So I’d love it if we could set up a way for people to go to a url (like, say, erp.domain.com) and get pointed to our production app server browser client. This would also be great if we ever end up using azure app proxy or something similar to allow end-users to authenticate via Azure AD and then access our ERP system without needing to VPN first.
Basically, what I want is that end users could go to “erp.domain.com” from on site or off site and end up at our current production server - how would we accomplish this? Is it even possible? I thought I could play around with the hostname in the IIS bindings and DNS but that’s not working at all - I just end up at the welcome page for IIS.
Yes, this is possible. We don’t expose our system to the internet, but internally our DNS is set up with a CNAME record that points to our Epicor app server. You need to set up your app server’s DNS Endpoint Identity, and have an SSL certificate for the domain (we use a wildcard SSL cert to cover multiple subdomains).
Maybe this will also work if you’re thinking about Azure App Proxy?
@andrew.johnson How is the cname structured? Forgive my ignorance, I haven’t done much with DNS other than creating a few A records to point to some IP’s. The CNAME looks a bit more complicated since I have to use the FQDN of the target host. So the “alias name” would be my “erp.domain.com” and my target domain would be the actual server name? Is that how that would work?
Sounds like you want to have access outside of your local network. I have not done that yet… but for internal only:
Open your DNS Manager
- Open or create a Forward Lookup Zone for ‘domain.com’
- Add a CNAME record
a. Alias name: erp (Results in a FQDN of erp.domain.com)
b. FQDN for target host: myappserver.mylocaldomain.local
Huh. So when I get that all set up, I end up getting the “welcome” page for the default IIS site. Any ideas why that would be?
You need to provide the full path to the app server, unless you set up some URL Rewrite/Redirect in IIS.
Without that, it hits the ‘Default Website’, which is pointing to the default IIS page. You could set up a landing page there too, to link to the full URL.
Ah, that makes sense. I just set up a redirect to point to the actual url’s and now simply putting in my “erp.domain.com” url works like a charm. Thanks so much! The external facing stuff is obviously going to take some time/research to get going but this is a great proof of concept for our internal facing stuff.
When you all do upgrades, do you stand up a new server and then just cut over using the CNAME to point to the new environment? That’s kind of what I’m hoping to do in the future with this.
For us it’s never been necessary to change the DNS records. Our last upgrade, we upgraded from Windows Server 2019 to 2022, and Kinetic 2022.1 to 2022.2
Did all the setup and installations on a fresh VM. Renamed the servers when it was time to cut over. Downtime was minimal (in our opinion). That may not be acceptable for larger companies with greater volume of activity.
What does your “data freeze” look like when doing it that way? Do you have a cutoff for people using the system so that you can export the data from production into your new server before cutting over?
Yes, we do have a point where we have to shut the app server off, for major upgrades.
There isn’t really an export/import process. You upgrade the database using the Database Tools in the Epicor Admin Console.
Right, I suppose you’re not setting up a new SQL server - it’s just for App servers. I was thinking migrating the data from the old SQL instance to a new one, but the upgrade process doesn’t really require that I suppose.
We did do our SQL Server upgrade at the same time… 2017 to 2019. So it’s true there was a backup/restore process there.