What’s up forum?
I’m running into some roadblocks with managing my high density bot farm. It’s an EC2 instance.
We have one good machine that has 30 so users with individual configurations that enable them to run 80 odd automations. We essentially need more than one machine, exactly as this one is. Setting it up from scratch manually is a huge effort, and the specific configurations are constantly changing.
My immediate thought was to get the machine image and clone it. The challenge ended up being that each cloned instance is not recognized as a unique machine by other enterprise systems like SCCM, Azure AD, and Microsoft Office, our antivirus, and our desktop management software. Security does not like this.
Running Sysprep isn’t an option because we need to preserve user-level configurations for our bots, and security is pushing back on manually resetting machine identifiers post-cloning, citing potential “ghost issues” due to hidden or residual identifiers that could cause security conflicts/ random issues.
So far, we’ve identified the following key identifiers that would need to be reset to avoid duplicate device conflicts:
- Machine GUID (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid)
- SCCM SMS GUID (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\SMS_Unique_Identifier)
- System SID (whoami /user)
- BIOS UUID (wmic csproduct get UUID)
- Computer Name (Rename-Computer)
- Azure AD Registration (dsregcmd /status)
We’ve considered using AWS Systems Manager (SSM) to automate the identifier reset during the EC2 instance’s first boot, ensuring that the machine gets a unique identity before any services (like UiPath, SCCM, or security tools) initialize. However, our security team is concerned that even with this approach, hidden identifiers might remain and cause issues in our broader enterprise environment (e.g., SIEM tools, endpoint protection, etc.).
Has anyone dealt with similar challenges in an enterprise environment? How do you handle cloning and scaling of entire bot farms/servers in a way that keeps both your RPA infrastructure and security teams happy? Are there best practices or tools you’ve used to ensure cloned machines are treated as unique without breaking user-specific configurations?
If resetting identifiers isn’t recommended or feasible, has anyone approached this differently? For example, by structuring EC2 instances so that user and application data reside on a separate drive that can be cloned or attached to new instances, while keeping the OS on a primary drive that remains consistent with a base image?
Appreciate any insights or experiences you can share!
Thanks!