It covers both single-node deployment recommended for evaluation and developments,

and multinode, for production enviorments.

UiPath offers two ways of deploying Automation Suite:

1.Manually: This method requires deploying and configuring Automation Suite

manually. It works both for on-premise and public cloud deployments.
2.Using deployment templates: This method offers single-click deployment of
Automation Suite using deployment templates. It works only for public cloud
deployment.
**Both the methods support single-node and multi-node installation options.**

The Automation Suite installer enables you to install all UiPath Platform products
and capabilities in a single deployment.

Automation Suite supports two primary modes of installation: for bare-metal servers
or on-premise environments:

Single Node:This mode installs Automation Suite on one server node.

It is recommended for evaluation, demo, development, and testing purposes.
It does not support high-availability.

Multi Node:This mode installs Automation Suite on multiple server nodes.

It is recommended for production-like environments.
It provides an option to enable (by default) or disable high-availability.
A minimum of three server nodes is required for high-availability, and a load
balancer.

Both modes support the online and offline (air-gapped) installation. Automation
Suite offers two different product selection choices during installation:
1.The basic selection: This choice includes Orchestrator, Action Center, Test
Manager, Insights, Automation Hub, and Automation Ops as first-party services.

Note: This option is chosen to minimize the overall hardware requirements needed
2.The complete selection: On top of Orchestrator, Action Center, Test Manager,
Insights, Automation Hub, Automation Ops, this choice includes Apps, AI Center,
Task Mining, and Document Understanding.

steps involved in configuring and installing Automation Suite on a single-node and

multi-node cluster:
For Single Node:
1.Provision a server node and additional agent nodes required for Task Mining and
GPU support 2.Configure the machine with disk partitioning and enable ports
3.Configure the DNS 4.Configure the SQL Server 5.Run the installation using the
online or offline method

For Multi Node:

1.Provision a minimum of three server nodes and additional agent nodes required for
Task Mining and GPU support. 2.Configure all the machines with disk partitioning
and enable ports 3.Configure the load balancer 4.Configure the DNS 5.Configure the
SQL Server 6.Run the installation using the online or offline method

Both single-node and multi-node installations require some additional

configurations, such as:

Configure the certificates: The Automation Suite installer automatically generates

and configures a self-signed certificate that expires in 3 months. The
recommendation to replace the automatically generated certificates with a
certificate obtained from a trusted certificate authority. For more information,
click here for single-node and here for multi-node.
Configure a proxy server: You can configure a proxy server while setting up the
environment or at the advanced configuration step during the installation. For more
information on configuring proxy on the machine, click here.
Configure a dedicated agent node for Task Mining: After completing the installation
of Automation Suite, you need to configure an agent node from the server node (any
of the server nodes for multi-node) to add Task Mining. For more information, click
here.
Configure a dedicated agent node with GPU support: Automation Suite provides an
option to provision an agent node with GPU support for specific Machine Learning
(ML) workloads. For more information, click here.

***Automation Suite can be deployed to the public cloud platforms such as AWS,
Azure, and Google Cloud Platform (GCP) using deployment templates. With deployment
templates, customers don't have to configure machines, load balancers, DNS, and so
on. Templates are designed to take care of these configurations and offers one-
click deployment solution. Hence UiPath recommends deployment templates as the
preferred method to make the deployment process easier and error-free.****

****Azure deployment template*****:

Set up the Azure environment and navigate to the Azure portal to install Automation
Suite. Some of the deployment parameters include: subscription, resource group, DNS
load balancer, region, and so on.

****Preparing Azure Deployment******

1.Azure subscription and permissions: The deployment requires access to an Azure
subscription and a Resource Group with the RBAC role Owner.
2.Quotas :The deployment provisions a number of Standard_D (general purpose),
Standard_F and/or Standard_NC (with GPU) VMs
NOTE: Make sure your quota is sufficient for the Automation Suite deployment,
otherwise the deployment will fail. Request an increase by clicking the Request
Increase.
3.Instance protection :As part of the installation process, we add instance
protection from scale set operations to all nodes of the Server Scales Set. Since
these operations are performed from Azure, without the server context, cluster
malfunction is prevented. We provide runbooks for cluster management operations.
4.Instance termination :IMPORTANT: Terminating the Server Virtual Machine instances
will most likely result in data loss and cause the cluster to crash. Do not attempt
terminating the Server Virtual Machine instances.
We provide instance termination support for Agent Virtual Machine Instances. This
means that when an Agent Virtual Machine Instance is terminated, we cordon, drain,
and delete that node from the Automation Suite cluster.
5.VM family region availability :Make sure that the VM SKUs are available for the
region in which you deploy.
6.Cluster certificate configuration:you need to ensure the .crt certificates are
Base64-encoded before providing them.The following script generates the Base64-
encoded strings from a single .pfx certificate (server certificate) .pfx
certificate should fulfilled the mentioned requirement.
Automation Suite requires two certificates at the time of installation.
Server certificate – required for TLS communication between the client and the
cluster;
Identity token-signing certificate – required to sign the authentication token.
IMPORTANT:
The installation process generates self-signed certificates on your behalf. These
certificates will expire in 90 days, and you must replace them with certificates
signed by a trusted Certificate Authority (CA) as soon as installation completes.
If you do not update the certificates, the installation will stop working after 90
days.
7.External Orchestrator certificates
To connect AI Center to an external Orchestrator, you must set Connect AiCenter to
an external Orchestrator to true and provide certificates for Orchestrator
8.Resilience to zonal failures in a multi-node HA-ready production cluster:The
cluster is considered resilient to zonal failures if the servers are spread across
three Azure Availability Zones. If the Azure region does not support Availability
Zones for the type of VM selected for servers, the deployment will continue without
zone resilience.
9.Deploying into an existing virtual network
The template allows you to deploy the nodes in an existing Virtual Network.
However, the Virtual Network must have a subnet that meets the following
requirements:has enough free address space to accommodate all the nodes and the
internal load balancer;
outbound connectivity; preferably configured through a NAT gateway as per Microsoft
recommendation;
allows HTTPS traffic on port 443; When deploying into an existing Virtual Network,
you must have the Owner RBAC role on it to create a Contributor role assignment at
its scope.
10.Backup:

*****Prepearing Installation****
Step 1: Configuring the OCI-compliant registry for offline installations:In offline
installations, you need a registry compliant with OCI (Open Container Initiative)
to store the container images and deployment Helm charts. If you perform an online
installation, skip this step.
There are two ways to upload the Automation Suite artifacts to the external OCI-
compliant registry:
Option A: By mirroring your OCI-compliant registry with the UiPath® registry;
Option B: By hydrating your OCI-compliant registry with the offline bundle.
Option A: By mirroring your OCI-compliant registry with the UiPath® registry:This
method requires internet access on the jump machine from which you upload the
Automation Suite artifacts onto your OCI-compliant registry.
Prerequisites for mirroring the UiPath® registry
To mirror the UiPath® registry, you need the following:
a VM running a Linux distribution (recommended) or a laptop (not recommended);a
Docker client authenticated with the private registry;Helm 3.8 or newer
authenticated with the private registry;as-images.txt;as-helm-charts.txt;mirror-
registry.sh;outbound connectivity to registry.uipath.com;128 GiB of free disk space
for Docker under the /var/lib/docker partition on the machine from which you upload
the container images and charts.

Option B: Hydrating the registry with the offline bundle:This method only requires
internet access on the jump machine to download the offline bundle. Once the bundle
is available, you can upload to your OCI-compliant registry without an internet
connection.
Prerequisites for hydrating the registry
To hydrate the registry, you need the following:
a VM running a Linux distribution is preferred over running the script on a laptop;
ability to download and copy or somehow propagate the offline bundle to the VM;
Helm 3.8 or newer authenticated with the private registry;
Podman installed, configured, and authenticated with the private registry;
150 GiB of free disk space for Podman under /var/lib/containers for loading the
containers locally before pushing them to the remote registry. You can change the
default path by updating the location of the graphRoot path in the output of the
podman-info command.
Set the TMP_DIR environment variable as described in Podman official documentation.
as.tar.gz
Configuring the certificate for the external OCI-compliant registry:
To do that, take the following steps:
Add the CA file to the /etc/pki/ca-trust/source/anchors/ location.
Run update-ca-trust to update the trust store of the operating system. Once the
trust store is updated, the extracted certificate file is merged in /etc/pki/ca-
trust/extracted/ca-bundle.trust.crt.

Step 2: Configuring the external objectstore:Supported objectstores

Automation Suite supports the following external objectstores:
Azure Storage (Azure Blob Storage)
AWS S3
S3 compatible objectstore
NOTE:
Only some S3-compatible objectstores are compatible with Automation Suite. Many
storage providers do not fully support the S3 storage APIs required by the products
installed on Automation Suite.
When configuring the external object storage, you must follow the naming rules and
conventions from your provider for both bucket_name_prefix and bucket_name_suffix.
In addition to that, the suffix and prefix must have a combined length of no more
than 25 characters, and you must not end the prefix or start the suffix with a
hyphen (-) as we already add the character for you automatically.

Step 3: Configuring High Availability Add-on:

Automation Suite supports hosting High Availability Add-on either within the same
cluster or externally. However, installing High Availability Add-on externally is
mandatory for the Active-Active configuration of Automation Suite

Step 4: Configuring Microsoft SQL Server:

Databases
Each product in Automation Suite requires its own SQL database with corresponding
specifications.
By default, the installer creates all the databases for you during the installation
process. You must provide the necessary permissions for the installer to do so on
your SQL server.
Alternatively, you can create your own databases. Refer to the following table for
the names you need to use.
If you choose to bring your own databases for a new Automation Suite installation,
we strongly recommend setting up new databases rather than using existing ones.
This precaution is necessary to prevent any conflicts with the operation of
Automation Suite that might occur due to leftover metadata from old databases.If
you want the installer to create a database on the provided SQL server, then make
sure to grant at least dbcreator role to the SQL account used to connect to the
database.If you wish to create your own databases for all the products, then the
SQL account should be granteHd the db_owner and db_securityadmin roles for all
Automation Suite databases

Step 5: Configuring the load balancer:A load balancer is mandatory for the multi-
node HA-ready production
NOTE:
Currently, Automation Suite supports only a Layer 4 (network layer) load
balancer.The load balancer does not support TLS encryption and termination. For
effective service operation, make sure to configure your load balancer to
facilitate traffic pass-through
Server and node pool configuration:
This is the recommended configuration for the load balancer.
Configuring the backend pool
You need to create two backend pools that meet the following requirements:
Server Pool :Consists of all the server nodes.
There must not be any agent nodes in the Server Pool.
probe-kubeapi-probe Protocol:TCP Port:6443
Node Pool :Consists of all the server nodes and non-specialized agent nodes.
Specialized agent nodes include task-mining, gpu, asrobots.
probe-https-probe Protocol:TCP Port:443

Step 6: Configuring the DNS:

The Automation Suite cluster is exposing multiple URLs to access the cluster
management tools and the suite core functionality, all based on a common FQDN.
Application Domain
Automation Suite - fqdn - automationsuite.mycompany.com

Configuring DNS using public domain registrar

Add a A Record in Advanced DNS or Management section of your domain as shown in the
following table:

TYPE HOST
VALUE
1.A Record (or CName) automationsuite (or a subdomain to access Automation
Suite) For A Record: IP Address of Load Balancer,For CName: DNS name
A
associated with Load Balance
2.A Record (or CName)* .automationsuite (or a subdomain to access Automation
Suite) For A Record: IP Address of Load Balancer,For CName: DNS name a
associated with Load Balancer

Step 7: Configuring kernel and OS level settings:Usually, these settings are

managed via deployment tools such as Puppet, Ansible, etc.
Configuring sysctl settings:
The following sysctl settings are required on the machine:
enable IP forwarding
disable reverse path filtering
NOTE: The nf-call-iptables is needed for most Kubernetes deployments. Kubernetes
creates virtual networks internal to the cluster. This allows every pod to have its
own IP address, which is used in conjunction with the internal name services to
facilitate service-to-service communication. The cluster does not work without nf-
call-iptables enabled. For details, see the official Kubernetes documentation.
Configuring fapolicy settings:
If using fapolicy, an RKE2 specific policy is required
NOTE:
Ensure that the change is communicated to your Linux team and goes through the
appropriate configuration management processes.
Configuring noexec and nosuid settings:
The disks used for the /var/lib/rancher mount must not have noexec or nosuid set.
The configureUiPathDisks.sh tool automatically creates these mounts without these
properties.
IMPORTANT:
If a Linux administrator manually sets these properties, the instance becomes non-
functional.