Installation prerequisites

Ensure that the following prerequisites are satisfied before installation.

System requirements

Blue Prism components

The minimum system requirements for Blue Prism components are outlined in the Blue Prism online help. Please refer to the details for the Blue Prism version you require.

For more detailed sizing requirements, please refer to the Service Assist 2021.1 - Sizing Reference Guide (subject to NDA).

Other components

• MySQL InnoDB: MySQL 5.7.29 or later, MySQL 8.0.20 or later
• MySQL NDB: NDB Cluster 8.0.20 or later
• Redis server: All versions of Redis 5 or 6

Browser compatibility

The Service Assist web user interface is tested against all major browsers to ensure ongoing compatibility. It is recommended to always use the latest version of a browser.

• Microsoft Edge Stable 88 or later
• Chrome 87.0.4280 or later
• Firefox 60.0.8ESR or later

Internet Explorer 11 or later is no longer supported.

Internet connection

• An internet connection is required to download the Service Assist software for installation.

• https://dtr1.trustportal.net/ must be accessible and if required allowlisted in any firewall.

License and installation files

Please ensure you download the compatible versions for installation from the Blue Prism Portal. The required license for Service Assist will be provided by Blue Prism prior to installation.

This guide assumes that Blue Prism is already configured and in use. If this is not the case, please refer to the installation guide compatible to the Blue Prism version installed and the Install Blue Prism components section in this guide.

For details on the TrustPortal installation, see Install TrustPortal services.

Network setup

Option 1: DNS configuration

A DNS ‘A record’ is required and should be created with the name that you want to use in your environment. This the DNS address of the TrustPortal endpoint, that is the address which users would type into their browser to access the web user interface.

<INSTANCE NAME><FQDN COMMON NAME>

For example, if your instance name is serviceassist and FQDN common name is local.net, this would result in the following URL: serviceassist.local.net

Option 2: Add hosts entries to every machine accessing TrustPortal

To edit the Windows hosts file on any digital workers where the TrustPortal agent is working and on any Windows device that will be accessing the Service Assist web user interface:

1. Navigate to the file location C:\Windows\System32\drivers\etc\hosts and add entries for the <INSTANCENAME>.<FQDN CN> and <INSTANCE NAME>api.<FQDN CN>. Based on the example above, where Service Assist is installed on 172.20.10.2 and INSTANCE is serviceassist and FQDN CN is local.net, add a line to C:\Windows\System32\drivers\etc\hosts with: 172.20.10.2 serviceassist.local.net serviceassistapi.local.net.
2. To test it locally, edit the /etc/hosts files as sudo to add entries for the <INSTANCE NAME>.<FQDN CN> and <INSTANCE NAME>api.<FQDN CN>. Based on the example above, where Service Assist is installed on 172.20.10.2 and INSTANCE is serviceassist and FQDN CN is local.net, add a line to /etc/hosts with: 172.20.10.2 serviceassist.local.net serviceassistapi.local.net.

MySQL configuration

A commercial instance of MySQL must be installed and configured prior to installing Service Assist. Previous experience with MySQL is recommended.

The MySQL client must be installed locally on the device where the installation is executed.

Reverse proxy/load balancer

The choice of the reverse proxy/load balancing solution used is entirely dependent on your organization. TrustPortal will automatically deploy a reverse proxy solution should you not have one in place.

Docker, mounted directory, and installation permissions

• A Docker host is required, running Docker Community Edition 19.03 or later.

• Blue Prism recommends following Docker’s official installation instructions, including the installation of Docker as root and selectively adding users to the docker group so they can run all Docker commands.

• Service Assist docker run commands do not force the containers to run as any specific user, but use the default which is the root user. The docker containers used for Service Assist create mounted directories from the host machine to directories within the containers themselves. When the docker run command is used the images provide specific files that are then placed into these directories (databases, configuration files, certificates, license files, etc.). This results in the files on the host being owned by the root user. Standard users will not have access to these files.

• Blue Prism recommends that installations are carried out by a user that is in the docker group and has sudo access. This allows for the running of the docker commands, creation and modification of configuration and other files needed to set up the environments and also to allow for other initialization type changes (such as setting docker log maintenance configuration, etc.)

• If SELinux (Security-Enhanced Linux) is enabled on the host machine, then it must be configured to be 'permissive' (log any actions but do not prevent them from happening) throughout the installation of both Docker and Service Assist.

  If SELinux is enabled without being set to 'permissive', the installer will fail and you will have to set it to 'permissive' via the command:

  Copy

  sudo setenforce 0

  To check the status of SELinux, you can use:

  Copy

  sudo sestatus

• It is highly recommended to limit the number and size of docker logs, as without constraining these it is possible for the logs to fill system disks and crash the installation. This must be done before starting the installation.

  An example of an /etc/docker/daemon.json file that limits docker logs to 3 x 10 MB logs is shown below. For more details, see the Docker documentation.

  Copy

  {
  
  "log-driver": "json-file",
  
  "log-opts": { "max-size": "10m", "max-file": "3" }
  
  

Pre-installation checks

Once the installation process has started and before it can complete, the installer will perform several pre-installation checks to ensure the system where you are planning to deploy TrustPortal is fully compatible and configured to deploy the dockers. The current pre-checks include:

• TrustPortal will be installed in the correct environment.

• The running operating system and its version are supported.

• The running docker version is supported and docker is currently running on the machine.

• There is connectivity with the MySQL and Redis services if indicated during installation, as well as compatibility with the MySQL and Redis versions installed. (This will require mysql-cli and redis-cli installed on the machine for the check to be performed).

• There is connectivity with the Data Terminal Ready (DTR) to be able to pull the docker. To check connectivity, you can use the following command:

  Copy

  ping dtr1.trustportal.net

• If running on a RHEL-based OS (Centos, Fedora, RHEL), Security-Enhanced Linux (SELinux) is set to 'permissive' if enabled.

• If running on an Ubuntu OS, AppArmour is set up and running allowing to create root volumes to the docker engine.

• /etc/docker/daemon.json file exists (intended to remind of the requirement to configure docker log rotation).

If required, these pre-installation checks can be skipped by running the following command before starting the installation process via the GenerateDeployFiles program, however all the prerequisites above must be in place.

export GENERATEDEPLOYFILES_SKIP_CHECKS=1

We only recommend running these pre-installation checks if you are unsure of your installation, as they are intended to help small-scale deployments. If you are confident in your installation or performing a more complex installation, then they should be skipped.