Frequently asked questions about leveraging SecturaSOFT as part of the Epicor Kinetic ERP solution.

 

 

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, or renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.


Capture the true value of cloud ERP with Epicor Kinetic ERP 2021.2. An intuitive, configurable, and guided user experience with embedded learning helps you maximize your profitability with real-time business intelligence and built-in collaboration tools. Kinetic has the functionality you need to run a modern, future-ready business poised to capitalize on data, transform digitally, and innovate without limits.

This document contains the steps necessary to get your business current with the latest ERP solution built for manufacturers of every size.

 

 

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, or renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.


For companies considering deploying their mission-critical business applications in the cloud, it is common to have questions relating to security, data protection, privacy, availability, and data center operations. As part of our commitment to transparency, this document compiles the answers to your frequently asked questions.

Our mission is to leverage the cloud to deliver Kinetic with the high level of performance, quality, security, scalability, and reliability that our customers expect.

With cloud environments, customers do not manage or control the underlying infrastructure, network, servers, operating systems, storage, or applications—except for customer-specific customizations and supporting on-premises applications. This document is designed to provide information on how Kinetic in the cloud is deployed for customers. As a guide, please refer to the Epicor cloud model depiction below for an overview of the three participants involved in a standard deployment of Kinetic in the cloud—Epicor, yourself, and Microsoft Azure® as our datacenter partner—as well as the responsibilities and scope of ownership of each participant. When deployed on Microsoft Azure, customers will be provisioned and managed by Epicor on our Azure subscription and are not deploying an Azure subscription on their own.

Note: Certain third-party applications offered by Epicor on a cloud basis are hosted by or on behalf of their suppliers. This article does not address those instances.

Kinetic In Public Cloud Model

an image of the Kinetic in cloud model

Epicor provides public cloud premium multitenant deployments of Kinetic where each customer has their dedicated database on shared infrastructure. However, in rare cases, Epicor may provide a customer with a private cloud deployment. This document describes only the public cloud deployment model.

There are also occasionally differences in our cloud model as a result of geographic or regulatory requirements and technology advancements in today’s dynamic business environment. This document is accurate as of the published date. As technology in this space can change rapidly, please discuss requirements with your account manager.

As your evaluation process continues with Epicor, we’d be delighted to explore other technical or business questions you may have about cloud deployments. Please contact your Encompass sales representative or customer account manager.

Kinetic In Public Cloud Datacenter Questions

Azure

Why does Epicor standardize its ERP solutions on the Microsoft Azure public cloud platform?

Epicor has widely recognized as a leader in enterprise resource planning (ERP) solutions with a proven history of partnering with experts to leverage our domain knowledge. That’s why they choose to partner with one of the world leaders in Platform as a Service (PaaS) and Infrastructure as a Service (IaaS), Microsoft Azure.

Epicor and Microsoft have a long-standing strategic partnership that has expanded to a global scale through the power of Kinetic running on Azure. Microsoft technologies optimize productivity and innovation for Epicor, our customers, and our partners. Epicor leverages a range of Azure technologies—including SQL Servers and SQL Databases, Internet of Things (IoT), artificial intelligence (AI), and machine learning (ML)—to deliver ready-to-use, right-sized solutions for midmarket manufacturers and distributors.

Epicor also taps into Microsoft’s technologies for advanced search, natural language processing, and other use cases to deliver modern human/machine interfaces that improve productivity for our customers.

Where are the Azure datacenters that run Kinetic?

Microsoft Azure serves more than 50 regions globally, which aligns with our commitment to customers worldwide. Since Epicor announced its standardization, the company has launched Kinetic in Azure datacenters worldwide, including regions within the Americas, Asia Pacific, and Europe. Moving forward, Epicor expects its partnership with Microsoft can support our growth into new territories based on market potential and customer demand.

Kinetic Cloud is currently available on the following Azure datacenters:

  • Australia—Australia East
  • Australia—Australia Central for Epicor customers of the region-specific Epicor Senior Living Solutions (SLS)
  • Canada—Canada Central
  • Germany—Germany West Central
  • Singapore—Southeast Asia
  • United Kingdom—UK South
  • United States—Central US
  • The United States—US Gov locations for Epicor customers who require ITAR compliance

These data center regions can serve—but are not limited to—customers located in the following countries: Australia, Canada, Colombia, Finland, Germany, Hong Kong, Malaysia, Mexico, Netherlands, New Zealand, Sweden, United Arab Emirates (UAE), United Kingdom, and United States of America (USA). This list continues to expand as the company regularly evaluates cloud offerings and strategically aligns data center locations. Epicor is happy to discuss your regional connectivity needs. For details regarding Azure regions, visit https://azure.microsoft.com/en-us/global-infrastructure/regions.

What are the benefits of Epicor running Kinetic in the Azure data center versus running Kinetic in my Azure instance?

Kinetic as a public cloud service by Epicor provides a level of availability, scalability, security, and cost-effectiveness that can be difficult for customers to achieve on their own, even when they leverage Azure as their IaaS provider or a third-party provider. The deep knowledge Epicor has of the Epicor product, our strong partnership with Microsoft, and our development and operational expertise allow us to deliver a best-in-class experience for our customers.

A key benefit of our cloud offering is the ability to create value for our customers through scale. Rather than provisioning Azure virtual machines one by one as customers sign up or grow, Epicor provisions entire Azure data center operations for customers. As a result, Epicor can pass on to all users more consistency and larger scale than an individual customer would typically provide for themselves.

How does Epicor ensure High Availability (HA) in Azure?

Kinetic on Azure leverages load balancing and clustering to provide high availability for all users. This is designed to provide a consistent user experience with minimal business interruptions.

How does Epicor scale using Azure?

Epicor monitors the performance of Kinetic on Azure 24×7, and can rapidly scale to address demand.

Kinetic In Public Cloud Requirements

What are the internet/network connectivity requirements for running Kinetic in an Azure data center?

When it comes to your personalized user experience running Kinetic on Microsoft Azure, network bandwidth is not the only factor that determines the “speed” of a network as perceived by the end user. Network latency, which is defined as the actual time it takes for an amount of data to be transferred across the network at once, can also impact performance. Online tools can be used to assess bandwidth and latency, helping you gather the information necessary to make an informed decision about your cloud readiness.

How to test Azure-hosted datacenters running Kinetic:

  • Go to www.azurespeed.com
  • Select your nearest Azure location running Kinetic, which can be provided by your Encompass sales representative

Epicor recommends that users have an average latency of fewer than 150 milliseconds (ms) for optimal performance of Kinetic in the cloud. It is normal for latency tests to vary somewhat based on network and Internet traffic. A spike will not generally be noticeable to end users, but sustained latency will create a slower experience.

How to test your local internet connection:

  • Go to https://www.speedtest.net
  • Record download speed and upload speed five times during the day

The bandwidth requirement is generally 10 Kbps to 500 Kbps; download speed should be at least 5 Mbps for ten users, requiring an additional 100 Kbps per user after the initial ten. These requirements vary and may impact the performance of any cloud service your business uses—depending on the volume of data transferred.

Excessive network latency or interruptions can be caused by your internet provider’s transmission medium (optical fiber, wireless, etc.), routers, and intermediate devices such as switches and bridges. We recommend contacting your internet and/or network provider for assistance, as this will impact your cloud services from any vendor. Epicor may also have services available to help you set up redundant internet connections. Please contact your customer account manager.

Are there any unique connectivity considerations for a global customer with multiple locations or companies?

Kinetic is available in over thirty languages and features country-specific functionalities that apply to nearly forty countries. Cloud deployments of Kinetic are often used to unify a company’s global operations with tools such as multi-currency management, multi-languages, and multi-site management.

Epicor uniquely allows customers the ability to run a variety of cloud models—in a single data center, multiple, or a data center and on-premises.

  • Single Datacenter

Epicor can run multi-site and multi-company customers within the same Azure data center. All users connect to that data center from each of their locations. Global customers with any connectivity concerns can host user desktops in a location with better connectivity or consider using Azure-based terminal services—under their Azure subscription—within our primary datacenter to alleviate potential latency issues.

  • Multiple Datacenters (Multicompany Cloud) or In Multiple Datacenters to On-Premises Locations (Hybrid Multicompany Cloud)

Epicor offers multi-region multi-company transactions for multinational organizations with company locations across the globe. This offering allows customers to gain a consolidated view of multi-company transactions—such as sales orders, purchasing and reporting—without needing all to run out of a single Kinetic database in a single Azure datacenter.
In the Multicompany Cloud models, each data center or on-premises location can still serve several of your organization’s sites but allows you to roll up transactions in a central location. This flexibility allows global companies to meet regional requirements while improving worldwide visibility and alignment.

Kinetic In Public Cloud Security and Data

What is the Azure Security policy?

Microsoft Azure is widely recognized as one of the world’s most secure cloud platforms. Its virtual and physical security policies are constantly evolving with technological advances. Please visit https://docs.microsoft.com/en-us/azure/security-center/ for the latest information.

How do Epicor and Microsoft Azure protect me from a ransomware attack?

Security is our top priority, and protecting you from ransomware and malware is a critical component. Phishing, or cyberattack via email, is the most common way in which cybercriminals penetrate and infect business systems with ransomware. By decoupling your ERP from local servers running email systems, you are taking an important step in protecting your business from ransomware.

Experts recommend creating layers of protection to reduce risk to your business, such as data backups, authentication services, managed firewalls, and antivirus.

  • Data backups are included as part of your Epicor Cloud service, but if you would like data downloads, those are available for purchase as well.
  • Optional authentication services, such as Epicor Identity Provider, help you secure user access
  • Microsoft AntiMalware for Azure is a Microsoft service ( https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware) that Epicor uses to keep your data in the Epicor Cloud safe and secure, with real-time protection, scheduled scanning, malware remediation, and signature updates for up-to-date protection against viruses.

For any of your on-premises workstations or servers beyond your Kinetic system, ask your customer account manager about Epicor Security Suite for expert-managed firewalls and antivirus services.

What are the Epicor Disaster Recovery and Backup strategies in Azure?

Epicor leverages the Microsoft Azure Disaster Recovery (DR) strategy, which is built on best practices that evolve with the industry and security standards. Several copies of customer data are replicated in near real-time across multiple datacenters set up as Azure Availability Zones. Epicor leverages Microsoft best-practice technologies to facilitate a rapid recovery in the unlikely event a data center is rendered inoperable:

  • Azure Availability Zones are used by Epicor to replicate your applications and data across multiple data centers and zones to protect your business from data center failures.
  • SQL Transaction log backups are captured every 30 minutes
  • SQL Differential log backups are captured nightly
  • System backups are taken daily
  • Data backups are retained for 30 days

What is the failover time/latency?

In the event of a component failure in the primary data center (e.g., a database server fails), a secondary server is typically available within a few seconds.

In the unlikely event of a data center failure (requiring disaster recovery), the secondary site will be available with an 8/2 RTO/RPO. For reference, the Recovery Time Objective (RTO) is a standard term that measures how many hours it would take to restore operations. Recovery Point Objective (RPO) defines the maximum allowable amount of lost data measured in hours from a failure occurrence to the last backup.

Do customers have access to monitoring tools?

Customers can check the status of the Epicor Cloud solution at any time for availability and/ or maintenance activities using https://status.epicor.com/. You may subscribe to receive text or email notifications regarding scheduled maintenance and upcoming upgrades posted to the site. Please note this provides a global view of all environments in a single dashboard. As a SaaS service, Epicor is responsible for monitoring the performance of your platform.

Kinetic Application Questions Relating to Cloud Deployment

Cloud Model

Is my Kinetic system deployed in a public or private cloud model?

Kinetic is deployed in a public cloud model, except in rare business cases requiring a private cloud. Architecturally, each customer has their SQL database but shares the application servers. This model is widely used in the cloud-computing industry for its flexibility, security, and consistent performance.
What is the primary technology stack upon which the cloud deployments of

Kinetics are built?

Epicor is proudly built on a Microsoft technology stack, optimized for high-performance cloud deployment.

Do all components run in the cloud? Do I have any infrastructure burden?

The PC workstations, barcode printers, scanners, and other pieces of “user” technology run on your premises. Beyond these, there are some components or integrated applications of Kinetic that may have an on-premises footprint depending on their configuration.

For example, some of our financial reporting technologies are plug-ins to Microsoft Excel®, which need to be installed on the PCs that will use Excel for financial reporting. Your Epicor sales representative or customer account manager can discuss this with you in more detail if it applies.

How does Epicor validate and certify Kinetic readiness for the cloud?

The Kinetic application deployed in Azure datacenters is the same code base we provide to customers for deployment in their data centers. To help ensure we maintain this parity, our development teams, and third-party software vendors are required to validate cloud readiness with the Epicor Quality Assurance teams.

Testing and Requirements

Do I receive a testing system for my Kinetic?

Yes, every Kinetic public cloud customer has a “pilot environment” that is a copy of the production environment and used for testing. Pilot data is refreshed with production data only on customer request through EpicCare, except when Epicor refreshes it automatically as part of the biannual release upgrades so that customers may test the upgraded software with recent data in the pilot environment before the production upgrade.

The pilot system is run on a scaled-back environment rather than a full production system, and it does not have the following modules installed—Epicor Web Access, Epicor Mobile Access, Enterprise Search, Epicor Data Discovery, or Epicor Information Worker. We offer a “Premium Pilot Extension” option for customers who wish to enable these more resource-intensive modules in the pilot environment.

For customers with development needs, such as complex BPMs and Epicor Product Configurator, Epicor provides Additional Environment(s) for an additional fee. Each Additional Environment is typically referred to as your “Third Environment,” “Fourth Environment,” and so on. These are identical to the pilot environment and therefore provide customers with the ability to have a traditional development, test, and production environment.

Customers who also want to enable Epicor Web Access, Epicor Mobile Access, Enterprise Search, Epicor Data Discovery, or Epicor Information Worker in an Additional Environment, would need to extend that specific environment by adding a corresponding Premium Pilot Extension to handle the resource load.

Are there technical or infrastructure requirements for my network?

Daily users access Kinetic in their browser of choice, but power users or application administrators need to download the Kinetic “Smart Client” to perform most administrative tasks, such as set up.

The Kinetic “Smart Client” (used by most customers) requires a computer capable of supporting the Microsoft .NET Framework 4.8 and later. The Kinetic Web Interface is a web-based alternative to the Smart Client that operates on most modern browsers, including Microsoft Internet Explorer®, Mozilla Firefox®, Google Chrome®, and Apple® Safari®. Communication between the Smart Client and the Azure datacenter is secured using at least TLS 1.2.

This HTTPS binding authenticates transactions using an Epicor Username and Password. The data transfers between the client and server using Hypertext Transfer Protocol Secure (HTTPS). HTTPS encrypts the data transfer.

Protocol binding features:

  • Epicor user account (user ID/password) token required for authentication
  • The protocol is an Epicor Custom Binary Serialization
  • The protocol uses .NET v4.5 compression
  • HTTPS encrypts the transport between the client and the server

It is important to note that Epicor does not allow IP filtering at the data center level.

Some customers may choose to deploy specific extensions or third-party modules that have technical requirements beyond the basic Kinetic requirements or introduce other on-premises hardware requirements. Specific technical requirements for these devices and third-party modules are beyond the scope of this document.

Security, Data, and Access

What is the Epicor Security Policy?

Please see the Information Security Program Overview Subscription and Support Services at epicor.com/compliance.

Is my Kinetic data encrypted in the cloud?

Yes, Epicor leverages Microsoft Azure’s Storage Service Encryption (SSE) to protect data stored in the environment. Kinetic users TLS 1.2, secure SFTP encryption, and server authentication through digital certificates. Epicor complies with SOC 1 and SOC 2 Type II and annual reports are available to you.

How does Epicor handle Identity Management in the Cloud?

Epicor Identity Provider (IdP) is an optional, OAuth-based authentication service for Epicor applications and customer portals that are included with our Epicor cloud service. It provides organizations with centralized multifactor authentication (MFA) and single sign-on (SSO) services to help your organization regulate, control, secure, and streamline the way users access the Epicor applications and customer portals for which they have access rights. Administrators can use this tool to configure MFA, SSO, and password policies for your organization. If you choose to leverage Epicor IdP, please be aware that it is not yet available for all applications or portals.

For your reference, the Epicor Identity Provider for Kinetic 2021.1 Quick Start Guide is available on the EpicWeb customer documentation portal.

What is the password policy associated with Kinetic in the cloud?

Epicor has established minimum password and lock-out policies to maintain security standards for our customers, on industry best practices.

Customers can manage the specifics of their organizational password policies beyond foundational compliance with the Epicor standard minimums. Passwords must contain at least eight characters and three types of characters—including uppercase letters, numbers, special characters, etc. Epicor requires customers to prompt users to set new passwords within three login attempts.

Does Kinetic support Azure Active Directory Authentication?

Yes, Kinetic in the cloud leverages Azure Active Directory Authentication to support user account control and security. This replaces the need for Windows single sign-on, which is not supported by Kinetic in the cloud. Please note that this feature is not available by default, and it must be requested by submitting a request via our customer support portal EpicCare.

How can I create or disable users, and manage access provisioning?

Every Epicor customer account has at least one administrator, who can directly create or disable user access within the application, as well as manage access provisioning. This is a standard function in Kinetic in the cloud. Epicor recommends creating two administrative accounts to ensure you have secondary access.

Your administrator may also create users for Epicor Professional Services or third-party business partners for their pilot and/or production environments.

If customers need to create companies within the application, Epicor Cloud Operations can create companies upon request when submitted through EpicCare, the Epicor customer support portal.
If you use Epicor Identity Provider (IdP) service, administrators can still create users in Kinetic but must map them to IdP and then use IdP to unlock and reset user passwords. Please refer to the Epicor Identity Provider for Kinetic 2021.1 Quick Start Guide on the EpicWeb customer documentation portal.

Can customers gain administrative access to the database, access to query their database, or read access to the database?

Yes, Epicor offers a read-only database option for reporting requirements. This option provides a replicated copy of a production environment that is updated in near real-time and allows a customer to connect via ODBC or Azure Data Studio from their corporate network. Tools like Microsoft Power BI or other third-party applications can be used to query your database. Contact your customer account manager to learn more.

Epicor is not able to accommodate legacy customization requests to connect directly into the database. As a modern best practice, Epicor encourages customers to instead create BAQs against the database or utilize REST API to access the data and populate Excel via OData links directly to the database. Customers are not able to log in to a server in the cloud, open SSMS, run a Select statement, or create an ODBC report directly off the database.

Can I export my data to a useable format or request a backup copy?

Cloud customers may have their entire company databases extracted for purposes of moving on-premises or to a different cloud deployment model. Epicor also makes available for a fee a one-time download service for customers who wish to have a local copy of their data. Beyond that, customers can create their application data exports
(such as inventory or accounts receivables details) to Microsoft Excel (or other formats) through our BAQ utility.

We also provide a secure SFTP site if you require moving files in and out of Kinetic, but this is designed primarily as a mechanism for integrations versus file storage. Please note that some complex user customizations may not survive exports and could require assistance from Epicor Professional Services to extract for purposes of replicating to an on-premises environment.

Integrations and Devices

What devices may I use to connect to Kinetic in the cloud?

Most customers connecting to cloud deployment of Kinetic use Microsoft Windows® customer machines or tablets (touch-based tablets are especially common on shop floors, or in field service use cases). Many customers have deployed handheld devices for use in manufacturing, distribution, or related industry environments. The specific user experience will vary slightly based on the device.

How can I integrate Kinetic in the cloud with other applications?

Hybrid technology environments, those that feature a mix of cloud and on-premises applications, typically from multiple providers, are increasingly common. For simple integrations, Kinetic includes REST APIs to integrate with third-party applications.

For more robust integration requirements, Epicor offers Epicor Integration Cloud by Jitterbit, which is designed to help you integrate your Kinetic system with other business applications from vendors who may not provide a native Kinetic interface.

Epicor has partnered with Jitterbit to integrate our manufacturing and distribution solutions to other cloud or on-premises offerings. Jitterbit is an Epicor partner and best-in-class integration platform as a service (iPaaS) provider that connects a hybrid cloud environment to extend current investments. plications from any compatible device. Currently, mobile access to Kinetic in the cloud varies by application.

Does Kinetic work with Microsoft Office 365?

Kinetic is compatible with the PC-based productivity solutions within Office 365 (and another recent version of Microsoft Office). For example, the Microsoft Excel Spreadsheet is leveraged by the Spreadsheet Server financial reporting tool, and the Epicor Collaborate module integrates with Microsoft Teams.

However, some server-side components (such as the Office 365 SharePoint® Server) that exist within select Office 365 SKUs are generally not compatible with Kinetic in the cloud unless it is carefully AD Federated with your environment.

Customizations

How can I customize or configure Kinetic in the cloud?

Clients may make user interface level customizations and modifications, leverage our user definable fields, BAQs, BPMs, Epicor Functions, and make other customizations and configurations unique to their business needs. Generally, these are preserved with release upgrades, though customers are responsible for testing their customizations when pilot environments are upgraded (30 days before production upgrades) to ensure continued compatibility.

Form customizations in Kinetic are available, which simply run on the user’s workstation. BPM has some restrictions around calling external DLLs because you may not load custom DLLs on the server. File system I/O access is also not allowed, because this would involve trying to read or write to disk. If you have highly technical configuration requirements, we recommend discussing them with the Epicor Customer Solutions Group (CSG).

Multi-level BAQ reports are available, and if you are a current customer using custom Crystal reports from 9.05 and earlier, we recommend you move those reports to BAQ reports as a best practice.

Epicor Functions is a uniquely powerful customization capability in Kinetic that offers a no-code, low-code alternative to tailoring the system. Functions allow customers to create cloud-friendly, server-side customizations that are typically event-driven while using industry standards and the common BPM framework. Example use cases include tailored calculation logic like territory assignments and reusable automation like automated order creation.

Our security and isolation models prevent one customer’s modifications from interfering with another by rejecting server-side code modifications for optimized security and performance. Speak with an Epicor application consultant to better understand how to accomplish any customization.

Documentation

What technical documentation is provided to support the deployment of Kinetic in the cloud?

In the Epicor Help files within the application and Kinetic in the Cloud user documentation on EpicWeb, we provide a comprehensive set of user readiness assets to help accelerate application adoption within the organization.

Optionally, Kinetic customers may also subscribe to the Embedded Education environment, which provides structured education classes at the user’s pace.

Cadence for Updates and Upgrades

What is the cadence of Kinetic application updates and upgrades in the cloud?

One of the greatest benefits of choosing the cloud is that your business is always running the latest version of the software, offering you the earliest access to new features, security enhancements, industry best practices, and competitive innovations. All updates applied in our cloud systems are done at no additional cost to our customers. All releases include “update notes”, posted to the Kinetic in the Cloud EpicWeb documentation site.

The schedule is published in Epicor Help and on EpicWeb at the following location: https://epicweb.epicor.com/doc/Pages/cloud-update-schedule.aspx

Customers may also subscribe to receive in-app notifications and/or emails and texts from status.epicor.com.

It is important to understand the Kinetic version numbering nomenclature and timing. A typical Kinetic version number is 2021.2.3 In this example, 2021 represents the year the product was released, ‘.2’ represents the second release of the year and ‘.3’ represents the third update of the second release.

Can I choose to upgrade later, or off-schedule?

Yes, if your business is subject to fluctuating seasonal demands or other time constraints, Epicor offers the “Epicor Public Cloud Flex Option,” which allows clients to defer upgrades for up to 90 days, for an additional subscription fee. With the Epicor Public Cloud Flex Option, you may select among two or three alternate pre-selected dates for your upgrade.

Regardless if customers who select this option choose to stay on cadence or select a later date to upgrade, they still receive the standard one month to test releases in the pilot environment. They do not have the full 90 days to test upgrades, but rather have the option to test and upgrade up to 90 days later if business needs require. More information about the Flex Option is available in the Product-Specific Notes on the Customer Agreements website.

Epicor Cloud Policy and Operation Questions

Datacenters

Can I select the Azure data center my Kinetic instance will be deployed?

By default, customers are located in the data center that is geographically closest in the interest of minimizing network latency. For customers in the United States that must comply with ITAR, you may select the premium offering “Epicor U.S. Government Cloud Option,” which automatically places you in the Azure Government Cloud datacenters in the United States.

For customers who select Epicor Senior Living Solution (SLS) in Australia, you are automatically placed in the Azure Government Cloud datacenters in Australia. Any customer located in a country with data sovereignty laws is encouraged to seek legal advice regarding cloud deployments. We will work with all customers who have a business, legal, or technical preference to try and accommodate their needs.

Does Epicor virtualize data center infrastructure?

Yes, Microsoft Azure leverages virtualized data center infrastructure.

Service Level Agreements (SLA)

What is the Epicor Service Level Agreement (SLA) related to system availability?

Deployments of Kinetic have an industry-standard 99.5% SLA, excluding our service maintenance window.

The Epicor SaaS Service Level Agreement is available on our website, located at https://www.epicor.com/company/customer-agreements.aspx.

NOTE: The Epicor SLA only applies to production environments. Additional environments, Embedded Education, and pilot environments are not covered by our SLA.

What happens if Epicor fails to meet the published SLA?

If we fail to meet our 99.5% SLA, customers are eligible for financial rebates. Full details and an example are available in the Epicor SLA.

Maintenance

What are the Epicor scheduled maintenance windows?

Maintenance windows are generally reserved every weekend from approximately 10:00 PM Saturday local datacenter time – 4:00 AM Sunday local datacenter time. Scheduled maintenance updates occur on the second Saturday of every month. Maintenance windows are used for both responsive and preventative maintenance efforts.

How am I notified about unexpected outages or emergency maintenance?

In the event of unexpected maintenance or operational issue that we believe might impact your ability to access any part of your Kinetic application, we promptly post a notice to status.epicor.com. Customers are encouraged to check the site if they believe you are experiencing a disruption. Users may subscribe to receive email and/or text updates to a posted system notice, which Epicor regularly updates until it is resolved. If you need assistance, contact EpicCare.

Are there data storage/bandwidth limits associated with my Kinetic deployment?

Your monthly subscription to Kinetic includes application data storage and bandwidth. This is subject to change as the number of data increases and storage requirements evolve.

Support

What is the Epicor policy related to system access and application support priority and severity?

Epicor offers two levels of service and support options to our customers. Epicor Essential Support provides 24×7 support services for priority 1 cases, included in your Kinetic in the cloud subscription. Customers who need more comprehensive coverage may select the Epicor Pro Support option for an additional fee. Epicor Pro Support customers receive 24×7 support for priority 1 and 2 cases, among other features.

  • Priority 1 Cases
    The product is unable to function in a production environment—the system is completely down—and all business processes cannot continue. For SaaS, it means the inability to access the SaaS or hosted environment. You experience a complete loss of service and impact all users. Reasonable efforts will be made to respond to Priority 1 cases within one hour. Note: return to service model only (Epicor is unable to perform development and/or bug-fix related services outside of standard business hours).
  • Priority 2 Cases
    You experience a severe loss of service. Important features are unavailable with no acceptable workaround; however, operations can continue in a restricted fashion. Priority 2 issues include situations such as the following:

    • Situations impacting production for multiple users, however, the system is not down
    • Errors while running business critical reports or processes
    • Processes are frozen or standard defaults are missing
    • Form printing issues e.g., checks or invoices
    • For SaaS, it is the inability to access one or more material functions of the SaaS or hosted environment

The primary channel to communicate with the Epicor support services is through EpicCare—the Epicor customer support portal. Kinetic in the cloud customers also have access to our online knowledge base—providing self-service capability and access to many of the same systems on which our internal consulting and support staff rely.

We regularly review our support offerings to better serve our customers. Please consult with your Epicor sales representative for the latest program details or visit EpicCare and submit a Service Plan Request Form to learn more.

Who is my Epicor contact for technical or business issues?

Customers are assigned multiple Epicor staff to support their ongoing success.

All customers are assigned a customer account manager who will be your account and business contact throughout your relationship with Epicor.

From pre-implementation planning through go-live, you will be supported by the Epicor Professional Services team, who will work with you to optimize the product’s configuration to meet your business needs and answer application questions. This team will work with our education teams to help ensure your administrative and operations staff is fully trained on the Kinetic solution.
Ongoing technical support issues are channeled through EpicCare, our customer support portal.

Will you sell my data to any third-party organization?

We will never sell (or otherwise monetize) your private data.

Regulations

Does Epicor conduct routine testing of cloud systems?

Yes. Epicor employs a trusted, independent, third-party security testing service to conduct tests of our system perimeter security. This “vulnerability testing” is conducted at the order of the Epicor Chief Information Officer (CIO) and is executed independently of all Epicor Cloud Operations group testing.

Annually, the Epicor recovery process is audited as part of our SOC2 (SSAE-18) assessment. Our auditors request samples to demonstrate that the process is consistent. The assessor’s evidence review is documented in the SOC2 report, which is available to all customers upon request.

To what regulations and certifications do Azure datacenters comply?

Epicor selected Microsoft Azure as a cloud platform provider because we believe it offers the best foundation for building and deploying enterprise business applications. This is in part due to the Microsoft Azure comprehensive set of compliance offerings, which currently contains more certifications and attestations than any other cloud service provider.

Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. Additionally, it meets country-specific standards that include Australia IRAP, UK G-Cloud, and Singapore MTCS.

For the latest information about Azure compliance certifications, please visit https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings.

Is Kinetic certified for ITAR (U.S. State Department International Traffic in Arms Regulations)?

For U.S.-based companies that must comply with ITAR, Epicor makes available, for an additional fee, a premium offering called “Epicor Government Cloud Option.” Your database will be operated out of the Azure Government Cloud datacenters.

Epicor is committed to supporting customers with best-in-class data security and protection. Specifically, for those customers subject to International Traffic in Arms Regulations ITAR, Epicor supports customers in conjunction with our partnership with Microsoft with Azure Government Cloud by providing joint responsibility and management over the infrastructure, support, and customer environments.

At a foundation, customers subject to ITAR including the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML) must physically reside in the United States as well as be handled by US-only citizens with supporting controls in place to ensure the same. Epicor’s position is that all data stored within Epicor’s ITAR environment should and is treated as ITAR-controlled including the end-to-end encryption to the prescribed ITAR standards.

Although stated elsewhere that third-party products are not in the scope of this document, it is important to note, as a matter of compliance, that some of these solutions are known to be outside the scope of ITAR compliance. Please discuss with your Epicor sales representative, and in some cases, independent legal counsel.

Additional Applications

Do you offer API or web services access to Kinetic in the cloud?

Yes. Customers may communicate with Epicor business logic ‘methods’ by using our REST API. Epicor-certified third-party solutions may also access our APIs in a cloud environment. More information about our ISV Program can be found here https://developer.epicor.com/.

Web Services calls that are deemed to present security, performance, or scalability violations will be immediately terminated. Customers will be advised of the reason for the termination as soon as practical and will be allowed to remedy the problem.

May I load my corporate applications onto a Kinetic Server/run my applications in your data center?

Only Epicor-certified third-party solutions may be loaded into your production environment.

We will be happy to explore options to help integrate Kinetic in the cloud to other corporate applications. Generally, we advise customers to leverage Epicor Service Connect, REST API Integration, or the Epicor Integration Cloud (EIC) offerings for this sort of enterprise integration. Please discuss your specific needs with your Epicor sales representative for more information on your integration options.

May I directly connect to my Kinetic server through WTS or SSH/Terminal?

To protect your systems and the integrity of our environment, we do not allow for direct connectivity to the Server Console user interface.

Billing and Contracts

When does a cloud subscription ‘start’ for purposes of billing?

Generally, the customer contract term (and billing) begin the first of the month following order contract submission.

What happens at the end of my contract term?

At the end of your current contract term, your contract with Epicor will automatically renew on an annual basis unless you contact us to sign up for a new multi-year agreement as specified in the Epicor SaaS Services supplement available on our Epicor Customer Agreements website. You can also work with your sales representative to sign a new multi-year agreement—as long as this is completed before the auto-renewal notification period.

Training

What training is required for the deployment of Kinetic in the cloud?

Training requirements will vary widely by the customer, modules deployed, and configuration. Live training is typically provided by Epicor consulting services, Epicor University, or an Epicor Consulting partner.

Self-service “Guided Learning” is also available easily within the application’s Help and Support panel along with single search access to online help articles, videos, the Epicor Learning Center, Embedded Education, EpicCare, and EpicWeb. Guided Learning allows users to learn as you go, walking them through a complete process in real-time within the application.

Do customers have access to EpicWeb?

Yes. EpicWeb has a dedicated “Kinetic/ERP” section which you can find here: https://epicweb.epicor.com/products/kinetic-erp/documentation/cloud.

This is where information, documentation, and communications unique to cloud customers are made available. Kinetic customers also have access to the Release: 2021.1 section of EpicWeb.

I have more questions—what should I do?

Please contact your sales representative or customer account manager. We are happy to discuss any questions you may have.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, or renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.


For companies considering deploying their mission-critical business applications in the cloud, it is common to have questions relating to security, data protection, privacy, availability, and data center operations. As part of our commitment to transparency, this document compiles the answers to your frequently asked questions. Leverage this Kinetic Buyer Guide to better understand the requirements, functionality, and capabilities of Kinetic in Public Cloud deployments.

Epicor’s mission is to leverage the cloud to deliver Kinetic with the high level of performance, quality, security, scalability, and reliability that our customers expect.

With cloud environments, customers do not manage or control the underlying infrastructure, network, servers, operating systems, storage, or applications—except for customer-specific customizations and supporting on-premises applications. This document is designed to provide information on how we deploy Kinetic in the cloud for our customers. As a guide, please refer to the Epicor cloud model depiction below for an overview of the three participants involved in a standard deployment of Kinetic in the cloud—Epicor, yourself, and Microsoft Azure® as our datacenter partner—as well as the responsibilities and scope of ownership of each participant. When deployed on Microsoft Azure, customers will be provisioned and managed by Epicor on our Azure subscription and are not deploying an Azure subscription on their own.

Kinetic Buyer Guide

 

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, or renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.