On-Premises UiPath Infrastructure - Creating a Dev Environment

Creating a separate development environment for UiPath can offer several advantages, including:

  1. Isolation: By creating a separate development environment for UiPath, you can isolate the development work from the testing and production environments, ensuring that any changes or updates made during development won’t impact the stability or performance of the production environment. Besides, the data isolation plays a vital role since bots can deal with sensitive data. Therefore, having separate environments will help to mitigate those issues as well.

  2. Collaboration: A separate development environment can facilitate collaboration between developers, testers, and stakeholders, who can work together to create, test, and refine automation workflows before they’re deployed to the production environment.

  3. Experimentation: A development environment allows developers to experiment with different automation strategies, testing and refining them before deploying them to the production environment. This approach can help reduce the risk of errors or failures in the production environment.

  4. Version Control: A separate development environment can facilitate version control, allowing developers to keep track of changes and updates to automation workflows over time. This can help ensure that the latest version of the workflow is always available and that any changes can be easily tracked and rolled back if necessary.

  5. Training: A separate development environment can also be used for training purposes, allowing new developers or team members to learn UiPath in a safe and isolated environment, without impacting the production environment.

Overall, creating a separate development environment for UiPath can help improve collaboration, reduce risk, and facilitate experimentation and training, all while keeping the production environment stable and performing optimally.

Web Server on a Single Machine

When we talk about Development environments, we usually envision a smaller environment with less capacity, a lower level of security, no ability to failover, and so on. That all means the team can survive in the event that the Dev environment goes down. Having said that, we are going to discuss how to create a Single Node Deployment for our solution.

If you’re looking to deploy a limited number of robots (ranging from 1 to 250 Unattended Robots or between 1 to 2,500 Attended Robots), then this option is ideal for you. It is a straightforward deployment model that is easy to set up. However, it’s important to note that there is no failover plan in place, meaning that if the machine running the Orchestrator fails, there will be downtime that cannot be prevented. Additionally, this deployment does not provide the ability to scale up, making it unsuitable for larger projects that require more resources.

The following diagram depicts how this design looks like.

As described previously, this is a very simple environment with essentially 2 different servers. The first one is a Windows IIS server where the UiPath Orchestrator resides. The detailed hardware requirements will be described later on. The second server is a Microsoft SQL Server Database that stores all the data from the UiPath Orchestrator. That data can be logs, users, and triggers, just to name a few items. Additionally, a dashboarding tool can be plugged in for reporting purposes. For that purpose, you may use Elasticsearch with Kibana, or even UiPath Insights. On top of the image are the bots and developers connecting to the Orchestrator to perform their activities and run the automations.

The recommended hardware specifications for a UiPath Orchestrator single node deployment are:

Web Application Server

  • Processor: 4-core CPU, 2 GHz or higher
  • Memory: 4 GB RAM or higher
  • Storage: 150 GB or more of free disk space

MS SQL Server

  • Processor: 4-core CPU, 2 GHz or higher
  • Memory: 8 GB RAM or higher
  • Storage: 300 GB or more of free disk space

Please note that these are the minimum recommended specifications and may vary depending on the specific needs of your deployment, such as the number of robots, the size of the database, and the complexity of the processes being automated. It’s always a good idea to consult with a UiPath representative or a qualified IT professional to determine the best hardware configuration for your specific use case.

How to access the servers?

Now that we know what hardware items we’ll have, we need to decide how we are going to access them. For this topic, we may have several different options, and I’ll describe what I believe to be the most efficient and still reliable way. Since these are servers, we can’t simply use our own user accounts to install things. That could lead the team and the company into problems. If whoever installed the UiPath Orchestrator leaves the workforce, for instance.

For the UiPath Orchestrator installation, we are going to use what is known as NPID (non-people ID), or service accounts. A non-people identity (NPID) is a type of identity that is used for authenticating non-human entities in a Windows-based environment. It is essentially a digital identity that can be used to represent any non-human entity, such as an application, a service, or a device, that needs to access resources within a Windows domain or network.

In the context of Windows authentication, NPID is commonly used to secure system resources and ensure that only authorized non-human entities can access them. This can include file shares, printers, and other network devices.

NPID is typically created using a service account, which is a special type of account that is used by Windows services and other applications to log on to the operating system. These accounts are typically granted the minimum level of permissions necessary to perform their designated tasks, and they are often locked down to prevent unauthorized access.

NPID is a critical component of security in Windows environments because it allows organizations to manage access to sensitive resources while maintaining accountability for actions taken by non-human entities. By providing a unique digital identity for each application, service, or device, NPID ensures that any actions taken on the network can be traced back to their source, improving visibility and auditability in the system.

The requirements on the Windows server are very straightforward. This service account needs to be an administrator and also should be able to run jobs as s batch job. This is required to keep the Orchestrator website running all the time. However, on the database side, you’ll need to grant db_creator and db_owner privileges to it. That is required for the installation process so then the service account can create the UiPath database and also become the owner of that for future maintenance. Pay attention to the way you add the NPID into the SQL Server Database, because that will dictate the authentication method from the IIS Server. For instance, with you create a SQL Server account, you’ll need to use the SQL Server authentication. On the other hand, if you are using a Windows account or Active Directory account, you need to select Windows authentication. Don’t forget to check the official documentation for more technical details on this topic (
https://docs.uipath.com/orchestrator/standalone/2022.10/installation-guide/getting-started ).

DNS and Certificate

DNS (Domain Name System) is used to translate human-readable domain names, such as www.uipath.com, into machine-readable IP addresses, such as 172.217.6.68. DNS enables users to access websites and other network resources using domain names that are easy to remember, rather than having to remember the numerical IP addresses associated with them. When a user types in a domain name in their web browser, their computer sends a DNS request to a DNS server, which responds with the corresponding IP address, allowing the computer to connect to the desired resource. DNS is a critical component of the internet infrastructure, and without it, accessing websites and other network resources would be much more difficult and cumbersome.

For our solution, we should have a new DNS entry with a meaningful name such as https://mydevorchestrator.com. The default configurations for this DNS will vary from company to company. For example, many major organizations will not allow servers to access the Internet. That means the process of creating this DNS entry will vary from place to place.

Another key component on our solution is the windows certificate. Windows certificates are digital documents that are used to authenticate and encrypt communications between computers, users, and web servers on the Windows platform. Certificates are issued by a trusted third party, known as a Certificate Authority (CA), which verifies the identity of the certificate holder and signs the certificate to indicate that it is valid. Certificates are used in various scenarios, including securing website connections with HTTPS, authenticating users logging into a Windows domain, and securing communications between network devices. Windows certificates play a critical role in securing network communications on the Windows platform, helping to protect against cyber threats and ensuring the integrity and confidentiality of sensitive data.

Similar to the DNS entry, we should install a certificate on our Orchestrator Windows IIS server that points to our website name https://mydevorchestrator.com. With that in place, we guarantee that the all communication between the users and the Orchestrator is secure and encrypted.

Firewalls

A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on pre-defined security rules. It acts as a barrier between an internal network and external networks, such as the Internet, and can prevent unauthorized access to or from a network. Firewalls can be implemented in hardware, software, or a combination of both, and can provide a range of security features, including packet filtering, application-level filtering, and intrusion detection and prevention. They can also be configured to allow or block traffic based on a variety of criteria, including source or destination IP address, port number, and protocol type. Firewalls are a critical component of network security, helping to protect against cyber threats and ensuring the confidentiality, integrity, and availability of sensitive data.

Since our solution is very small with only two servers, the are just a couple of Firewall rules to put in place, as follow.

  • From Windows IIS to SQL Server over port 1433 or 3341 for db connectivity.

  • Form users devices for Windows IIS over port 443 for SSL connectivity

The way the firewall group is set up may vary from place to place. The users’ devices could be allowed to connect based on their subnet or Active Directory Groups, for instance. You should discuss that with your network team for more details.

Prerequisites for Installation

So far we have discussed most of the requirements that should be in place before even starting the actual Orchestrator installation. In this section we are going to discuss a few software that need to be installed prior the UiPath Orchestrator installation. Without them the MSI installer will fail and you won’t be able to proceed with the process.

  • Windows PowerShell - minimum required version: 5.1.

  • .NET Framework - minimum required version: 4.7.2

  • IIS - minimum required version: 8.

  • ASP.NET Core IIS Module

  • URL Rewrite - minimum required version 2.1

  • Server Roles and Features.

  • Web-Deploy extension - minimum required version: 3.6

  • The Application Pool user needs to have the following rights in the Local Computer Policy: Log on as a batch job.

  • Anonymous Authentication must be enabled.

All the software required can be found here.

Finally installing the UiPath Orchestrator

Finally installing the UiPath Orchestrator marks a major milestone in the implementation of a successful Robotic Process Automation (RPA) solution. The Orchestrator serves as the central hub for managing and monitoring UiPath Robots, enabling automation at scale across an organization. The installation process involves several critical steps, including meeting the necessary prerequisites, configuring the appropriate settings for the server, and ensuring that the necessary ports are open for communication between the Orchestrator and other components. Once installed, the Orchestrator provides a wealth of features and capabilities, including the ability to schedule and monitor Robots, manage assets and queues, and generate comprehensive reports and analytics. By deploying the UiPath Orchestrator, organizations can achieve greater efficiency, accuracy, and scalability in their automation initiatives, ultimately driving improved productivity and business outcomes.

The actual process of installing this software is by far the easiest part of this whole process. Similar to any other Windows installation, the installation wizard will guide you over all the steps from start to end. In short, you’ll only need to fill out the fields with the information about your Windows IIS Server, Certificate, Orchestrator URL, Identity Service (which should be the service account), Database, etc. If everything was done correctly, this installation should run without any hiccups. Once again, you can check all the details all the technical details on the official documentation page here.

In conclusion, creating a development environment for UiPath on-premises infrastructure is a critical step towards building and deploying successful automation solutions. By following the steps outlined in this post, including setting up the necessary hardware and software prerequisites, configuring the appropriate settings, and deploying the UiPath Orchestrator, organizations can ensure that their automation initiatives are robust, scalable, and secure. With UiPath’s advanced tools and technologies, including the UiPath Studio and Robot, developers can build and test automation workflows, while the Orchestrator serves as the central hub for managing and monitoring the Robots at scale. By leveraging UiPath’s powerful RPA capabilities, organizations can achieve greater efficiency, accuracy, and scalability, ultimately driving improved productivity and business outcomes.

LinkedIn Profile: https://www.linkedin.com/in/joel-medeiros/
LinkedIn Company Profile: https://www.linkedin.com/company/rpa-pro-co
My Website: https://www.rpapro.co/
Youtube: RPA Pro - YouTube
Udemy Profile: https://www.udemy.com/user/joel-medeiros-2/

12 Likes

Thank you @Joel_Medeiros for the great information. In case if the dev environment needs a fail over, what additional infrastructure is needed?

Thanks much!

Hi @A_Learner ,

Well, in that case you would need a multi-node design with High Availability Add-on. This would guarantee that the Orchestrator APP is always up. But please, don’t forget your SQL Server. If you have a single node SQL Server, your orchestrator can goes down if the DB crashes. For a more reliable environment, you would also add a SQL Cluster if at least 2 nodes. But all these items add up on your bill, so you really need to think about it and know how much you want/can spend.

I hope that helps

1 Like

Thank you. How reliable is a single node environment? Percentage? True, cost is the concern for any business.

1 Like

Hi @A_Learner ,

That will vary from place to place since we are talking about an on-premises solution. For your reference, Azure cloud guarantees 99.9’ish availability for their VMs. But they have pretty reliable data centers. If we are talking about a small company with a couple of racks in a basement, that percentage might be lower. Does it make sense?

1 Like

Thank you!