UiPath Documentation
orchestrator
latest
false
重要 :
新发布内容的本地化可能需要 1-2 周的时间才能完成。
UiPath logo, featuring letters U and I in white

Orchestrator 用户指南

上次更新日期 2026年4月16日

云提供程序设置

在 Azure 中设置

如果您的云服务提供程序是 Microsoft Azure,请按照本节中的说明进行操作,以准备将 Orchestrator 连接到 Azure。

备注:

If you are not the Azure administrator, skip this section and instead reach out to your IT team to perform these steps and ask them to provide the details listed under Azure Requirements.

  1. 使用管理员帐户登录到 Azure。
  2. Navigate to App registrations and create an app registration for your Orchestrator instance.
  3. 复制应用程序(客户端)ID目录(租户)ID 并保存以备后用。

Figure 1. Application (Client) ID and Directory (Tenant) ID fields

“应用程序客户端 ID”和“目录租户 ID”字段的屏幕截图

  1. Navigate to Certificates & secrets and create a client secret.
  2. 复制客户端密码的并将其保存以备后用。

Figure 2. Client secret

客户端密码的屏幕截图

  1. Navigate to Resource groups and create a resource group for your Orchestrator.
  2. 复制订阅 ID 并保存以供以后使用。

If you already have a resource group that you want to use, open the overview for that resource group to get the Subscription ID.

Figure 3. Subscription ID “订阅 ID”字段的屏幕截图

  1. Navigate to Access Control (IAM), search for the name you gave to your Orchestrator app registration, and assign the Contributor role to it.

准备虚拟机映像

备注:

如果您打算使用自定义虚拟机而不是模板虚拟机,请跳过本部分,创建要用于弹性机器人编排的虚拟机。

机器人需要在计算机上运行。作为弹性机器人编排的一部分,我们可以使用您的云托管虚拟机 (VM) 按需创建计算机,以便在需要时运行机器人。

在 Azure 中创建虚拟机时,Microsoft 提供了一组映像来构建您的虚拟机。它们是不同操作系统(例如 Windows Server 或 Windows 10 Pro)的映像,允许您安装运行自动化作业所需的软件。

要捕获虚拟机映像:

  1. 在您的 Azure 帐户中创建一个虚拟机并与其连接:

    1. Navigate to Virtual machines and create a virtual machine for the resource group you created earlier.
    2. Connect to your virtual machine.

  2. 创建本地用户并安装所需的自动化软件:

    重要提示:

    不要将虚拟机加入域。

    1. 更新 Windows 并在必要时重新启动。
    2. Create a local user for the unattended robot (for example, uirobot). Assign the Administrator role to the local user, clear User must change password at next login, and select Password never expires.
    3. 向本地用户授予虚拟机上的远程访问权限。
    4. 从管理员帐户注销,然后以本地用户身份登录。
    5. 安装自动化所需的所有支持软件,例如 Microsoft Excel 或 Google Chrome。您不需要安装 UiPath 软件,我们会为您安装。
    6. 从机器人帐户注销,然后以管理员身份登录。
      重要提示:

      If you have installed the robot (optional), make sure you do not connect it to Orchestrator, otherwise you won't be able to use the Virtual Machine image.

  3. Create a generalized Virtual Machine image:

Use the Sysprep tool to generalize the virtual machine.

备注:

sysprep.exe disconnects your session halfway through.

Figure 4. System Preparation Tool 系统准备工具的屏幕截图

  1. After the status of the virtual machine changes to Stopped, create a managed image of your virtual machine.
备注:

Select the same resource group as for the virtual machine. Also, select No, capture only a managed image.

现在,您已经具有完全配置的映像,可以以此创建用于自动化的新虚拟机。

在 AWS 中设置

如果您的云服务提供程序是 Amazon Web Services (AWS),请按照本节中的说明为弹性机器人编排配置 Amazon Elastic Compute Cloud (Amazon EC2)。

备注:

If you are not the AWS administrator, skip this section and instead reach out to your IT team to perform these steps and ask them to provide the details listed under AWS Requirements.

AWS 最佳实践

Choosing the right AWS region: Ensure Amazon Virtual Private Cloud (Amazon VPC) is located in an appropriate region. We recommend you always pick the AWS region that is closest to the region where your Orchestrator instance is hosted when creating an elastic robot pool. Consider both latency and data transfer costs between Orchestrator, Robots, and the customer application when determining the location of the VPC. Contact the UiPath support team for details on how to allocate all your assets close to each other. Learn more about regions and instances in the Getting Started guide.

Capacity and cost optimization: Ensure Amazon Elastic Compute Cloud (Amazon EC2) resources are sized appropriately according to the deployment, customer requirements, and UiPath best practices. Amazon EC2 passes on to you the financial benefits of Amazon’s scale. See Amazon EC2 Instance Purchasing Options for a more detailed description of Amazon EC2 pricing. UiPath allows you to use your existing machines to take advantage of your optimized EC2 size configuration. We recommend downsizing or terminating idle or underutilized Amazon EC2 instances to optimize costs.

Calculate the costs: You can use the AWS pricing calculator to get an estimate of Total Cost of Ownership (TCO) for UiPath infrastructure deployed on AWS, by using the AWS label UiPath:Managed: true. The cost displayed in the calculator is for the infrastructure only. To get a more accurate TCO value, also consider the cost of UiPath licenses.

Profiles: For VMs hosted in AWS, the AWS EC2 Instance must have the AmazonSSMManagedInstanceCore instance profile attached. For instructions, see the AWS documentation.

生成 AWS 访问密钥

  1. 以具有以下权限的用户身份登录到 Amazon EC2 控制台:

    权限类别读取/列出更新创建删除
    ec2:*全部全部全部全部
    cloudformation:*全部全部全部全部
    ssm:*全部全部全部全部
    iam.*iam:GetInstanceProfile iam:ListInstanceProfiles iam:GetRole iam:ListRolesiam:PutRole iam:PutRolePolicy iam:PassRoleiam:AddRoleToInstanceProfile iam:CreateInstanceProfile iam:CreateRoleiam:RemoveRoleFromInstanceProfile iam:DeleteInstanceProfile iam:DeleteRole iam:DeleteRolePolicy

  2. Follow the Amazon documentation to create an access key.

  3. 保存访问密钥 ID密码访问密钥以供以后使用。

创建一个 AWS EC2 映像

备注:

如果您打算使用自定义虚拟机而不是模板虚拟机,请跳过本部分,创建要用于弹性机器人编排的虚拟机。

  1. 登录到 Amazon EC2 控制台。
  2. Follow the Amazon documentation to create an AWS EC2 instance and perform the following as part of the process:
    1. 对于 AMI,选择 Windows 10 或 Windows Server 映像。如果不存在,则必须创建映像。
    2. 通过 RDP 连接时,安装所有 Windows 更新并在必要时重新启动。
    3. 重新启动后,安装任何自动化所需的支持应用程序,例如 Microsoft Excel 或 Google Chrome。您不需要安装 UiPath 软件,我们会为您安装。
    4. Delete the folder C:\Windows\Panther.
    5. 为机器人创建 Windows 本地用户,例如 robot,并为其授予远程桌面权限。
    6. Press Ctrl + Alt + Delete and change the password for the robot user.
    7. Open the Ec2 Launch Settings and click Shutdown with Sysprep along the bottom.

Sysprep is a Microsoft tool and you use it to create a generalized machine image for EC2. 3. After Sysprep finishes, in the Amazon EC2 console, wait for the instance to shut down, then right-click and go to Image and templates > Create image:

Figure 5. Create image

“创建图像”菜单的屏幕截图

您可以在 Amazon EC2 控制台的“映像”>“AMI”下的左侧看到新映像。现在,您已经具有完全配置的映像,可以以此创建用于自动化的新虚拟机。

实施基于角色的身份验证

实施基于角色的身份验证有助于确保安全,因为提供给角色的凭据是临时的。这限制了它们受到攻击时的潜在影响。

要设置基于 Identity and Access Management (IAM) 角色的身份验证,请执行以下操作:

  1. Add your provider: go to the AWS Console > Identity and Access Management (IAM) > IAM Dashboard page.
    1. Under IAM resources, select Identity providers.
    2. Select Add provider.
    3. For the Provider type, select OpenID Connect.
    4. In the Provider URL field, write:
      • For Automation Cloud and Test Cloud: sts.windows.net/d8353d2a-b153-4d17-8827-902c51f72357/.
      • For Automation Cloud Public Sector: sts.windows.net/79b01b45-e550-41ea-94fa-9494e849c1e8/.
    5. In the Audience field, write:
      • For Automation Cloud and Test Cloud: 55640c46-3d06-4875-9c8a-624cad15aaf7.
      • For Automation Cloud Public Sector: c7598ef8-63c4-47e8-86b8-ac795602f7e2.
    6. Finish the provider configuration by hitting Add provider.
  2. Configure the policy: go to the IAM Dashboard page.
    1. Under IAM resources, select Policies.
    2. Select Create policy.
    3. Switch to the JSON option.
    4. In the Policy editor, copy-paste the following policy in JSON format: 
      {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:*",
        "cloudformation:*",
        "ssm:*",
        "iam:GetInstanceProfile",
        "iam:ListInstanceProfiles",
        "iam:GetRole",
        "iam:ListRoles",
        "iam:PutRolePolicy",
        "iam:PassRole",
        "iam:AddRoleToInstanceProfile",
        "iam:CreateInstanceProfile",
        "iam:CreateRole",
        "iam:RemoveRoleFromInstanceProfile",
        "iam:DeleteInstanceProfile",
        "iam:DeleteRole",
        "iam:DeleteRolePolicy",
        "iam:TagRole",
        "iam:TagInstanceProfile"
      ],
      "Resource": "*"
    }
  ]
}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:*",
        "cloudformation:*",
        "ssm:*",
        "iam:GetInstanceProfile",
        "iam:ListInstanceProfiles",
        "iam:GetRole",
        "iam:ListRoles",
        "iam:PutRolePolicy",
        "iam:PassRole",
        "iam:AddRoleToInstanceProfile",
        "iam:CreateInstanceProfile",
        "iam:CreateRole",
        "iam:RemoveRoleFromInstanceProfile",
        "iam:DeleteInstanceProfile",
        "iam:DeleteRole",
        "iam:DeleteRolePolicy",
        "iam:TagRole",
        "iam:TagInstanceProfile"
      ],
      "Resource": "*"
    }
  ]
}
    5. 选择“下一步”
    6. Provide a Policy name and, optionally, a Description.
    7. Finish the policy configuration by hitting Create policy.
  3. Create and configure roles: go to the IAM Dashboard page.
    1. Under IAM resources, select Roles.
    2. 选择“创建角色”
    3. For the Trusted entity type, select Web Identity.
    4. In the Identity provider field, write the same value used in step 1, for the Provider URL field.
    5. In the Audience field, write the same value used in step 1, for the Audience field.
    6. Select Next to add permissions.
    7. In the Permissions policies field, search for the policy created in step 2, then select it.
    8. Select Next for final configurations.
    9. Provide a Role name and, optionally, a Description.
    10. Finish the role configuration by hitting Create role.
  4. Copy the Role ARN of the newly created role:
    1. Go to the IAM Dashboard page.
    2. Select Roles from the left-side panel. This opens the Roles page.
    3. Under Summary, copy the value for the ARN.
  5. 在 Orchestrator 中设置 AWS 连接时,粘贴角色 ARN 值。

选择“基于 ARN 的身份验证”后,将显示“角色 ARN ID”字段。

在 GCP 中设置

如果您的云服务提供商是 Google Cloud Platform (GCP),请按照本节中的说明操作,准备将 Orchestrator 连接到 GCP。

备注:

If you are not the GCP administrator, skip this section and instead reach out to your IT team to perform these steps and ask them to provide the details listed under GCP Requirements.

  1. Create a new project in GCP.
  2. Get the Project ID and save it for later use.
  3. Create a service account in your GCP project.
  4. Create a service account key in JSON and save the Private Key value for later use.

创建虚拟机

If you want to use elastic robot orchestration and have us create machines for you on demand, you must create custom machine images in your GCP project.

以下说明是用于从永久性磁盘创建映像的示例配置,该磁盘是从项目下的现有 Windows 虚拟机创建的。

  1. 登录到 Google Cloud Console。
  2. 单击“计算引擎”,然后在“虚拟机”下单击“虚拟机实例”。
  3. 单击页面顶部的“创建实例”。
  4. 请填写以下详细信息:
    • For Name,Region, and Zone, you can specify whatever you want.
    • 对于“计算机配置”,您可以保留默认值。
    • 在“启动磁盘” 下,单击“更改” ,然后单击“公共映像”
    • 对于“操作系统”,选择“ Windows ”。
    • 在“版本”下,选择任何 Windows Server 2019 选项。
    • 您可以接受引导磁盘类型大小 (GB)的默认值,也可以根据需要进行修改。
  5. 单击“创建”。
  6. 启动磁盘准备就绪后,您可以单击“创建”,GCP 将为您创建虚拟机 (VM)。
  7. 为了能够使用从虚拟机创建的自定义映像,请停止刚刚创建的虚拟机。
  8. 在页面侧面,转到“存储”,然后单击“图像”
  9. 在页面顶部,单击“创建映像”
  10. Continue with these instructions to create a Windows image.

此页面有帮助吗?

连接

需要帮助? 支持

想要了解详细内容? UiPath Academy

有问题? UiPath 论坛

保持更新