Blue Prism application server
Blue Prism application server
The Blue Prism application server is an optional, but strongly-recommended, component within a Blue Prism environment.
The key features that are provided by the Blue Prism application server include:
Marshaling all connectivity between the Blue Prism components, and between those components and the database.
- Provision of the Secure Credential Store.
- Data encryption and decryption capabilities.
Process execution, which can be scheduled or manually instigated, utilizing Application Server Controlled Resources (ASCR).
Triggering scheduled automations.
Minimum requirements: application server
The latest information about the minimum specifications of each Blue Prism component can be found in Blue Prism software and hardware requirements.
All minimum requirements must consider the selected operating system as well as the applications to be automated.
Blue Prism Application Servers are typically deployed to virtualized instances of Windows Server although for smaller or initial deployments, physical desktops can be used.
Each application server requires the Blue Prism runtime to be installed, and will require additional setup to enable the data encryption facility. See Install Blue Prism Enterprise Edition for further information.
The specification assumes a single application server that will service between 1 and 50 Blue Prism runtime resources. Whilst an increased specification can enable greater numbers of runtime resources to be serviced, depending on their level of activity (especially logging), it is recommended that a given Blue Prism application server should not be configured to be responsible for more than 100 Blue Prism runtime resources.
Frequently asked questions: application server
How are Blue Prism application servers typically deployed?
Typically they are deployed on to a dedicated, virtualized, Windows Server to provide security and scalability. There is the option to deploy to physical end-user desktops for smaller implementations.
What are the advantages of virtualizing this component?
Virtualizing the Application Server provides greater options for scalability and disaster recovery scenarios.
What are the security implications of this component?
When using Windows Authentication, any service accounts used should have the least privilege required. A firewall should also be installed around your Blue Prism environment, ensuring that only the necessary users and applications have access through the firewall. Overall, ensure the Blue Prism environment is secure, with only authorized users allowed to access the hardware and application.
Each Blue Prism application server instance holds the database connection information and the encryption key for the respective environment and by default this information is available to any user who can connect to the server file system. Common mitigations include:
- Using Windows Authentication for the database connection which negates the requirement to store the username and password within a Blue Prism configuration file.
Use certificate encryption to protect the information within the configuration file.
- Storing the encryption keys within individual files and manually applying additional controls such as use of transparent encryption and restricting access to the files.
It is important to note that where access is granted to this component, a given user will have access to this potentially sensitive configuration information for each environment – it is therefore important that this component is suitably secured and subject to restrictions in terms of physical and remote access. For more details, see User accounts, remote access, and security and Blue Prism network connectivity.
Can a single Blue Prism application server be used across multiple environments?
An instance of a Blue Prism Application server services a single environment, however it is possible to co-host multiple application server instances on a single Windows Server.
The Multiple Blue Prism application servers section contains further information.
Does this component need to be backed up?
Yes, it is important to ensure that as a minimum the data encryption (credentials) key is backed up and stored securely.
Can the application server be containerized?
No, the Blue Prism application server can not run in a containerized setup.
Networking: application server
The main components that application servers initiate communications with include:
- Runtime resources – For the purposes of triggering scheduled and manually instigated processes using (ASCR) on a given runtime resource (TCP). See Application Server Controlled Resources (ASCR) for details.
- Database – Connectivity with the database server uses SQL server drivers and is therefore configurable. By default connectivity occurs using TCP.
- Data Gateways – The Data Gateways process must be enabled and the associated port defined on all application servers that are required to run Data Gateways. See for Data Gateways details.
Due to the high levels of communication between the application server and database it is necessary for application servers and the respective databases to be physically located locally to minimize latency between the components.
No comments