Robility On-Premises

To establish the Robility Manager within a customer-managed on-premises setup, the following detailed steps provide guidance based on the prescribed architecture. This approach ensures robust functionality, security, and scalability while maintaining the flexibility to integrate with Azure services for advanced features.

I. Installation of Core Components

1. VM/Workstation Setup
Install the Designer and Runner application on customer-managed virtual machines (VMs) or workstations. These installations ensure localized access for users, offering a seamless experience for designing and running workflows.

2. Deployment of Robility APIs and Web Application
a. Robility Manager Web Application:

• Host the application on IIS (Internet Information Services) within a designated server in the customer’s environment.
• Configure IIS to serve the application securely over HTTPS using a customer-specific domain (e.g., https://client.robility.ai).
• Enable proper binding and SSL/TLS certificates for encrypted communication.

b. Robility APIs: Deploy associated APIs to support modular functionalities, including workflow execution, configuration management, and user authentication.

3. Database Setup

a. Install SQL Server 2019 or above to host the Robility database (Robility DB).
b. Configure database schemas and tables for storing application data, user credentials, and operational logs.
c. Implement multi-tenancy support for organizations requiring separate logical databases.

4. SMTP Server Configuration

a. Set up an SMTP server within the customer’s network to facilitate email notifications, including alerts, updates from Robility.
b. Integrate the SMTP server settings within the Robility Manager application for seamless email communication.

II. Integration with Azure Services

While most components reside on-premises, integrating with Azure enhances functionality, security, and storage management.

1. Azure Blob Storage

a. Use Azure Blob Storage for managing workflow storage and versioning.
b. Establish secure connectivity to the customer’s Azure subscription by setting up the necessary credentials and permissions.
c. Implement role-based access controls (RBAC) to restrict storage access to authorized users and applications.

2. Azure Key Vault
Configure Azure Key Vault to securely manage and store sensitive information such as:

a. API keys
b. Database connection strings
c. Encryption keys

Use the Key Vault for dynamic retrieval of credentials during application runtime, ensuring security and compliance.

III. Network Connectivity and Security Considerations

1. External Connections
Ensure seamless communication between on-premises components and external services hosted in Sutherland’s Azure environment:

a. License Service: API calls for license validation are routed through the Sutherland Azure API Gateway.
b. Features Service: Access advanced automation components by downloading and upgrading through the Features Service.
c. Documentation: Provide users with access to https://docs.robility.ai for guidance and resources.

2. Firewall and Security Configurations

a. Configure firewalls to permit required traffic between on-premises servers and Azure services while blocking unauthorized access.
b. Apply SSL/TLS certificates to secure endpoints, ensuring encrypted communication for URLs like https://client.robility.ai.
c. If needed, establish VPN or private network connectivity to ensure a secure channel for communication with Azure services.

IV. Operational Workflow

1. User Access: End users access Robility Manager via a secure web interface or use the Designer/Runner applications installed on workstations.
2. Internal Communications: The application interfaces with the on-premises Robility DB, SMTP server, and Azure services (Blob Storage and Key Vault) to handle workflows and automation data. 3. Licensing and Features Management: Requests for licensing validation or feature upgrades are routed through the Sutherland Azure API Gateway to maintain up-to-date service integration.

V. High Availability (HA) and Backup Strategies

1. Web Application (IIS Hosting)
Load Balancer:
a. Deploy a load balancer to distribute incoming traffic evenly across multiple IIS servers.
b. Utilize solutions such as F5, NGINX, or Microsoft Load Balancer to enhance fault tolerance.

Server Redundancy:
Set up multiple IIS servers with identical configurations to ensure service continuity during maintenance or server failures.

2. Database Backup
Implement a comprehensive backup strategy:
a. Schedule nightly full backups, hourly transaction log backups, and weekly differential backups.
b. Regularly test the backups to verify their integrity and usability for disaster recovery scenarios.

3. Web Application and Configuration Backup
a. Automate the backup of IIS configuration files (applicationHost.config) and application content.
b. Use enterprise-grade backup tools like Windows Server Backup or Veeam for server protection.

4. Azure Blob Storage Backupa
a. Enable Soft Delete and Versioning in Azure Blob Storage to safeguard against accidental deletions or modifications.
b. Periodically download backups of Blob Storage data to an on-premises location or an alternate cloud environment for redundancy.

VI. Disaster Recovery (DR) Plan

1. Disaster Recovery Site
a. Establish a DR site in Azure or a secondary on-premises location.
b. Synchronize data and configurations between the primary site and the DR environment to ensure readiness in case of a disaster.

2. Disaster Recovery Drills

a. Conduct regular DR drills to test recovery procedures and identify any gaps in the recovery plan.
b. Maintain a documented recovery strategy with defined roles and responsibilities for all stakeholders.