Getting started

So, you're ready to start your on-prem Interact journey? You have two ways of approaching that first installation. You can do it the easy way or the hard way. Believe or not, the hard way could be the easier way in the long term! Stick with me and I'll explain why.

Obviously following the documentation is advised whenever you install any software, so, let's have a look at the Interact docs and see what it suggests.

1. The example hostnames the documentation gives are interact.local, hub.local etc.
2. The documentation explains that self-signed certificates are viable, and even gives you a PowerShell command to create them (I know this because I created those commands).

You can absolutely do both of the above if you please. This will give you a perfectly working installation of Interact. But, here's the catch. After installation you will only be able to access Interact locally, i.e. directly from the Interact server itself. Again, this is absolutely fine, if that's what you want, because maybe you just want to have a peek at it, and see what it can do. But then let's say you show it to your boss, and they say "Great, can we build some forms? Because the business guys want to see if they can use it." Now you're snookered, unless you give everyone RDP access to your server, but let's not even go there.

The workaround

So, what's the workaround… Well, there is one, but it is a bit ugly.

Because you used interact.local, hub.local etc it's very likely you're going to have to put a (actually several, just look in your Interact server's host file to see) host file entry in every client machine of every Blue Prism developer, every Blue Prism Runtime Resource and every user that want's to access Interact… Not great huh.

Oh, and when you've done that, your users will get certificate errors, because your self-signed certificate is only available on your server. So, you'll have to export the certificate and import it into the Trusted root store of every Runtime Resource, and every client machine of every Blue Prism developer and every user… I told you the easy way was hard didn't I…

Doing it 'properly'

So, let's do this properly, and get it right first time. There's extra effort involved, but you won't regret it, especially when it comes to installing it in Prod and it's the first time you've done it like this.

Here's what you'd should be doing.

1. Choose proper Hostnames. The considerations here are that they need to be unique, and they need to fit your companies OU structure. Let's pick an example that you work for GeoffsBiscuits.com, consult your internal colleagues and, if it fits, choose something like interact.dev.GeoffsBiscuits.com, hub.dev.GeoffsBiscuits.com etc.
2. You can then get DNS records created so that all the Interact \ Hub websites and web apps point to your Interact server. Note, At the time of writing the current version is V4.3. There are currently 11 websites and web apps in V4.3
3. Get proper Certificates. Request a certificate from your internal certificate authority. Make sure you put all the website / web apps in as subject alternative names, that way you only have to request one certificate, not 11. Make sure you're given a .pfx file because you need a certificate with the Private key in it. Don't get fobbed off with a .cer file, we're not doing Apache on Linux here! Having certificates from your certificate authority means all your clients machines will trust them due to the chain of trust, without you having to deploy any certs, anywhere.

Now you are all set. Once you've installed using proper hostnames and a proper certificate, anyone can browse to and access Interact, you just have to sort the user access out now. You can use LDAP integration to do that if you have the necessary AD details.

Am I too late?

So maybe you're reading this thinking, "Urgh..."

You've installed it with the example hostnames and self-signed certificates and now 'other' users want to access it. All is not totally lost, don't worry.

With 4.3 if you want to try and do it properly, you're better off doing a reinstall and using hostnames \ certs \ DNS as explained above. Improvements are in the pipeline but there are just too many references to try clean-up.

There is a little bit of work involved but it is the best way, trust me.

You can export Forms really easily using the Form export function. Once you've done that, go for the reinstall. 
Obviously make backups first of the Databases, Certificates and Directories (all detailed below), if you require them.

Don't just run the uninstallers though. 

• First stop all the application pools, because they'll prevent the uninstallers from working properly.
• Run the Interact uninstaller.
• Run the Hub uninstaller (you may need to stop the application pools again).
• Delete all your Hub \ Interact databases (all 10 of them).
• Delete all three certificates (BluePrismCloud_Data_Protection, BluePrismCloud_IMS_JWT, BPC_SQL_CERTIFICATE) from both the Personal and Trusted Root certificate stores.
• Delete everything in the "C:\Program Files (x86)\Blue Prism" directory.
• Reboot.
• Then reinstall. That's the cleanest way to do it. Remember you need to recreate your Business Processes before you can import our Forms back in. 

If you're struggling to do an install, I've written a PowerShell script that is able to take you through the prerequisites and the install step-by-step. You still have to go through the MSI's manually until (hopefully) V4.4 though. It's freely available here if you want to give it a go, and I'm doing my best to constantly update it. All feedback is welcomed, but I may not be able to make it to run perfectly with every customer's IT security configuration, and any support would be on totally on best endeavors!

Cheers