Network connectivity requirements for Epicor Web Access without using VPN

We are currently testing Epicor 10.1.400.16. We are using Epicor Web Access (EWA) over VPN and its working fine. Does anyone have experience with EWA over a Wide Area Network (WAN) but without using VPN? I would appreciate any advice and known requirements for WAN network connectivity. Epicor support confirmed that E10 will function over a WAN. However, I was told they didn’t have any documentation on best practice, and that we may experience application performance issues due to WAN network bandwidth vs. utilization by fluctuating traffic.


I am kind of surprised Epicor does not have any recommendations / best practices, but things like application compression, network quality of service (with sufficient bandwidth), and potentially WAN optimization devices are all part of a stable and tuned environment. I have installed and configured several clients with as many as 300 remote clients and with the items mentioned above have never really heard performance grumbling with the exception of some large print jobs. For me, the best bang for the buck is WAN optimization but Epicor 10 does a pretty good job itself. You can test this yourself but EWA vs. the standard client should perform the same. You could also use Terminal Services or a Citrix type technology to deploy to remote users.

1 Like

Support advised me to contact their professional services department. I would appreciate any advice on https (certificate) vs http. Did you have to setup another dedicated IIS server in a DMZ?

Just to make sure I am on the same page, are you going to allow client access via the Internet and without VPN? While I would recommend VPN since most clients are low maintenance, easy to use, and require a small footprint, it kind of adds a nice security layer to the access. If you are set on going with straight internet access then you would want an IIS server in your DMZ and you will want to use https (cert). The setup of both is relatively straight-forward and if you hit a roadblock I am sure the community here will help out.

To your question “Just to make sure I am on the same page, are you going to allow client access via the Internet and without VPN?” No, for the majority of our users, E10 client software access will be implemented with VPN.

While EWA works well over VPN, management has requested a plan/budget for the requirements to enable EWA in WAN without VPN for the field service and sales staff only.

Does Epicor 10 support ADFS? I too am trying to setup IIS and EWA in our DMZ. Can we point the application server for an EWA installation, within the DMZ, to our existing, internal live / production, application and database servers? Can we allow windows authentication from EWA / IIS, within the DMZ, to our existing, internal Active Directory / Domain Controllers?