Virtualization and the Cloud
For some smaller implementations where there is less demand for scalability or where virtualization is not feasible, Blue Prism can be deployed to a wholly physical environment and can largely make use of existing desktops - albeit in a secured environment.
Virtualization, however, is the recommended approach as it provides benefits which include enhanced security, manageability and scalability. Many virtualization technologies also simplify the roll-out of software updates and the implementation of disaster recovery capabilities.
The core Blue Prism components can be deployed to persistent virtualized Windows devices and there are two main approaches:
Existing Virtualization Technology
Where organizations already have access to virtualization technologies such as, but not limited to, VMWare, Citrix XenDesktop, Microsoft Azure or AWS, there may be the capability to utilize these to provide the virtual machines which will host the required Blue Prism components
Dedicated Virtualization Host
Virtualization can be provided by provisioning a new dedicated server (or set of servers) on which new virtual machines are configured and used to host the required Blue Prism components. These typically use technologies such as VMware ESX or Microsoft Hyper-V, others are available. (Hyper-V is not generally recommended for Production environments due to performance considerations).
When deploying to this type of host machine it is important to ensure that the specification of the host machine is sufficient to not only cater for the underlying operating system, but also provide the appropriate resources and performance for each of the virtual machines that will be configured.
The following examples provide sample architectures based on the scale, or key features of the environment but other factors such as security, resilience, scalability and disaster recovery should also be considered.
- A desktop-based scenario that is quick to provision but not suitable for production scenarios
- Up to 5 runtime resources using physical runtime resources
- Very quick to implement / provision
- Re-uses existing desktops
- Requires minimal investment
- Low level of dependency on IT
- No application server is required
- Database can be hosted on shared infrastructure
- Use of virtualized devices for Runtime Resources and a virtualized Application Server. Controllers and developers use their own physical PC's as Interactive Clients
- Provision of development, test and production environments using some shared hardware
- Quick to scale – as already virtualized
- Database performance and capacity easily scaled
- Needs a dedicated database
- Ideally hosted on a dedicated SQL Server
- As above but implementing multiple Application Servers for large scale environments
- Highly resilient and scalable. Full capability on standby suitable for business critical processing
- No geographic constraints across development, test or production
- Consistency across developers and environments that reduces support overhead
- Up to 800 Runtime Resources with multiple Blue Prism Application Servers
- Requires a dedicated SQL Server, ideally physical.
- In larger or more complex scenarios it is possible to configure separate environments, such as for purposes of data or process segregation, whilst still sharing certain central features.
- Provision of three production environments using some shared hardware
- Each specifically purposed for supporting a defined business area can be configured
- Each business area has a series of dedicated Runtime Resources, and has a dedicated Blue Prism Server service, but the Server services are co-hosted on shared hardware
- Requires a dedicated database
See the Technology Decision Tree (Document attached below) as a quick reference guide for how to build your Blue Prism environment.
Deploying Blue Prism to the Cloud
Implementing Blue Prism on a Public Cloud, such as Azure and AWS, should be no different than when architecting it in a private cloud. Additional considerations, however, need to be made:
- Will the Line Of Business applications to be interacted with be located in the same public cloud as Blue Prism?
- The location of existing IT infrastructure including Active Directory and Monitoring and how this will be extended to the Cloud environment
- Connectivity between any on-premise infrastructure and the public Cloud
- The use of a IaaS or PaaS Database.
- Ensuring the management of the infrastructure is done by qualified IT resources
- Consider the HA and DR options available
- Consider latency between any on-prem and cloud components \ applications
- Design the environment correctly prior to implementation
- The environment should be fully secured with user access restricted to only necessary users. Take advantage of cloud provider functionality to ensure all communication in and out of the Blue Prism environment uses the 'Principle of least privilege'
Azure SQL PaaS services come in several delivery models.
- HA/DR is simplified and should be configured when using a PaaS database
- Existing Databases can be imported into Azure SQL using provided tools
- Transparent Data Encryption should always be used
- Advanced Threat Protection should be considered
- Use SQL Data Warehouse for log retention and reporting
- Geo-Replicated Storage Accounts are good for multi regional redundancy for images and logs
Virtual Networks span Locations but do not span Regions
AWS SQL PaaS services come in several delivery models.
- HA/DR is simplified and should be configured when using a PaaS database
- Database management can be more of an issue than using traditional SQL on IaaS instances.
AWS Workspaces generally not suitable for Runtime Resources due to the facts:
- They are expensive
- They do not support AMI’s
- They requires AWS Directory Services
AWS S3 with Cross Region Replication is good for multi regional redundancy for images and logs.
VPCs do not span Multiple Regions.
Google Networking architecture is significantly different than other Cloud Providers
- VPCs can span zones and regions
- All Network Traffic is denied by default. Firewall rules will need to be created
- Network Tags make it much easier to apply the network rules through automation
Google currently lacks several features offered by both Azure and AWS:
- Does not have an MS SQL PaaS offering, only IaaS is offered
- Resources and SLAs vary based on Regions
- Does not provide managed AD services
Provides a number of intelligent services particularly around analytics and machine learning and makes them available through API’s
- Vision
- Natural Language Processing
- Translation Services
- Hybrid Cloud is a mixture of both Private and Public cloud services
- Authentication – Active Directory architecture is key to ensure authentication can occur in either public or private cloud environments
- .NET Remoting does not support NAT. Use WCF as recommended
- Both public and private cloud can affect software and OS licensing requirements. Consider a Licensing model(s) to accommodate both
- Application Servers need to be close to the BP Database
- Application requirements are a major factor:
- Dependencies
- Network Address Translation
- Security
- Latency & Bandwidth
Blue Prism Cloud is a fully integrated, SaaS-delivered, intelligent automation platform that provides enterprises with access to a pool of intelligent Digital Workers straight from the cloud, with pre-integrated AI skills.