We have been considering moving from on-prem to the Azure Cloud. I have been tasked with hardware sizing and pricing it out.
We are running E10, v10.2.500, and will be upgrading to 10.2.700 eventually. I think we will hold off on Kinetic for a while.
I’m not that familiar with Azure and was curious if anyone else has done this? How has the performance been? What series are you using? Bs, Av2, D2a, Fsv2, etc… Which one would you recommend for an app server with roughly 30 users?
How about the SQL server? What would be the best series? What kind of storage would you recommend? Premium SSD, Ultra Disk, Standard SSD?
Sorry, I know it’s a lot. I have tons of questions and hoping someone has been here and done it already.
Probably the first place I would go is to the Azure Migrate Tool. It will make suggestions and you will freak out at the cost. Of course, people vastly underestimate what they actually pay for when on-prem (HVAC, Security, hot backup sites, backup storages, 24X7 operators, etc.) Once you find a level, you’re not locked in. This is a big difference between cloud and on prem. You can scale up or down easily than On-Prem, where you have to over procure for growth. To save money in the cloud, you’ll want to look at Reserve Instances, where you guarantee 1-3 years and that brings the price down significantly.
The performance will feel like facilities that connect to your datacenter everywhere, so be prepared for that. Once the browser UI settles down, it will have much better performance and less work for IT not having the rich client maintenance. I would follow Jose’s strategy and just upgrade to Kinetic but use the rich client. That way you’ll have a browser experience that is more mature than 10.2.700 and you can slowly move your customizations over in your own time.
I’ll look into the Azure Migrate Tool. I will also need to look into Kinetic further. I’ve been afraid that we will lose our already existing customizations\BPMs and the ability to customize with C#. This is lack of due diligence on my end though. Once I heard C# was going away I lost most of my interest in Kinetic. If Jose says it’s the way to go, then it’s probably the way to go.
I’m curious as to what you decide @CasterConcepts as we are contemplating a similar move to a private ‘cloud’ in Azure. We are doing the same as Jose and others in going to 2021 and using the full client until Kinetic can be fully vetted and tested in our environment. So far in our testing we’ve lost nothing of our customizations and custom reports.
The .NET client will remain for at least two more years and still exists in K21. BPMs and Functions will remain so you will not lose any of that work. The only C# that “disappears” is in the UI. If you convert the code in your screens to Epicor Functions then you can change the .NET Customizations to call those and then you’ll be ready for the browser, which will be way more performant if/when you move to Azure.
If .NET client performance becomes an issue in Azure, you could also look at putting the client in the cloud too using several virtual desktop options.
Mark, I’m a cloud newbie and am curious… How does the network side of things work? If you have a SQL + Epicor appserver in Azure Cloud, are you still dealing with VPNs so the clients connect to them on the same network? Or is the idea that everything will be secure enough where the Kinetic browser client can talk to the appserver over the internet?
We have started the project to migrate to Azure from our current hosted datacenter. We employed a group to help us with the move, as well as to help us tune/manage it moving forward. It is on our tenant so we own the installation. The ROI for us was just under 2 years.
We did our last upgrade testing on Azure. Spun up some servers, installed the software and then disposed of it all when we were done. Even though we chose the base line computing specs for the testing, it was still better performance than we were getting in our current hosted environment.
@TomAlexander, I’m not sure what our production environment will look like, but when we ran our test I created site to site VPN connections to Azure so it was on our network. Once we get the MFA working we will allow some outside users access via browser.
This is a perfect opportunity to work on your Zero Trust initiative. One of the tenets of Zero Trust is micro-segmentation. I know a company who extended their local “safe” network to Azure (all protocols) and when malware hit, it got to the Epicor installation in Azure.
This is why Epicor SaaS will not let you set up a VPN to their service. There is absolutely no technical reason your Epicor installation needs to be on your Active Directory domain either. (“But how do we download the Client, Mark?” The same way that Epicor SaaS does, serve up the folder via https. Epicor uses Microsoft’s content delivery network but you can add the site to your own server.)
Use this opportunity to protect one of the company’s most valuable assets. And like Doug suggests, use Azure AD for authentication. With some upgrades to Azure AD, you can add additional features like conditional access to gain even more control.
In my experience, Infrastructure people look at us Application people like we have 3 heads whenever giving a server a public IP is suggested. Maybe that is starting to change.
