCP with Certificate-based Encryption (requires advanced configuration) By default these communications are unsecured and contain a very high level instruction and do not include sensitive or exploitable information. The controls implemented for this communication include: Origin authentication: A single-use token is passed which the receiver validates with the Blue Prism Application Server. This allows the receiver to validate the originator had the authority to issue the message. Session authentication: A single-use token is passed which the receiver validates with the Blue Prism Application Server. This allows the receiver to validate the originator had authenticated with the Blue Prism Application Server prior to generating the message. The single-use token referenced above is generated by the Blue Prism Application Server and verified by the recipient via the operational communications channel. Whilst these instructional communications are unsecured by default, for advanced implementations applicable Runtime Resources can be configured to apply encryption by leveraging a local certificate. When appropriately configured, certificate-based encryption is applied to all communication received by the device on a given port irrespective of the origin. Blue Prism web services accessed on configured devices will require a HTTPS prefix. When deploying certificates for this purpose it is important to note that: The certificate common name(s) will need to accurately reflect the paths used for all communications to the Runtime Resource on a given port. The devices connecting to the Runtime Resource(s) will need to trust the issuer (Certificate Authority). The start-up parameters for the Runtime Resource will need to be configured to leverage the certificate. Commercial in Confidence Page 49 of 56 10.3.2. Operational Communication The operational communication represents the main channel for data transmission between the Application Server and all clients (Interactive Clients and Runtime Resources). These connections are established from the respective clients to the Application Server(s) and use WCF (in the default/recommended configuration) which provides encrypted communication, and controls which include: content confidentiality, data integrity protection, origin authentication, message replay protection, non-repudiation, and session authentication. Examples include scenarios such as where the Application Server receives a request from: a Runtime Resource requesting a process definition after being instructed to start processing. a Runtime Resource writing a log to the database (via the Application Server). A Runtime Resource requesting a credential for use when executing a process. an Interactive Client updating a process definition. an Interactive Client updating an execution schedule. Each Runtime Resource (and Interactive Client) will communicate over a WCF connection with a nominated Application Server via the server’s listening port (default: 8199). Commercial in Confidence Page 50 of 56 10.3.2.1. Data Security and Controls Protocol: TCP (WCF) The communication is encrypted by default when the default, or any of the recommended configurations, are in use. The security is provided by the .NET Framework and the Operating System. 10.3.2.2. Legacy .NET Remoting Support To support legacy installations, it is possible to configure Application Servers and Clients to use .NET remoting instead of WCF for operational communication. Unless the Insecure variant of this option is selected, the connection is established via a secure TCPChannel. Behind the scenes, this is using the NegotiateStream Class, which is the .NET instrumentation of Microsoft's Security Support Provider Interface SSPI architecture. Because the security negotiation is handled by SSPI, it is transparent to Blue Prism and difficult to det ermine in all scenarios what encryption and authentication would be used, as this is based on operating system levels, domain configuration and other environmental factors. In most scenarios, the end result would be the use of Kerberos for authentication and sChannel for encryption. Assuming sChannel is selected for encryption, this would mean the Cipher used would be likely to be determined per this article: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx. The Key Distribution Center (KDC) for the communications is located on an Active Directory domain controller and uses Active Directory as its account database and, where required, the Global Catalog for directing referrals to KDCs in other domains. .NET Remoting includes a number of controls when the Blue Prism platform is deployed into an Active Directory network infrastructure 8 : C ontent confidentiality: .NET NegotiateStream is used to natively provide both key derivation and data encryption/decryption. SPNEGO is used to select the underlying security protocol, and the security context via negotiation between the client and server through use a set of security tokens generated by the SPNEGO GSS-API mechanism. D ata Integrity: .NET NegotiateStream is used to natively provide data encryption and signing using the negotiated security mechanism. The signature used as part of the VerifyMessage functionality to validate the integrity of the content. Origin authentication: Active Directory, as the KDC, performs the role of a trusted third-party and is responsible for providing confidence that the message has genuinely originated from the identified principal in addition to the verification that is applied by interrogating the message signature. Message replay protection: Reply protection is natively achieved through use of a ticket containing a session key and an encrypted session key identifier which is cached along with the timestamp of the original request. Non-repudiation: .NET NegotiateStream Protocols use of Active Directory as the KDC and trusted thirdparty provides confidence that the message is genuine and cannot be repudiated as it contains information (a session key) encrypted with the senders master key which the recipient must contact the trusted thirdparty to be able to verify. Session authentication: .NET NegotiateStream Protocol relies on the SPNEGO security protocol which selects between Kerberos (preferred) and NTLM. Authentication is performed as part of the negotiation to select the security protocol through the exchange of opaque security tokens generated by the SPNEGO GSS-API mechanism. 8 Data encryption is only available for .NET Remoting when Blue Prism is deployed within an Active Directory network infrastructure. Commercial in Confidence Page 51 of 56 10.3.3. Database Communication The communication between Blue Prism and the Microsoft SQL Server database leverages the .NET Framework SqlClient library. By default this is unsecured however there are a number of common approaches to secure the connection: 1. Install a verifiable server certificate on the SQL Server and configure the SQL inst ance to force encryption for all connections. 2. Install a verifiable server certificate on the SQL Server and configure the Blue Prism database connection to specify that the connection should be encrypted. E.g. encrypt=true. 3. Configure the Blue Prism database connection to specify that the connection should be encrypted and that server certificates can be trusted without further verification which allows a self-signed certificate on the SQL Server to be leveraged. E.g. encrypt=true; trustservercertificate=true. Commercial in Confidence Page 52 of 56 11. High Availability and Redundancy Guide There are three main aspects to consider when configuring Blue Prism for redundancy or resilience. Operational controls: How the platform is configured operationally to execute work can impact the behaviour when it responds to a failover or recovers from an outage. This can relate to a number of areas such as process design, demand management, frequency of schedules, management of process exceptions etc. Availability of target systems: The availability of the business systems which are accessed by the automated processes will impact the ability of the platform to operate successfully. Underlying Architecture: The hardware and core services on which Blue Prism relies must be configured to be appropriately resilient. This section provides information relating to providing resilience at the architecture level. 11.1. Resilience of Components The core components which are required to assure availability of the platform are: D atabase server: a core component of the platform and, as it is the realtime repository for audit and operational logs, the platform is configured to cease processing whenever the database cannot be contacted. High availability and/or redundancy is achieved through use of native SQL Server technologies (e.g. clustering, mirroring, AlwaysOn Availlabity Groups) or by third-party redundancy and replication technologies. Application server: used to marshall all connections with the database and to provide critical functiona lity as processes execute. All operating Interactive Clients and Runtime Resources require a connection to an available Application Server. As the execution within the platform is stateful, a persistent connection is required. Likewise if the connection between a Runtime Resource and Application Server is interupted, the Runtime Resource will periodically attempt to reconnect. Redundancy is achieved by provisioning additional Application Servers; and High availability is achieved through use of routing or load balancing such that traffic is directed to an available component. Due to the stateful nature of execution within the platform, items being actively worked at the time of failover or re-direction will fail and be routed for human intervention. Additional platform components include: Runtime Resource: responsible for executing the processes, each runtime resource is commonly located on a separate virtual device. Redundancy is achieved by provisioning additional Runtime Resources; and High availability can be achieved through use of Active Queues or Blue Prism Resource Pools. Both of these features represent groups of Runtime Resources and provide funtionality to scheduled or manually allocated to be allocated to an available Runtime Resource. Interactive Client: the client software accessed by users either to develop and test processes; or to control and monitor the platform. Redundancy is achieved by provisioning additonal devices and directing users to an available component as they establish a connection. Commercial in Confidence Page 53 of 56 11.2. Routing Application Server Connections The common way of deploying Application Servers is to allocate the Runtime Resources (and Interactive Clients) to a named Blue Prism Server, however there are a number of options for deploying these servers in a load balanced scenario such that the connections from the Runtime Resources and Interactive Clients are distributed. The simplest approach for load balancing is to use DNS round-robin with a low Time to Live (TTL) setting. Where organizations have existing technologies it can be possible to complement this approach by introducing an application aware utility that is able to validate the health of the Application Server(s) and to manage the DNS records accordingly. Commonly such functionality can be provided with the DNS platform, by software load balancers, or within monitoring platforms such as Tivoli or Microsoft Operations Management. Further information on this topic is available within the Data Sheet – Load Balancing Guide. Alternative solutions such as Microsoft Server Clustering, third party replication and routing solutions or other software/hardware load balancers may be used to provide this functionality. 11.3. Multi-site Deployment Information on configuring Active/Active and Active/Passive deployments is provided within the C omponent Architecture Examples. 12. Blue Prism Virtualization Guide The v6 Reference Guide - Virtualization provides a wealth of information in relation to deploying Blue Prism within a virtualized environment. It is available as a separate document via product support. Commercial in Confidence Page 54 of 56 13. Blue Prism Monitoring Guide 13.1. Overview Blue Prism infrastructures will comprise a number of different components each of which can be monitored and polled to verify that it is available and responsive. When monitoring the Blue Prism components, standard third party tools and techniques can be used to evaluate the following: Health of allocated hardware (e.g. disk space, CPU utilisation, network connectivity). Availability of specific windows services (e.g. service started, responding on the appropriate port). Windows Event Viewer – should be actively reviewed for any errors raised on all devices which are part of a Blue Prism environment. Additionally Blue Prism provides a number of features and techniques that can be used to assist with monitoring process execution and any associated errors. Process and Schedule Alerts can notify administrators or controllers, directly on their own desktop, using a range of indicators including: Pop-ups Sounds Taskbar Icons Additionally custom notification types can be implemented such as sending an email or raising an SNMP trap. Further information on monitoring each of the Blue Prism components is provided in the v6 Data Sheet – Monitoring. Commercial in Confidence Page 55 of 56 14. Appendix 14.1. References The following Blue Prism Data Sheets and Guides are available on request: General Documentation Product Overview High level overview of Robotic Process Automation and the Blue Prism Platform. Release Notes Version specific release notes detailing key features and functionality included in the release. B lue Prism Data Sheets Active Directory Integration Functionality and benefits of AD Integration. Credential Manager Features of the credential manager. Operational Audit Overview Overview of audit capabilities considerations. Considerations for selecting a suitable database server and provisioning a Blue Prism database. Provisioning a Blue Prism Database Server Maintaining a Blue Prism Database Server Considerations for maintaining the Blue Prism database. Monitoring Monitoring requirements of each Blue Prism component. Advice about suitability of remote access tools. Remote Access Tools Secure Windows Authentication Overview of auto-login facility for Runtime Resources. Active Directory Integration Functionality and benefits of AD Integration. Credential Manager Features of the credential manager. Operational Audit Overview Overview of audit capabilities considerations. Virtualization Guide Overview of the considerations for deploying Blue Prism into a virtualized environment. B lue Prism User Guides Installing Enterprise Edition Installing and configuring Blue Prism Enterprise Edition. Login Agent Installing and configuring Login Agent. Commercial in Confidence Page 56 of 56
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Page Count : 56 Language : en-GB Tagged PDF : Yes Title : Infrastructure Author : Kevin Whittingham Keywords : Major, Version:, 6 Creator : Microsoft® Word 2013 Create Date : 2017:10:02 09:28:39+01:00 Modify Date : 2017:10:02 09:28:39+01:00 Producer : Microsoft® Word 2013EXIF Metadata provided by EXIF.tools