Epicor10 ArchitectureGuide 101600

Epicor ERP 10.1.
600 Architecture Guide

Epicor 10.1.600
Disclaimer
This document is for informational purposes only and is subject to change without notice. This document and its
contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its
date of publication. However, Epicor Software Corporation makes no guarantee, representations or warranties with
regard to the enclosed information and specifically disclaims any applicable implied warranties, such as fitness for a
particular purpose, merchantability, satisfactory quality or reasonable skill and care. As each user of Epicor software is
likely to be unique in their requirements in the use of such software and their business processes, users of this document
are always advised to discuss the content of this document with their Epicor account manager. All information contained
herein is subject to change without notice and changes to this document since printing and other important information
about the software product are made or published in release notes, and you are urged to obtain the current release
notes for the software product. We welcome user comments and reserve the right to revise this publication and/or
make improvements or changes to the products or programs described in this publication at any time, without notice.
The usage of any Epicor software shall be pursuant to an Epicor end user license agreement and the performance of
any consulting services by Epicor personnel shall be pursuant to Epicor's standard services terms and conditions. Usage
of the solution(s) described in this document with other Epicor software or third party products may require the purchase
of licenses for such other products. Where any software is expressed to be compliant with local laws or requirements
in this document, such compliance is not a warranty and is based solely on Epicor's current understanding of such laws
and requirements. All laws and requirements are subject to varying interpretations as well as to change and accordingly
Epicor cannot guarantee that the software will be compliant and up to date with such changes. All statements of
platform and product compatibility in this document shall be considered individually in relation to the products referred
to in the relevant statement, i.e., where any Epicor software is stated to be compatible with one product and also
stated to be compatible with another product, it should not be interpreted that such Epicor software is compatible
with both of the products running at the same time on the same platform or environment. Additionally platform or
product compatibility may require the application of Epicor or third-party updates, patches and/or service packs and
Epicor has no responsibility for compatibility issues which may be caused by updates, patches and/or service packs
released by third parties after the date of publication of this document. Epicor is a registered trademark and/or
trademark of Epicor Software Corporation in the United States, certain other countries and/or the EU. All other
trademarks mentioned are the property of their respective owners. Copyright Epicor Software Corporation 2017.
All rights reserved. No part of this publication may be reproduced in any form without the prior written consent of
Epicor Software Corporation.
Epicor 10.1.600
Revision: May 15, 2017 8:51 a.m.
Total pages: 37
sys.ditaval
Epicor ERP 10.1.600 Architecture Guide Contents
Contents
Part I: Epicor ERP 10.1 Application Architecture.............................................5
Chapter 1: Hardware Requirements..........................................................5

1.1 Review Hardware Sizing Guide...........................................................................................................5
1.2 Review Hardware Scenarios................................................................................................................5
1.2.1 Configuration #1: One Server...................................................................................................6
1.2.2 Configuration #2: Two Servers.................................................................................................6
1.2.3 Configuration #3: Three Servers...............................................................................................7
1.2.4 Configuration #4: Four or More Servers....................................................................................7
Chapter 2: Epicor ERP 10.1 Components....................................................8

2.1 Epicor Administration Console............................................................................................................8
2.2 Epicor Server.......................................................................................................................................9
2.3 Application Server...............................................................................................................................9
2.4 Database Server..................................................................................................................................9
2.5 Epicor Database..................................................................................................................................9
2.6 Reporting Server.................................................................................................................................9
2.7 System Agent and Task Agent..........................................................................................................10
Chapter 3: Additional Components and Products..................................11

3.1 Extension Components.....................................................................................................................11
3.2 Supplemental Components...............................................................................................................13
3.3 Cross-Brand Products........................................................................................................................14
3.4 Utilities and Resources......................................................................................................................17
3.4.1 Performance and Diagnostic Tool...........................................................................................17
Chapter 4: Multiple Application Servers..................................................18

4.1 Web Farm / Web Garden Notification...............................................................................................18
4.2 Customization Storage.....................................................................................................................19
Chapter 5: Epicor ERP 10.1 Functionality.................................................20

5.1 Review Epicor ERP 10.1 Feature Summary.........................................................................................20
Part II: Technology Strategies........................................................................21
Epicor 10.1.600 3
Contents Epicor ERP 10.1.600 Architecture Guide
Chapter 6: Network Protocol Bindings....................................................21

6.1 Protocols..........................................................................................................................................21
6.2 Standard HTTP Binding Types............................................................................................................22
6.3 Transport Encryption Methods..........................................................................................................22
6.4 Serialization......................................................................................................................................22
6.5 Compression....................................................................................................................................23
6.6 User Authentication..........................................................................................................................23
6.7 Protocol Selection.............................................................................................................................23
6.8 Binding Options................................................................................................................................23
6.8.1 UsernameWindowsChannel....................................................................................................23
6.8.2 Windows................................................................................................................................24
6.8.3 UsernameSSLChannel.............................................................................................................25
6.8.4 HttpBinaryUsernameSslChannel..............................................................................................25
6.8.5 HttpsBinaryUsernameChannel................................................................................................26
6.8.6 HttpsBinaryWindowsChannel.................................................................................................27
6.8.7 HttpsOffloadBinaryUserNameChannel.....................................................................................28
Chapter 7: Authentication Options..........................................................30

7.1 User Identity Methods.......................................................................................................................30
Chapter 8: Security Requirements............................................................31

8.1 Licensing..........................................................................................................................................31
8.2 User Account Options.......................................................................................................................31
8.3 Server Protection..............................................................................................................................31
8.4 Securing Database Access.................................................................................................................32
Chapter 9: SSL: Review Digital Certificates for Epicor ERP 10.1.............33

9.1 Overview of Digital Certificates.........................................................................................................33
Chapter 10: Timeout Settings...................................................................34

10.1 Machine.Config Settings.................................................................................................................34
10.2 Additional Timeout Options............................................................................................................35
10.2.1 SSRS Site Timeout.................................................................................................................35
4 Epicor 10.1.600
Epicor ERP 10.1.600 Architecture Guide Epicor ERP 10.1 Application Architecture
Part I: Epicor ERP 10.1 Application

Architecture
Welcome to the Epicor ERP 10.1 Architecture Guide. This comprehensive guide provides a detailed overview on
the supported technology and architecture of the Epicor ERP 10.1 application.
Chapter 1: Hardware Requirements
Use this section to review hardware requirements for Epicor ERP 10. You can review the documents provided for
hardware sizing and configuration, and you can also review example hardware configuration scenarios based on your
required applications. It is highly recommended that you understand your hardware requirements prior to installing
your Epicor products.
1.1 Review Hardware Sizing Guide
Use these steps to download and review the Epicor ERP Hardware Sizing and Configuration Guide. Note that
Hardware requirements may change based on the specific release. It is recommended that you have an
understanding of the hardware requirements prior to installing.
1. Log on to EPICweb and go to the customer portal website. Navigate to Products > Epicor ERP version 10
> Downloads.
You can use this link: https://epicweb.epicor.com/products/epicor-erp-10/downloads
2. Scroll to the Utilities folder. Select Hardware Sizing Guide.
3. From the Available Downloads, select to download the Epicor ERP Hardware Sizing Guide file.
4. Review the entire guide to assist in understanding your hardware requirements.
1.2 Review Hardware Scenarios
Use this section to review examples of hardware configuration scenarios, including basic multi-server scenarios.
The examples list the applications that might be installed on each server. Review the example scenarios to
determine which type of configuration is appropriate for your environment. Note that these are basic examples
and your desired configuration may be more complex.
Note The example scenarios only use compatible versions of Windows Server and SQL Server. For example,
Windows Server 2016 is listed with SQL Server 2016; and Windows Server 2012 R2 is listed with SQL Server
2014 or 2016, and Windows Server 2008 R2 is listed with SQL Server 2008 R2. Using mixed versions of
Windows Server and SQL Server is not supported. For example, if your Epicor server is running Windows
Server 2016 then your SQL server must be running SQL Server 2016.
Epicor 10.1.600 5
Epicor ERP 10.1 Application Architecture Epicor ERP 10.1.600 Architecture Guide
1.2.1 Configuration #1: One Server
Review the One Server configuration example to determine if it is appropriate for your environment.
1.2.2 Configuration #2: Two Servers
Review the Two Servers configuration example to determine if it is appropriate for your environment.
6 Epicor 10.1.600
1.2.3 Configuration #3: Three Servers
Review the Three Servers configuration example to determine if it is appropriate for your environment.
1.2.4 Configuration #4: Four or More Servers
Review the Four or More Servers configuration example to determine if it is appropriate for your environment.
Epicor 10.1.600 7
Chapter 2: Epicor ERP 10.1 Components
Use this section to review the components of your Epicor ERP application. It is recommended that you understand the
relationships between the required components prior to starting your Epicor ERP application installation.
2.1 Epicor Administration Console
The Epicor Administration Console includes administrative tools that you can use to maintain and manage your
database servers, application servers, and other system components. The Epicor Administration Console is a
component that can be selected for installation during the installation of Epicor ERP 10 Server.
8 Epicor 10.1.600
2.2 Epicor Server
Epicor server is a server computer that hosts one or more application servers. To define what application servers
each Epicor server hosts, you either create new application servers or register existing application servers. These
application servers are then linked to the Epicor server and run tasks for the Epicor application.
2.3 Application Server
An application server manages how a specific instance of the Epicor application runs. Through each application
server, you can configure licenses, companies, sessions, and users for a specific database.
An application server is created under the Epicor server. One or more application servers can be defined for each
Epicor server. When you select an application server on the tree view, you can perform administrative tasks to
it. For more information on Epicor server, review the Epicor Server section within this guide and the Administration
Console Online Help.
You can set up multiple application servers to run the same database. They can then improve performance by
balancing the load. For example, you create two application servers for the same database, but these application
servers support different endpoint bindings. One application server is set up to run Epicor Web Access (EWA) on
one server machine, while another application server is set up to run a smart client through Net.TCP on a different
server machine.
Note For more information on Endpoint Bindings, review the Authentication Options section within this
guide.
2.4 Database Server
A database server represents a SQL Server server\instance and contains the various Epicor application databases
your organization requires to conduct business. Before you can work with databases in the Epicor Administration
Console, you need to add a database server to the Database Server Management node.
2.5 Epicor Database
The Epicor Database resides on the Epicor Database server.

For implementation following the Epicor Signature methodology you need four databases. Below are suggested
names for the types:
Epicor10_Demo - contains Epicor Demonstration Data. You can use it for Epicor University training and when
you use the Education Module, which is how you access the embedded courses.
Epicor10_Test - includes your data. You can use it for test and development purposes and to try new scenarios.
Epicor10_Pilot - contains your data for the Pilot database. The data should be controlled more than the Test
database.
Epicor10_Production - contains data you use to leverage various processes in your company.
2.6 Reporting Server
Reporting Server contains Epicor SQL Server Reporting Service (SSRS), a server-based reporting platform that
provides comprehensive reporting functionality for a variety of data sources. Note that in the Epicor ERP application,
SSRS reports can be used in parallel to Crystal reports.
If you have an existing Epicor 9.05 application and you chose to not use the recommended SSRS functionality
that is available with the Epicor ERP 10.1 application, you can use the steps in the Epicor ERP 10.1 Migration
Epicor 10.1.600 9
Guide to install and configure Epicor SQL Server Reporting Service (SSRS) using the previous method, referred to
as the "portal method". These steps will create the Epicor SSRS Portal, create the Epicor SQL Report Monitor
Service, and establish the connection to a SQL Report Server. This portal method is available to provide a "stop
gap" functionality that you can use to continue to have reporting functionality as you gain experience using the
new SSRS functionality available in the Epicor ERP 10.1 application.
2.7 System Agent and Task Agent
System Agent and Task Agent are designed to streamline and automate the flow of data throughout your
company.
To maximize the efficiency of your network resources, you can select to execute reports, process programs and
run queries not right after you submit them, but at a later time by adding them to a schedule that occurs during
specific intervals. You can add programs to recurring schedules using the Schedule drop-down lists available on
programs throughout the Epicor ERP application. When you assign a task to a recurring schedule, the Task Agent
activates and handles it according to the settings defined by the System Agent. Review the following information
to learn more about System Agents and Task Agents.
System Agent Maintenance. You set up schedules in the System Agent Maintenance program. All schedules
created through System Agent Maintenance appear on the Schedule list. Each time the schedule activates,
all the tasks assigned to it run in the order they were added to the schedule. For example, depending on the
task, this could cause a specific report to generate and print, a business activity query to export, and a global
alert to be sent.
Important To run the Task Agent, you must configure your System Agent Epicor user account to have
session impersonation rights. For instructions on how to set session impersonation rights, refer to Epicor
ERP 10 Installation Guide.
Task Agent Service Configuration. You can create a task agent in the Task Agent Service Configuration
program. This program allows you to add task agents that run on either a local machine or a remote machine.
After you set up an application server (AppServer), you can then configure the local or remote task agent for
the database. If you have multiple appservers, all of them point to the same database, and you can configure
a task agent on any appserver even if they are located on different physical servers. The task agent is distributed
to multiple appservers based on pre-defined rules.
Connecting a Task Agent. You can connect a task agent to an application server through different endpoint
binding methods. If you connect a new or existing task agent through the Windows endpoint binding type,
you must enter a Windows domain user account on the task agent service. The Windows domain user account
you enter must be associated with either an Epicor ERP or Epicor ICE user account.
Review the Authentication Options section for more details on binding methods you can use in Epicor ERP.
Note You can only configure one instance of the task agent service to run against a specific database.
If you try to create two task agents to run against the same database, you receive an error message
when you attempt to save the second instance.
For more information on how to configure a task agent and how to connect it to an application server, review
the Administration Console Help and the Application Help.
Creating a System Agent. A System Agent defines the information needed to configure the Task Agent
AppServers. You create it after you first install the application, and it is automatically created when you install
an Epicor Demo Database or migrate from a previous version. You then can use the System Agent > Detail
sheet within the System Management Maintenance program to make changes you need to the system agent.
You can also set up multiple system agents based on your requirements for generating reports and processes.
With multiple system agents, you can send reports to different AppServers based on a set of rules you define.
For example, a system agent can be defined using AppServers with different schedules so various processes
and reports run at times that make better use of your available network resources.
For more information on how to work with System Agent, review the Application Help.
10 Epicor 10.1.600
Chapter 3: Additional Components and Products
Use this section to review additional software components and products that are available to install with your Epicor
ERP 10 application. These additional components and products enhance the functionality of your Epicor ERP 10
application.
3.1 Extension Components
You can install the Epicor ERP extension applications after you have configured your Epicor application server.
To get an extension working, you need to go through the following three-step process:
select the extension features to install during the Epicor ERP 10.1 server installation process
to deploy the selected features, use the Application Server Configuration process in Epicor Administration
Console
perform initial configuration within the installed extension
Extension applications include: Epicor Web Access, Epicor Mobile Access, Epicor Social Enterprise, Enterprise
Search, Epicor Education, Epicor Information Worker, and Epicor Help.
Epicor Web Access

Epicor Web Access displays programs as web forms within a browser window and is a significant part of the
Epicor Everywhere Framework.
These forms are generated from Epicor ERP programs. Because of this, the appearance and functionality of the
Epicor Web Access forms is nearly identical to the Epicor smart client programs, but do not require the installation
of the Epicor client. Epicor Web Access programs can run on several operating systems and on a variety of devices
- including handheld devices.
You can have multiple instances of the Epicor Web Access extension linked to each application server.
Epicor Mobile Access

Epicor Mobile Access extends the Epicor Everywhere Framework to generate properly sized Web forms for
mobile platforms including iPhone, Android, and Windows Phone.
Epicor 10.1.600 11
Since the mobile dashboards that support Epicor Mobile Access (EMA) are built using the dashboard technology
and Updatable BAQ technology embedded in the Epicor ERP application, users can create web applications that
implement business functionality on mobile devices.
You can have multiple instances of the Epicor Mobile Access extension linked to each application server.
Epicor Social Enterprise

Epicor Social Enterprise is an information network designed to support information exchange across your business
enterprise.
Epicor Social Enterprise is fully integrated into the Epicor ERP application's smart and web clients. From each
client, you can access the Epicor Social Enterprise website and work with the full functionality of your Epicor
Social Enterprise account, or you can choose to work in Epicor Social Enterprise in the context of a selected ERP
data record.
You can only have one instance of the Social Enterprise extension linked to each application server.
Epicor Enterprise Search

Enterprise Search is a powerful search application which you can use to retrieve indexed content from within
your Epicor ERP application and then quickly launch specific programs to display the data returned from the
search.
Using the default search index definition shipped with Epicor ERP, you can search on any item within the Epicor
database - like a part, customer, purchase order, AR invoice, and so on. All the records within the Epicor database
that use this record in some way appear within the search results. Results are organized by record type and can
be filtered by record type.
You can only have one instance of the Enterprise Search extension linked to each application server.
Epicor Education
Epicor's library of embedded educational materials provides you with a platform to develop an effective training
program for your organization. The number of resources enable you to choose the best options to meet your
training needs and tailor the content to fit your users.
You install the Embedded Courses on the Epicor Education sheet. You can only have one instance of the Epicor
Education extension linked to each application server.
Epicor Information Worker

Epicor Information Worker (IW) is a set of plug-in applications for Microsoft Office that offers a transparent user
experience for Epicor applications within a familiar desktop productivity environment. It gives employees who
depend on enterprise data ("information workers") direct access to Epicor data from inside Microsoft Outlook,
Word and Excel.
Once Epicor data is imported into Office, users can keep the data synchronized between Office and Epicor, and
can work either in online or offline (disconnected) modes.
Epicor Help
Epicor's online help system contains reference level information on modules and programs. It also contains a
series of technical references guides that provide detailed information on job costing, scheduling, and other areas
of the Epicor application. You can launch application help from the Home page by clicking the Help tile, or from
directly within a specific program by pressing the F1 key or clicking Help > Application Help.
12 Epicor 10.1.600
3.2 Supplemental Components
Supplemental components that can be installed after your Epicor ERP 10.1 application is installed and configured.
Country Specific Functionality (CSF)

Country Specific Functionality is designed to accommodate localization for specific markets throughout the world.
It supports global, regional and local accounting and reporting standards such as, IFRS, Generally Accepted
Accounting Principles (GAAP), taxes and fiscal reporting Support for various countries.
You can view the list of available countries in the Epicor ERP 10.1 Installation Guide and activate the required
country in Epicor Admin Console.
Microsoft Service Bus 1.1

Microsoft Service Bus for Windows Server, also called "Service Bus", is required as a software component with
Epicor ERP 10.1 if you use Multi-Company functionality and you process multi-company transactions between
more than one database. Using queue technology, Service Bus provides extensive publish/subscribe capabilities
which allow multiple, concurrent subscribers to retrieve views of the published message stream.
Review the Service Bus prerequisites when installed for use with Epicor ERP 10.1:
Windows Server 2008 R2 SP1 x64 or Windows Server 2012 x64, Windows Server 2016
SQL Server 2008 R2 SP1, SQL Server 2008 R2 SP1 Express, SQL Server 2012, SQL Server 2016
.NET Framework 4.6.1
TCP/IP connections or named pipes configured in SQL Server
SQL Browser service running in case of TCP/IP connections.
Note SQL Server can be installed on the same physical machine with the Service Bus or on a different
machine. The Service Bus databases can reside on multiple machines as well. All the databases do not need
to be created on a single database server.
The instructions for installing Microsoft Service Bus for Windows Server are located in the Epicor ERP 10.1
Installation Guide (New or Migration) > Supplemental Installations section. For additional information, you can
also refer to the Microsoft Download Center documentation. Note that the instructions for setting up
Multi-Company functionality is located in the Multi-Site Technical Reference Guide which is available within the
online help and from the EPICweb Documentation > Technical Reference Guides page.
Performance and Diagnostic Tool

If you are experiencing performance issues, you should first contact either your Epicor consultant or Epicor
Technical Support. If the performance issue cannot be resolved through this initial contact, the technical support
representative or the consultant may recommend you use the Performance and Diagnostic Tool. This tool captures
performance information, and you can organize this information to receive meaningful metrics
that

relate to the
performance of your Epicor ERP application. You can also export these results to Microsoft Excel for additional
review and analysis. Through the Performance and Diagnostic Tool, you can evaluate:
The performance of one client versus another client on the same system.
The performance of business object methods on both the client and the server.
Overall performance of the server and the network.
Performance of business objects in one system against the same business objects on other systems.
Performance of customizations, personalizations, Business Process Management (BPM) methods, and business
activity querys (BAQs).
The configuration of the Epicor ERP application.
Epicor 10.1.600 13
To learn more about the Performance and Diagnostic Tool, review the Performance Tuning Guide. This guide
describes the common patterns of slow performance, the tools available for testing performance issues, and
potential performance solutions.
SharePoint Publisher
You can use the Epicor SharePoint Publisher functionality to display dashboards in the Microsoft SharePoint
environment.
You leverage web dashboards to create SharePoint web parts that directly link to business activity queries (BAQs).
Web parts are integrated sets of controls for creating web sites you can use to directly modify, within a web
browser, the content, appearance, and behavior of web pages. All dashboard web parts directly access the Epicor
application server, so no web services or other intermediate layers are required to run web dashboards.
SharePoint web parts contain nearly the same functionality as Epicor dashboards. The data initially pulled into
the dashboard can be refreshed as needed. The Grid views contain both Order By and Group By functionality.
Web dashboards support publish and subscribe between views, so data within a grid view can update data with
a linked chart view. Web dashboards also link to the Performance Canvas for embedded Epicor EPM functionality.
3.3 Cross-Brand Products
Use this section to review the Cross Brand Products that can be installed after your Epicor ERP 10.1 application
is installed and configured.
You can access the Epicor Cross-Brand Solutions documentation on EpicWeb using the following link: https://e
picweb.epicor.com/products/epicor-erp-10/documentation. The Cross-Brand Solutions library is in the right pane.
Your screen may look similar to the following:
Epicor Cross-Brand Solutions are designed to extend the functionality of your ERP system by providing additional
features you can use for your business requirements. You can configure these products to work with different
Epicor ERP systems, such as Epicor ERP 10.1, Prophet 21, iScala. Eclipse, Tropos and so on. Cross-Brand solutions
interact with your ERP system which allows you to use ERP data in additional environments.
14 Epicor 10.1.600
Advanced Financial Reporting

Epicor Advanced Financial Reporting is a complete toolset you use to create custom financial reports specific to
the needs of your organization. The reports you build will contain financial information from various sources you
define - you can set up each report to pull information from one or multiple general ledger (GL) books across
multiple companies, from multiple ERP systems.
Epicor Advanced Financial Reporting interacts with an Epicor application through a report server. This server pulls
the general ledger data from your active database to an AFR financial database via replication provided by AFR
Replication Monitor, and makes this data available for use within AFR. You then create a report definition in the
Report Designer.
The AFR Report Designer is used to define the basic elements of the reports - row sets, column sets, report
parameters, data filters, and formatting of the reports. Using the Report Designer, you can build report definitions,
preview them to verify current data displays as expected, and upload Report Definition Language (RDL) files,
which enable users to view reports in a web browser, via SQL Server Reporting Services (SSRS). Once you set up
your report, you can further refine the look and feel in either Microsoft Visual Studio or Microsoft SQL
Server Report Builder. You can use these report layout and formatting tools to fine-tune the overall look of
each financial report.
When you finish refining the layout of your financial reports, users can view them in a web browser or in
MicrosoftExcel. Reports can be printed, or exported in various file formats, or you can schedule a batch of
reports to be created at regular intervals. Based on the report parameters you define in the report, users can filter
data, or change the parameters to view different data, for example, change the report currency, change the
report dates, or filter by GL accounts.
Commerce Connect
Epicor Commerce Connect (ECC) is an e-commerce solution that enables Epicor ERP customers to develop unique
websites quickly and manage them easily, providing the necessary tools to deliver a rich customer experience,
throughout the typical order life cycle - from quote to fulfillment, and beyond.
Fully integrated to your ERP system, Epicor Commerce Connect eliminates the need to maintain a separate product
database and provides streamlined access to ordering, product or account information including customer specific
pricing, inventory levels, marketing and customer service processes - all in real-time using ERP data that can be
viewed online via Epicor Commerce Connect.
ECC supports the Magento eCommerce platform and provides a scalable solution that is backed by an extensive
support network and allows you to build a site to help fit your unique business needs.
Enterprise Performance Management

Epicor Enterprise Performance Management provides a complete set of tools and applications that let you plan,
execute, and analyze at both strategic and tactical levels aligning business activities with business goals. A
business support system, Epicor EPM supports the complex analysis required to discover business trends. The
information retrieved from this analysis is valuable in identifying trends and modeling data in the areas of planning,
budgeting, forecasting, financial reporting, and data warehouse reporting.
EPM solutions integrate monitoring and analysis with the planning and control (or audit) cycle of the enterprise
to enable a cycle of continuous performance improvement.
Epicor Financial Planner

Epicor Financial Planner (EFP) provides functionality to automate the financial planning and budgeting process
to keep your records accurate and up-to-date. It provides a complete system for financial budgeting and forecasting.
Epicor Financial Planner allows Epicor ERP customers to improve automation and take control of the budgeting
and planning process, allowing you to rest easier with more certainty in your projections.
Epicor 10.1.600 15
Epicor Manifest
Epicor Manifest is an automated shipping functionality that enables your company to streamline shipping processes
and meet the expectations of your customers. Epicor Manifest is multi-carrier shipping software that integrates
tightly with the Epicor ERP application and seamlessly processes domestic and international shipping transactions
by communicating to various carriers, calculating freight amounts, and printing carrier labels.
Mattec MES
Epicor Mattec Manufacturing Execution System is a real-time production and process monitoring system which
can be used as a powerful tool in manufacturing including rubber and plastics, metals and automotive industries.
The solution offers a comprehensive set of MES capabilities for production scheduling, machine operation and
maintenance, quality management, and real-time analytics to monitor machines and analyze machine-related
data such as overall equipment effectiveness (OEE), run rates, scrap, yield and energy consumption. The system
captures data directly from machines and operators, and delivers real-time production metrics and real-time
operations analytics in an easy-to-digest visual manner.
Real-time reconciliation of information between Epicor ERP and Mattec MES ensures data integrity for supporting
accurate scheduling, planning, monitoring, resourcing and costing.
Use Data Integration to manage production from a central location and seamlessly integrate data flow between
Epicor ERP and Mattec MES. This integration allows you to reduce errors from manual data entry in both
applications and get timely and accurate data to enable better manufacturing decisions. Epicor ERP production
planning and job data are exported to Mattec MES for use when performing and monitoring shop floor activities.
In Mattec MES, production data is monitored and recorded for use in process and quality control monitoring and
analysis.
Labor and production data recorded in Mattec MES will then flow back to Epicor ERP where the data can be
used for costing, reporting and production analysis.
Precise ARM
Epicor Advanced Requistions Management (ARM) provides companies with an automated procurement system
that empowers employees while ensuring that contracted buying agreements and spending limits are enforced.
Precise Advanced Requisition Management (ARM) automates and streamlines the requisitioning process, utilizing
a Web browser to integrate with and extend the Epicor Purchasing module. Multiple approval methods provide
a flexible framework that can be configured to meet the requirements of any organization.
ARM uses a catalogue of approved vendors and items, optionally including both stocked and non-inventory
products and services, and utilizes a live on-line integration to your Epicor Financials and Distribution solution.
Via a separately licensed module, ARM also facilitates inventory transfers between Epicor locations.
Secure Data Manager

Secure Data Manager (SDM) is a comprehensive standalone payment-handling solution that achieves single
Payment Application Data Security Standard (PA-DSS) validation across multiple retail systems while also providing
authorization and settlement functionality.
With Epicor's Secure Data Manager, payment card information is securely stored in a central repository where
PA-DSS requirements are consolidated and managed. By handling data from inception (i.e. card swipe) through
storage, Epicor SDM maintains data privacy by providing neighboring applications with a token for reference
rather than specific credit card details. Connected systems then pass this token into the datastream, and Epicor
SDM utilizes the token's data to determine the credit card information needed for processing each transaction.
Service Connect
Epicor Service Connect (SC) is a workflow and application integration environment. You can use Service Connect
to run a workflow within a single application or to run workflows that span multiple applications. Because it uses
16 Epicor 10.1.600
documents as its primary interface and leverages a Service Oriented Architecture (SOA), Service Connect simplifies
the data conversion process from one application to suit the needs of other applications.
XL Connect
XL Connect is a powerful tool that can be used to report on data currently stored in your accounting system. XL
Connect is an add-in to Microsoft Excel and is accessed from within Excel. XL Connect is the data retrieval
engine. When in Excel, you will use XL Connect Content Functions and Analysis Sets to build reports that will
retrieve your accounting system data.
XL Connect Content provides the integration specific elements that define for XL Connect the tables in your
accounting system from which to retrieve your requested data. Once the data is retrieved into Excel, you can use
all of Excels capabilities to create a report that meets your business needs: financial statements, budget reports,
sales analysis, invoice analysis and dashboards.
3.4 Utilities and Resources
Use this section to review the utilities and resources that are available and can be used with your Epicor ERP 10.1
application.
3.4.1 Performance and Diagnostic Tool
You can use the Epicor Performance and Diagnostic Tool to analyze Epicor logs to measure performance from
both the client and the server. The Epicor Performance and Diagnostic Tool summarizes information in the client
and server trace logs. You can manipulate that information to provide meaningful metrics related to the installation
efficiency and performance of your Epicor ERP application.
Epicor Performance and Diagnostic Tool offers the following utilities:
Client Diagnostics - use it to analyze the performance of client installations.
Configuration Check - use it to check the configuration of the application server. This utility reveals the
issues and potential issues you may have with the application server configuration.
Network Diagnostics - use it to verify the baseline network and server performance are running at optimal
levels.
Server Diagnostics - use it to analyze the performance of server installations.
The Epicor Performance and Diagnostic Tool is run from the Epicor Administration Console. For information on
how to run the Epicor Performance and Diagnostic Tool, use the Performance Tuning Guide. The guide is available
from various locations, including from within the Performance and Diagnostic Tool (webhelp format), the Epicor
ERP 10 application online help (webhelp and PDF format), or the EPICweb Documentation > Technical Reference
Guide site (PDF format).
Epicor 10.1.600 17
Chapter 4: Multiple Application Servers
If you have a multiple application server environment, use this section to review information specific to web farm and
web garden configurations.
4.1 Web Farm / Web Garden Notification
When multiple application servers are connected to the same database, each can internally notify all application
servers in the web farm or web garden that a change occurred. The application servers in this web farm or web
garden then refresh with the required changes.
This feature is useful for web farm, web garden, or other multiple application server environments. For example,
when the database changes or a BPM assembly is updated, the application server with the change sends out an
internal notification. If this update is a database change, the application servers refresh their caches. If this update
is a BPM assembly change, the application servers regenerate their BPM assemblies.
You can set up these notifications by selecting the notification type that best reflects your network configuration.
To do this, modify the web.config file for your environment. This file is located in your server installation. For
example: C:\Epicor\Deployment\Server
Set up the NotificationType to define how the application servers send notifications to the group. Available
notification types are:
local - Select this option to indicate a single application server is in this web farm / web garden and no internal
notifications are needed. Always select this option when only one application server is in the web farm / web
garden, as it improves performance by reducing unnecessary notifications.
UDP - Indicates the notifications are delivered through a User Datagram Protocol (UDP) broadcast. This protocol
exchanges messages between all computers in a local area network (LAN). This notification type does not
work on a wide area network (WAN). If your application servers are on the same LAN and the required ports
are open, a UDP broadcast can reach them. You should then select this option.
For the NotificationUdpPort setting, be sure to enter a unique and unused port for each application server
group. This requirement ensures the internal notifications are only sent within a specific application server
group.
database - Select this option when you cannot use the UDP option and you are running more than one
process or application server. Depending on how your network is configured, you may not be able to select
UDP and so you instead must send notifications through the database. While this option is the most reliable,
this setting increases the number of calls to the database and so reduces performance. If your environment
supports UDP, you should use the UDP option instead. Note that the default type is database.
Use these steps if you need to change the type to the one that best reflects your network configuration.
1. Navigate to your Epicor ERP 10 application server web.config file. This file is located in your server installation,
for example, \Epicor\Deployment\Server.
2. Locate the NotificationType entry.
3. Set the value to one of the options. If you set the notification type value to UDP, you also need to specify
the NotificationUdpPort property which defines the unique port used by the application server group.
Your file may look similar to the following:

<add key="NotificationType" value="UDP" />

<add key="NotificationUdpPort" value="3100" />
4. Save and close the web.config file.
4.2 Customization Storage
For multiple appservers scenario, Epicor recommends to use a shared location to distribute active customizations
and their dependencies between multiple environments.
Customers hosting several Epicor ERP 10 endpoints, those running the Epicor ERP 10 web farm or web garden
may set up the web.config as follows:
Customization storage provider (customizationStorage - provider attribute) configured to use SqlBlob.
For Epicor ERP 10.1 and later, this option is set by default.
Storage of external assemblies (externalsStorage - provider attribute) configured as FileSystem, pointing
(externalsStorage - settings attribute) to a single shared folder location for all Epicor ERP 10 instances in
the web farm/web garden corresponding to a single Epicor ERP 10.1 installation. When setting up access
rights to the folder, make sure that Application Pools of all participating web applications have at least read
access.
Example Use DFS or UNC (common) path - \\server\share\folder accessible to all appservers.
Epicor 10.1.600 19
Chapter 5: Epicor ERP 10.1 Functionality
Use this section to review the Epicor ERP 10.1 application functionality.
5.1 Review Epicor ERP 10.1 Feature Summary
It is recommended that you become familiar with the features available in the Epicor ERP 10 release prior to
installing the Epicor ERP 10.1 application.
1. Review the Epicor ERP 10.1 Feature Summary to learn about the features in the Epicor ERP 10.1 release. To
access the Feature Summary, log onto the EPICWeb Documentation site and click the Feature Summaries
link. You can use this link: https://epicweb.epicor.com/documentation/feature-summaries. Note that you
can also view the Feature Summary using the Epicor online help system.
2. If desired, contact the Services group to learn more about upgrading or migration to Epicor ERP 10.1.
Note To request assistance from Services, fill out the Services Request Form available on the EPICWeb
Services site. You can use this link: https://epicweb.epicor.com/services/Pages/default.aspx.
20 Epicor 10.1.600
Epicor ERP 10.1.600 Architecture Guide Technology Strategies
Part II: Technology Strategies

Use this section to review the technology strategies required for using the ICE 3.0 framework technology with
the Epicor ERP 10 application.
Chapter 6: Network Protocol Bindings
The Windows Communication Foundation (WCF) hosts the services for your Epicor application.
By working with the Epicor ICE Framework, the Windows Communication Foundation manages the service calls, or
messages, that users initiate on clients. These messages are then transported to the server, where application code
updates the database. Together both the Epicor ICE Framework and the WCF form a secure and efficient pipeline that
sends the service call messages between the clients and servers across your network.
You can use different WCF protocol bindings to facilitate this network communication. The Epicor application utilizes
several binding options, so you need to select the protocol binding that best matches the transport of different functions.
If you have an environment integrated with Service Connect, generate reports on a separate server, or require a similar
processing need, you can set up multiple application servers to update the same database. Each application server can
have a different protocol binding that best facilitates the configuration it needs to execute its function. Utilizing multiple
application servers can also help you load balance the demand on your network.
This section first describes the main aspects of network protocols to help you understand the differences between
them. Then this section details each protocol binding option you can activate for the Epicor application. By reviewing
this information, you will be better able to determine which protocol binding to select and implement.
6.1 Protocols
The Epicor application supports NET.TCP, HTTP, and HTTPS protocols.
NET.TCP
NET.TCP is designed to facilitate communication between servers that reside in the same data center. For example,
the Epicor task agent schedules tasks within its application server and so the NET.TCP protocol bindings can
handle this network communication.
However this protocol does not work as well over the internet. Because the NET.TCP protocol needs to keep
communication constantly open between the clients and servers, firewalls and routers can disrupt the transport
pipeline. These bindings are faster than the available HTTP binding, but you can only use them for WCF to WCF
communication.
HTTP
The Epicor application uses Hypertext Transfer Protocol (HTTP) to support data communication through the Simple
Object Access Protocol 1.2 (SOAP). Through SOAP the data message is encrypted, but the transport process for
this data is not encrypted. To do this, HTTP uses the WSHttpBinding. This binding is similar to the BasicHttpBinding,
but it provides message security, transaction, consistent messages, and WS Addresses.
Epicor supports the HttpBinaryUsernameSslChannel binding option. This binding encrypts the body of the message.
It does not use Hypertext Transfer Protocol Secure (HTTPS), so it tends to be slower than bindings which use
HTTPS.
Epicor 10.1.600 21
Technology Strategies Epicor ERP 10.1.600 Architecture Guide
HTTPS
The Hypertext Transfer Protocol Secure (HTTPS) bindings are designed to facilitate communication between clients
across Wide Area Networks (WANs) and the internet. These protocols can also handle communication within
Local Area Networks (LANs), but a purchased or self-signing certificate is required to maintain the integrity of
the system.
If you need to set up an application server that communicates with components over the internet, you should
select one of the HTTPS protocol bindings.
6.2 Standard HTTP Binding Types
The following HTTP binding types are pre-defined in Windows Communication Foundation (WCF). These binding
types are only used with the HTTP and HTTPS protocols.
basicHttpBinding
This binding exposes endpoints that communicate through ASMX based Web services and other services that
conform to the WS-I Basic Profile 1.1. The transport of messages is secured through HTTPS.
wshttpBinding
This binding uses WS-Reliable Messaging for reliability and WS-Security for message security and authentication.
Message transport is handled by HTTP and is not encrypted, but the messages themselves are encoded using
Text/XML.
webHttpBinding
Instead of using SOAP requests, the webHttpBinding exposes the communication endpoints through HTTP
requests. These endpoints are used for REST integration within the Epicor application. The transport of messages
is secured through HTTPS.
6.3 Transport Encryption Methods
When the protocol binding encrypts the network transport process, it uses the following methods:
Windows - If the client and server use the same Windows Domain, WCF can leverage the domain to secure
the network transport. Either the client and the server must be on the same Windows Domain, or the client
and server domains need to have a trust relationship between different domains.
Secure Sockets Layer (SSL) - If the client and the server are on separate, untrusted Windows Domains or
do not reside on any domain, the Secure Sockets Layer (SSL) is used to encrypt the network transport. The
client and server machines must trust the authority that issues the certificate. You typically do this by obtaining
a certificate from Verisign or a similar Microsoft approved authority. Your IT organization can also issue and
manage internal certificates.
6.4 Serialization
When a user enters data on a form and sends it across the network to the server, this data is transformed from
the object behind the form into a variety of formats that allow data to be sent across networks. These formats
include binary, JSON, and XML.
The Epicor application can do this transformation, or serialization, through the following methods.
Custom Binary -- The Epicor application can utilize a custom binary serialization optimized for performance.
This serialization is used when the Epicor application code runs on both the client and the server. The data
format is designed for effective network performance. However Custom Binary serialization is difficult to
22 Epicor 10.1.600
integrate with other applications. You cannot use custom binary serialization if your client runs on a
non-Windows platform such as Linux or another operating system.
Interoperability -- When the client does not use .NET or Epicor code, the Epicor application uses the .NET
Data Contract Serializer. Both the SOAP 1.1 and 1.2 can then be available to transport the XML data over the
network. The REST endpoints also support both XML and JSON.
6.5 Compression
The network protocols available in the Epicor application all support data compression.
6.6 User Authentication
You can secure user identities through either Windows domain credentials or Epicor user account credentials. If
you use Windows credentials, the transport encryption type used by the protocol binding affects how user
identities are secured within the Windows domain.
6.7 Protocol Selection
The following table summarizes the main differences between each protocol.
Latency Wire Cloud Interop Load Privacy Comment

Efficiency Reliability Balancing
NET.TCP Best Very Good None Requires Windows, SSL Default for
Good Hardware and on-premise
Server Affinity servers
HTTPS/Binary Very Very Very None Easiest to SSL Best for cloud or
Good Good Good Configure VPM
infrastructures
HTTP/SOAP Acceptable Very Very Good Easiest to WS-SecureConversation Best for WS*
1.2 Good Good Configure Configurations
HTTPS/SOAP Good Good Good Good Easiest to SSL Needed for
1.1 Configure non-WS* clients
like Ruby and
Python
6.8 Binding Options
The Windows Communication Foundation (WCF) has several protocol binding options. Most of the WCF binding
options available for your Epicor application are custom bindings optimized for specific environments.
This section documents each protocol binding available within the Epicor application.
6.8.1 UsernameWindowsChannel
This NET.TCP binding authenticates transactions through an Epicor Username and Password. Windows checks
for existing Epicor user accounts to authenticate logins.
Epicor 10.1.600 23
The following diagram illustrates how this binding handles network transactions.
Protocol binding features:

Epicor user account (User ID/Password) token required for authentication.
The protocol is an Epicor Custom Binary Serialization.
The serialized data is compressed through a custom routine developed by Epicor.
Window encrypts the transport between the client and the server.
6.8.2 Windows
This NET.TCP binding authenticates transactions using a Windows Username and Password. Any user with a
Windows Username and Password within this domain can successfully log into the Epicor application.
24 Epicor 10.1.600

Client Windows Domain credentials is required for authentication.
The serialized data is compressed through a custom routine developed by Epicor.
Window encrypts the transport between the client and the server.
6.8.3 UsernameSSLChannel
This NET.TCP binding authenticates transactions using a Secure Sockets Layer (SSL) X509 certificate. Leverage
this method for application servers that handle smart client installations when users reside in different domains.
By using an SSL certificate, users from these different domains can log into the Epicor application.

The Secure Socket Layer encrypts the transport between the client and the server.
6.8.4 HttpBinaryUsernameSslChannel
This HTTP binding protocol authenticates using a Secure Sockets Layer (SSL) X509 certificate. The data transfers
between the client and server using Hypertext Transfer Protocol (HTTP). Instead of the transport, the message
which contains the data transfer is encrypted. Because this binding does not use Hypertext Transfer Protocol
Secure (HTTPS), it tends to be slower than bindings which use HTTPS.
Use this method for application servers that handle smart client installations when users reside in different domains.
By using an SSL certificate, users from these different domains can log into the Epicor ERP application.
Epicor 10.1.600 25

An HTTP based protocol.
The protocol uses .NET v4.5 compression.
The message body is encrypted; message headers are not encrypted; the transport is not encrypted.
6.8.5 HttpsBinaryUsernameChannel
This HTTPS binding authenticates transactions using an Epicor Username and Password. The data transfers
between the client and server using Hypertext Transfer Protocol Secure (HTTPS). HTTPS encrypts the data transfer.
26 Epicor 10.1.600

HTTPS encrypts the transport between the client and the server.
6.8.6 HttpsBinaryWindowsChannel
This HTTPS binding authenticates transactions using a Windows Username and Password. The data transfers
between the client and server using Hypertext Transfer Protocol Secure (HTTPS).
You can select this method for application servers that handle smart client installations and Epicor Web Access
(EWA) installations where users access the application through the same domain. Any user with a Windows
Username and Password within this domain can successfully log into the Epicor application.
Epicor 10.1.600 27

Client Windows Domain credentials required for authentication.
Windows encrypts the transport between the client and server.
The client-server communications is based on HTTP.
6.8.7 HttpsOffloadBinaryUserNameChannel
This HTTPS protocol binding is a configuration that offloads encryption handling to an intermediary Application
Request Router such as an F5.
The binding authenticates using an Epicor Username and Password token. The data transfers between the client
and server using Hypertext Transfer Protocol Secure (HTTPS). This protocol is configured to move encryption
handling to an intermediary Application Request Router like F5 or a similar router.
28 Epicor 10.1.600

The transport is encrypted between the client and Application Request Router (or F5) Server.
The data traffic between the ARR server and the Epicor application server is not encrypted.
Epicor 10.1.600 29
Chapter 7: Authentication Options
Use this section to review the authentication options available with the Epicor ERP 10.1 application.
7.1 User Identity Methods
In this section, review the identity methods used to authenticate a user account. These methods have both
advantages and disadvantages, so select the method that works the best for your organization. You define your
user identity method when you implement single sign on. For more information on single sign on, refer to the
Epicor ERP Installation Guide in the Appendices > Implement Single Sign On section.
Controlling access to the application is one of the primary ways you can secure the Epicor ERP application. When
you authenticate the identity of users attempting to login, or call, the application, you help prevent malicious
access.
Windows Account. Use this method to authenticate user identity through Windows accounts. These accounts
are secured by the Windows operating system, making it much more difficult for these accounts to be externally
compromised. This method controls access at the operating system level, so you can define your password
policy and account lockout policy through the Group Security Policy program. This method is easier to
administrate, as you control access at the operating system level. The disadvantage to this method is that if
malicious users do compromise your Windows environment, they gain access to all applications on your
system.
Epicor Account. If you use this method, you authenticate user identity through your internal Epicor accounts.
You then control access at the application level, using both the Password Policy Maintenance and Account
Lockout Policy programs to define the complexity of passwords and the number of failed logon attempts you
allow. Like Windows accounts, your Epicor accounts are encrypted. By securing at the application level, you
make it harder for malicious users to specifically access Epicor ERP. However the disadvantage to this method
is users will need to manage separate passwords for each application in your environment, making it harder
for you to administrate security.
For more information on user identity methods, refer to Epicor ERP System Administration Guide.
30 Epicor 10.1.600
Chapter 8: Security Requirements
Use this section to review the security requirements when using the Epicor ERP 10.1 application.
8.1 Licensing
In the Epicor ERP 10 application, you use the Licensing node to manage licensing for your product licenses for
an application server.
Using the licensing node, you can import or delete licenses and view the license properties. Properties include
information such as the installation name, expiration date, and data on companies, license modules, and country
specific functionality included in the installation.
8.2 User Account Options

Review the types of user accounts that must be created in your Epicor ERP 10 application.
SQL Server User. You set up an SQL Server User so that you have a login account to access the Epicor ERP
10 database.
IIS Application Pool. You can choose to use the default application pool provided by IIS on install, or you
can create your own application pool. An IIS worker process is a windows process (w3wp.exe) which runs
Web applications, and is responsible for handling requests sent to a Web Server for a specific application pool.
Application Pool is a way to create sections or compartments in a web server. It allows you to isolate applications
running on the same server, thus a crash on a single application/website does not bring down the entire
server.
Epicor application. Application users are managed under the application server Users node in the Epicor
Administration Console.
8.3 Server Protection
Review this section for information on how to set up such server protection features as ports to use for connection
on the servers and anti-viral scan configuration.
You should use the following ports for connection on the servers associated with the Epicor ERP 10 application:
Client and Epicor IIS Servers Epicor IIS Server SQL Server
808 (net.tcp) 80 (default IIS/Report Server) 80 (IIS/Default Report Server)
Epicor 10.1.600 31
Client and Epicor IIS Servers Epicor IIS Server SQL Server
443 (ssl) 9010 (task agent service) 1433 (SQL)
8172 (we check this port during
the creation of appservers; aka:
webdeploy port)
8098/9098 (Enterprise Search)
When you configure anti-viral software, Epicor recommends to exclude the following folders from real time scans:
Epicor Client Server Epicor IIS Server SQL Server
The root IIS folder (by default, All folders that contain the SQL The ERP10\client folder
c:\inetpub) db files (ldfs/mdfs) Client cache (by default,
The root ERP10 folder (by default, c:\programdata\Epicor)
c:\epicor\erp10)
8.4 Securing Database Access

Securing database access from the application server is an important aspect to consider when installing the Epicor
ERP application. Several methods are available to secure access to each database: Use the Windows Domain
Account and Encrypting the Web.config File.
Use the Windows Domain Account

The Windows Domain account can be used to run the application server. It is recommended that you do not use
the same account across multiple databases. Each database should have an unique account. For example, use
MyDomain\E10ServiceAccount. To use this account, do the following:
In SQL Server, grant access to the Windows User.
In the web.config file, use Trusted Windows Connection for the database setting.
In IIS Manager, under Advanced Settings, assign the app pool to the Windows User.
Encrypt the Web.config File

The application server web.config file includes important SQL Authentication credentials, such as the SQL user
name and password. To help secure the integrity of the credentials, it is recommended that you encrypt the
web.config file. Several methods exist for encrypting the web.config file, including:
DataProtectionConfigurationProvider
RSAProtectedConfigurationProvider
To learn more about encrypting configuration files, use the following Microsoft Developer Network links:
"Walkthrough" Encrypting Configuration Information Using Protected Configuration". Click this link to review
a step-by-step example on encrypting parts of a configuration file: ttps://msdn.microsoft.com/en-us/library/d
tkwfdky(v=vs.100).aspx.
"ASP.NET IIS Registration Tool". Click this link to review instructions on how to use the ASP.NET IIS Registration
Tool (aspnet_regiis.exe). Link: https://msdn.microsoft.com/en-us/library/vstudio/k6h9cz8h(v=vs.100).aspx. You
can use these configuration options:
-pe option can be to encrypt a specified configuration section and can be used with modifiers.
-pef option encrypts the specified configuration section of the Web.config file in the specified physical
directory.
32 Epicor 10.1.600
Chapter 9: SSL: Review Digital Certificates for Epicor ERP

10.1
Use this section to review requirements for using digital certificates with Epicor ERP 10.1. Digital certificates play a key
role in securing the communications between callers and services in the Epicor ERP 10.1 application and Epicor ICE 3.1
framework.
When the Epicor ERP 10.1 application is installed, the web services (SOAP) and REST services can be hosted automatically
by the Epicor 10 web sites. The SOAP-based web services can be used for integrations from either non-.NET callers or
from callers that do not have Epicor binaries available. REST services are used with Epicor Web Access (EWA). Both of
these protocols require encryption using digital certificates.
You can set up your machine to use the sample X509 certificates available with Epicor ERP 10.1. These certificates do
not expire until 2039 and are meant to be used during your Epicor ERP 10.1 implementation. You can also replace
these sample certificates with certificates that you create on from your own trusted servers or delivered from a Third
Party company such as VeriSign.
9.1 Overview of Digital Certificates
A digital certificate is basically a pair of keys - one public and one private. The public key can only decrypt data
which was encrypted using the private key and vice-versa. By keeping the private key truly private, client applications
using the public key are assured they are communicating with a known service. The digital certificates are used
to verify that the service is really who or what you believe it is. A digital certificate is signed using (usually) the
public key of another digital certificate, the private key being held by a trusted party. These signatures form a
"trust chain". At the top of the trust chain is a "root" certificate, which used its private key to basically sign itself.
For commercial web sites, the trust chain follows one of a small number of primary certificate authorities. The
images below show the trust chain for a bank's website. You can see this chain by clicking the padlock icon
displayed in most browsers when on any secure website. The browser not only shows you the trust chain, but it
verifies the integrity of every certificate in the chain. It checks that none of the certificates in the chain has expired
or has been revoked, meaning the private key was stolen or made public which makes the certificate basically
invalid.
Digital certificates also have a regular, readable name, technically called a "Subject". For web sites, the subject
name of the certificate securing the web site also must match the domain name of the web site. Finally - and
crucially - browsers and web client stacks will decline connections to web sites secured by a self-signed
certificate. The assumption is that without a separate issuer, no digital certificate can be fully trusted.
Epicor 10.1.600 33
Chapter 10: Timeout Settings
The Epicor ERP application uses a series of default timeout settings to prevent frozen transactions from locking your
system. If you typically process a large volume of data, you must increase these timeout settings to prevent the Epicor
ERP application from prematurely stopping transactions before they complete.
These timeout settings are organized through a parent-child hierarchy. Depending on your performance and testing
needs, you adjust the timeout settings at different levels in this hierarchy. Current hierarchy levels are:
machine.config file - This high level configuration file contains the overall settings used by all applications on the
server. This file contains the default timeout values. If no override timeout values exist lower in the hierarchy, the
values in this file determine when a transaction times out.
web.config file - This configuration settings file defines the settings used by the application server that runs the
Epicor ERP application. You typically adjust the timeout settings in this file, as they only affect transactions run by
the Epicor ERP application.
In addition to this hierarchy, you can also adjust timeout values in the rsreportserver.config file, the .sysconfig file,
the Task Agent Configuration program, and on the SSRS Site. These settings define timeout durations for transactions
not monitored by the machine.config and web.config files.
10.1 Machine.Config Settings
The machine.config file is the main configuration settings file on your server. It contains the maximum timeout
values allowed for all server transactions. Any transaction settings entered in the web.config file and any transaction
scope overloads must have an equal or shorter duration than the duration defined in the machine.config file.
The maximum duration typically defined on the machine.config file is ten minutes. However to accommodate
larger transactions, you can modify this file to allow longer timeout durations. When you do this, you also need
to update the web.config settings to handle longer timeout durations. Note these child timeout durations can
be equal to or shorter than the default timeout value defined in the machine.config file.
Be aware that any change to the machine.config file changes the timeout duration for all applications that run
on this server. Increasing the timeout duration on the machine.config file could cause issues for other applications.
Be sure to thoroughly assess the consequences before you increase the duration limit on the machine.config file.
It may not be practical to raise this timeout limit. However when you receive the following errors, you should
increase the timeout values in this file:
The transaction associated with the current connection has completed but has not been disposed. The
transaction must be disposed before the connection can be used to execute SQL statements.
Cannot access a disposed object. Transaction.
TransactionScope nested incorrectly.
Some part transactions and serial number processing may require a five hour timeout duration. Because this
exceeds the standard ten minute duration, you can adjust the machine.config file to handle these five hour
transactions. This feature helps you determine the cause of timeout issues for these users.
Remember that even though the machine.config file can be set to a longer timeout duration, the Epicor ERP
framework first uses the lower timeout durations defined in the web.config or transaction scope values. If you
wish to test a system using the five hour duration, you need to adjust the web.config or transaction scope values
to handle the longer time limit as well.
34 Epicor 10.1.600
10.2 Additional Timeout Options
Use this section to set up additional timeout options.
10.2.1 SSRS Site Timeout
If you regularly run large reports, set up SQL Server Reporting Services (SSRS) to either use a longer report timeout
duration or indicate SSRS should never timeout reports. To do this, modify options within the Site Settings page
on your report server.
1. On your server, run the Reporting Services Configuration Manager. To do this, click Start > All Programs
> Microsoft SQL Server 2012 > Configuration Tools > Reporting Services Configuration Manager.
2. In the Reporting Services Configuration Connection window, enter the Server Name and a Report
Server Instance for the server that handles SSRS reporting for your system. Click Connect.
3. In the left pane, click the Report Manager URL icon. The Report Manager URL screen displays.
4. Click the URLs hyperlink to display SQL Server Reporting Services in your internet browser.
5. A login window displays. Enter a Windows user account that has permissions to view the SSRS site. Click
OK.
6. On the Home page for SQL Server Reporting Services, in the upper right corner, click the Site Settings
hyperlink.
7. On the Site Settings page, locate the Report Timeout radio button options. Select one of the following
options:
a. Select the Do not timeout report option to prevent SSRS from stopping reports from generating.
b. Select the Limit report processing to the following number of seconds option to increase how long
SSRS can run while it generates reports. Then enter how many more seconds each report can run before
it timeouts.
8. Click Apply.
Epicor 10.1.600 35
36 Epicor 10.1.600
Additional information is available at the Education and
Documentation areas of the EPICweb Customer Portal. To access
this site, you need a Site ID and an EPICweb account. To create an
account, go to http://support.epicor.com.

Epicor10 ArchitectureGuide 101600

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Epicor10 ArchitectureGuide 101600

Încărcat de

Drepturi de autor:

Formate disponibile

Epicor ERP 10.1.

600 Architecture Guide

Part I: Epicor ERP 10.1 Application Architecture.............................................5

Chapter 1: Hardware Requirements..........................................................5

Chapter 2: Epicor ERP 10.1 Components....................................................8

Chapter 3: Additional Components and Products..................................11

Chapter 4: Multiple Application Servers..................................................18

Chapter 5: Epicor ERP 10.1 Functionality.................................................20

Part II: Technology Strategies........................................................................21

Chapter 6: Network Protocol Bindings....................................................21

Chapter 7: Authentication Options..........................................................30

Chapter 8: Security Requirements............................................................31

Chapter 9: SSL: Review Digital Certificates for Epicor ERP 10.1.............33

Chapter 10: Timeout Settings...................................................................34

Part I: Epicor ERP 10.1 Application

Chapter 1: Hardware Requirements

1.1 Review Hardware Sizing Guide

2. Scroll to the Utilities folder. Select Hardware Sizing Guide.

4. Review the entire guide to assist in understanding your hardware requirements.

1.2 Review Hardware Scenarios

1.2.1 Configuration #1: One Server

1.2.2 Configuration #2: Two Servers

1.2.3 Configuration #3: Three Servers

1.2.4 Configuration #4: Four or More Servers

Chapter 2: Epicor ERP 10.1 Components

2.1 Epicor Administration Console

2.2 Epicor Server

2.3 Application Server

2.4 Database Server

2.5 Epicor Database

The Epicor Database resides on the Epicor Database server.

2.6 Reporting Server

2.7 System Agent and Task Agent

Chapter 3: Additional Components and Products

3.1 Extension Components

Epicor Web Access

Epicor Mobile Access

Epicor Social Enterprise

Epicor Enterprise Search

Epicor Information Worker

3.2 Supplemental Components

Country Specific Functionality (CSF)

Microsoft Service Bus 1.1

Performance and Diagnostic Tool

3.3 Cross-Brand Products

Advanced Financial Reporting

Enterprise Performance Management

Epicor Financial Planner

Secure Data Manager

3.4 Utilities and Resources

3.4.1 Performance and Diagnostic Tool

Chapter 4: Multiple Application Servers

4.1 Web Farm / Web Garden Notification

2. Locate the NotificationType entry.

4. Save and close the web.config file.

4.2 Customization Storage

Chapter 5: Epicor ERP 10.1 Functionality

5.1 Review Epicor ERP 10.1 Feature Summary

Part II: Technology Strategies

Chapter 6: Network Protocol Bindings

The Epicor application supports NET.TCP, HTTP, and HTTPS protocols.

6.2 Standard HTTP Binding Types

6.3 Transport Encryption Methods