Customize Control Room installation on Microsoft Azure

Install and apply the customized configuration required for the Control Room cluster on Microsoft Azure.

Prerequisites

If you have not done so already, complete the initial installation steps in Begin Control Room installation on Microsoft Azure. This task requires the configuration information you gathered in the prerequisites stage. This includes IP addresses, certificates, and credentials for the the Control Room servers, datacenter servers, and databases.

Note: There are many possible system configurations and requirements. These installation steps do not account for all those possibilities so your specific setup and installation steps will vary and Automation Anywhere does not make any warranties that these steps conform with your specific configurations.

Important: Automation 360 software components are not compatible with Distributed Resource Scheduling (DRS) and Virtual Migration of Dynamic Processes across hosts. Ensure that you do not enable the corresponding properties of the host virtual machines.

To install the Control Room in a cluster setup, do the following steps:

Procedure

Select the Enable Cluster Setup check box.
The check box is enabled by default if the machine on which the setup is being run has local IP addresses configured.

To install the Control Room on a single node and not a cluster, clear the Enable Cluster Setup check box.
Enter the IP addresses of the nodes in the cluster.
1. Use a comma (,) to specify more than one IP address.
  For example, to specify three IP addresses in the cluster, enter: 192.0.2.1,192.0.2.2,192.0.2.3
  
  Important: The first IP address in the list is used as the primary node. Ensure that you enter the IP addresses in the same order on all node configurations in subsequent installations. An incorrect order causes the application to configure the IP addresses as separate clusters, which will result in data loss when the issue is fixed after installation.
  
  You can install multiple nodes at the same time after the primary node is initially installed.
  
  After installation, you can add a new IP address to the cluster at the end of the list.
2. After you enter the cluster IP addresses correctly, select a valid address IP at the message prompt to provide network access to the machine.
Click Next to configure the application Transport Layer Security (TLS).
In the TLS Configuration page, configure the following:
- Generate a Self-Signed Certificate
  Enabling the Self-Signed Certificate option allows the installer to generate a unique private key and a self-signed certificate for the Control Room.
- Import a Certificate
  To import a custom certificate, clear the Self Signed Certificate check box. This setting allows you to import a certificate using the Certificate Path field.
  
  Note: The certificate file must be a PKCS12 format.
  Provide the following information:
  - Certificate Path: Click Browse to import the certificate.
  - Private Key Password: Enter the password for the private key.
    Password limitation: Do not use the special character (@) in the password as it causes the certificate file import to fail.
  - Webserver Port: Enter the web server port – either HTTP or HTTPS. If the port is already assigned, an error message is displayed.
    Important: The port validation message is also displayed when you add 8080 for the web server and if that port is already in use for a Control Room license service. Use a different unassigned port in these cases.
  - Enable Force HTTP traffic to HTTPS: This option redirects all HTTP port requests to HTTPS. To access to the Control Room through HTTPS using the generated self-signed certificate, ensure the port numbers are different for HTTP and HTTPS.
    To generate a custom certificate for HTTPS, ensure your custom certificate meets the following:
    - Create a .pfx certificate with a pass code from a CA trusted authority.
    - Combine Root, Intermediate, and Machine level certificates into a single certificate.
    - Use the format [WS Machine Host Name].[DomainName].com for the private key.
    - Include the host name as a fully qualified domain name (FQDN) in the certificate.
      You provide the host name during Control Room installation.
    - In multi-node HA clusters, issue certificates to the load balancer DNS name.
    - Add individual URLs, which require access to all nodes, to the Subject Alternative Name field in the certificate.
    For more information, see Automation Anywhere support site: Automation 360 On-Premises prerequisites (A-People login required).
Click Next to configure the service credentials.
In the Service Credentials screen, choose from the listed options.
The Windows Service credentials include a user name and password. The user specified must meet these requirements:
- A member of the local system administrator group.
- Have permission to manage services, including Automation Anywhere services.
- If you use Windows authentication to connect to the SQL database, ensure you grant the db_owner permission to the service credential user.
These service credentials allow the Control Room processes to run the required services.
- Local System Account—(default) The logged-on user performing the installation
- Domain Account—Specify a user that is not the local system account user
  1. Clear the Local System Account check box.
  2. Enter the user name and password for the domain account.
    Use only supported characters for the user name and password. See Supported special characters.
  - Do not use the Windows domain credentials
    Enter credentials valid for running Automation Anywhere services. Without the valid credentials, the Control Room will fail to launch.
  - PowerShell script restrictions
    Specify a user with permissions to launch PowerShell scripts who is not a Windows domain user. Without the relevant permissions, database table creation can fail.
Click Next to configure database type and server.
Set the connection and authentication for the database server.
Note:
- If possible, do not set the value for Database Server as localhost. If you must use localhost, note that the Secure Connection to the database will not work.
- Click Browse to select the SQL Server instance where the Control Room database will be created. Alternatively, enter a database server name or select one from the list.
Migration task: If you are migrating from Enterprise 11 to Automation 360, browse to the restored Enterprise 11 database.
Provide the following details:
1. Database Port: Use the default port (1433) or specify a custom value.
  Configure default database port
2. Use Secure Connection: Select to use a CA certificate as specified.
  
  Note: Use the same host name for certificate and database connections.
3. Certificate: This option is enabled when you select Use Secure Connection.Browse to select a CA certificate.
  Import HTTPS, intermediate, and CA certificates
4. Windows authentication: This option is selected by default and allows connection to the SQL Server using Windows authentication.
  
  Note: If you select Windows authentication, then the user running the installer is used to test that the database exists, create it if required, and grant db_owner to the service account user (NT Authority/System).
5. SQL Server authentication: Select this option to use SQL Server authentication to connect to the database. Provide the correct user name and password for SQL authentication.
  Use only supported characters for the user name and password. See Supported special characters. Do not use semicolons ( ; ) in the database password.
6. AD Azure authentication: Select this option to use Microsoft Azure Active Directory credentials to connect to the database when you install the Control Room on Microsoft Azure
7. Name of Control Room database: Enter the name of the Control Room database.
  Migration task: If you are migrating from Enterprise 11 to Automation 360, enter the name of the restored database in the database field as shown in the following image:
Click Next.
On the Ready to Install the Program, click Install and allow the installation process to complete.
On the InstallShield Wizard Completed page, click Finish.
Launch Automation Anywhere is enabled by default.

Enable Show installer settings to open the aae-installsummary.html file. By default, this is located at C:\Program Files\Automation Anywhere\Enterprise\. Use this file to view a summary of the installation.

Next steps

The Control Room launches in your default browser with the Configure Control Room settings page shown. Continue with Configure settings post-installation on Microsoft Azure.