Our corporation is considering piggybacking a second company onto our 10.2.300.16 Epicor instance. Historically, we have had issues installing the client on a non-domain computer. So we did a connection test using a VPN connection and remote desktop. The speed was fine but the user experience of RDP was determined to be garbage. Is there a way to configure the system to run properly from a different domain?
Was the RDP to a Desktop on the domain that was running the Client? Or was it a via a RD served remote app of the client installed on a server?
We’re a small company (owned by a giant company), and E10 is hosted in the parent companies data center in Georgia. Most of the users in Pennsylvania, and use E10 via RD App served from the same box acting as the App server. The RD servered app runs as smooth as if your were running the client on a locally connected PC. One or two users do have the client installed locally (on their PC in PA), and have no issues through the VPN to the datacenter in GA.
All the work I do is via remote desktop. I RDC into a server (that is just for me, and also in the GA data center), which has the client installed on that server. Then I run the client “locally” (its on the server I RDC’s to). No issues at all.
Epicor supports running the smart client from a different domain out of the box, you just need to use the SSL binding on the App Server. Check the Architecture Guide for more info; sections:
This NET.TCP binding authenticates transactions using a Secure Sockets Layer (SSL) X509 certificate. Leverage this method for application servers that handle smart client installations when users reside in different domains. By using an SSL certificate, users from these different domains can log into the Epicor application.
… Use this method for application servers that handle smart client installations when users reside in different domains. By using an SSL certificate, users from these different domains can log into the Epicor ERP application.
NET.TCP and HTTP, I do not see however the HTTPS version in the document nor in the EAC.
Anyway, net.tcp and http should work for your users when their client PC has imported the certificate from the server.
@markb_wi We just were acquired and networking setup a trust between the two domains and E10 works fine from their location thru a vpn appliance.
EDIT: We also do https not from their location, but for another vpn location and it does better than net.tcp for them and I have a consultant virtual machine that has no relation to our domain at all that uses ssl to get only to Epicor.
Plenty of ways or a combination of them.
Thank you great feedback, I’ll let you know how it comes out and mark the winner!
Https binding, like HttpsBinaryUsernameChannel will work as well, it does not use anything related to Windows domain authentication, only certificate is required