Hosting Your Own Epicor Cloud Instance Within Azure
If you are like me, when you started your career it would have been hard to imagine running IT operations without on-premise servers. But here we are today where the idea of buying a beefy on-premise server is met with the question “why not just virtualize it in the cloud”. When it comes to Epicor, ideally you’d just let them handle it with their service offering but there are the occasional reasons where that may not be an option. Perhaps the automatic upgrade schedule is too rapid for your business. Perhaps the conversion to SaaS pricing doesn’t work for you. Whatever your reason, you may find yourself in a position of asking yourself “could I just set up my own Epicor cloud instance”? This article provides some loose direction on going that route, to be supplemented by the full Epicor installation guide.
VM Selection
As is the case when selecting physical hardware for an on-premise server, requirements will vary greatly and consult the various sizing guides to pick the suitable options for your environment. I am not an expert in this area but I will note you should definitely look into “Azure Reserved Instances” which contract you for a period of time (i.e. 12 months) in exchange for a deep discount - with lots of flexibility and reasonable cancellation policies.
DNS
If you wish for your cloud instance to operate as similar to that of Epicor, you should set up a CNAME record that maps to the DNS name assigned to your Azure VM (it will be something like my-company-e10.eastus.couldapp.azure.com). So your CNAME will look something like this:
e10.mycompany.com => my-company-e10.eastus.couldapp.azure.com
As you are planning this out, note that multiple instances of Epicor can run at this same address so you don’t need to set up separate DNS records for PILOT, DEV, etc.
Epicor Installation
Installation within the VM itself is largely going to follow the traditional Epicor installation guide. The biggest note here is that when it comes to setting up your app server bindings you will want to select this option for HTTPS Endpoint Binding:
Adding this second binding is going to start giving you this error:
Log Name: Application Source: System.ServiceModel 4.0.0.0 Date: 4/19/2021 9:24:59 PM Event ID: 3 Task Category: WebHost Level: Error Keywords: Classic User: SYSTEM Computer: epicor-10 Description: WebHost failed to process a request. Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/43205102 Exception: System.ServiceModel.ServiceActivationException: The service '/E10DEMO/Ice/BO/UserFile.svc' cannot be activated due to an exception during compilation. The exception message is: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'.
As noted in the error text, to resolve this you need to edit your web.conf in your Epicor app server directory (i.e. c:\inetpub\wwwroot\E10DEMO\server\web.conf) and add this line right after <system.serviceModel>:
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Firewall
Open up ports 80 and 443 to your VM from the Internet. You may feel that you only need 443 since you only intend on running Epicor over SSL but note that you need 80 opened up for the SSL certificate assignment / renewal process.
SSL
As a part of your Epicor installation you will have have generated a self-signed SSL certificate for use in IIS. This is fine for use within the VM but in order to operate smoothly with your clients that will have the Epicor client installed locally you will want to get a legitimate certificate. Fortunately this is free and easy using https://letsencrypt.org and https://github.com/win-acme/win-acme. You don’t need to do anything on the Let’s Encrypt site - simply download the win-acme utility, run ‘wacs.exe’ and, follow the prompts. When you are all set a SSL certificate will be generated, applied in IIS, and a scheduled task will be created to automatically renew this SSL certificate with Let’s Encrypt.
Client
With all of the above in place, you should now be able to run a locally installed Epicor client with no VPN or anything pointed to this cloud server. Your .sysconfig will use an AppServer URL that looks something like this:
<AppServerURL value="https://e10.mycompany.com/E10DEMO" />
And that should be it. Run into any snags? Leave me a message in the comments.