Install the server

Learn how to install the IBM RPA server and configure the on premises environment around it.

Before you begin

Attention:For IBM RPA on premises offering only: Due to an MSMQ limitation, when you use it as your system queue provider, you must install the IBM RPA server and the client on the same subnet in order to schedule or orchestrate scripts.

Running the installer

  1. Extract the contents of the zip file into a folder.
  2. Run the executable file.
    ⚠ Attention: Do not move or remove any of the files contained in the downloaded folder.
  3. Select the language and click Next.
  4. Carefully read the User License Agreement and select I accept the terms in the License Agreement.
  5. Click Next to continue.

Configuring the email provider

The screen shows the E-mail provider integration selector window.

You can use SendGrid or a custom SMTP mail provider. Notice that you must set up an outgoing mail server or use a third-party service before you proceed with the installation.

Using SendGrid

  1. Select Sendgrid.

  2. Type the Sender Email. For example: no-reply-debug@ibmrpa.com

  3. Type the Sender Name.Example: IBM Robotic Process Automation

  4. Click Next to continue.

    🛈 Remember: To use SendGrid, you must use the same sender email that is attached to the SendGrid Authentication key.

    The screen shows the SendGrid configuration window.

  5. Enter the Sendgrid authentication key and the template identifiers:

    • Authentication Key

      Enter the SendGrid API key.

    • Templates identifiers

      Enter the template identifier for each template on this screen. For more information about how to get the templates identifiers, see Email routine templates.

Using a custom SMTP mail provider

  1. Select Custom SMTP E-mail provider and click Next.

    The screen shows the custom email provider configuration window.

  2. Choose if you want to disable the server from checking if the SMTP certificate was revoked. Check this box if you use a self-signed certificate in your SMTP server. You can change this option later in the IBM RPA Control Center.

  3. Fill the fields according to the SMTP mail provider you use:

    🛈 Remember: Create the user account email on SMTP mail provider before you continue with the installation.

    • Server address

      The SMTP server address.

    • Secure port

      The secure port to the SMTP server.

    • User name

      The user account email.

    • Password and Confirm password

      The account password.

  4. Click Next to continue.

Database information

The screen shows the Database configuration window.

Provide the data needed to connect to IBM RPA databases and enable the use of Redis, if you have a Redis instance.

IBM RPA uses Redis as an in-memory data storage server. It acts as publish/subscribe external link for semaphore commands and internal notifications, and can significantly enhance performance in these cases. If you don't use Redis, the IBM RPA API saves that data in memory.

Optional: Enabling Redis

To use it, enable Use Redis (recommended to enhance performance) and fill the fields as follows:

  • Connection String

    The connection string to connect with Redis instance. You must provide an existing connection string to a Redis server. Incorrect values make it impossible to use server services.

    If Redis is installed in the same machine as the server, most likely the connection string is the IP address to the server followed by the 6379 port. For example, 127.0.0.1:6379.

    If Redis is installed in another machine, enter the IP address to the machine with the port, or enter only the domain name assigned to the machine. For example, 198.51.100.51:6379 or redis.example.com.

  • Password

    Optional: The password that you use to connect to Redis. For greater security, enter a strong password.

Important:You must have Redis pre-configured with a password in order to enter a password on the installer.
  • Database index

    Database index that is used by the Redis instance integration. In most cases, the default database index is 0.

  • Use SSL

    Check this option if you want to enable an SSL connection with Redis. You must have a valid SSL certificate to sign the connection with Redis.

  • Disable certificate revocation check

    Choose if you want to disable the server from checking if the Redis certificate was revoked. Check this box if you use a self-signed certificate in your Redis server. You can change this option later in the IBM RPA Control Center.

Important:You must enable Redis for high availability and disaster recovery capabilities.

Databases connection

In the Databases section, enter the connection strings for ADDRESS, AUTOMATION, KNOWLEDGE, WORDNET, and AUDIT databases. For example:

Server=<SERVER_ADDRESS>;Database=<DATABASE_NAME>;User Id=<USERNAME>;Password=<PASSWORD>;
Note:The connection string for the WORDNET database must have the "MultipleActiveResultSets=True" keyword pair. You create these connection strings when you configure the IBM RPA databases. For more information, see Create the connection strings. For FIPS-compliant systems, see Enabling FIPS for adjusted connection strings.

Click Next to continue.

Storage, log, antivirus, and NLP information

The screen shows the storage antivirus, Watson NLP and logs information window.

Provide the path of the folders to store logs, storage, and antivirus files.

For the antivirus and IBM Watson NLP, you need to provide a local port.

  1. In the Storage section, provide the following information:

    • Path for Hot folder

      Select the path to the Hot folder. This folder stores files that are frequently used by the IBM RPA platform.

    • Path for Archive folder

      Select the path to the Archive folder. This folder stores the content of files that are not frequently used by the IBM RPA platform.

  2. In the Log section, provide the following information:

    • Path for Logs

      Select the path where the platform saves logs. You can use environment variables in this field. See Analyzing Server error logs for more details.

  3. In the Antivirus section, provide the following information:

    • Antivirus port (only local port)

      Enter the antivirus port. You can get the port needed for this step in Open ports.

    • Antivirus folder path

      Enter the path to unpack the server antivirus files. The antivirus checks the files that are sent to the server. The antivirus software provided is ClamAV🡥.

    Tip:By default, the paths to these folders are automatically completed, but you can change it by clicking the ellipsis button ellipsis button
  4. In the IBM Watson NLP section, provide the following information:

    • IBM Watson NLP port (only local port)

      Enter the IBM Watson NLP port. You can get the port needed for this step in Open ports.

  5. Click Next to continue.

Choose a certificate

Provide the data needed to connect and access each component of IBM RPA, and to protect this connection.

The screen shows the certificate configuration window.

  1. From the Certificate list, select a TLS/SSL certificate, for example, IBM RPA API. Refer to the "Create an SSL certificate" section to learn how to generate a Certificate Signing Request (CSR) and order the TLS/SSL certificate signed by a Certificate Authority (CA).

  2. In the Hostname, DNS name or IP address field, enter the FQDN of the IBM RPA API server, for example www.example.com. Use the same address as defined in the TLS/SSL certificate.

    Important:Use a Fully Qualified Domain Name (FQDN) for location addressing in your IBM RPA API server address instead of IP address. For more information about naming conventions for host names, see DNS host names 🡥.
  3. In the Web client (IBM RPA Control Center) port field, enter the port to access IBM RPA Control Center, for example, 7780.

  4. In the API port field, enter the IBM RPA API server port, for example, 7790.

  5. In the Abbyy port field, enter the Abbyy port, for example, 5200.

  6. In the Bot port field, enter the Bot port, for example, 20001.

  7. Optional: In the Bot handle field, enter the chatbot handle. You need to provide it only if you want to build and deploy chatbots. For more information, see Requirements for developing chatbots in IBM RPA on premises.

  8. Click Next to continue.

Get detailed information about the ports that IBM RPA uses, which are needed for this step in Open ports.

Authentication method configuration

The screen shows the authentication method options.

Choose your authentication method.

The Default authentication method uses IBM RPA's internal user registry for authentication and authorization.

The Single Sign-On (IAM) method uses UMS with an LDAP server to provide authentication to IBM RPA applications.

Skip to the selected authentication method:

Default authentication

  1. Select Default Authentication.
  2. Click Next to proceed to Create the first tenant and user.

Single Sign-On

The screen shows the UMS server and UMS database to configure UMS.

If you don't have the UMS database, see Create the databases to create one and restart the installation.

If you don't have an LDAP identity provider installed, see Installing and configuring LDAP for information about how to install and configure an LDAP server before you install. Otherwise, use the Default authentication instead.

  1. The installer requests information about the User Management Service (UMS), which is installed automatically by the IBM RPA server. Provide it as follows:

    • Admin Password

      Create the password for the UMS server administrator. The default username for the administrator is admin.

      ⚠ Attention:

      • Do not use special characters (*\-+/_&%^$#@) in the administrator password.
      • You must create a user in the LDAP server with the same username and password as provided here.
    • Port

      Enter the UMS server port. The default port is 9443.

    • Hostname

      Enter the computer hostname and the SQL server instance address to connect IBM RPA to it. You can use an external SQL Server instance to connect to the database. This instance must have the UMS database properly set up. See Create the databases for more information.

    • Name

      Enter the database name.

    • User

      Enter the SQL server user to access the database.

    • Password

      Enter the user password to access the database.

    • Port

      Enter the port number on which the database server is listening. Default port is 1433.

  2. Click Next to continue.

Create the first tenant and user

The First Tenant and user creation screen changes according to the IBM RPA version that you install and the authentication method that you use. On the following list, select the authentication method that you configured on the previous screen.

Creating the first tenant and user with default authentication

The screen shows the Tenant and User Creation screen.

Provide the following data to create the first user and the tenant:

  • Tenant name

    Create a name for the first tenant.

  • User name

    Provide the user name of the first user account. The user name is only the display name for the user, and is not used as a "Username" to log in to IBM RPA Control Center. This user receives the Platform administrator and Tenant administrator roles.

  • User e-mail

    Provide a valid email address. The email address is used as a "Username" in the IBM RPA Control Center. You receive an email confirming the tenant creation if the email provider was successfully configured. See Configuring the email provider for instructions on how to configure the email provider.

  • Password

    Provide a valid password. The password must comply with the password complexity policy. See Password complexity policy for all requirements.

Creating the first tenant and user with single sign-on authentication

The screen shows the Tenant and User Creation screen.

Provide the data that you have in your user LDAP entries to create the first user and the tenant:

  • Tenant name

    Create a name for the first tenant.

  • User name

    This is the first user account. You must provide a user that already exists in the LDAP server. This user receives the Platform administrator and Tenant administrator roles.

  • User e-mail

    Provide a valid email address. If you use an identity provider, use the same email that is registered in the identity provider entry for this username.

Important:After you install the IBM RPA server, you must edit the UMS configuration files to connect to the LDAP server. See Configuring UMS to connect to OpenLDAP for a detailed procedure.

System queue provider

The screen shows the system queue provider window.

Select the system queue provider to use with IBM RPA.

Microsoft Message Queue

Select Microsoft Message Queue (MSMQ) and click Install. Microsoft Message Queue does not need to be configured, as the installer does that for you. Your user must have privileges to enable Windows Server features, including privileges to enable MSMQ.

The installer prompts you to install after you select it.

Attention:Due to an MSMQ limitation, when you use it as your system queue provider, you must install the IBM RPA server and the client on the same subnet in order to schedule or orchestrate scripts.

IBM Message Queue

If you want to install IBM RPA with IBM MQ, make sure that you have IBM Message Queue installed and configured before proceeding with the server installation. See Installing IBM MQ for details.

The screen shows the IBM MQ configuration window.

  1. Select IBM Message Queue and click Next.

  2. Complete the following fields:

    • Use TLS (Transport Layer Security)

      Check this box if you want to encrypt your connection with the IBM MQ server using TLS. This is required if you need to comply with FIPS standards. You must already own a TLS certificate file.

    • Cipher Spec

      Select the cipher specification of your TLS certificate. For more information about cipher specifications, see SSL cipher specifications 🡥.

    • Server Certificate Name (Subject Name)

      Enter the name of the server that the certificate applies to.

    • Server Certificate File Path

      Enter the path to the TLS certificate file.

    • Host name

      The host name.

    • Port

      The port to the IBM MQ provider. This is the same port that you opened to install IBM MQ. This port is user defined.

    • Queue Manager

      The queue manager, for example, queue-manager.

    • Channel

      The queue channel, for example, RPA.CHANNEL.

    • User

      The user that you created when installing IBM MQ.

    • Password

      The user's password.

Finish the installation

  1. Click Install to install the IBM RPA server. It might take a few minutes.
  2. Click Finish to complete the installation.

What to do next

After you install the server, proceed to the Post-installation configuration page to get instructions about how to configure your server.

If you had problems with the installation, check out the Troubleshooting on premises installation section for common issues and how to solve them.