SSL Certificates and Some Other Prerequisites for Installing Orchestrator
A writer by day and a reader by night, Evelyn is a blogger and content marketer from Australia.
System Center Orchestrator can automate reoccurring tasks related to support and management of the Exchange organization. In particular, it can be used to create a custom interface where support organization can request precise actions like message tracking logs and mailbox moves. This makes executing basic tasks easy as one does not need Exchange permissions or be forced to use tools like Exchange Management Console or Powershell.
Speaking from personal experience, I have found Orchestrator to be extremely powerful when it comes to automation. Integration packs for Exchange, SharePoint and Active Directory make room for easy automation solutions.
As someone who has taken a liking to Orchestrator and many functionalities it has to offer, I thought it would apt to give the readers a concise overview of some of its prerequisites.
Let’s dive in.
What do you need to install Orchestrator?
Before configuring Orchestrator on their system, here are a few things that need to be in order.
• Windows Server Operating System: minimum requirement: 2008 R2 SP1.
• .NET Framework: minimum requirement: 4.6.1
• PowerShell: minimum requirement: 4.0
• IIS: minimum requirement: 7.5. Note: this is part of the Web Server (IIS) role and is enabled automatically by the provided InstallRolesAndFeatures.ps1 script.
• Server Roles and Features: The PowerShell script, InstallRolesAndFeatures.ps1 provided by UiPath will automatically add features and required roles to the application server (s).
• URL Rewrite:
It will enable the website to redirect call to http (https://clothingRIC.com
) instead of http (http: // clothingRIC.com).
• Web-Deploy Extension: minimum requirement version: 3.5, 64bit version. It is required only for installations of PowerShell script such as Azure one.
On all browsers where users access the web application, HTTPS is mandatory for communication between Robots and Orchestrator. Three types of web certificates can be used.
• These web certificates are issued by trusted authorities like GoDaddy, Comodo, and DigiCert. Since there’re plenty of options available, users should read an SSL Certificate Guide
before making the final decision. You need to import web certificate to Server Certificates in ISS. Remember, it’s imperative to know “issue to” entity as Windows installer will prompt you to provide it.
• Here, you are a Certification Authority which issues certificates that are trusted in the Windows domain.
• You can also work with self-signed certificates but they’re not recommended for production. Since this certificate is not trusted inside the domain, its public keys need to be exported and then imported to all Robot machines.
Redis is an open-source, in-memory data structure used for caching and message broking. It’s shared amongst Orchestrator nodes, making way for instant synchronization.
You need Redis in a cluster environment. Otherwise it will not function.
When it comes to the Redis database, there are two options available; the open-source Redis Server and Redis Enterprise, which is developed and supported by RedisLabs.
Redis Server can be installed on Linux and Windows while Redis Enterprise, built on the Redis platform offers extra features and deployment options.
The following information is maintained in Redis:
• Session state
• Robot heartbeat cache
• User session from the browser
• Association between organization units and users
• Association between users and roles
• License information
Redis also sends commands such as start jobs to all Orchestrator nodes. This command is then sent further to correct robots.
Keep all packages (.nupkg files ) synchronized on all nodes if the user sets NuGet.EnableRedisNodeCoordination to true. One can also enable SSL encrypted connections among Redis service and Orchestrator nodes via LoadBalancer.Redis.ConnectionString web.config parameter.
To run the orchestrator, you need SQL server machine with the minimum requirement of 2008 R2 with SP3, Standard or Enterprise Edition.
• You can install the SQL Server product on the same device as the Application Server (which is not recommended for production environment) or provide it as a separate machine. SQL Server machine does not need to be dedicated to Orchestrator; it can be shared with other applications.
• If you’re planning to connect Orchestrator with the database through SQL Server user, first enable Windows and SQL Server Authentication mode. Otherwise, Windows Authentication mode will go the job.
• Use default collation sequence - Latin1_General_CI_AS.
• It is necessary to have SQL Server Management Studio to configure the domain user’s login that connects to SQL Server.
• Before you proceed to install Orchestrator, you need to configure the SQL instance you intend to use.
Network Load Balancer
Through a network load balancer, you can distribute the load to multiple nodes, enabling a much higher quality of performance of the Orchestrator instance. Moreover, when one node fails, the rest can carry the load, ensuring zero downtime.
Personally, I recommend F5 load balance with a predictive algorithm. With the loads distributed to better performing nodes, the Orchestrator performs better
Elasticsearch is an option and can be used to store messages that have logged by the Robots. These logs can to a local SQL database or ElasticSearch, enabling users to have non-repudiation logs. While using both SQL and ElasticSearch, both will not affect each other if one encounters an issue.
Although Elasticsearch is a cross-platform product that runs on Windows, Unix and Linux, it needs Java. Lastly, combining Elasticsearch with Kibana will help you create custom views based on logs sent to Elasticsearch.
Once you’ve everything in order, Orchestrator should install without any issues. It’s a flexible platform that can perform automation task with great efficiency. Especially when used with SharePoint, it can create custom tools that anyone can use without needing permission in Exchange.
Subscribe to get your daily round-up of top tech stories!