Nintex RPA Server Installation Checklist

Follow these steps to prepare your environment for the installation of the Nintex RPA platform.

This list is available as a PDF form you can download and fill in for reference to your environment.

Nintex RPA checklist for new installations or upgrades

Use this document to assess and prepare an environment for the installation or upgrade of the Nintex RPA platform.

For detailed information refer to the Nintex RPA help documentation at the Nintex Help Center.

Section A: Identifying the Environment
1 Type of Installation? (E.g.: New installation / Upgrade)  
2 How many environments are required? (E.g.: Dev/Test/Prod)  
3 What is the current version?  
4 What is the targeted version?  
5 Will the install/upgrade be carried out by a Nintex engineer? If yes, specify their email.  
5a If no to Q5, specify the email of the person in your company doing the installation/upgrade.  
6 Will the following key personnel be available?  
6a DBA  
6b System admin / Domain admin  
  NOTE: If a DBA or System Admin/Domain Admin is not available during the session, please carefully review the requirements for the database User, Domain User/Keytab File, and Service User in the help documentation.
7 Provide the hardware specifications for each environment.  
7a Dev/SIT hardware Windows OS should be at least 2016 Server Hostname/FQDN: CPU (Cores): RAM (GB): HDD (GB): Win OS (Version): 
7b Test/UAT hardware Windows OS should be at least 2016 Server Hostname/FQDN: CPU (Cores): RAM (GB): HDD (GB): Win OS (Version): 
7c Prod hardware Windows OS should be at least 2016 Server Hostname/FQDN: CPU (Cores): RAM (GB): HDD (GB): Win OS (Version): 
7d Prod HA hardware Windows OS should be at least 2016 Server Hostname/FQDN: CPU (Cores): RAM (GB): HDD (GB): Win OS (Version): 
8 Select the Authentication Type required (E.g., SSO (Kerberos), or Username and Password (AD)) Note: You need a KEYTAB file if you chose AD authentication method and that requires a domain administrator to generate it.  
9 Types of Robots Required? (Attended or Unattended)  
10 Is High Availability (HA) required?  
10a If yes to Q10, will the logs server be on a separate server?  
10b If yes to Q10a, please provide server hardware specifications Hostname/FQDN: CPU (Cores): RAM (GB): HDD (GB): Win OS (Version): 
11 Is anti-virus software running on the installation machines (servers/clients)?  
11a If yes to Q11, which machines have anti-virus software installed?  
11b If yes to Q11, can the anti-virus software be turned off during installation?  
12 Can installation/upgrade be performed remotely?  
12a Please indicate preferred remote access platform  
Section B: Network Requirements
1 Is TLS/SSL Required?  
1a If yes to Q1, is the certificate CA signed or self-signed? Note: Each server must have a certificate installed.  Additional information can be found in the Installation & Upgrade Guide. Ensure that the password of the certificate is on hand during installation.  
1b Please indicate the CA authority  
1c Please indicate the domain which the certificate is issued against  
2 Do ports need to be customized? Default non TLS/SSL HTTP port: 8081 (configurable) Net.TCP port: 8082 (configurable) NGNIX port: 80 (non-configurable) Discovery port: 80 (non-configurable) Default using TLS/SSL HTTP port: 8081 (configurable) Net.TCP port: 8082 (configurable) HTTPS port: 8083 (configurable) NGNIX port: 443 (non-configurable) Discovery port: 80 (configurable) Default for HA HA port: 8090 (non-configurable)  
2a If yes to Q2, please indicate custom port configuration required HTTP port: Net.TCP port:  HTTPS port: NGNIX port: Discovery port: 
3 Have ALL required ports been opened on the firewall? Note: All ports uni-directional (client to server) except for HA port (server to server) which is bi-directional. Please perform telnet to verify ports are enabled  
Section C: Database Requirements
1 Has SQL Server been installed?  
1a If yes to Q1, which version of SQL Server has been installed? Note: SQL Server should be at least version 2016  
2 Is the database sited on a separate server from the Application server?  
3 Is the default port (1433) used to connect to the database server?  
3a If no to Q3, please specify port number  
4 Has the firewall been opened for the required database port?  
5 Is "sa" user available for use during the installation?  
5a If no to Q5, can DBA create/restore Nintex and Nintex_Authentication databases prior to install/upgrade?  
5b If no to Q5a, will a database user with db_owner rights to both Nintex and Nintex_Authentication databases be made available during installation? If answer is no, activity cannot continue and must be mitigated!  
6 Is there a requirement for a separate database user to operate Nintex Kryon RPA? Note: if yes, the database user MUST HAVE db_datareader, db_datawriter and GRANT EXECUTE TO <db_user> permissions granted for both Nintex and Nintex_Authentication databases   
7 Is the database operator using SQL or Windows authentication?  
8 If this is an in-place upgrade  
8a Is there a code freeze implemented during the upgrade window?  
8b Is the adhocad hoc backup of the database planned prior to the upgrade activity?  
8c Will there be support to restore the database in case of rollback?  
9 If this is a side-by-side upgrade  
9a Is there a code freeze implemented during the upgrade window?  
9b Will the database backups be restored to the new database server prior to upgrade?  
Section D: Server Requirements
1 Is a domain account required to run the services for Kryon?  
1a If yes to Q1, please specify domain account name  
3 Does the domain account have local admin privileges? Note: This is a MUST for domain account run services  
4 Does the domain account have ‘log on as a service’ privileges? Note: This is a MUST for domain account run services  
5 If authentication is AD/Kerberos, can the keytab file be generated by the domain administrator before the activity? Note: If no, customer must confirm that the domain administrator will be present during the activity  
6 If authentication is AD/Kerberos, can the domain administrator execute the "Set SPN" commands on the RPA server prior to the activity? Note: If no, customer must confirm that the domain administrator will be present during the activity  
7 If authentication is AD/Kerberos, can the domain administrator configure all RPA users into a sub-OU?  
8 If no to Q7, can the RPA users be tagged to an identifier in the OU?