Epicor ERP 10 Architecture Guide

Epicor 10.0.600
Disclaimer
This document is for informational purposes only and is subject to change without notice. This document and its
contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its
date of publication. However, Epicor Software Corporation makes no guarantee, representations or warranties with
regard to the enclosed information and specifically disclaims any applicable implied warranties, such as fitness for a
particular purpose, merchantability, satisfactory quality or reasonable skill and care. As each user of Epicor software is
likely to be unique in their requirements in the use of such software and their business processes, users of this document
are always advised to discuss the content of this document with their Epicor account manager. All information contained
herein is subject to change without notice and changes to this document since printing and other important information
about the software product are made or published in release notes, and you are urged to obtain the current release
notes for the software product. We welcome user comments and reserve the right to revise this publication and/or
make improvements or changes to the products or programs described in this publication at any time, without notice.
The usage of any Epicor software shall be pursuant to an Epicor end user license agreement and the performance of
any consulting services by Epicor personnel shall be pursuant to Epicor's standard services terms and conditions. Usage
of the solution(s) described in this document with other Epicor software or third party products may require the purchase
of licenses for such other products. Where any software is expressed to be compliant with local laws or requirements
in this document, such compliance is not a warranty and is based solely on Epicor's current understanding of such laws
and requirements. All laws and requirements are subject to varying interpretations as well as to change and accordingly
Epicor cannot guarantee that the software will be compliant and up to date with such changes. All statements of
platform and product compatibility in this document shall be considered individually in relation to the products referred
to in the relevant statement, i.e., where any Epicor software is stated to be compatible with one product and also
stated to be compatible with another product, it should not be interpreted that such Epicor software is compatible
with both of the products running at the same time on the same platform or environment. Additionally platform or
product compatibility may require the application of Epicor or third-party updates, patches and/or service packs and
Epicor has no responsibility for compatibility issues which may be caused by updates, patches and/or service packs
released by third parties after the date of publication of this document. Epicor® is a registered trademark and/or
trademark of Epicor Software Corporation in the United States, certain other countries and/or the EU. All other
trademarks mentioned are the property of their respective owners. Copyright © Epicor Software Corporation 2014.
All rights reserved. No part of this publication may be reproduced in any form without the prior written consent of
Epicor Software Corporation.

Epicor 10.0.600
Revision: June 09, 2014 10:43 a.m.
Total pages: 25
sys.ditaval
Epicor ERP 10 Architecture Guide Contents

Contents

Part I: Epicor 10 Application Architecture.......................................................5

Chapter 1: Component Overview..............................................................5

1.1 Epicor Administration Console............................................................................................................5
1.2 Epicor Server.......................................................................................................................................6
1.3 Application Server...............................................................................................................................6
1.4 Database Server..................................................................................................................................6
1.5 Epicor Database..................................................................................................................................6
1.6 Reporting Server.................................................................................................................................7
1.7 System Agent and Task Agent............................................................................................................7

Chapter 2: Software Components..............................................................9

2.1 Epicor 9.05 to Epicor ERP 10 Software Component Changes..............................................................9
2.2 Microsoft Service Bus..........................................................................................................................9

Chapter 3: Hardware Requirements........................................................11

3.1 Review Hardware Sizing Guide.........................................................................................................11
3.2 Review Hardware Scenarios..............................................................................................................11
3.2.1 Configuration #1: One Server.................................................................................................12
3.2.2 Configuration #2: Two Servers...............................................................................................12
3.2.3 Configuration #3: Three Servers.............................................................................................13
3.2.4 Configuration #4: Four or More Servers..................................................................................14

Chapter 4: Epicor ERP 10 Functionality....................................................15

4.1 Review Epicor ERP 10 Feature Summary............................................................................................15

Part II: Conversion and Migration Processes................................................16

Chapter 5: Database Conversions............................................................16

5.1 Database Conversion Task Details.....................................................................................................16
5.2 Review User Runnable Conversions...................................................................................................16

Part III: Technology Strategies.......................................................................21

Chapter 6: Authentication Options..........................................................21

Epicor 10.0.600 3
Contents Epicor ERP 10 Architecture Guide

Chapter 7: Security Requirements............................................................22

7.1 Security Options...............................................................................................................................22
7.2 Licensing..........................................................................................................................................22
7.3 User Account Options.......................................................................................................................22

Chapter 8: SSL: Review Digital Certificates for Epicor 10.......................23

8.1 Overview of Digital Certificates.........................................................................................................23

4 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

Part I: Epicor 10 Application

Architecture
Welcome to the Epicor 10 Architecture Guide. This comprehensive guide provides a detailed overview on the
supported technology and architecture of the Epicor 10 application.

Chapter 1: Component Overview

Review this graphical representation to learn more about the Epicor ERP component relationships.

1.1 Epicor Administration Console

The Epicor Administration Console includes administrative tools that you can use to maintain and manage your
database servers, application servers, and other system components. The Epicor Administration Console is a
component that can be selected for installation during the installation of Epicor 10 Server.

Epicor 10.0.600 5
Epicor 10 Application Architecture Epicor ERP 10 Architecture Guide

1.2 Epicor Server

Epicor server is a server computer that hosts one or more application servers. To define what application servers
each Epicor server hosts, you either create new application servers or register existing application servers. These
application servers are then linked to the Epicor server and run tasks for the Epicor application.

1.3 Application Server

An application server manages how a specific instance of the Epicor application runs. Through each application
server, you can configure licenses, companies, sessions, and users for a specific database.
An application server is created under the Epicor server. One or more application servers can be defined for each
Epicor server. When you select an application server on the tree view, you can perform administrative tasks to
it. For more information on Epicor server, review the Epicor Server section within this guide and the Administration
Console Online Help.
You can set up multiple application servers to run the same database. They can then improve performance by
balancing the load. For example, you create two application servers for the same database, but these application
servers support different endpoint bindings. One application server is set up to run Epicor Web Access (EWA) on
one server machine, while another application server is set up to run a smart client through Net.TCP on a different
server machine.
Note For more information on Endpoint Bindings, review the Authentication Options section within this
guide.

1.4 Database Server

A database server represents a SQL Server server\instance and contains the various Epicor application databases
your organization requires to conduct business. Before you can work with databases in the Epicor Administration
Console, you need to add a database server to the Database Server Management node.

1.5 Epicor Database

Epicor Database resides on Epicor Database server.

For implementation following the Epicor Signature methodology you need four databases. Below are suggested
names for the types:
• Epicor10_Demo - contains Epicor Demonstration Data. You can use it for Epicor University Training and
Embedded Training courses.
• Epicor10_Test - includes your data. You can use it for test and development purposes and to try new scenarios.
• Epicor10_Pilot - contains your data for Conference Room Pilot. The data should be controlled more than
the Test database.
• Epicor10_Production - contains data you use to leverage various processes in your company.

6 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

1.6 Reporting Server

Reporting Server contains Epicor SQL Server Reporting Service (SSRS), a server-based reporting platform that
provides comprehensive reporting functionality for a variety of data sources. Note that in the Epicor ERP application,
SSRS reports can be used in parallel to Crystal reports.
If you have an existing Epicor 9.05 application and you chose to not use the recommended SSRS functionality
that is available with the Epicor ERP 10 application, you can use the steps in the Supplemental Guide to install
and configure Epicor SQL Server Reporting Service (SSRS) using the previous method, referred to as the "portal
method". These steps will create the Epicor SSRS Portal, create the Epicor SQL Report Monitor Service, and
establish the connection to a SQL Report Server. This portal method is available to provide a "stop gap" functionality
that you can use to continue to have reporting functionality as you gain experience using the new SSRS functionality
available in the Epicor ERP 10 application.

1.7 System Agent and Task Agent

System Agent and Task Agent are designed to streamline and automate the flow of data throughout your
company.
To maximize the efficiency of your network resources, you can select to execute reports, process programs and
run queries not right after you submit them, but at a later time by adding them to a schedule that occurs during
specific intervals. You can add programs to recurring schedules using the Schedule drop-down lists available on
programs throughout the Epicor ERP application. When you assign a task to a recurring schedule, the Task Agent
activates and handles it according to the settings defined by the System Agent. Review the following information
to learn more about System Agents and Task Agents.
• System Agent Maintenance. You set up schedules in the System Agent Maintenance program. All schedules
you create through System Agent Maintenance appear on the Schedule list. Each time the schedule activates,
all the tasks assigned to it run in the order they were added to the schedule. Depending on the task, this
could cause a specific report to generate and print, a business activity query to export, a global alert to be
sent, and so on.
• Task Agent Service Configuration. You can create a task agent in the Task Agent Service Configuration
program. This program allows you to add task agents that run on either a local machine or a remote machine.
After you set up an application server (AppServer), you can then configure the local or remote task agent for
the database. If you have multiple appservers, all of them point to the same database, and you can configure
a task agent on any appserver even if they are located on different physical servers. The task agent is distributed
to multiple appservers based on pre-defined rules.
• Connecting a Task Agent. You can connect a task agent to an application server through different endpoint
binding methods. If you connect a new or existing task agent through the Windows endpoint binding type,
you must enter a Windows domain user account on the task agent service. The Windows domain user account
you enter must be associated with either an Epicor ERP or Epicor ICE user account.
Review the Authentication Options section for more information on binding methods you can use in Epicor
ERP.
Note You can only configure one instance of the task agent service to run against a specific database.
If you try to create two task agents to run against the same database, you receive an error message
when you attempt to save the second instance.

For more information on how to configure a task agent and how to connect it to an application server, review
the Administration Console Help and the Application Help.
• Creating a System Agent. A System Agent defines the information needed to configure the Task Agent
AppServers. It is automatically created when you first install the application or convert a previous version to

Epicor 10.0.600 7
Epicor 10 Application Architecture Epicor ERP 10 Architecture Guide

the Epicor application. You then can use the System Agent > Detail sheet within the System Management
Maintenance program to make changes you need to the system agent.
You can also set up multiple system agents based on your requirements for generating reports and processes.
With multiple system agents, you can send reports to different AppServers based on a set of rules you define.
For example, a system agent can be defined using AppServers with different schedules so various processes
and reports run at times that make better use of your available network resources.
For more information on how to work with System Agent, review the Application Help.

8 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

Chapter 2: Software Components

Use this section to review the software components you need to install before you start using the Epicor ERP 10
functionality. Note that if you are an existing customer on Epicor 9.05, some of the software components required for
Epicor 9.05 are no longer required for Epicor ERP 10.

2.1 Epicor 9.05 to Epicor ERP 10 Software Component Changes

Use the following section to review the software component changes between Epicor 9.05.702A and Epicor ERP
10.
• The functionality available in the Epicor Admin Tools and Progress Explorer Tools has been replaced with
the newly re-designed Epicor Administration Console. The Epicor Administration Console now includes
improved functionality to administer database servers, application servers, migrations, and more.
• Setting up a Windows Admin Workstation is no longer required with Epicor ERP 10.
• Configuring SQL Collation is no longer required with Epicor ERP 10.
• Print Server Role: Crystal Reports has been replaced with Microsoft SSRS.
• Web Service types WSE (Web Service Enhancements) and WCF (Web Communication Foundation) are no
longer delivered as separate installers since the Epicor Application Server itself is now based on WCF Web
Services.
• Multi-company transactions: Progress Sonic has been replaced with Microsoft Service Bus.
• The IIS Server code has been compiled for 64-bit versions of .NET. With Epicor ERP 10 you no longer need
to configure a 64-bit environment by enabling the ASP .NET 2.0 application.
• ODBC is no longer required since .NET includes data connectivity functionality.
• BPM Server is no longer required. With Epicor ERP 10 the functionality that was previously provided by the
BPM Server is now built into the Epicor ERP 10 framework.

2.2 Microsoft Service Bus

Microsoft Service Bus for Windows Server is required as a software component with Epicor 10 if you use
Multi-Company functionality and you process multi-company transactions between more than one database.
Prior to Epicor 10 this functionality was performed using Progress Sonic, which is no longer a viable option since
Epicor 10 uses Microsoft SQL Server.
Microsoft Service Bus for Windows Server allows you to build, test, and run applications in self-managed and
developer machines. Using queue technology, Service Bus provides extensive publish/subscribe capabilities with
allow multiple, concurrent subscribers to retrieve views of the published message stream.
Review the Microsoft Service Bus prerequisites when installed for use with Epicor 10:
• Windows Server 2008 R2 SP1 x64 or Windows Server 2012 x64
• SQL Server 2008 R2 SP1, SQL Server 2008 R2 SP1 Express, SQL Server 2012
• .NET Framework 4.5
• TCP/IP connections or named pipes configured in SQL Server
• SQL Browser service running in case of TCP/IP connections.
Note SQL Server can be installed on the same physical machine with the Service Bus for Windows Server,
or on a different machine. The Service Bus for Windows Server databases can reside on multiple machines
as well. All of them do not need to be created on a single database server.

Epicor 10.0.600 9
Epicor 10 Application Architecture Epicor ERP 10 Architecture Guide

The instructions for installing Microsoft Service Bus are located in the Epicor 10 Supplemental Guide. For more
information, refer to the Microsoft Download Center documentation.

10 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

Chapter 3: Hardware Requirements

Use this section to review hardware requirements for Epicor 10. You can review the documents provided for hardware
sizing and configuration, and you can also review example hardware configuration scenarios based on your required
applications. It is highly recommended that you understand your hardware requirements prior to installing your Epicor
products.

3.1 Review Hardware Sizing Guide

Use these steps to download and review the Epicor Hardware Sizing and Configuration Guide. Note that Hardware
requirements may change based on the specific release. It is recommended that you have an understanding of
the hardware requirements prior to installing.

1. Log on to EPICweb and go to the customer portal website. Navigate to Products > Epicor ERP version 10
> Downloads > Epicor ERP > Version 10.0.
You can use this link: https://epicweb.epicor.com/products/epicor-erp/downloads

2. Download the Epicor10x_HardwareSizingGuide.pdf file. Review the entire guide, including these sections:
• Introduction
• Server Hardware Sizing
• Application Load Profile
• Appendix (Testing SAN)

3. Use this document to assist in understanding your hardware requirements.

3.2 Review Hardware Scenarios

Use this section to review examples of hardware configuration scenarios, including basic multi-server scenarios.
The examples list the applications that might be installed on each server. Review the example scenarios to
determine which type of configuration is appropriate for your environment. Note that these are basic examples
and your desired configuration may be more complex.
Note The example scenarios only use compatible versions of Windows Server and SQL Server. For example,
Windows Server 2008 R2 is listed with SQL Server 2008 R2; and Windows Server 2012 is listed with SQL
Server 2012. Using mixed versions of Windows Server and SQL Server is not supported. For example, if
your Epicor server is running Windows Server 2012 then your SQL server must be running SQL Server 2012.

Epicor 10.0.600 11
Epicor 10 Application Architecture Epicor ERP 10 Architecture Guide

3.2.1 Configuration #1: One Server

Review the One Server configuration example to determine if it is appropriate for your environment.

3.2.2 Configuration #2: Two Servers

Review the Two Servers configuration example to determine if it is appropriate for your environment.

12 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

3.2.3 Configuration #3: Three Servers

Review the Three Servers configuration example to determine if it is appropriate for your environment.

Epicor 10.0.600 13
Epicor 10 Application Architecture Epicor ERP 10 Architecture Guide

3.2.4 Configuration #4: Four or More Servers

Review the Four or More Servers configuration example to determine if it is appropriate for your environment.

14 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Epicor 10 Application Architecture

Chapter 4: Epicor ERP 10 Functionality

Use this section to review the Epicor ERP 10 application functionality.

4.1 Review Epicor ERP 10 Feature Summary

It is recommended that you become familiar with the features available in the Epicor ERP 10 release prior to
installing the Epicor ERP 10 application.

1. Review the Epicor ERP 10 Feature Summary to learn about the features in the Epicor ERP 10 release. To
access the Feature Summary, log onto the EPICWeb Documentation site and click the Feature Summaries
link. Note that you can also view the Feature Summary using the online help system.

2. If desired, contact the Services group to learn more about upgrading or migration to Epicor ERP 10.
Note To request assistance from Services, fill out the Services Request Form available on the EPICWeb
Services site. You can use this link: https://epicweb.epicor.com/services/Pages/default.aspx.

Epicor 10.0.600 15
Conversion and Migration Processes Epicor ERP 10 Architecture Guide

Part II: Conversion and Migration

Processes
Use this section to review the conversion and migration processes available in the Epicor 10 installation and
migration process.

Chapter 5: Database Conversions

Use this sections to review database conversion information.

5.1 Database Conversion Task Details

Use this section to review the database conversion process details.

The database conversion process tasks are run sequentially with status reported in the message field. The tasks
accomplish the following:
• OpenEdgeMigration - Converts the source Progress database to the interim SQL Server database.
In the remaining tasks, the interim SQL Server database is used as the source database.
• E9Cleanup - Formats SysrowID.
• PreMigrate - Sets Identity_Insert to On to enable insertion of records into database.
• Migrate - Migrates application data from the source database to the target database, with required changes
for the target version. Source database columns that are not in the target database are ignored.
• SeedData - Adds, to the target database, minimum data required for both ICE and ERP. This task must be
run before running ICESystemTablesMigration.
• ICESystemTablesMigration - Migrates special ICE tables from the source database to the target database.
• UDFieldMigration - Moves any user-defined (UD) columns that are in-use in the source database to separate
UD tables in the target database.
• SysAgentMigration - Migrates the source SysAgent record to the target and updates to the target Epicor
version.
• BAQMigration - Migrates the source BAQ tables to the target and updates to the target Epicor version.
• BpmMigration - Migrates the source BPM tables to the target and updates to the target Epicor version.
• PostMigrate - Applies indexes, triggers, and field formats.

5.2 Review User Runnable Conversions

Review details for user runnable conversions.

RunSequence Run Description AutoRun InitialRun Program Detail

Level
160 905702 Load Posting Engine data TRUE FALSE

16 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Conversion and Migration Processes

RunSequence Run Description AutoRun InitialRun Program Detail

Level
5050 250018 Verify/Repair Final TRUE FALSE
Assembly Child Pointers
5060 250106 Verify/Repair Prior/Next TRUE FALSE
Assembly Pointers
5080 260014 Build Shop Load File TRUE FALSE
5090 260027 Verify/Repair Operation FALSE FALSE
Hours/Costs
5100 260102 Recalculate Part Low Level FALSE FALSE
Codes
5140 520205 Job Assembly Cost TRUE FALSE
Roll-Up
6430 510115 Recalculate Part FALSE FALSE
Onhand/Allocation
summaries
6720 510118 Correct PartTrans for TRUE FALSE
ShipDtls that were not
shipped
6880 520003 Opportunity/Quote FALSE FALSE
Conversion for CRM
7250 520322 Remove orphaned TRUE FALSE
PickedOrders and
MtlQueue records
7427 610532 Re-Initialize FALSE FALSE
QuoteHed/Customer/CustCnt/CRMCall
Key Blocks
8480 800708 Refresh ShopLoad Table FALSE FALSE
8610 800801 Verify/Repair v8.0 TRUE FALSE
Prior/Next Assembly
Pointers
8630 8630 Refresh Shop Capacity TRUE FALSE
Values
8740 800803 Refresh Shop Load Values TRUE FALSE
8920 800807 End Activity on Labor FALSE FALSE
Detail Transactions
8930 800807 End Activity on Labor FALSE FALSE
Header Transactions
9527 803400 Set Credit Limit Totals TRUE FALSE
9720 803404 Fix BookDtl records TRUE FALSE
9725 803404 Fix BookRel records TRUE FALSE
9762 803405 Re-Set PlantCostiD field TRUE FALSE

Epicor 10.0.600 17
Conversion and Migration Processes Epicor ERP 10 Architecture Guide

RunSequence Run Description AutoRun InitialRun Program Detail

Level
9875 900000 Create a PartCost record TRUE FALSE
for a PartPlant record
10176 905700 Add Return Discount TRUE FALSE
context
10178 905700 Adds context TRUE FALSE
'Non-deductable Tax'
10250 900000 Unlock transactions with TRUE FALSE
no entry in Review Journal
10362 904503 Update null PartTran TRUE TRUE
TranDate
10400 904504 Create Currency Rate TRUE FALSE
Types
10431 904504 Write PatchFld records TRUE FALSE
related to
Customer.ShipToTerrList
10520 904504 New External GL Account TRUE TRUE
context
10540 905000 Load GL Controls for TRUE TRUE
Project and LabExpCd
business entities
10700 905000 Load GL Controls for TRUE FALSE
PIStatus business entities
10710 Load GL Controls for
Equipment Type
10747 905000 Create Context TRUE FALSE
'Prepayment' for GL
Control Type 'AP
Account'
10748 905000 Create new System GL TRUE TRUE
Controls
10860 905701 Created GL Controls for TRUE TRUE
Asset Management
10911 904507 Create PartTran Cost TRUE TRUE
Disbursement
SysGLControls
10940 905300 Update primary key of TRUE FALSE
existing PcInValue record
10948 905000 Update GL Control Type TRUE FALSE
Deferred Revenue
10951 905601 Update GL Control Type TRUE FALSE
Payment Instrument
Receivable

18 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Conversion and Migration Processes

RunSequence Run Description AutoRun InitialRun Program Detail

Level
10961 905600 Update GL Control Type TRUE FALSE
Inventory COS and WIP
10974 905601 Petty Cash GL Controls TRUE TRUE
conversion program
10975 904507 Create PartTran Cost TRUE TRUE
Disbursement
SysGLControls
10979 905700 Deferred Revenue context TRUE FALSE
for the Project Billing
10980 905601 Create AR/AP PI TRUE TRUE
Settlement SysGLControls
10996 905601 Create GL Controls for TRUE TRUE
DRA Revenue
11015 905604 Create new contexts for TRUE TRUE
ref GL Controls used in
COS WIP
11020 905603 Create AR Tax TRUE TRUE
Confirmation
SysGLControls
11066 905606 Invoiced Deposits context TRUE FALSE
for the AR Account
11093 905700 Create GL Control TRUE FALSE
Contexts for ODC
11095 905701 Create GL Control TRUE FALSE
Contexts for Contra COS
11097 905607 Create GL Control TRUE FALSE
Contexts for Statutory
Accounting
11100 905700 Add GL Control context TRUE TRUE
'Tax Discount Adjustment
Total'
11113 905700 Adds context TRUE FALSE
'Prepayment'
11240 905701 GL Control Contexts - TRUE FALSE
Currency Difference AR
Invoice Line
11260 905701 Creates TRUE FALSE
SysGLCTAcctCntxt
missing from BankFee
11290 905702 CSF Germany: Create GL FALSE FALSE
Controls for Tax Effective
Rate

Epicor 10.0.600 19
Conversion and Migration Processes Epicor ERP 10 Architecture Guide

RunSequence Run Description AutoRun InitialRun Program Detail

Level
Uplift conversion
cv/cvcd0001.p (Convert
all credit card numbers to
ESDM tokens) to E10
Conversion program that
creates system journal
codes should be uplifted
to E10

20 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Technology Strategies

Part III: Technology Strategies

Use this section to review the technology strategies required for using the ICE 3.0 framework technology with
the Epicor 10 application.

Chapter 6: Authentication Options

The application server secures communication and authenticates users using different endpoint binding methods. When
a user logs into the application, the selected method verifies the communications are encrypted and checks whether
the user can access the Epicor application. Use this section to review the options available for using the Epicor ERP 10
application.
• UsernameWindowsChannel. Select this option to authenticate using an Epicor Username and Password on a
Windows Domain. Windows ensures communications are encrypted while the username and password are managed
in Epicor. You can use this method for both smart client and Epicor Web Access (EWA) installation.
• UsernameSSLChannel. Select this option to authenticate using an Epicor Username and Password on a non-Windows
Domain or across two untrusted Windows Domains. A Secure Sockets Layer (SSL) X509 certificate is used to encrypt
the communications while the username and password are managed in Epicor.
When you select this option, you may need to define a DNS Endpoint Identity if your SSL certificate and server name
are different. You can use this method for both smart client and Epicor Web Access (EWA) installations.
Note If you plan to use Digital Certificates, you must select UsernameSSLChannel. Refer to the Technology
Strategies > SSL: Review Digital Certificates for Epicor 10 section later in this guide for more information on
the digital certificate options available in your Epicor ERP application.

• Windows. This type of authentication replaces the Epicor 9.05 Single Sign On method. It authenticates and encrypts
communications using Windows Domains. Select this method for AppServers that handle client installations where
users access the application through the same domain. If you select this option, you do not enter a
Username/Password for the task agent; instead you define this domain user account on the Windows service. You
can only use this method on smart client installations.
It is recommended that you follow your company's best practice method based on your security practices.

Epicor 10.0.600 21
Technology Strategies Epicor ERP 10 Architecture Guide

Chapter 7: Security Requirements

Use this section to review the security requirements when using the Epicor 10 application.

7.1 Security Options

Use this section to review your security options when using the Epicor 10 application.

7.2 Licensing

Use this section to review your licensing process when using the Epicor 10 application.
Installations, representing the product licenses for an application server, are managed under the Licensing node.
Working with the installations, you can import or delete licenses and view the license properties, including basic
information such as the installation name, expiration date, and data on companies, license modules, an country
specific functionality included in the installation.

7.3 User Account Options

Use this section to review your user account options when using the Epicor 10 application.
Review the types of user accounts that must be created.
• SQL Server User. You set up an SQL Server User so that you have a login account to access the Epicor ERP
database.
• IIS Application Pool. You can choose to use the default application pool provided by IIS on install, or you
can create your own application pool. An IIS worker process is a windows process (w3wp.exe) which runs
Web applications, and is responsible for handling requests sent to a Web Server for a specific application pool.
Application Pool is a way to create sections or compartments in a web server. It allows you to isolate applications
running on the same server, thus a crash on a single application/website does not bring down the entire
server.
• Epicor application. Application users are managed under the application server Users node in the Epicor
Administration Console.

22 Epicor 10.0.600
Epicor ERP 10 Architecture Guide Technology Strategies

Chapter 8: SSL: Review Digital Certificates for Epicor 10

Use this section to review requirements for using digital certificates with Epicor 10. Digital certificates play a key role
in securing the communications between callers and services in the Epicor 10 application and Epicor ICE 3.0 framework.
When the Epicor 10 application is installed, the web services (SOAP) and REST services can be hosted automatically by
the Epicor 10 web sites. The SOAP-based web services can be used for integrations from either non-.NET callers or
from callers that do not have Epicor binaries available. REST services are used with Epicor Web Access (EWA). Both of
these protocols require encryption using digital certificates.
Use the following information to set up your machine to use the sample X509 certificates available with Epicor 10.
These certificates do not expire until 2039 and are meant to be used during your Epicor 10 implementation. You can
also replace these sample certificates with certificates that you create on from your own trusted servers or delivered
from a Third Party company such as VeriSign.

8.1 Overview of Digital Certificates

A digital certificate is basically a pair of keys - one public and one private. The public key can only decrypt data
which was encrypted using the private key and vice-versa. By keeping the private key truly private, client applications
using the public key are assured they are communicating with a known service. The digital certificates are used
to verify that the service is really who or what you believe it is. A digital certificate is signed using (usually) the
public key of another digital certificate, the private key being held by a trusted party. These signatures form a
"trust chain". At the top of the trust chain is a "root" certificate, which used its private key to basically sign itself.
For commercial web sites, the trust chain follows one of a small number of primary certificate authorities. The
images below show the trust chain for a bank's website. You can see this chain by clicking the padlock icon
displayed in most browsers when on any secure website. The browser not only shows you the trust chain, but it
verifies the integrity of every certificate in the chain. It checks that none of the certificates in the chain has expired
or has been revoked, meaning the private key was stolen or made public which makes the certificate basically
invalid.
Digital certificates also have a regular, readable name, technically called a "Subject". For web sites, the subject
name of the certificate securing the web site also must match the domain name of the web site. Finally - and
crucially - browsers and web client stacks will decline connections to web sites secured by a self-signed
certificate. The assumption is that without a separate issuer, no digital certificate can be fully trusted.

Epicor 10.0.600 23
Technology Strategies Epicor ERP 10 Architecture Guide

24 Epicor 10.0.600
 Additional information is available at the Education and
Documentation areas of the EPICweb Customer Portal. To access
this site, you need a Site ID and an EPICweb account. To create an
account, go to http://support.epicor.com.