I had an opportunity recently to install, update and configure UiPath RPA Orchestrator in Azure environment. Customer had a choice between setting it up in Azure VM or to deploy it as Appservice (PaaS) ARM template. Upon discussing all options, customer decided to go with PaaS option.
There is marketplace ARM template that we choose to deploy, but for this customer we had to modify it a bit within VS Code to comply with naming conventions that we developed. At time of deployment, this template installs 19.4.4 version and latest one is 19.10.15.
Install process is pretty much strait forward. Small instance can handle up to 100 robots and this variable is related to SQL DB (Standard S1 in this case) size which can be later on changed.
Number of instances can be modified up to a 10 and can later on also be scaled if needed. Select your Azure subscription and empty resource group or create new one.
Next option is to set up HAA if you are using more than one instance of UiPath Orchestrator.
Setup SQL parameters
Review your setup and buy the resources.
At this point you can also download template (red arrow) and cancel deployment. Manually modify downloaded template and deploy it via PowerShell when ready. More information on manual deployment via PowerShell can be found on this link.
After initial deployment of the template (takes about 10 minutes to finish), several Azure resources are created
Website is up and running, and we can confirm that by connecting to provided Azure Appservice URL
Customer used default username and password to login and insert required licence. Later on, customer contacted UiPath support to obtain tenant admin and create required tenant resurces.
Since at the time of deployment Azure ARM template contained 19.4.4. version, we did manual upgrade to newest version.
To complete this successfully, we needed to do some prerequisites in Azure:
- Register application in Azure AD
- Add applications service principal to Contributor role of resource group where app is deployed
- Create Client secret in Azure AD App registration
Detailed upgrade steps can be found in UiPath documentation.
This is sample script that we used and modified for our needs:
.\Publish-Orchestrator.ps1 ` -action Update ` -unattended ` -package "E:\Work\Orch\Setup\UiPath.Orchestrator.Web.zip" ` -stopApplicationBeforePublish ` -azureSubscriptionId "8e34be72-1937-4aa0-b70e-81bab19gbf0a" ` -azureAccountTenantId "f8350d2a-n153-4d17-8927-902c51f72797" ` -azureAccountApplicationId "$AzureApplicationId" ` -azureAccountPassword "$AzurePassword" ` -resourceGroupName "DocTest-Orch-RG" ` -appServiceName "DocTests123" ` -verbose
Explanation of all script parameters can be found in documentation.
Upgrade process took about 5 minutes to complete.
Additionally we have configured following settings:
- Configure custom URL for application
- Add HTTPS certificate
- Restricted IP address blocks for external access
- Azure AD identity integration
Custom URL and certificate
I would recommend to add custom URL to the app and register it with application. Later on this custom domain name can be used as URI in Azure AD application registration. Certificate for HTTPS can be added on the same page and configured additional on TLS/SSL settings pane. For this case I opted for free App Service Managed Certificates that was created and issued via Azure portal.
Customer requires that application is available from the Internet so for initial deployment we decided to restrict access to specific IP ranges from outside. Later on we will probably add some WAF and other security solutions to the application Internet access.
Azure AD integration
More on this in my next blog post.