Install the server

Learn how to install the IBM RPA server and configure the on premises environment around it.

Before you begin

Attention for IBM RPA on premises offering only: Due to an MSMQ limitation, when you use it as your system queue provider, you must install the IBM RPA server and the client on the same subnet in order to schedule or orchestrate scripts.

Running the installer

  1. Extract the contents of the zip file into a folder.
  2. Run the executable file.
    ⚠ Attention: Do not move or remove any of the files contained in the downloaded folder.
  3. Select the language and click Next.
  4. Carefully read the User License Agreement and select I accept the terms in the License Agreement.
  5. Click Next to continue.

Configuring the email provider

The screen shows the E-mail provider integration selector window.

You can use SendGrid or a custom SMTP mail provider. Notice that you must set up an outgoing mail server or use a third-party service before you proceed with the installation.

Using SendGrid

  1. Select Sendgrid.

  2. Type the Sender Email. For example: no-reply-debug@ibmrpa.com

  3. Type the Sender Name.Example: IBM Robotic Process Automation

  4. Click Next to continue.

    🛈 Remember: To use SendGrid, you must use the same sender email that is attached to the SendGrid Authentication key.

    The screen shows the SendGrid configuration window.

  5. Enter the Sendgrid authentication key and the template identifiers:

    • Authentication Key

      Enter the SendGrid API key.

    • Templates identifiers

      Enter the template identifier for each template on this screen. For more information about how to get the templates identifiers, see Email routine templates.

Using a custom SMTP mail provider

  1. Select Custom SMTP E-mail provider and click Next.

    The screen shows the custom email provider configuration window.

  2. Fill the fields according to the SMTP mail provider you use:

    🛈 Remember: Create the user account email on SMTP mail provider before you continue with the installation.

    • Server address

      The SMTP server address.

    • Secure port

      The secure port to the SMTP server.

    • User name

      The user account email.

    • Password and Confirm password

      The account password.

  3. Click Next to continue.

Database information

The screen shows the Database configuration window.

Provide the data needed to connect to IBM RPA databases and enable the use of Redis, if you have a Redis instance.

IBM RPA uses Redis as an in-memory data storage server. It acts as publish/subscribe external link for semaphore commands and internal notifications, and can significantly enhance performance in these cases. If you don't use Redis, the IBM RPA API saves that data in memory.

Optional: Enabling Redis

Starting from version 21.0.2:, Redis became optional for the IBM RPA server. If you want to use it, you must provide your own instance of Redis. Redis is no longer bundled with the installer.

To use it, enable Use Redis (recommended to enhance performance) and fill the fields as follows:

  • Connection String

    The connection string to connect with Redis instance. You must provide an existing connection string to a Redis server. Incorrect values make it impossible to use server services.

    If Redis is installed in the same machine as the server, most likely the connection string is the IP address to the server followed by the 6379 port. For example, 127.0.0.1:6379.

    If Redis is installed in another machine, enter the IP address to the machine with the port, or enter only the domain name assigned to the machine. For example, 198.51.100.51:6379 or redis.example.com.

  • Password

    Optional: The password that you use to connect to Redis. For greater security, enter a strong password.

  • Database index

    Database index that is used by the Redis instance integration. In most cases, the default database index is 0.

❕ Important: You must enable Redis for high availability and disaster recovery capabilities.

Databases connection

In the Databases section, enter the connection strings for ADDRESS, AUTOMATION, KNOWLEDGE, WORDNET, and AUDIT databases. For example:

Server=<SERVER_ADDRESS>;Database=<DB_NAME>;User Id=<DB_USER>;Password=<DB_PASSWORD>;

🛈 Remember: You create these connection strings when you configure the IBM RPA databases.

Click Next to continue.

Storage, log, antivirus, and NLP information

The screen shows the storage antivirus, Watson NLP and logs information window.

Provide the path of the folders to store logs, storage, and antivirus files. See Analyzing Server error logs for more details.

For the antivirus and IBM Watson NLP, you need to provide a local port.

  1. In the Storage section, provide the following information:

    • Path for Hot folder

      Select the path to the Hot folder. This folder stores files that are frequently used by the IBM RPA platform.

    • Path for Archive folder

      Select the path to the Archive folder. This folder stores the content of files that are not frequently used by the IBM RPA platform.

  2. In the Log section, provide the following information:

    • Path for Logs

      Select the path where the platform saves logs. You can use environment variables in this field.

  3. In the Antivirus section, provide the following information:

    • Antivirus port (only local port)

      Enter the antivirus port. You can get the port needed for this step in Open ports.

    • Antivirus folder path

      Enter the path to unpack the server antivirus files. The antivirus checks the files that are sent to the server. The antivirus software provided is ClamAV🡥.

    ✪ Tip: By default, the paths to these folders are automatically completed, but you can change it by clicking the ellipsis button ellipsis button.

  4. In the IBM Watson NLP section, provide the following information:

    • IBM Watson NLP port (only local port)

      Enter the IBM Watson NLP port. You can get the port needed for this step in Open ports.

  5. Click Next to continue.

Choose a certificate

The screen shows the certificate configuration window.

Provide the data needed to make IBM RPA features work properly such as certificate and server hostname, IBM RPA Control Center, API, Abbyy, and Bot ports.

You can get the ports needed for this step in Open ports. The Create an SSL certificate section provides more information about how to get your SSL certificate.

❕ Important: Computer names have proper values and they must be a fully qualified domain name. For more information about what are the conventions of names for Windows™ servers, see NetBIOS computer names🡥 and DNS host names🡥.

  1. Select the Certificate. Example: IBM RPA API

  2. Complete the fields according to the examples:

    • Hostname, DNS name or IP address

      10.0.0.1 or example.com

    • Web client (IBM RPA Control Center) port

      7780

    • API port

      7790

    • Abbyy port

      5200

    • Bot port

      20001

    • Bot handle

      The Bot handle is optional for this step. You need to provide it only if you want to build and deploy chatbots. See Requirements for developing chatbots in IBM RPA on premises for more information on how to get your Bot handle. Otherwise, leave it empty.

  3. Click Next to continue.

Authentication method configuration

The screen shows the authentication method options.

Choose your authentication method.

The Default authentication method uses IBM RPA's internal user registry for authentication and authorization.

The Single Sign-On (IAM) method uses IAM to provide access to IBM RPA applications, and it is only valid for IBM RPA versions prior to 21.0.2. For IBM RPA 21.0.2 and higher, the Single Sign-On method uses UMS with an LDAP server to provide authentication to IBM RPA applications.

Skip to the selected authentication method:

Default authentication

  1. Select Default Authentication.
  2. Click Next to proceed to Create the first tenant and user.

Single Sign-On (Before 21.0.2)

Authentication method configuration for IBM RPA 21.0.1 and 21.0.0

For IBM RPA 21.0.1 and 21.0.0: IBM RPA uses Identity and Access Management (IAM) from IBM Cloud Pak for authentication and authorization. IAM might be configured to use the enterprise LDAP as the user registry. These versions do not support other LDAP servers. Install newer versions of IBM RPA for LDAP support.

For more information about how to get the following values, see How to register IBM RPA as OIDC client with IAM.

  1. Select Single Sign-ON (IAM).

  2. Provide the following information:

    • Client ID

      The client ID, for example, bc48420df3c24218bd476b88540as03b.

    • Client Secret

      The client secret, for example, uke4al8k2Dqev8RfzxJF0MxqqojA3TrsWzaUFlCP8xsjFCHnrwE2EzmJKvbC.

    • Authorization Endpoint

      The authorization endpoint, for example, https://cp-console.apps.<HOSTNAME_OCP_INSTALLATION>/oidc/endpoint/OP/authorize.

    • Token Endpoint

      The token endpoint, for example, https://cp-console.apps.<HOSTNAME_OCP_INSTALLATION>/idprovider/v1/auth/token.

    • UserInfo Endpoint

      The userInfo endpoint, for example, https://cp-console.apps.<HOSTNAME_OCP_INSTALLATION>/idprovider/v1/auth/userInfo.

    Replace <HOSTNAME_OCP_INSTALLATION> with your IBM RPA on Red Hat® OpenShift® Container Platform installation address. For more information about how to get these values, see How to register IBM RPA as OIDC client with IAM.

Single Sign-On (Starting from 21.0.2)

The screen shows the UMS server and UMS database to configure UMS.

Starting from IBM RPA 21.0.2: IBM RPA uses User Management Service (UMS) for authentication and authorization. UMS requires an LDAP server to work, so you must have an LDAP server configured and you should also have created the UMS database.

If you don't have the UMS database, see Create the databases to create one and restart the installation.

If you don't have an LDAP identity provider installed, see Installing and configuring LDAP for information about how to install and configure an LDAP server before you install. Otherwise, use the Default authentication instead.

  1. The installer requests information about the User Management Service (UMS), which is installed automatically by the IBM RPA server. Provide it as follows:

    • Admin Password

      Create the password for the UMS server administrator. The default username for the administrator is admin.

      ⚠ Attention:

      • Do not use special characters (*\-+/_&%^$#@) in the administrator password.
      • You must create a user in the LDAP server with the same username and password as provided here.

    • Port

      Enter the UMS server port. The default port is 9443.

    • Hostname

      Starting from IBM RPA 21.0.2-IF003 (21.0.2.3): This field is only available starting from this version.

      Enter the computer hostname and the SQL server instance address to connect IBM RPA to it. You can use an external SQL Server instance to connect to the database. This instance must have the UMS database properly set up. See Create the databases for more information.

    • Name

      Enter the database name.

    • User

      Enter the SQL server user to access the database.

    • Password

      Enter the user password to access the database.

    • Port

      Enter the port number on which the database server is listening. Default port is 1433.

  2. Click Next to continue.

Create the first tenant and user

The First Tenant and user creation screen changes according to the IBM RPA version that you install and the authentication method that you use. On the following list, select the authentication method that you configured on the previous screen.

Default authentication

The screen shows the Tenant and User Creation screen.

Provide the following data to create the first user and the tenant:

  • Tenant name

    Create a name for the first tenant.

  • User name

    Provide the username of the first user account. This user receives the Platform administrator and Tenant administrator roles.

  • User email and Confirm user email

    Provide a valid user email and password. You receive an email confirming the tenant creation if the Configuring the email provider

  • User password and Confirm user password

    The user password.

Single Sign-On (Before 21.0.2)

The first tenant and user creation for IBM RPA 21.0.1 and 21.0.0.

Provide the following data according to what you have in the IAM to create the first tenant and map the IAM groups to IBM RPA roles:

  • Tenant name

    Create a name for the first tenant.

  • User name

    Provide the username of the first user account. This user receives the Super Admin role.

  • User email and Confirm user email

    The user email.

  • IAM Groups for User Role Group

    The IAM user groups, which receive the User role for the first tenant. You can enter one or more groups.

  • IAM Groups for Admin Role Group

    The IAM user groups, which receive the Admin role for the first tenant. You can enter one or more groups.

  • IAM Groups for Super Admin Role Group

    The IAM user groups, which receive the Super Admin role for the first tenant. You can enter one or more groups.

    🛈 Remember: Starting from version 21.0.2, IBM RPA roles such as User, Admin, and Super Admin became obsolete.

Single Sign-On (Starting from 21.0.2)

The screen shows the Tenant and User Creation screen.

Provide the data that you have in your user LDAP entries to create the first user and the tenant:

  • Tenant name

    Create a name for the first tenant.

  • User name

    This is the first user account. You must provide a user that already exists in the LDAP server. This user receives the Platform administrator and Tenant administrator roles.

  • User email and Confirm user email

    The user email. Use the same email that is registered in the LDAP entry for this username.

❕ Important: After you install the IBM RPA server, you must edit the UMS configuration files to connect to the LDAP server. See Configuring UMS to connect to OpenLDAP for a detailed procedure.

System queue provider

The screen shows the system queue provider window.

Select the system queue provider to use with IBM RPA.

Starting from version 21.0.3, IBM RPA on premises offering now supports IBM Message Queue (IBM MQ) as a system queue provider. You can use Microsoft Message Queue or IBM Message Queue.

Microsoft Message Queue

Select Microsoft Message Queue (MSMQ) and click Install. Microsoft Message Queue does not need to be configured, as the installer does that for you. Your user must have privileges to enable Windows Server features, including privileges to enable MSMQ.

The installer prompts you to install after you select it.

Attention: Due to an MSMQ limitation, when you use it as your system queue provider, you must install the IBM RPA server and the client on the same subnet in order to schedule or orchestrate scripts.

IBM Message Queue

If you want to install IBM RPA with IBM MQ, make sure that you have IBM Message Queue installed and configured before proceeding with the server installation. See Installing IBM MQ for details.

The screen shows the IBM MQ configuration window.

  1. Select IBM Message Queue and click Next.

  2. Complete the following fields:

    • Host name

      The host name.

    • Port

      The port to the IBM MQ provider. This is the same port that you opened to install IBM MQ. This port is user defined.

    • Queue Manager

      The queue manager, for example, queue-manager.

    • Channel

      The queue channel, for example, RPA.CHANNEL.

    • User

      The user that you created when installing IBM MQ.

    • Password

      The user's password.

Finish the installation

  1. Click Install to install the IBM RPA server. It might take a few minutes.
  2. Click Finish to complete the installation.

What to do next

After you install the server, proceed to the Post-installation configuration page to get instructions about how to configure your server.

If you had problems with the installation, check out the Troubleshooting on premises installation section for common issues and how to solve them.