Install and configure the web server – Hub

Before installing the SS&C | Blue Prism® Hub web server, ensure you have read the information in Hub install preparation.

Install and configure the web server ensuring that the system can communicate with the RabbitMQ Message Broker.

The process consists of the following steps:

  1. Install IIS
  2. Configure SSL Certificates
  3. Install the .NET Core components
  4. Install Blue Prism Hub
  5. Configure application pool recycling

The default host names provided in the procedures below are only suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names in your installation.

Instructional videos on how to install the prerequisite software and Blue Prism Hub are available from: https://bpdocs.blueprism.com/en-us/video/installation.htm.

Install IIS

The system requires IIS Web Server and the .NET Core components to be installed.

It is important that IIS is installed prior to installing the .NET Core components and Blue Prism Hub. The IIS features and roles are automatically installed as part of the Blue Prism Hub installation.

Scripted installation

Run the command below using the PowerShell command prompt:

Copy 
Install-WindowsFeature -name Web-Server -IncludeManagementTools

To watch this installation step, see our IIS installation video.

By default, IIS is installed with the Anonymous Authentication setting enabled. This setting is required by Hub and its associated sites. If you have disabled Anonymous Authentication, you must enable it before running the Hub installer. For more information about Anonymous authentication, see Microsoft's Anonymous Authentication page.

Configure SSL certificates

During the installation process you will be asked for the SSL certificates for the websites that are being set up. Depending on your infrastructure and IT organization security requirements, this could be an internally created SSL certificate or a purchased certificate to protect the websites.

The installer can be run without the certificates being present, though for the sites to operate, the bindings in the IIS websites will need to have valid SSL certificates present.

The table below details the required SSL certificates.

Website in IIS

Default URL (example only)

Websites with a user interface for use by end-users

Blue Prism – Authentication Server

https://authentication.local

Blue Prism – Hub

https://hub.local

Websites for use by the application only (services)

Blue Prism – Email Service

https://email.local

Blue Prism – Audit Service

https://audit.local

Blue Prism – File Service

https://file.local

Blue Prism – Notification Center

https://notification.local

Blue Prism – License Manager

https://license.local

Blue Prism – SignalR

https://signalr.local

The default URLs shown above are suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names for your installation.

Self-signed certificates

Self-signed certificates can be used but are only recommended for Proof of Concept (POC), Proof of Value (POV) and Development environments. For production environments, use certificates from your organization's approved certificate authority. It is recommended that you contact your IT Security team to check what their requirements are.

To generate a self-signed certificate:

  1. Run PowerShell as an administrator and use the following command, replacing [Website] and [ExpiryYears] with appropriate values:

    Copy 
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "[Website].local" -FriendlyName "MySiteCert[Website]" -NotAfter (Get-Date).AddYears([ExpiryYears])

    For example:

    Copy 
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "authentication.local" -FriendlyName "MySiteCertAuthentication" -NotAfter (Get-Date).AddYears(10)

    This example creates a self-signed certificate called MySiteCertAuthentication in the Personal Certificates store, with the Subject authentication.local and is valid for 10 years from the point of creation.

  2. Open the Manage Computer Certificates application on your web server (type manage computer into the search bar).

  3. Copy and paste the certificate from Personal > Certificates to Trusted Root Certification > Certificates.

  4. Repeat this process for each website.

This process is not recommended for production environments. This process will create a single certificate which can be applied to each website.

Run the following PowerShell command:

Copy 
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName XXXXXXXXXXX,authentication.local,hub.local,email.local,audit.local,file.local,signalr.local,notification.local,license.local -FriendlyName "TheOneCert" -NotAfter (Get-Date).AddYears(10)

XXXXXXXXXXX should be replaced with the host server name.

Once created, open the Local Machine certificate manager (certlm) and copy and paste the certificate into the trusted root certificate store.

Create an offline certificate request

To create an offline certificate request, for each certificate follow this procedure:

  1. Open the Manage Computer Certificates application on your web server (type managed computer into the search bar).

  2. Right-click Personal > Certificates and select All Tasks > Advanced Operations > Create Custom Request from the shortcut menu.

    The Certificate Enrollment wizard displays.

  3. Click Next.

  4. Select Proceed without enrollment policy and click Next.

  5. On the Custom request screen, click Next.

  6. On the Certificate Information screen, click the Details drop-down and click Properties.

  7. On the General tab in the Certificate Properties dialog, enter a friendly name and description based on the website this certificate will be applied to.

  8. On the Subject tab change the subject name type to Common name, enter the website URL in the Value field and click Add.

    The CN (common name) will display in the right-hand panel.

  9. On the Extensions tab, click Extended Key Usage, select Server Authentication and click Add.
  10. On the Private Key tab, click Key options, select a key size of your choice and select Make private key exportable.
  11. Still on the Private Key tab, click Hash Algorithm and select a suitable Hash (optional).

  12. Click OK.

    You are returned to the Certificate Enrollment screen.

  13. Click Next.
  14. Add a file name and path and click Finish.

After creating your certificate request, you will need to submit it to a Certificate Authority so they can process your request and issue a certificate. The certificate request is a text file. Usually, you are required to copy the text from the file and enter it into an online submission form on the Certificate Authority website. You will need to contact your Certificate Authority directly for instructions on the process for submitting your certificate request.

Install .NET Core Components

The .NET Core components must be downloaded and installed.

Step

Details

Video

1

Download the following components and store them in a temporary location, for example, C:\temp:

The video above acts as a visual guide only. The version of .NET contained in this video may be different to the actual version required.

2

To install the .NET dependencies, run each of the following commands using the PowerShell command prompt, waiting until each completes, before running the next command:

For Windows Server 2016:

Copy 
start-process "C:\temp\dotnet-hosting-3.1.11-win.exe" /q -wait
start-process "C:\temp\windowsdesktop-runtime-3.1.11-win-x64.exe" /q -wait
start-process "C:\temp\vcredist_x64.exe" /q -wait
start-process "C:\temp\NDP472-KB4054531-Web.exe" /q -wait

For Windows Server 2019:

Copy 
start-process "C:\temp\dotnet-hosting-3.1.11-win.exe" /q -wait
start-process "C:\temp\windowsdesktop-runtime-3.1.11-win-x64.exe" /q -wait
start-process "C:\temp\vcredist_x64.exe" /q -wait

Ensure the file path matches the location where the files were stored in step 1.

3

Restart your server before installing Blue Prism Hub to ensure the components are fully installed and registered.

 

To watch this installation step, see our .NET installation video.

Install Blue Prism Hub

Before you install Blue Prism Hub:

  • If you have purchased ALM or Interact, you will need your Customer ID during this Hub installation. This can be found in the email that was sent to you when you purchased ALM or Interact.
  • If you are reinstalling Blue Prism Hub after previously using and removing it, and the same database names are to be used, it is recommended that the databases should be cleared of any old data before re‑installing.

To watch the Hub installation and configuration process, see our Blue Prism Hub installation video.

The steps below detail the process for installing the Blue Prism Hub software. This includes the Authentication Server, Hub, and other associated services. The installation process will create any new databases that are required.

Download and run the Blue Prism Hub installer, available from the Blue Prism Portal, and progress through the installer as shown below. The installer must be run with administrator rights.

Step

Installer page

Details

1

Welcome

Click Next.

2

License agreement

Read the End-User License Agreement and if you agree to the terms, select the check box.

3

Prerequisites 1 – Server components

The installer checks that the prerequisites have been installed. Those that are not installed are identified. You cannot proceed until all the prerequisites are installed.

If there are uninstalled prerequisites, cancel the installer and install the missing components before restarting the installer. Otherwise, proceed with the installation.

4

Prerequisites 2 – RabbitMQ

Enter the server name or IP address of the Message Broker server and the credentials of the user you created.

The default message queuing port is 5672. This should only be changed if the default ports have been changed by your IT support organization.

By default, the Virtual host field is blank. You can leave this as blank and the connection will be made to the RabbitMQ root. Alternatively, if you have virtual hosts set up in RabbitMQ, you can connect to a specific host.

In Virtual host, enter the name of the virtual host on RabbitMQ that you want to connect to. The virtual host must already exist on RabbitMQ, you cannot enter a new name as this installer will not create a new virtual host. Further information about virtual hosts can be found on the RabbitMQ website - Virtual Hosts.

From the Protocol drop-down list, select the protocol you want to use. You can select either AMQP or AMQPS. If you select AMQPS, an additional field displays for you to enter the certificate that should be used for the connection. Further information about TLS configuration and certificates can be found on the RabbitMQ website - TLS Support.

If you are using AMQPS, you will need to give the Blue Prism IIS application pools full control of the RabbitMQ certificate. For more information, see Troubleshoot a Hub installation.

Click Test connection to verify connectivity. A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

5

Destination folder

Specify the required installation folder. The default location is C:\Program Files (x86)\Blue Prism, but you can choose your own using the Change button.

6

Authentication Server SQL connection

Configure the settings for the Authentication Server database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

7

Authentication Server IIS setup

Configure IIS for the Authentication Server website. You need to:

  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

8

Hub SQL connection

Configure the settings for the Hub database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

9

Hub IIS setup

Configure the Hub website. You need to:

  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

10

Email Service SQL connection

Configure the settings for the Email Service database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

11

Email Service IIS setup

Configure the Email Service website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

12

Audit SQL connection configuration

Configure the settings for the Audit database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

13

Audit Service IIS setup

Configure the Audit Service website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

14

File Service SQL connection configuration

Configure the settings for the File Service database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

15

File Service IIS setup

Configure the File Service website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

16

Notification Center SQL connection

Configure the settings for the Notification Center database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

17

Notification Center IIS setup

Configure the Notification Center website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

18

License Manager SQL connection

Configure the settings for the License Manager database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.

  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

19

License Manager IIS setup

Configure the License Manager website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

20

SignalR IIS setup

Configure the SignalR website.

You need to:
  • Enter a site name.

  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

21

Enter your Customer Id

Enter your customer identifier. This identifier is supplied to you by Blue Prism when you receive your product license for ALM or Interact.

If you have not purchased a licensed plugin, you can enter your own value.

If you later purchase a licensed plug, your customer ID will need to be changed within the configuration file. For more information, see Troubleshoot a Hub installation.

22

Blue Prism API URL (Optional)

If required, enter the URL for the Blue Prism API. This URL is essential if you want to use the Control Room plugin. The Control Room plugin is compatible with Blue Prism 7.0 or later.

If you decide to use the Control Room plugin and you have not entered a URL at this point, you will need to update the configuration file. For more information, see Troubleshoot a Hub installation.

23

Ready for Installation

Click Next to install Hub.

24

Installation complete

If the installation fails, the View Log option gives details of the error that was encountered. For more information, see Troubleshoot a Hub installation.

Configure application pool recycling

The application pools for Authentication Server and Hub should be set to recycle one after the other, with Authentication Server recycling first. You should configure the application pools to recycle at a specific time during non-working hours, or periods of low usage. The application pool for Authentication Server should be set to recycle at least 10 minutes before the Hub application pool.

There are several different methods you can use to set the recycling information. The steps below use the Internet Information Services (IIS) Manager:

  1. In the Internet Information Services (IIS) Manager, right-click the appropriate application pool and select Recycling….
  2. Clear the Regular time intervals (in minutes) option.

  3. Select the Specific time(s) option and enter a time into the field:

    • For the Blue Prism - Hub application pool, set it to use a specific time during non-working hours, or periods of low usage.
    • For the Blue Prism - Authentication Server application pool, set it to use a specific time at least 10 minutes before the Hub application pool time.
  4. Click Next, and then click Finish.