Our purchasing department bought a service called Sourceday (https://sourceday.com/). After the purchase they finally told IT about it and I had a kickoff call with SourceDay. They service pulls PO info from Epicor and publishes it so vendors and customers can make corrections or changes. After the changes the buys are notified and the buy can approve or deny it. If approved Sourceday pushes the changes back to Epicor.
To accomplish this they use IIS and servcie connect runtime. I’m not hugely familiar with setting up and running an outward facing IIS server and know nothing about Service Connect or Servcie Conenct Runtime.
I would assume I need to put the IIS server in the DMZ on the firewall for some security. Not sure if Service connects run that way, or what ports to map.
Anyone use this SourceDay service? Anyone setup Service Connect Runtime on an outward facing IIS?
I’ve only ever setup one IIS server in the DMZ for talking to the outside world, so i won’t comment on that configuration. The Service Connect Runtime would sit inside your firewall on its own server with it’s own internal IIS configuration and database. The main difference is the runtime is for executing workflows etc and the full blown version is for development. Depending on how the work flows are designed, it may simply need to be able to tunnel into the server on the DMZ to pick up files (such as csv, excel etc…) or perhaps one of many other methods it can interface with other systems. I would inquire as to the nature of that interface and find out exactly how this other service is handing off data to Service Connect.
You could set up IIS with ESC(Epicor Service Connect) runtime on a DMZ server, and have ESC receive data through its web services and drop them to a folder, where they’re picked up by an internal server through FTP.
Running workflows as web services for pushing and pulling data is probably the only situation where you would want ESC in a DMZ. If you’re controlling the transactions from your end, you’re better off putting it fully behind your firewall as an internal system.
Working through FTP in the DMZ increases your security by providing a stopping point where a hacker could not control a connection to your internal servers. A hacker could still attempt to feed data in through files if they got into the DMZ server, but it’s much harder to do anything through the firewall without being able to establish a connection to the inside.
If this service has some software that you install on your end, it’s likely that you can install it on an internal server with ESC and it’ll work just fine. Otherwise, you’ll probably be provided with some configuration information, such as what IP addresses to let into the firewall. This would be the only reason to allow access to web services on the outside, hence a firewall or DMZ setup because, as you describe it, the service would need to establish a connection from their end into your server.
Curious to how things are going with SourceDay? Our purchasing department just came to IT requesting we purchase this software before the end of the year so I am looking for any feedback I can get.
The company hasn’t moved forward yet with Sourceday. I had some security
concerns with setting up an IIS server. We do not host anything internal so
it wasn’t something I was overly confident on. Then Sourceday never really
did this with Epicor 905.702 using a Progress database so they had to do
some research. I’m not sure where the powers that be are with the whole
deployment