Installing or upgrading an on-premise Robots Agent

The Robots Agent performs the tasks scheduled in the Robots app. The agent performs the tasks on your company's secure local Windows server, close to the data source and within the protective boundaries of your network.

Note

The information in this topic applies only to organizations that use an on-premise Robots Agent to run ACL scripts in ACL robots.

Individuals and organizations with ACL Robotics Professional Edition do not have an on-premise Robots Agent. Python/HCL scripts that run in HighBond robots or Workflow robots do not use the Robots Agent.

General information

Download the Robots Agent installation package and use it to install the Robots Agent on a Windows server. You can also use the installation package to upgrade an existing Robots Agent on the server.

Key files

During the installation, you register the Robots Agent using a registration keyfile (registration.key). You generate the keyfile in the Robots app, and download it to the Windows server where the Robots Agent is installed.

The registration keyfile authenticates the first-time connection between the Robots Agent and the Robots app. Subsequent connections and data flows are secured by encryption keys (an RSA public-private key pair). The RSA key pair is automatically generated when you start the Robots Agent service.

The registration keyfile and the encryption keys are separate objects used at different stages of the registration and connection process.

If you are upgrading the Robots Agent, the registration keyfile is not involved, and you should not generate a new instance of registration.key.

Multiple agents

To increase analytic processing capacity and implement load balancing, you have the option of installing additional instances of the Robots Agent on additional Windows servers.

Robots Agent Windows services and accounts

When you install the Robots Agent, it deploys two Windows services on the server:

  • Robots Agent runs scheduled and ad hoc Robots tasks
  • Robots Data Service provides the connectivity that allows users to open Robots Agent tables in Analytics

If either of these services are not running, the functionality they provide is not available.

Tip

If tasks remain queued for a long time in Robots, and are then skipped, or fail, check that the Robots Agent service is running.

If users get a connection error when attempting to open a Robots Agent table in Analytics, check that the Robots Data Service is running.

Service accounts and ports

You use service accounts to run the two Robots Agent Windows services. For detailed information about the logon rights and permissions required by the accounts, see On-premise Robots Agent security.

Note

If you change the properties of either of the Windows services after you install the Robots Agent, you must restart the service for the change to take effect.

Windows service Account that runs the service Port
Robots Agent service

Domain account specified during installation, or post-installation

443 outbound communication only
Robots Data Service Local System 10000 by default, configurable during and after installation

Ensure the Robots Agent can connect to the certificate authority

The Robots Agent uses a digital certificate to validate its authenticity and integrity. The certificate requires an Internet connection to DigiCert, the third-party certificate authority, so that the certificate can be verified. If you are installing the Robots Agent behind a network firewall, the firewall must be configured to allow the certificate to connect to DigiCert. Without the required connection, the Robots Agent will not work.

If required, work with your organization's IT department to configure a network firewall or proxy server to allow the connection between the certificate and DigiCert. The digital certificate in the Robots Agent uses the following URLs to connect to DigiCert's certificate revocation list and OCSP server:

  • http://cacerts.digicert.com
  • http://crl3.digicert.com
  • http://crl4.digicert.com
  • http://ocsp.digicert.com

For more detailed URL information, you can inspect the installed certificate.

Inspect the installed certificate

After installing the Robots Agent, inspect the installed certificate to see certificate authority URLs.

  1. In the Robots Agent installation directory, right-click Agent.exe and select Properties.

    The default installation directory is: C:\Program Files (x86)\ACL Software\Robots Agent\agent

  2. In the Agent.exe Properties dialog box, select the Digital Signatures tab.
  3. In the Signature list, double-click Diligent Corporation, then click View Certificate.
  4. In the Details tab in the Certificate dialog box, select each of these fields:
    • CRL Distribution Points
    • Authority Information Access

    For each field, URLs appear in the display area at the bottom of the dialog box.

  5. In the Certification Path tab in the Certificate dialog box, do the following:
    1. Select each of these certification path entries:
      • DigiCert Trusted Root G4
      • DigiCert Trusted G4 Code Signing...
    2. For each entry, click View Certificate.
    3. In the Details tab, select each of these fields:
      • Authority Information Access
      • CRL Distribution Points

      For each field, URLs appear in the display area at the bottom of the dialog box.

Generate the Robots Agent registration keyfile

If you are a new customer installing the Robots Agent for the first time, you need to generate a registration keyfile (registration.key). The registration keyfile authenticates the first-time connection between the Robots Agent and the Robots app.

If you are an existing customer and you already have a Robots Agent installed and in use, in many cases you should not generate a new registration keyfile. Generating a new file is often unnecessary and can be disruptive to the configuration of your organization's Robots instance.

Robots Agent status Generate a registration keyfile
Fresh installation of the Robots Agent, single-agent installation Yes
Fresh installation of an additional instance of the Robots Agent in a multi-agent cluster

No

Copy the existing registration keyfile

For more information, see Install an additional instance of the Robots Agent.

Upgrade of a currently installed Robots Agent

No

The registration keyfile is not involved in the upgrade

Problem with an existing registration keyfile, Robots Agent cannot connect to Robots app Yes
Change of Windows account running a currently installed Robots Agent

No

The registration keyfile is not involved in the change of account

For more information, see Changing the Robots Agent service account.

Note

You must have the Manage Agent permission to generate a Robots Agent registration keyfile. For more information, see Robots app permissions.

  1. Sign in to Diligent One (www.highbond.com).
  2. From the Launchpad home page, under Audit & Analytics, select the Robots app.
  3. In the upper-right corner of the dashboard, click Settings.
  4. In the left-hand pane, make sure Agent management is selected.
  5. If your instance of Robots is currently using a cloud-based Robots Agent, do the following:
    1. Click Replace cloud agent.
    2. Click Register agent and generate key.
  6. If your instance of Robots is currently using an on-premise Robots Agent, or has no Robots Agent specified, do the following:
    1. Click Generate a new registration key.

      The warning dialog box that appears applies to you if you have one or more existing on-premise agents already installed.

    2. Click Generate a new registration key.

  7. Click Download keyfile and close.

    Caution

    Do not close the browser window until you download the keyfile.

  8. Save the downloaded keyfile in a safe location on the Windows server that will house the Robots Agent.

    Note

    Generating a keyfile is the first part of registering a Robots Agent. The registration process is complete when you place the keyfile in the correct location in the Robots Agent directory structure, start or restart the Robots Agent service, and successfully connect to the Robots app.

Install the Robots Agent

Use the Robots Agent installation package to perform a fresh installation of the Robots Agent.

Note

You must have local Administrator permissions on the Windows server to complete the installation.

If you are using different Windows accounts to install the Robots Agent and to run the Robots Agent service, make sure that you have the password for the Robots Agent service account before you begin the installation.

Test the Robots Agent

After you install the Robots Agent, you can commit and run a simple script to test that the Robots Agent is working correctly.

Note

This test requires that file uploads to Robots are permitted. If required, temporarily enable file uploads for the test. For more information, see Configuring an on-premise Robots Agent.

Upgrade the Robots Agent

Use the Robots Agent installation package to upgrade an existing installation of the Robots Agent to version 17.0.

Before performing the upgrade, make sure no robot tasks are running, queued, or scheduled to run shortly.

Note

You must have local Administrator permissions on the Windows server to complete the upgrade.

Install an additional instance of the Robots Agent

Use the Robots Agent installation package to install additional instances of the Robots Agent on additional Windows servers.

Installing multiple agents allows you to increase analytic processing capacity and implement load balance across the agents. When you run multiple robot tasks simultaneously, processing of the analytic scripts is automatically distributed between the multiple agents on multiple Windows servers. This capability allows you to run a greater number of tasks in a shorter period of time.

Note

The multiple agent capability is not related to the development and production modes in Robots. When running tasks, both modes have equal access to all agents.