Install and configure the web server – Hub

Before installing the SS&C | Blue Prism® Hub web server, ensure you have read the information in Hub install preparation.

Install and configure the web server ensuring that the system can communicate with the RabbitMQ Message Broker.

The process consists of the following steps:

  1. Install IIS
  2. Configure SSL Certificates
  3. Install the .NET Core components
  4. Install Blue Prism Hub
  5. Install the Authentication Server SAML 2.0 extension – This is only required if you intend to use SAML 2.0 authentication.

The default host names provided in the procedures below are only suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names in your installation.

Instructional videos on how to install the prerequisite software and Blue Prism Hub are available from: https://bpdocs.blueprism.com/en-us/video/installation.htm.

Install IIS

The system requires IIS Web Server and the .NET Core components to be installed.

It is important that IIS is installed prior to installing the .NET Core components and Blue Prism Hub. The IIS features and roles are automatically installed as part of the Blue Prism Hub installation.

Scripted installation

Run the command below using the PowerShell command prompt:

Copy
Install-WindowsFeature -name Web-Server, Web-Windows-Auth -IncludeManagementTools

To watch this installation step, see our IIS installation video.

By default, IIS is installed with the Anonymous Authentication setting enabled. This setting is required by Hub and its associated sites. If you have disabled Anonymous Authentication, you must enable it before running the Hub installer. For more information about Anonymous authentication, see Microsoft's Anonymous Authentication page.

Configure SSL certificates

During the installation process you will be asked for the SSL certificates for the websites that are being set up. Depending on your infrastructure and IT organization security requirements, this could be an internally created SSL certificate or a purchased certificate to protect the websites.

When generating a certificate, enter the host name in lowercase characters. If you do not use all lowercase, you may experience a naming mismatch between the name in the certificate and the host name when using the Hub installer. This could result in the certificate failing to be applied and the installer preventing you from progressing with the installation.

The installer can be run without the certificates being present, though for the sites to operate, the bindings in the IIS websites will need to have valid SSL certificates present.

The table below details the required SSL certificates.

Website in IIS

Default URL (example only)

Websites with a user interface for use by end-users

Blue Prism – Authentication Server

https://authentication.local

Blue Prism – Hub

https://hub.local

Websites for use by the application only (services)

Blue Prism – Email Service

https://email.local

Blue Prism – Audit Service

https://audit.local

Blue Prism – File Service

https://file.local

Blue Prism – Notification Center

https://notification.local

Blue Prism – License Manager

https://license.local

Blue Prism – SignalR

https://signalr.local

The default URLs shown above are suitable for a standalone environment, such as a test environment. Your organization’s DNS and Domain structures must be considered when choosing host names for your installation.

Self-signed certificates

Self-signed certificates can be used but are only recommended for Proof of Concept (POC), Proof of Value (POV) and Development environments. For production environments, use certificates from your organization's approved certificate authority. It is recommended that you contact your IT Security team to check what their requirements are.

To generate and apply a self-signed certificate for SQL Server:

Microsoft provide a script that can be used to generate a self-signed certificate for SQL Server. For more information, see Microsoft's documentation. It is important that the fully qualified domain name (FQDN) used by the SQL Server matches the FQDN defined in the certificate. If these do not match, a connection to the database will not be established and your installation will not function correctly.

  1. Run PowerShell as an administrator and execute the Microsoft script with the information for your SQL Server.

    This generates the certificate and installs it on the SQL Server.

  2. On your SQL Server:

    1. Enable access to the certificate's private key for the SQL Server service account. To do this:

      1. If you do not already know it, find your service account name for your SQL Server. This is shown on the Log On tab of the SQL Server Properties, which can be accessed from Services on your SQL Server.

      2. On your SQL Server, open Certificate Manager.

      3. Expand Personal, then expand Certificates, right-click SQL, and then select All Tasks and click Manage Private Keys...

      4. In the Permissions for SQL private keys dialog, add your SQL Server service account with Read permissions. For example:

      5. Click OK to apply the changes and close the dialog.

    2. Enable SSL on your SQL Server and specify the certificate. To do this:

      1. From the Windows task bar, open SQL Server Configuration Manager.

      2. In the SQL Server Configuration Manager, expand SQL Server Network Configuration and right-click Protocols for <SqlServerInstanceName>, and then click Properties.

      3. In the Protocols for <SqlServerInstanceName> Properties dialog, select the Certificate tab, and then select or import the required certificate.

      4. Click Apply.

      5. Click OK to close the Properties dialog.

    3. Restart the SQL Server service.

    4. Copy the certificate C:\sqlservercert.cer. You will need to add this to the Hub and Interact website host servers.

  3. On the website host servers:

    1. Paste the sqlservercert.cer into the website host servers for Hub and Interact.

    2. Add the certificate to the server's Trusted Root Certification Authorities certificate store. To do this:

      1. Double-click on the certificate and click Install Certificate....

        The Certificate Import Wizard displays.

      2. On the Welcome page, select Local Machine under Store Location and click Next.

      3. On the Certificate Store page, select Place all certificates in the following store and enter Trusted Root Certification Authorities.

      4. Click Next and follow the wizard through to completion.

    3. Test the connection from the website host server to the SQL Server.

To generate a self-signed certificate for a website:

  1. Run PowerShell as an administrator and use the following command, replacing [Website] and [ExpiryYears] with appropriate values:

    Copy
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "[Website].local" -FriendlyName "MySiteCert[Website]" -NotAfter (Get-Date).AddYears([ExpiryYears])

    For example:

    Copy
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "authentication.local" -FriendlyName "MySiteCertAuthentication" -NotAfter (Get-Date).AddYears(10)

    This example creates a self-signed certificate called MySiteCertAuthentication in the Personal Certificates store, with the Subject authentication.local and is valid for 10 years from the point of creation.

    When generating a certificate, enter the host name ([Website]) in lowercase characters. If you do not use all lowercase, you may experience a naming mismatch between the name in the certificate and the host name when using the Hub installer. This could result in the certificate failing to be applied and the installer preventing you from progressing with the installation.

  2. Open the Manage Computer Certificates application on your web server (type manage computer into the search bar).
  3. Copy and paste the certificate from Personal > Certificates to Trusted Root Certification > Certificates.

  4. Repeat this process for each website.

Create an offline certificate request

To create an offline certificate request, for each certificate follow this procedure:

  1. Open the Manage Computer Certificates application on your web server (type managed computer into the search bar).
  2. Right-click Personal > Certificates and select All Tasks > Advanced Operations > Create Custom Request from the shortcut menu.

    The Certificate Enrollment wizard displays.

  3. Click Next.

  4. Select Proceed without enrollment policy and click Next.
  5. On the Custom request screen, click Next.

  6. On the Certificate Information screen, click the Details drop-down and click Properties.

  7. On the General tab in the Certificate Properties dialog, enter a friendly name and description based on the website this certificate will be applied to.
  8. On the Subject tab change the subject name type to Common name, enter the website URL in the Value field and click Add.

    The CN (common name) will display in the right-hand panel.

  9. On the Extensions tab, click Extended Key Usage, select Server Authentication and click Add.
  10. On the Private Key tab, click Key options, select a key size of your choice and select Make private key exportable.
  11. Still on the Private Key tab, click Hash Algorithm and select a suitable Hash (optional).
  12. Click OK.

    You are returned to the Certificate Enrollment screen.

  13. Click Next.
  14. Add a file name and path and click Finish.

After creating your certificate request, you will need to submit it to a Certificate Authority so they can process your request and issue a certificate. The certificate request is a text file. Usually, you are required to copy the text from the file and enter it into an online submission form on the Certificate Authority website. You will need to contact your Certificate Authority directly for instructions on the process for submitting your certificate request.

Install .NET Core Components

The .NET Core components must be downloaded and installed.

Step

Details

Video

1

Download the following components and store them in a temporary location, for example, C:\temp:

The video above acts as a visual guide only. The version of .NET contained in this video may be different to the actual version required.

2

To install the .NET dependencies, run each of the following commands using the PowerShell command prompt, waiting until each completes, before running the next command:

For Windows Server 2016 and Windows Server 2019:

Copy
start-process "C:\temp\dotnet-hosting-6.0.0-win.exe" /q -wait
start-process "C:\temp\windowsdesktop-runtime-6.0.0-win-x64.exe" /q -wait
start-process "C:\temp\ndp48-x86-x64-allos-enu.exe" /q -wait

For Windows Server 2022:

Copy
start-process "C:\temp\dotnet-hosting-6.0.0-win.exe" /q -wait
start-process "C:\temp\windowsdesktop-runtime-6.0.0-win-x64.exe" /q -wait

Ensure the file name and file path match the files that were stored in step 1.

3

Restart your server before installing Blue Prism Hub to ensure the components are fully installed and registered.

 

To watch this installation step, see our .NET installation video.

Install Blue Prism Hub

Before you install Blue Prism Hub:

  • If you have purchased ALM, Decision or Interact, you will need your Customer ID during this Hub installation. This can be found in the email that was sent to you when you purchased ALM, Decision or Interact.
  • If you want to use the Blue Prism Decision plugin in Hub, you will need to install the Blue Prism Decision Model Service container on a Docker host before running the Hub install wizard. For more information, see Installing Blue Prism Decision.

  • If you are reinstalling Blue Prism Hub after previously using and removing it, and the same database names are to be used, it is recommended that the databases should be cleared of any old data before re‑installing.

To watch the Hub installation and configuration process, see our Blue Prism Hub installation video.

The steps below detail the process for installing the Blue Prism Hub software. This includes the Authentication Server, Hub, and other associated services. The installation process will create any new databases that are required.

Download and run the Blue Prism Hub installer, available from the Blue Prism Portal, and progress through the installer as shown below. The installer must be run with administrator rights.

This video demonstrates the installation of an earlier version of the Hub platform. You can use the video as guidance, but there may be some differences in Hub 4.7.

Step

Installer page

Details

1

Welcome

If required, select another language for the installer from the drop-down list. The default language is English (United States).

Click Next.

2

License agreement

Read the End-User License Agreement and if you agree to the terms, select the check box.

3

Prerequisites 1 – Server components

The installer checks that the prerequisites have been installed. Those that are not installed are identified. You cannot proceed until all the prerequisites are installed.

If there are uninstalled prerequisites, cancel the installer and install the missing components before restarting the installer. Otherwise, proceed with the installation.

4

Prerequisites 2 – RabbitMQ

Enter the server name or IP address of the Message Broker server and the credentials of the user you created.

The default message queuing port is 5672. This should only be changed if the default ports have been changed by your IT support organization.

By default, the Virtual host field is blank. You can leave this as blank and the connection will be made to the RabbitMQ root. Alternatively, if you have virtual hosts set up in RabbitMQ, you can connect to a specific host.

In Virtual host, enter the name of the virtual host on RabbitMQ that you want to connect to. The virtual host must already exist on RabbitMQ, you cannot enter a new name as this installer will not create a new virtual host. Further information about virtual hosts can be found on the RabbitMQ website - Virtual Hosts.

From the Protocol drop-down list, select the protocol you want to use. You can select either AMQP or AMQPS. If you select AMQPS, an additional field displays for you to enter the certificate that should be used for the connection. Further information about TLS configuration and certificates can be found on the RabbitMQ website - TLS Support.

If you are using AMQPS, you will need to give the Blue Prism IIS application pools full control of the RabbitMQ certificate. For more information, see Troubleshoot a Hub installation.

Click Test connection to verify connectivity. A notification will display the result of the test. You will only be able to move on to the next step if the test is successful. If the test failed, see Troubleshoot a Hub installation for further details.

5

Destination folder

Specify the required installation folder. The default location is C:\Program Files (x86)\Blue Prism, but you can choose your own using the Change button.

6

Authentication Server SQL connection

Configure the settings for the Authentication Server database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

7

Authentication Server IIS setup

Configure IIS for the Authentication Server website. You need to:

  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

Once installation is complete, the IIS feature Windows Authentication is enabled on the Authentication Server website.

8

Hub SQL connection

Configure the settings for the Hub database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

9

Hub IIS setup

Configure the Hub website. You need to:

  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

10

Email Service SQL connection

Configure the settings for the Email Service database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

11

Email Service IIS setup

Configure the Email Service website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

12

Audit SQL connection configuration

Configure the settings for the Audit database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

13

Audit Service IIS setup

Configure the Audit Service website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

14

File Service SQL connection configuration

Configure the settings for the File Service database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

15

File Service IIS setup

Configure the File Service website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

16

Notification Center SQL connection

Configure the settings for the Notification Center database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

17

Notification Center IIS setup

Configure the Notification Center website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

18

License Manager SQL connection

Configure the settings for the License Manager database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

19

License Manager IIS setup

Configure the License Manager website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

20

SignalR IIS setup

Configure the SignalR website.

You need to:
  • Enter a site name.
  • Enter a host name – This will be used as the URL for the site. Ensure that you consider your DNS and Domain structure when choosing a host name.

  • Enter the port number.
  • Select the appropriate SSL certificate.
  • Leave Start Website selected, unless you do not want the website to automatically start at the end of the installation.

The Next button is only activated if the URL you have entered matches the one configured in the certificate.

21

Enter your Customer Id

Enter your customer identifier. This identifier is supplied to you by Blue Prism when you receive your product license for ALM or Interact.

If you have not purchased a licensed plugin, you can enter your own value.

If you later purchase a licensed plug, your customer ID will need to be changed within the configuration file. For more information, see Troubleshoot a Hub installation.

22

Blue Prism Decision Setup (Optional)

If you want to use Blue Prism Decision, you need to:

  • Enter the URL for the Blue Prism Decision Model Service container followed by the port number. The URL should be in the format https://<FQDN>:<port number>, for example, https://decision.blueprism.com:50051.

    The URL must match the FQDN that was specified in the certificate. The port number must match the port that was defined when the container was set to run. For more information, see Installing Blue Prism Decision.

  • Select the appropriate SSL Certificate.

If you do not want to use Blue Prism Decision, click Skip. The Ready for Installation screen displays.

23

Blue Prism Decision SQL connection

Configure the settings for the Blue Prism Decision database by providing the SQL Server host name or IP address, and the credentials for the account to create the database:

  • If Windows Authentication is selected, the account must have the appropriate permissions. See Installing Hub using Windows Authentication for further information.
  • If SQL Authentication is selected, enter the username and password.

    You must ensure that your database password does not contain an equals sign (=), semi‑colon (;), or speech marks ("). These characters are not supported, and will lead to issues when trying to connect to the database.

The database name can be left as the default value or changed as required.

Click Test connection to proceed to test the SQL credentials and verify connectivity.
A notification will display the result of the test. You will only be able to move on to the next step if the test is successful
. If the test failed, see Troubleshoot a Hub installation for further details.

24

Ready for Installation

Click Next to install Hub.

25

Installation complete

If the installation fails, the View Log option gives details of the error that was encountered. For more information, see Troubleshoot a Hub installation.

Install the Authentication Server SAML 2.0 extension

If your organization intends to use SAML 2.0 authentication for your users, you must install the Authentication Server SAML 2.0 extension on your web server where Hub and Authentication Server are installed. For more information, see the Authentication Server SAML 2.0 Extension 4.7 Installation Guide on the Digital Exchange.

If your organization does not intend to use SAML 2.0 authentication for your users, you do not need to install anything further.