Part II: Installation and Configuration
Chapter 6: Configure Epicor Server and Application Server
6.3 Add Epicor Application Server
Use the following steps to add your Epicor Application Server using the Epicor Administration Console. Note that prior to adding an Epicor Application Server, you must add your Epicor Server.
1. In the Epicor Administration Console tree view, expand the Server Management node. Verify that the Epicor server that will host the new application server is listed. Your dialog may look similar to the following:
2. Right-click on the Epicor server and select Add Application Server. The Application Server Setup dialog opens. Your dialog may look similar to the following:
3. On the Application Server Settings tab, define the following:
a. Enter the Application Name. This value is the name that Internet Information Services (IIS) uses to create the application, and this value is also added to the URL address which the client installation uses to connect to the application server. For example, if you enter ERP100700 in this field, the application server URL will be net.tcp://<servername>/ERP100700.
Note The following fields default based on the application name you entered: Web Site Directory and Application Pool Name on this same tab, and Display Name on the Admin Console Settings
Installation and Configuration Epicor ERP 10 Installation Guide
b. Enter the Deployment Directory that contains the Epicor server installation. For example:\\EpicorServer\Epicor\ERP10\ERP10.0.700.
Note You must be a member of the Administrators group on the server specified.
c. The Web Site Directory identifies the server machine that will contain the application server. The application server is installed in this location. Verify that the path includes the Application Name that you just entered. For example: C:\Inetpub\wwwroot\EpicorERP100700.
d. Use the drop-down menu to select your Net TCP Binding Configuration to define how this application server checks for authentication certificates through Internet Information Services (IIS). When a user logs into the application, the selected method verifies the communications are encrypted and checks whether the user can access the Epicor application. Options include:
• UsernameWindowsChannel. Select this option to authenticate using an Epicor Username and Password on a Windows Domain. Windows ensures communications are encrypted while the username and password are managed in Epicor. You can use this method for both smart client and Epicor Web Access (EWA) installation.
• UsernameSSLChannel. Select this option to authenticate using an Epicor Username and Password on a non-Windows Domain or across two untrusted Windows Domains. A Secure Sockets Layer (SSL) X509 certificate is used to encrypt the communications while the username and password are managed in Epicor.
When you select this option, you may need to define a DNS Endpoint Identity if your SSL certificate and server name are different. You can use this method for both smart client and Epicor Web Access (EWA) installations.
Note If you plan to use Digital Certificates, you must select UsernameSSLChannel. Refer to the Technology Strategies > SSL: Review Digital Certificates for Epicor 10 section in the Epicor Architecture Guide for more information on the digital certificate options available in your Epicor ERP application.
• Windows. This type of authentication replaces the Epicor 9.05 Single Sign On method. It authenticates and encrypts communications using Windows Domains. Select this method for AppServers that handle client installations where users access the application through the same domain. If you select this option, you do not enter a Username/Password for the task agent; instead you define this domain user account on the Windows service. You can only use this method on smart client installations.
4. In the Server Information group box, use the fields to update your Epicor ERP 10 application to an updated version. Fields include:
a. Version. Use the drop-down to select your update version from the list of updates that are available on your server. You previously installed these updates using the steps in the Install Epicor ERP 10 Update (10.0.700.x) section. For example, select 10.0.700.x to select to update your Epicor ERP version to 10.0.700.x. It is recommended that you select the latest update available. If no updates are available, you can select Base. Note that when you click OK, the application server updates the Epicor ERP 10 application to the selected version. If prompted that all users will be disconnected while the system is being updated, verify that all users have logged out of the system and then click Yes to continue.
b. Custom Directory. If you have custom programs to incorporate with the Epicor application, browse and select the Custom Directory that contains these custom .dll files. After you click OK on this window, these custom .dll files are included in the Epicor application.
Epicor ERP 10 Installation Guide Installation and Configuration
Note When you finish creating or modifying the application server and click OK, the application server checks each folder (in sequential order) to determine what version to install:
• Base Directory. This directory contains the primary installation for the Epicor application. The update process always starts with this base version.
• Custom Directory. The application lastly checks if customizations are available. If custom programs are in this directory, the Epicor application applies these customizations over the base version.
c. Shared Assembly Location. Select this check box if you have a network load balanced (NLB) environment, for example if you have the Epicor ERP 10 application installed on more than one server. This is the location that will include the Assemblies and BPM folders. After selecting the check box, you must select a Shared Directory in the next field.
d. Shared Directory. Select the directory of the Shared Assembly Location. This directory can be a network shared location or a local file path. Note that if your appservers will be on separate machines you must select a network shared location.
5. In the Application Pool group box, enter the following fields:
a. By default the Application Pool Name uses the value you entered in the Application Name field. You cannot change this value. This value defines the name of the application pool associated with the new application server. An application pool defines a group of related URLs that use the same process or set of processes. The new application server must be placed in an application pool.
b. Use Custom Account. Select this check box when you need to enter a specific user account for the Internet Information Services (IIS) application pool this application server uses. If you select to use a custom account, you must also enter the following:
• Application Pool Username. Enter the domain and the user account. For example, MyDomain\UserName.
• Application Pool Password Enter the password associated with the user account for this application pool.
Note If you do not select this check box, the application pool uses a default user account. This default account depends on whether you use an SSRS server. If you use an SSRS server, the connection uses the LocalSystem account. This is the default user account available through the Windows operating system. If you do not use an SSRS server, the connection uses the
ApplicationPoolIdentity account. This is the default user account available through Internet Information Services (IIS).
Do not click OK yet. You must complete the other tabs before submitting the information. If you click OK, you may receive a message that your data entry is not complete on the other tabs.
Installation and Configuration Epicor ERP 10 Installation Guide
6. Select the Database Connection tab. Your dialog may look similar to the following:
Define database connection settings:
a. For the Server Name enter the name of your database server that contains the database that you will use with the current application server.
b. Click the Authentication drop-down list and select either the Windows Authentication or SQL Server Authentication option.
• If you select Windows Authentication, the User and Password default to your current login values.
• If you select SQL Server Authentication, enter the User and Password you use to log into SQL Server.
c. From the Database Name drop-down list, select the name of the SQL database you want to link to this application server. All the databases available under the selected database server display on this drop-down list.
d. To verify the application server can connect with this database, click Test Connection and click OK in the confirmation message.
Epicor ERP 10 Installation Guide Installation and Configuration
7. Navigate to the Admin Console Settings tab. Your dialog may look similar to the following:
Define Admin Console settings:
a. Enter the Display Name to identify the application server in the administration console. Choose a name that helps you identify the purpose for the application server.
b. Enter your Epicor User Name and Password. You must enter a valid Epicor User and Password for the user account who has access to the Epicor application directories. The credentials differ based on the database (new or Demo) to which you are adding an application server:
• For a new database, enter manager / manager.
• For the Demo database, enter epicor / epicor.
Note The password is stored in an encrypted format.
c. Enter the Operation timeout value you want for the application server. This value determines the wait time until an incomplete operation is stopped by the application server. The default value is 300 seconds.
d. Select or clear the Validate WCF Certificate check box. This indicates whether the client application and WCF service need to validate their connection through a certificate. If this check box is selected, a certificate is required for the client installation to communicate with the WCF service.
e. For DNS Identity value, enter the expected DNS server name. There are two scenarios where you need to enter a value in this field:
• UsernameSSLChannel Selected in Endpoint Binding. When authenticating using message-level or transport-level Secure Sockets Layer (SSL) with X.509 certificates, WCF ensures that the certificate provided during the SSL handshake contains a DNS or Common Name (CN) attribute equal to the value specified in this field.
• Windows Selected in Endpoint Binding. When the service authenticates using message-level or transport-level SSL with a Windows credential for authentication, and negotiates the credential, then the negotiation passes the service principal name (SPN) so that the DNS name can be checked. The SPN is in the form host/<dns name>.
Installation and Configuration Epicor ERP 10 Installation Guide
f. In the Epicor Application Launcher group box, select one of the following options to define how you want to access the client from within the Epicor Administration Console:
• Do not allow access to user details. No method is used to launch the Epicor client. The default value, the client is launched as normal from within the Epicor Administration Console.
• Use Epicor Smart Client. If you select Use Epicor Smart Client, you must click the Browse (...) button to find and select the Epicor.exe file that you will use to launch the Epicor client.
• Use Epicor Web Access. If you use Epicor Web Access, select this option and click the drop-down list to define the URL for the web access. This drop-down list contains the web access values defined in the company configuration data for Epicor Web Access (set within the client).
8. Navigate to the SSRS Configuration tab. Your dialog may look similar to the following:
Define your SSRS Configuration settings:
a. If you plan to use SSRS reporting functionality, keep the Configure SSRS check box selected. The SSRS configuration fields open and you can then define how this application server interacts with SSRS.
Note If you are not ready to configure your SSRS functionality now, do not select the Configure SSRS check box. Later when you want to use SSRS reporting functionality, you can update your application server. To do this, expand Server Management > [server]. Right-click on your application server and select Application Server Configuration. You can select the SSRS Configuration tab to define your SSRS settings.
b. Enter the SSRS Base URL for the SSRS Report Server. This value defines the Uniform Resource Locator (URL) for the server, so enter the web site location that contains it. When you install SQL Server, you set up this URL and so this value is typically http://<localhost>/ReportServer.
Note To find the value you need to enter in this field, go to the server machine and launch Reporting Services Configuration Manager. From the tree view, click the Web Service URL icon.
The value you need displays in the Report Server Web Service URLs section. Copy this value into Notepad or a text editor so you can later paste it into the Application Server window. For example:
http://HVW12AS09:80/ReportServer
Epicor ERP 10 Installation Guide Installation and Configuration
c. Optionally, enter the SSRS Root Folder location. This directory defines the root folder location where you will deploy the reports. For example, enter Epicor if you want the reports to deploy to the
Epicor/Reports folder. If you leave the field blank, this root folder will be the directory that contains the report server home page file, and the reports will deploy to the /Reports sub-folder in this directory.
9. In the SSRS Database Connection group box, enter the following:
a. In the Server Name field enter the name of the database for the Report Server. The value you enter in this field depends on how you have set up your system. This database can be:
• The same database used by the Epicor application -- Although this set up is not recommended, your report server database can be the same as your main database.
• A separate database on the SQL Server -- This set up method is most common, as the report data then populates this separate database on the server.
• A database on a different SQL Server -- The report data from the Epicor application is sent to another server dedicated to SSRS report processing. If you are a larger organization, you may set up your system in this way to improve performance.
b. Click the Authentication drop-down list and select either the Windows Authentication or SQL Server Authentication option.
• If you select Windows Authentication, the User and Password default to your current login values.
• If you select SQL Server Authentication, enter the User and Password you use to log into SQL Server.
c. In the Database Name field enter the name of the database that will hold the temporary data used by reporting. Click the Down Arrow next to this drop-down list; select the database you need from the list of options.
d. To create a database for SSRS, select the Create DB check box. When you select this option and click OK, a new report database is generated using the name you entered in the Server Name field.
e. When you finish defining your SSRS options, click the Test Connection button. A message should display indicating that this application server is connected to SSRS. If you receive an error, check your values to make sure they are accurate and then test the connection again.
10. In the SSRS Deployment group box, enter the following:
a. Verify the Import Reports check box is selected. This indicates you are ready to import your reports.
Note that if you are updating the application server and you do not need to import the SSRS reports, you must clear the Import Reports check box.
b. For the SSRS Location, select the directory that contains the latest SQL Server SSRS ReportServer installation. Depending on your SQL Server version, this location is similar to the following example directories. Your specific directory path will be the name your system administrator assigned to the SQL Server instance during installation.
• SQL Server 2012. C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer
• SQL Server 2008 R2. C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer
If the SSRS server is on a separate machine, enter the UNC path to the ReportServer directory. The current user account must have permissions to write to this remote directory. Typically this directory is:
Installation and Configuration Epicor ERP 10 Installation Guide
\\<RemotePCName>\C$\Program Files\Microsoft SQL
Server\MSRS10_50.MSSQLSERVER\ReportingServices\ReportServer
Note If you have multiple SQL Server versions installed, make sure you select the location that matches the version used by the Epicor application.
11. After completing all the tabs, click OK. A status window displays progress through the application server setup steps. After the server files are extracted, your display may look similar to the following:
12. When setup server environment is complete, a message appears saying the setup is successful. Click OK. If you receive an error message, resolve the issue and restart these steps to add an Epicor Application Server.
13. If you have selected to use the UserNameSSLChannel endpoint binding, you now must edit the web.config file to enter a value. To do this:
a. Navigate to your Epicor ERP 10 application server web.config file. To do this, go to Start > Run and type inetmgr. Under the Sites node, right-click on your application server and select Explore. Open the web.config file with a text editor.
b. Remove the comment identifiers on the serviceCredentials node.
Currently, the node with the comment identifiers looks similar to:
<!-- <serviceCredentials>
<serviceCertificate x509FindType="FindBySubjectName"
findValue="<servername>.name.local" storeLocation="LocalMachine"
storeName="My" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Ice.Security.UsernameValidator, Epicor.Ice, Culture=neutral, PublicKeyToken=5d3fa3c7105d7992" />
<clientCertificate>
<authentication revocationMode="NoCheck"
certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
-->
Epicor ERP 10 Installation Guide Installation and Configuration
After editing, the node without the comment identifier looks similar to:
<serviceCredentials>
<serviceCertificate x509FindType="FindBySubjectName" findValue="certificate name" storeLocation="LocalMachine" storeName="My" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Ice.Security.UsernameValidator, Epicor.Ice, Culture=neutral, PublicKeyToken=5d3fa3c7105d7992" />
<clientCertificate>
<authentication revocationMode="NoCheck"
certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
c. Locate the <serviceCertificate> line. Change the value of the findValue attribute. The findValue is the name of the certificate you just created. For example, enter the fully qualified domain name.
d. Save the file.
14. Verify that your new Epicor Application Server is listed under the Server node in the Tree View. Click the application server. The Epicor Administration Console connects to the application server and the property details are displayed in the center pane. Your display may look similar to the following:
You have successfully added your Epicor Application Server.
Installation and Configuration Epicor ERP 10 Installation Guide