Architecture for RPA Supervisor with Blue Prism
RPA Supervisor Installation
Connections in the drawing
| Connection | Source | Target | Port number |
| 1 | RPAS.BPAdapter | RPAS.WebServer | 443 |
| 2 | RPAS.BPAdapter | Blue Prism Database | 1433 |
| 3 | RPAS.BPAdapter | Blue Prism Clients | 8181 |
| 4 | RPAS.BPAdapter | Blue Prism Interface | N/A |
| 5 | RPAS.WebServer | RPA Supervisor Database | 1433 |
| 6 | Clients (users of RPAS) | RPA Supervisor UI | 443 |
-
RPA Supervisor integrates with a typical Blue Prism production environment
-
RPA Supervisor WebServer is hosted on its own virtual machine.
-
This will give the best network access segregation by letting you separate the server from the Blue Prism environment and more safely expose the RPA Supervisor to the rest of the organization. The alternative will be the minimal installation.
-
Orange lines from the Blue Prism client defines two options for RPA Supervisor to start processes in Blue Prism. Either
-
Connecting to Blue Prism through the App Server
-
Connecting to Blue Prism through a direct connection to the database. Our tests have proven the latter connection mode to have the best performance.
-
RPA Supervisor Satellite Server (proxy)
The RPA Supervisor can be configured with a proxy setup to allow external users outside a restricted network to access RPA Supervisor.
Connections in the drawing
- 1 - RPAS.BPAdapter -> RPAS.WebServer, port 443
- 2 - RPAS.BPAdapter -> BluePrism Db, port 1433
- 3 - RPAS.BPAdapter -> BluePrism Clients, port 8181
- 4 - RPAS.BPAdapter -> BluePrism Interface, no port
- 5 - RPAS.WebServer -> Supervisor Db, port 1433
- 6 - Clients -> RPAS.Dashboard, port 443
- 7 - Satellite Server -> RPAS.WebServer, port 443
The illustration above shows a Full Installation with a Satellite Server outside a restricted network.
After you have installed a main RPA Supervisor installation, you can install the Satellite Server
RPA Supervisor Minimal Installation
Please note: Typical installation in production for clients with less than 10 RPA licenses, or during the installation of test / QA environments of RPA Supervisor.
- RPA Supervisor integrates with a typical Blue Prism production environment
- RPA Supervisor Server is hosted on the same machine as Blue Prism Application server.
- This will give cheaper hosting costs than a regular install as that requires additional hardware.
- This will give poorer network access segregation than a regular Installation. By exposing the server because it hosts the RPA Supervisor website (which users will need to access), the Blue Prism environment is not as protected as it will be in a Full Installation.
Architecture for RPA Supervisor with UiPath
RPA Supervisor Installation
Connections in the drawing
| Connection | Source | Target | Port number |
| 1 | RPAS.UIAdapter | RPAS.WebServer | 443 |
| 2 | RPAS.UIAdapter | UiPath Orchestrator | 443 |
| 3 | RPAS.UIAdapter | UiPath Database | 1433 |
| 4 | UiPath Orchestrator | Robots | N/A |
| 5 | RPAS.WebServer | RPA Supervisor Database | 1433 |
| 6 | Clients (users of RPAS) | RPA Supervisor UI | 443 |
-
RPA Supervisor integrates with a typical UiPath production environment
-
RPA Supervisor WebServer is hosted on its own virtual machine.
-
This will give the best network access segregation by letting you separate the server from the UiPath environment and more safely expose the RPA Supervisor to the rest of the organization. The alternative will be the minimal installation.
RPA Supervisor Minimal Installation
The illustration above shows a Minimal Installation.
Please note: Typical installation in production for clients with less than 10 RPA licenses, or during the installation of test / QA environments of RPA Supervisor.
- RPA Supervisor integrates with a typical UiPath production environment
- RPA Supervisor Server is hosted on the same machine as UiPath Orchestrator.
Hardware and software requirements
RPA Supervisor Server: Hardware
Supported versions of Windows server:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
|
Typical for small implementations (~ 10 RPA licenses / robots) |
Typical for larger implementations (~ 80 RPA licenses / robots) |
|
|
CPU |
4 vCPUs | 8 vCPUs |
| RAM | 4GB | 16GB |
| Free Disk Space* | 20GB | 100GB |
RPA Supervisor Server: Software
Application hosting
-
Internet Information Services. You may also use custom hosting methods if preferred.
Required versions of .NET Core:
Please note this is a part of the installation guides.
- RPA Supervisor version 2021 or above: .NET Core Hosting Bundle 5
RPA Supervisor Adapter: Software
Supported versions of .NET Framework:
- .NET Framework 4.6.1
- .NET Framework 4.6.2
- .NET Framework 4.7
- .NET Framework 4.7.1
- .NET Framework 4.8
- .NET Framework 5
RPA Supervisor Database: Hardware
The RPA Supervisor database can be hosted on-premise or cloud.
Supported versions of SQL Server:
- 2012 Standard or Enterprise Edition
- 2014 Standard or Enterprise Edition
- 2016 Standard or Enterprise Edition
- 2017 Standard or Enterprise Edition
- 2019 Standard or Enterprise Edition
Supported database servers
- Azure SQL Database
- Amazon RDS for SQL Server
- Google Cloud SQL for SQL Server
Security within the RPA Supervisor applications
RPA Supervisor Server
Like any web server, the RPA Supervisor Server must be open for inbound connections from users. By configuring your network, you can decide to what extent you want the server to be open for such connections.
- Only accepts SSL encrypted connections.
- Communicates with the Adapter using WebSocket Secure (WSS) and the component is authorized using Json Web Tokens (JWT), encrypted using the HMAC-SHA256 algorithm.
- Authentication is based on an internal system of users stored in the RPAS database with a username and password.
- The authentication system is based on Json Web Tokens (JWT)
RPA Supervisor Adapter
- Communicates using encrypted channels (SSL), and only makes outbound connections. There is no way to connect to the Adapter externally.
- If you enable SSO to access the RPA tool and the RPA tool Database, it will use the same security as provided by Windows Single Sign-On
- If not using the SSO for accessing the RPA tool and the RPA tool Database, user credentials for these logins are stored with AES 256-bit encryption in configuration files to obfuscate them. The encryption key is stored within the Adapter software.
GDPR
By design, no customer or GDPR sensitive data from the RPA operations are needed for the RPA Supervisor to function. Please note that RPA Supervisor will collect all Tags from Queue Items. These should not contain sensitive data according to RPA development best practices.
Encryption
All data is encrypted using Rijndael256, commonly known as Advanced Encryption Standard (AES) 256-bit.
Application code security
To maintain secure code we use Veracode (.NET) and Arachni (OWASP) for security analysis of all components of the RPA Supervisor.
Comments
0 comments
Please sign in to leave a comment.