DocsAmazon Web Services (AWS) deployment
In the AWS deployment pattern, several SS&C Blue Prism components are replaced with AWS platform services, such as Simple Queue Service (SQS), AWS RDS databases, and AWS Elastic load balancers. Additionally, a logical division of components into AWS subnets is proposed to facilitate network security routing and permissions. All of these adaptations are optional and flexible, so it is possible to vary the subnets and mix and match platform services with native versions to suit business requirements.
It is not possible for SS&C Blue Prism to test and validate every deployment variation for every scale. The deployment patterns used as an example in this guide illustrate how the products are designed to work together to support customer architects and deployment engineers in making informed decisions. It should not be assumed that they can be followed exactly, nor that they will be appropriate for every real-world use case. It is expected that organizations will apply appropriate expertise to adapt and vary these designs to fit their own needs.
Network considerations
It is assumed that all components will be in a single virtual private cloud (VPC), and that this can be extended with virtual private network (VPN) connections. Alternatively, it is also possible to use a separate VPC for Decipher IDP, with Decipher components divided into subnets as required, and peered to the main Blue Prism VPC.
No external Remote Desktop Protocol (RDP) connections are included, but again this is flexible to suit business requirements, for example using a jump box, bastion host, or just-in-time (JIT) VM access. Likewise, public subnets, private subnets, or private endpoints can be used for databases, SQS, or other infrastructure. Access can be restricted using security groups or access-control lists (ACL), as required.
High availability
Duplicates of all Blue Prism components can be installed to provide redundancy, although the requirement for this will depend on business service-level agreements (SLA) and whether the AWS platform SLAs are sufficient without additional resiliency. When deployed in this manner, all components are in active-active patterns, and load balancers are frequently required for network connections to resolve across multiple instances of the same component (see AWS deployment network architecture for the positioning of these). All load balancers can be AWS Elastic load balancers, or software load balancers, except for the Blue Prism application server load balancer, which requires a software load balancer with session affinity setup.
Machine types and platform services
All Windows server and Windows desktop machines can be selected from appropriate virtual machine stock-keeping units (SKU), and likewise the container platform for the Decision Model Service is completely flexible, such as virtual machines, Elastic Compute Service (ECS), Elastic Kubernetes Service (EKS), or similar.
It is possible for Hub to use AWS Simple Queue Service (SQS) or any other Advanced Message Queuing Protocol (AMQP) compliant message bus, however, Decipher IDP requires RabbitMQ as its message bus.
AWS deployment component breakdown
AWS deployment network architecture
The following diagram illustrates an AWS deployment network architecture that includes SS&C Blue Prism Enterprise, Blue Prism Capture, Blue Prism Decipher IDP, Blue Prism Decision, Blue Prism Hub, Blue Prism Interact, and Blue Prism Authentication Server deployments. Click here to view the accompanying legend.
Network architecture diagram legend
