Enterprise 11 network security overview

All communication between the Control Room, Bot Creators and Bot Runners is done using outbound WCF TLS 1.2 communications and inbound HTTPS TLS 1.2.

Bot deployment to remote bot runners, provisioning of credentials, automation scheduling, and event capture are done exclusively through the Control Room. Use only HTTPS in the Production environment. The following figures shows the web Control Room architecture and network and the ports used are listed:

Figure 1. Network diagram
Control Room architecture and network diagram

Additional considerations:

  • The REST APIs use Distributed Cache Service to get shared cached data required for specific functionality.
  • The Scheduler Service makes REST API calls to run a task on a specific client machine at a specific time.
  • Real-time Data Service makes REST API calls to authenticate incoming connection requests. It receives task execution progress updates by Bot Runners and sends that information to all connected browser clients using WebSocket Secure (WSS) protocol.
  • The Automation Anywhere Enterprise Client makes REST calls for user authentication and repository operations, for example, upload a task, download a task, or compare two tasks.
  • The AAClientService makes REST calls to the validate user session at regular intervals. The Control Room deploys and runs a task on a specific client using AAClientService. It uses a TCP/IP channel.
  • The Scheduler Service makes REST calls for autologin credentials. It also communicates to the AAClientService to get a license and user session-related information.
  • The Player makes REST calls to get autologin credentials for a logged-in client. It also communicates to the AAClientService to get the license and user session-related information.