Azure Marketplace Deployment

Azure marketplace deployments allow you to deploy UiPath solutions directly from the Azure portal.

Note:

Azure Marketplace keeps the latest UiPath Orchestrator version.

UiPath Orchestrator

This wizard allows you to deploy single or multi-node environments. The components are:

Name	Details
App Service (Web App)	Used for hosting the web services required (eg. Orchestrator, Identity, WebHooks). All components are in the same App Service Plan. If you deploy a multi-node deployment the High Availability Add-on will be accessible using a Virtual Network Integration
SQL Database, single DataBase	The SQL Database (and server) used by the web services.
Application insights	Application insights used for logging autoscaling rules.
Storage Account	The storage account used to store packages/libraries.
User Managed Identity	Used to configure the deployment using scripts that are run on a Windows Virtual Machine.
Windows Virtual Machine	Temporarily deployed Virtual Machine that will run scripts to configure the aforementioned Web Services (Web Apps). This machine uses the Managed Identity to authenticate to Azure. It gets deployed in a separate VNet together with a Network Interface Card and a separate storage account
Deployment Script	This is used cleanup Azure Resources (Configuration VM and all dependencies). This resource will automatically be removed at the end if successful.

(Optional) High Availability Add-on (HAA) Components

Important:

Multi-node Orchestrator deployments use the RESP (Redis Serialization Protocol) for communication and thus can be configured using any solution relying on this protocol.

HAA is the only such solution supported by UiPath.

Full support is provided to users of Redis Enterprise with the purchase of an HAA module.

Name	Details
Linux Virtual Machine	There are three Linux VMs that are deployed together to form a High Availability Add-on cluster. The cluster gets deployed in a VNet together with Network Interface Cards for each node. The nodes are not publicly exposed and are connected to the Orchestrator App Service through Virtual Network Integration

Going Through the Wizard

Basics

In this step, you need to select the subscription, the Resource Group, and Region where you want the solution to be deployed.

Note: You need to have Owner permissions on the Resource Group or Subscription to deploy since the deployments create a user-managed identity (see components).

Orchestrator Details

Name	Details
Orchestrator Name	Orchestrator name will have a random suffix appended.
Password	Define the password that will be used for the host administrator and the default tenant administrator account (admin).
Orchestrator Version	Select the version of the UiPath Orchestrator you want to deploy.
Orchestrator Instances	The number of `P2v2` instances that will be created (scaled to). Can be maximum 30.
Orchestrator Size	This will deploy different versions of the SQL DataBase. Small: < 100 robots (4 Core) Medium: < 250 robots (8 Core) Large: < 500 or more robots (16 Core)

Please note that if you selected one Orchestrator instance you will have the option to skip High Availability Add-on installation. If you chose to skip it, please not change the number of instances since that will be an unsupported scenario.

HAA Server Configuration

Name	Details
HAA Servers (VM) Admin Login	Define the admin username for the High Availability Add-on virtual machines.
Password	Define the admin password for the High Availability Add-on virtual machines.
HAA Admin Email	Define the admin email for the High Availability Add-on.
Password	Define the admin password for the High Availability Add-on.
High Availability Add-on License	High Availability Add-on license. If not provided you will have to enter a license in 30 days.
Virtual Machine Size	The size of the three RHEL (Red Hat Enterprise Linux) virtual machines to provision. We recommend 2-4 CPU and 8-16 GB RAM.
Virtual Network for HAA	A virtual network that will be used to deploy the High Availability Add-on virtual machines. They will be deployed in a subnet and another subnet is required for the WebApp virtual network integration (private connectivity).
Subnets	Two subnets required: Virtual network subnet that will be used to deploy the High Availability Add-on virtual machines. Virtual network subnet used for App Service/Web App VNet integration (private connectivity). If you are using an existing VNet, this subnet must be empty, configured, and only used for this purpose.

Orchestrator SQL Settings

Name	Details
Orchestrator SQL Server Name	The SQL server name will have a random suffix appended.
Orchestrator SQL Server Admin Login	Define the admin username for the Orchestrator SQL server.
Password	Define the admin password for the Orchestrator SQL server.

Certificate Configuration

Name	Details
Token Signing Certificate (pfx)	The certificate used for token signing. The requirements for Microsoft App Service Certificates: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#private-certificate-requirements. The requirements for UiPath Token Signing Certificate are: https://docs.uipath.com/orchestrator/standalone/2022.10/installation-guide/orchestrator-is-prerequisites-for-installation The certificate `pfx` must meet all requirements.
Password	Token signing certificate password.

Name

Details

Token Signing Certificate (pfx)

The certificate used for token signing.

The requirements for Microsoft App Service Certificates: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#private-certificate-requirements.

The requirements for UiPath Token Signing Certificate are: https://docs.uipath.com/orchestrator/standalone/2022.10/installation-guide/orchestrator-is-prerequisites-for-installation

The certificate pfx must meet all requirements.

Password Token signing certificate password.

The certificate used in this step could be generated using the following commands:

#Generate certificate directly in the LocalMachine personal store
 $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
    -Subject "CN=UiPathSelfSignedRoot" `
    -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 -KeyLength 4096 `
    -CertStoreLocation "cert:\LocalMachine\My" `
    -KeyUsageProperty Sign `
    -KeyUsage CertSign `
    -NotAfter (Get-Date).AddYears(2)

#Create a secure string password for the certificate
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText

#Export the certificate from the LocalMachine personal store to a file `mypfx.pfx`
Get-ChildItem -Path "cert:\LocalMachine\my\$($cert.Thumbprint)" | Export-PfxCertificate `
    -FilePath mypfx.pfx `
    -Password $mypwd `
    -CryptoAlgorithmOption TripleDES_SHA1

#Remove the certificate from the LocalMachine personal store
Get-ChildItem "Cert:\LocalMachine\My\$($cert.Thumbprint)" | Remove-Item#Generate certificate directly in the LocalMachine personal store
 $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
    -Subject "CN=UiPathSelfSignedRoot" `
    -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 -KeyLength 4096 `
    -CertStoreLocation "cert:\LocalMachine\My" `
    -KeyUsageProperty Sign `
    -KeyUsage CertSign `
    -NotAfter (Get-Date).AddYears(2)

#Create a secure string password for the certificate
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText

#Export the certificate from the LocalMachine personal store to a file `mypfx.pfx`
Get-ChildItem -Path "cert:\LocalMachine\my\$($cert.Thumbprint)" | Export-PfxCertificate `
    -FilePath mypfx.pfx `
    -Password $mypwd `
    -CryptoAlgorithmOption TripleDES_SHA1

#Remove the certificate from the LocalMachine personal store
Get-ChildItem "Cert:\LocalMachine\My\$($cert.Thumbprint)" | Remove-Item