The purpose of this post is to highlight how to install iDempiere behind a light, free firewall and encrypt all user traffic. Doing so helps ensure:
- Only the right people can log into iDempiere
- All traffic between your users and iDempiere remains a secret to outsiders
- No outsiders even knows what is installed on your server. All they see is a generic Apache login.
- Users only need to remember one username/password. Users login to the password protected SSL tunnel using the same iDempiere credentials.
Free Installation and Configuration Script
When you install iDempiere using my installation script, you get the above benefits for free. The installation script does the majority of the work for you. The following sections describe how the script configures iDempiere and Apache to keep your data secure.
First Level of Protection
The script configures Apache as a reverse proxy for iDempiere’s Tomcat or Jetty application server. This means that all traffic must first clear Apache before it even touches iDempiere. It also means that you have all the power of Apache’s plugins and .htaccess controls at your disposal to help protect iDempiere and your sensitive data.
Second Level of Protection
The installation script installs two SSL configurations options to encrypt your user transactional data. One option creates a simple SSL tunnel for all traffic. The second option adds an additional layer of protection described below. You will need to either buy a SSL certificate or create your own. The SSL configuration lists the commands to create your own certificate.
Third Level of Protection
By enabling SSL option #2, you hide iDempiere behind an Apache authentication login dialog. The dialog is configured to verify users directly against your iDempiere user list. If you users can log into iDempiere, they can also login through the light Apache firewall. This level of protection is an important security step because it prevents unwanted people knowing what resides on your server. If no one knows what is there, compromising your server becomes much more difficult.
Step-by-Step Video Guide
I have a step-by-step video tutorial of how to install and configure iDempiere using SSL option #2 inside the ERP Academy. Please note you must be a member to view the video. Here is a list of course frequently asked questions. I hope to see you there!
AWS Makes it Complete
AWS make hosting iDempiere easy and inexpensive. The following features make AWS attractive
- AWS has a free computing tier. This tier is perfect for a small group to evaluate iDempiere for free for one year.
- AWS has a feature called Security Groups that allows you to hide every port of your server except for the secure SSL port 443. This means that an outsider can only see the generic Apache login and nothing else. They cannot see iDempiere. They cannot see PostgreSQL.
The Alternative is PFSense
While the above configuration is acceptable to most small to medium sized companies. There is a more secure option. I have a step-by-step guide to installing iDempiere and PFSense in AWS. In this scenario, iDempiere hides behind multiple real firewalls:
- VPC Security Group’s external VPC firewall
- PFSense firewall
- VPC Security Group’s internal VPC firewall
This scenario allows you to connect and encrypt data between multiple site-to-site VPNs as well as mobile user OpenVPNs connections. To gain access to the PFSense and iDempiere guide, you must be a member of the ERP Academy.
What is the best way to Learn iDempiere and ADempiere?
I teach an on-line class that covers how to learn, configure and audit open source ERP. It uses iDempiere as the reference ERP. Here are the course frequently asked questions. I have learned much over the last fourteen years, and I have much to share. I look forward to seeing you there!!
Why consider Open Source ERP?
Open source ERP gives you every opportunity to prove or disprove its ability to support your company’s ERP needs on a timeline that satisfies your organizational needs. With open source ERP, you do not face the same financial constraints nor do you face the same conflicts of interest as with commercial ERP. Instead, you invest in the appropriate skills and knowledge for your people and processes. Best of all – if open source ERP cannot solve your company’s needs, you can safely justify spending the additional $2K to $5K per person per year for life of your commercial ERP to help drive your organization’s success.
Open Source ERP Round Rug Effect
Open Source ERP has what I call a “Round Rug Effect”. If you were to liken the ERP evaluation process to a 10′ x 10′ room, the story would go something like this:
- Oracle, SAP, and Microsoft are a 10′ x 10′ ERP rug in a ten by ten foot room. They cover the room nicely. You will be hard pressed to find a feature or a use case that they do not cover.
- Open Source ERP is like a 10′ round rug in a ten by ten foot room. It will cover the vast majority of the room; however, it will leave the corners bare. The questions are: “Do you live and operate in the corners?” or “Is open source ERP good enough?”. For most, the answers are “sometimes” and “yes”.
If you are in the ERP evaluation mode, you should ask yourself “Should I include open source ERP in my evaluation process?” If you are less than $300M USD revenue, your answer should probably be yes! This answer comes from these concepts:
- Pillars of Cost – Since open source ERP is free, that means that all the cost of proprietary ERP should be allocated to the corners. If you use height to illustrate this allocated cost, the corners turn into tall pillers of cost.
- Cost of Innovation – At first look, the price tag of free open source ERP is the most appealing benefit; however, this benefit soon becomes overshadowed by the flexibility of open source ERP. If organizational leaders take just some of the cost that would otherwise be spent on Oracle or SAP, and they invest it back into the organization’s skills and knowledge of how ERP works, operational efficiency will never look the same again. If you know how to change the system for the better, and you know it will work. Why would you not?
- Monday to Monday Cycle – Business leaders drive innovation in a company. This innovation is no more apparent than in the traditional Monday morning business meeting where a CEO comes in and paints a picture of the next greatest thing. His or her next comments are “Will it work?” and “Make it happen!”. Open source ERP helps your business and IT teams say yes more often. You are no longer completely dependent on a high-priced Oracle Integrators. You are no longer dependent on spending 18% every year to Oracle for software that you have little control over. Your team applies its knowledge of the system and the knowledge of its world-wide resources to create a proof of concept that paints the real picture the following Monday.
- Right Pay Grade – Open source ERP puts the right tools in the right person’s hands at the right pay-grade. there is little more wasteful that paying a $150/hr integrator for something a Jr IT professional should be doing. Open Source ERP removes the artificial barriers that exist in proprietary ERP.
- ERP for Everyone – User licenses/seats are no longer a consideration. This point cannot be stated strongly enough. At first look, you might think this point is about saving money. It is much more than that. You now have the freedom and flexibility of allowing everyone in your company to interact the system that drives your operations. You simply assign the right roles to the right people to give them access to the appropriate information.
ADempiere vs iDempiere vs Openbravo vs Compiere
The ADempiere, iDempiere, Openbravo and Compiere environments are amazingly similar. iDempiere came from ADempiere. ADempiere and Openbravo came from Compiere. Compiere came from Jorg Janke. Jorg came from Oracle. As a result, iDempiere and ADempiere have much in common with Oracle’s ERP in terms of the financial feature set.
This is both good and bad. Good because iDempiere and ADempiere are quite capable to help a company grow beyond $500M USD. Bad because they tend to be more complex in that they account for multiple languages, accounting schemas, currencies, calendars, costing types, costing methods, etc…. If you are a growing organization, and you need a system that will grow with you, and you have the right internal talent/resources, iDempiere or ADempiere will be a big asset for you.
The biggest difference between these products is that ADempiere and iDempiere are pure open source. ADempiere and iDempiere make all feature available for free. Compiere and Openbravo hold back features behind a commercial or paid license.
Here is an article that discusses the differences between iDempiere and ADempiere.
iDempiere and ADempiere vs Odoo
iDempiere/ADempiere (iD/AD) and Odoo (formerly OpenERP) approach ERP from two very different directions. Odoo comes out of the box with very simple options. If you are coming from QuickBooks, and you need a simple ERP system help you manage your business, Odoo will look and feel comfortable.
iD/AD comes out of the box with every feature installed and configured to run a $200M+ USD business. If your business is growing rapidly, and you are willing to invest the time to learn an enterprise accounting system, then iD/AD will give you confidence.
Which one is best for you depends on your internal talent, growth and business complexity. Here is a post to help you learn more.