Blue Prism Technical Architect Exam Notes ATA01

This exam is pretty easy if you’ve passed the Installation Engineer exam. There is around ~70% overlap in terms of the documentation that you need to read in order to prepare. It makes sense to schedule the two exams to be taken in close proximity.

I found it significantly easier compared to the Installation Engineer exam, and the recommended reading materials more or less covers what you need to study. No surprises really. It does help to have some experience doing generic web (or client server) architecture, or any of the cloud vendor’s exams, e.g. Azure, AWS, GCP for more experience with Load balancers. There weren’t any cloud specific questions though.

There was one question on licensing which I thought was odd.

Notes that I used to study are below. I don’t guarantee that any of my notes will be on the actual exam, but hopefully someone will find it useful as a starting point for their studies.

Sections

• Component architecture and implementation options
• Designing a Blue Prism architecture in a virtualized environment
• Managing user access via Active Directory integration
• Secure storage and management of access credentials
• Component remote access and considerations regarding appropriate tools.
• Infrastructure component monitoring
• Database provisioning and maintenance
• Windows and application authentication
• Securing network connectivity across components


Blue Prism Infrastructure Reference Guide Enterprise Edition (NDA)

Desktop based vs virtualized

Dev test on an app server (2 ports), prod on a diff appserver, db can be the same

Active Passive DR – need to replicate or mirror the DB
Active site 2 app servers with same port

-DR app servers must have same Encryption scheme, timezone
-May need to redo schedules because it is based on network name of RR
-be aware of latency bw app server and db

IC to RR (TCP)
IC to AS (.net or WCF)

RR to AS (.net remoting)

  • Multiple RR on a single PC:
    Where the Runtime Resource connect to an Application Server, the connection must be configured to use dynamic ports for callback to avoid conflicts. If the callback port is statically defined, it will not be possible to operate multiple Runtime Resources on a single Runtime Resource unless a separate connection is configured for each.
  • Each env (dev, prod) needs its own App Server. You can have multiple AS running on a single windows server, listen on diff port
    AS to RR (TCP)
    AS to DB (TCP). Needs as low latency as possible
  • P 47. communications, weird part
  • Instructional: Resource Pool Communications (TCP)
  • Where implemented, Runtime Resources communicate with members of the same resource pool for the purpose of distributing process execution tasks.

Blue Prism Virtualization Guide Enterprise Edition (NDA)

Type 1 vs Type 2 hypervisors

  • Type 1 sits on hardware (recommended)
  • type 2 sits on the OS (not recommended) like virtualbox
  • DB – prefer to not be virtualized
  • Persistent virtual desktops
    Non-persistent VD, with a pool and golden image
  • Presentation Virtualization /Hosted Shared Desktop (doesn’t really work). Only IC can and apps will need surface automation
  • Application and User Environment Virtualization or Layering. All !. Apps and user settings are in some containerized portion

Provisioning a Blue Prism Database Server

  • 1252 codepage CI AS
  • Install everything on separate drives
  • Ensure that there is RAM and CPU specifically allocated to the instance
  • Turn on AUTO_CREATE_STATISTICS & AUTO_UPDATE_STATISTICS

Maintaining a Blue Prism Database Server

  • Recognize the difference between bp database, the db instance and all db instances on the DB server
  • Don’t shrink
  • Simple or full db backup- full db backup requires backing up of transaction logs as well
  • dbcc checkdb
  • alter index
  • UPDATE STATISTICS WITH FULLSCAN, COLUMNS

Secure Windows Authentication

  • Use login agent

Credential Manager

  • User roles, processes, resources

Securing Network Connectivity

IC <-> AS, Secured by WCF (operating commands)
RR <-> AS, secured by WCF (operating commands)

AS -> RR 8181, TCP/cert (instructional commands)
IC -> RR 8181, TCP/cert (instructional commands)

AS <-> DB, TCP/cert

Can have a mix of RR that need certs and some that don’t
I imagine by not ticking require secure inbound connections
and then some specifying /sslcert


Active Directory Integration

Nothing of note


Remote Access Tools

  • Can’t start new session
  • Must keep same resolution
  • Can’t show popup when logging in
  • Must have auditing so you can see who logged in

User Guide – Load Balancing

RR -> AS

-DNS round robin (not a real load balancer)

  • set low TTL
    weaknesses include DNS caching, doesn’t take into account CPU, network of the AS
  • weighted round robin is weighing the app servers based on capacity
  • real LB can monitor health of nodes
  • Recommend layer 4 LB (network/transport), not layer 7 (application layer)
  • host = app server, service = app server’s ipaddress:port
  • other types, least connections (Preferred over round robin), weighted least connections, random
  • Active health monitoring, passive (relies on actual client requests)
  • session stickyness doesn’t have a huge impact in bp
  • NAT routing CANT USE, must use direct routing because the app server needs to make callbacks. After establishing the connection, the AS must directly connect to the RR/IC
  • Behavior of losing connection
    RR to AS, if re-establish connection inside 5 seconds then ok,

For older version, if reestablish connection to SAME IP inside 5 seconds its ok

  • Pooling app servers. this affect the maintenance windows of app servers
  • RR should also be grouped (not the same as resource pools)
    ** reread the summary on last page

User Guide – Login Agent

Mandatory local group policy – Do not display the lock screen!!!

Login Agent does not require a callback connection and therefore if the selected connection is a Blue Prism Server connection
(recommended), a call back connection will not be established.

C:\ProgramData\Blue Prism Limited\Automate V3\LoginAgentService.config

Certificate-based encryption is only applied to the traffic received on the listening port

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment