orchestrator
2024.10
true
UiPath logo, featuring letters U and I in white
Orchestrator Installation Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Oct 21, 2024

Azure App Service Installation

Overview

The Azure installation script enables you to install Orchestrator on one or multiple nodes.

Important:

1. All the steps are mandatory in the installation procedures listed below. Orchestrator does not work without installing Identity Server.

2. Before starting the Orchestrator installation, make sure your certificates are issued by a Certificate Authority trusted by Azure, such as DigiCert.

3. Azure Stack is not supported, as API incompatibilities can occur. Please use Azure Cloud for your deployment.

Single-node Installation

To install Orchestrator on an Azure App Service perform the following steps:

Orchestrator Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathOrchestrator. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation .
  2. Open the newly created web app in the Azure Portal, and on the Configuration tab, select General Settings, then make the following configuration changes:
    • Set Platform to 64-bit.
    • Set Web Sockets to On.
    • Set FTP state to All allowed.
  3. Set the database connection string in the Configuration > Application settings > Connection strings of the web app, with the name Default. For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
    Important:
    • The Azure SQL user provided here must have access at the server level, database level access is not sufficient for a successful installation.
    • Make sure to set the TrustServerCertificate attribute in the database connection string to True.
    • Make sure to select SQL Azure as the type of database connection string.
    • To set a database connection string for the Test Automation module, follow the steps described for the -testAutomationFeatureEnabled parameter in Publish-Orchestrator.ps1 parameters .
    • To set a database connection string for the Update Server module, follow the steps described for the -updateServerFeatureEnabled parameter in Publish-Orchestrator.ps1 parameters .
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
  • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
  • Through a service principal - create an Azure AD application and service principal that can access your Orchestrator App Service and Resource Group . Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.

Identity Server Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathIdentity. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation.
  2. Set the database connection string in the Configuration > Connection Strings of the web app, with the name DefaultConnection. For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
    Important: Make sure to set the TrustServerCertificate attribute in the database connection string to True.
  3. Navigate to Settings > Configuration > General Settings tab and make the following configuration changes:
    • Set Platform to 64-bit.
    • Set FTP state to All allowed.
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
  • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
  • Through a service principal - create an Azure AD application and service principal that can access your Identity App Service and Resource Group. Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.

Webhooks Steps

  1. From your Azure Portal, create a new web application with a custom name, for example: UiPathWebhookService.
  2. In the Publish field, select Code.
  3. For Runtime Stack select .NET Core 8 (LTS).
  4. Open your new web app and navigate to Settings > Configuration > General Settings, then make the following configuration changes:
    • Set Platform to 64-bit.
    • Set FTP state to All allowed.
  5. Select Save.
    Important: If you did not previously create an Azure AD application and service principal from the Orchestrator installation on Azure, create them now. You must configure these to be able to access your UiPathWebhookService and Resource Group.

Resource Catalog Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathResourceCatalogService. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation.
  2. Navigate to Settings > Configuration > General Settings tab and make the following configuration changes:
    • Set Platform to 64-bit.
    • Set FTP state to All allowed.
  3. Set the database connection string in the Configuration > Connection Strings of the web app, with the name DefaultConnection. For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
  • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
  • Through a service principal - create an Azure AD application and service principal that can access your Resource Catalog App Service and Resource Group. Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.

General Steps

  1. Download the UiPathOrchestrator.zip archive to your local machine. This contains all the scripts necessary to install Orchestrator, Identity Server, Resource Catalog, and Webhooks Service. UiPath provides the UiPathOrchestrator.zip archive on request. Contact us for details.
  2. Extract the content of the UiPathOrchestrator.zip file into a folder on your machine. This reveals the UiPath.Orchestrator.Web.zip file.
    Note:
    • The following steps require running the PowerShell scripts. To disable any prompts interrupting these tasks, run the Get-ChildItem *.ps1 -Recurse | Unblock-File command in the directory selected at the previous step.
    • Unzip the UiPathOrchestrator.zip archive to extract the UiPath.Orchestrator.Web.zip archive.
  3. Run the Publish-Orchestrator.ps1 script, in PowerShell, using the parameters described here.
    Important:
    • Before running the Publish-Orchestrator.ps1 script, make sure you uninstall the AzureRM PowerShell module. We recommend using the Az PowerShell module as an alternative. Having both AzureRM and Az modules installed at the same time is not supported.
    • If the desired Az version is not detected, and AzureRM is present when running the script, you are prompted to confirm the AzureRM removal even on unattended installations.
    • Upgrading to Az v6.0.0 when any previous version of the module is in use causes the following message to pop up: WARNING: The version 'x.x.x' of module 'Az.<Name>' is currently in use. Retry the operation after closing the applications. In order to solve this problem, make sure to execute Publish-Orchestrator.ps1 in a new PowerShell session.
    • If you are using Microsoft-hosted agents, a Publish-Orchestrator.ps1 issue prevents you from running the correct Az version. Instead of using version 5.4.0 or 6.0.0, you are stuck with 4.7.0. As a workaround, make sure to delete the C:\Modules\az_4.7.0 folder.
  4. Run the Publish-IdentityServer.ps1 script in PowerShell using the parameters described here.
    Important: Make sure to complete the process by performing the steps described on the Publish to Identity Server page.
  5. Run the MigrateTo-IdentityServer.ps1 script, in PowerShell, using the parameters described here.
  6. Run the Publish-ResourceCatalog.ps1 script, in PowerShell, using the parameters described here.
  7. Run the MigrateTo-ResourceCatalog.ps1 script, in PowerShell, using the parameters described here.
  8. Run the Publish-Webhooks.ps1 script, in PowerShell, using the parameters described here.
  9. Run the MigrateTo-Webhooks.ps1 script, in PowerShell, using the parameters described here.
  10. Start the Orchestrator and Identity app services. Enjoy using Orchestrator on your Azure Portal.

Multi-node Installation

Note: Multi-node installations require the setup of the High Availability Add-on.

To install Orchestrator on multiple nodes on an Azure App Service perform the following steps:

Orchestrator Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathOrchestrator. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation .
  2. Open the newly created web app in the Azure Portal, and on the Configuration tab, select General Settings, then make the following configuration changes:
    • Set Platform to 64-bit.
    • Set Web Sockets to On.
  3. Set the database connection string in the Configuration > Application settings > Connection strings of the web app, with the name "Default". For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
    Important:
    • The Azure SQL user provided here must have access at the server level, database level access is not sufficient for a successful installation.
    • Make sure to set the TrustServerCertificate attribute in the database connection string to True.
    • Make sure to select SQL Azure as the type of database connection string.
    • The Nlog configuration is not preserved.
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
    • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
    • Through a service principal - create an Azure AD application and service principal that can access your Orchestrator App Service and Resource Group . Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.
  5. In the Scale out (App Service plan) tab, select the Scale to a specific instance count option and provide the desired Instance count.

Identity Server Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathIdentity. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation.
  2. Set the database connection string in the Configuration > Connection Strings of the web app, with the name DefaultConnection. For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
    Important: Make sure to set the TrustServerCertificate attribute in the database connection string to True.
  3. Navigate to Settings > Configuration > General Settings tab and select 64-bit for the Platform.
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
  • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
  • Through a service principal - create an Azure AD application and service principal that can access your Identity App Service and Resource Group. Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.

Webhooks Steps

  1. From your Azure Portal, create a new web application with a custom name, for example: UiPathWebhookService.
  2. In the Publish field, select Code.
  3. For Runtime Stack select .NET 8 (LTS).
  4. Open your new web app and navigate to Settings > Configuration.
  5. From the General Settings tab, select 64-bit for the Platform.
  6. Select Save.
    Important: If you did not previously create an Azure AD application and service principal from the Orchestrator installation on Azure, create them now. You must configure these to be able to access your UiPathWebhookService and Resource Group.

Resource Catalog Steps

  1. In the Azure Portal, under App Services, create a new app service with a custom name such as UiPathResourceCatalogService. When creating the web app, make sure to select the Stack .NET 8 (LTS). For more information, see Microsoft's official documentation.
  2. Navigate to Settings > Configuration > General Settings tab and select 64-bit for the Platform.
  3. Set the database connection string in the Configuration > Connection Strings of the web app, with the name DefaultConnection. For example, Server=13.13.13.13;Initial Catalog=UiPath;Persist Security Info=False;User ID=dbUser;Password=pass123; MultipleActiveResultSets=False;Encrypt=True; Connection Timeout=30;TrustServerCertificate=True.
  4. The Azure PowerShell authentication mechanism supported by our scripts can be one of the following two:
  • Through your own user identity - use the -noAzureAuthentication parameter when signing in with Azure PowerShell.
  • Through a service principal - create an Azure AD application and service principal that can access your Resource Catalog App Service and Resource Group. Optionally, ask your friendly DevOps team to provide you with an Azure Service Principal ID and Password that can access the App Service and associated Resource Group.

General Steps

  1. Download the UiPathOrchestrator.zip archive to your local machine. This contains all the scripts necessary to install Orchestrator, Identity Server, Resource Catalog, and Webhooks Service. UiPath provides the UiPathOrchestrator.zip archive on request. Contact us for details.
  2. Extract the content of the zip file into a folder on your machine.
    Note: The following steps require running the PowerShell scripts. To disable any prompts interrupting these tasks, run the Get-ChildItem *.ps1 -Recurse | Unblock-File command in the directory selected at the previous step.
  3. Run the Publish-Orchestrator.ps1 script, in PowerShell, using the parameters described here.
    Important:
    • Before running the Publish-Orchestrator.ps1 script, make sure you uninstall the AzureRM PowerShell module. We recommend using the Az PowerShell module as an alternative. Having both AzureRM and Az modules installed at the same time is not supported.
    • If the desired Az version is not detected, and AzureRM is present when running the script, you are prompted to confirm the AzureRM removal even on unattended installations.
    • Upgrading to Az v6.0.0 when any previous version of the module is in use causes the following message to pop up: WARNING: The version 'x.x.x' of module 'Az.<Name>' is currently in use. Retry the operation after closing the applications. In order to solve this problem, make sure to execute Publish-Orchestrator.ps1 in a new PowerShell session.
    • If you are using Microsoft-hosted agents, a Publish-Orchestrator.ps1 issue prevents you from running the correct Az version. Instead of using version 5.4.0 or 6.0.0, you are stuck with 4.7.0. As a workaround, make sure to delete the C:\Modules\az_4.7.0 folder.
  4. Run the Publish-IdentityServer.ps1 script in PowerShell using the parameters described here.
    Important: Make sure to complete the process by performing the steps described on the Publish to Identity Server page.
  5. Run the MigrateTo-IdentityServer.ps1 script, in PowerShell, using the parameters described here.
  6. Run the Publish-ResourceCatalog.ps1 script, in PowerShell, using the parameters described here.
  7. Run the MigrateTo-ResourceCatalog.ps1 script, in PowerShell, using the parameters described here.
  8. Run the Publish-Webhooks.ps1 script, in PowerShell, using the parameters described here.
  9. Run the MigrateTo-Webhooks.ps1 script, in PowerShell, using the parameters described here.
  10. Start the Orchestrator and Identity app services. Enjoy using Orchestrator on your Azure Portal.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.