Network Security Model

Epicor Kinetic Warehouse does not have its own cloud service or backend and instead connects directly to an Epicor Kinetic server.

It is required to connect to Epicor over HTTPS. This means that data inflight is encrypted using the Epicor SSL Certificate. On the device, EKW will store at rest:

• Settings & configuration which you set

• Licencing information

The network your EKW devices connect to must have access to:

• Your Epicor Kinetic Server - This allows 2 way communication between the Kinetic server and the EKW app that enables the EKW functionality.

• The Biscit Licencing Server - This allows for licence checking and basic telemetry data. EKW will attempt to connect to our Sydney licencing server and fall back to the USA server if it is unable to connect:

  Open

  

  • For more information on Biscit licencing firewall restrictions, read more here

  • The data sent to the licencing server is primarily for:

    • Licence Checking - Data sent to the licence server includes the following fields:

      • Device Identifier (UUID)

      • EKW licence Key

    • Basic telemetry data

      • Count of the time each screen is accessed.

      • Count of SSL errors that occurred without any other error information.

      • Epicor Server Version

      • Epicor Licence Type Used

      • Epicor Licence Type Requested

      • EKW app version

The network can also optionally provide access to these services. Blocking access to these services will not affect functionality or performance of the application:

• Microsoft Application Insights for telemetry to help us improve the product

• Sentry for reporting telemetry about critical crash issues, read more here

Open

If you are using POD capabilities your devices should additionally have access to:

• Google Maps

• Biscit Route Optimisation Server

Open