FAQ - TLS 1.1. Deprecation in Anaplan API Services

Community Boss

Anaplan is committed to providing industry-tested best practices for information security for our customers. In line with this commitment, we are deprecating support for TLS 1.1 in data integrations in October 2020. From October, integrations that connect with TLS 1.1 will no longer be able to connect with Anaplan and data will no longer flow from your source into or out of Anaplan. Please read below for information on how to check whether you’re impacted and how to migrate to TLS 1.2. We will be updating this article with more information as it arises.

What is TLS?

TLS stands for Transport Layer Security. It is a protocol that provides privacy and data integrity between two communicating applications. TLS is the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1, 1.2, and 1.3.

What is the change? 

Anaplan is requiring customers upgrade their data integration solutions to support TLS 1.2 by the beginning of October 2020. On that date we will disable the TLS 1.1 encryption protocol. Any customers still using TLS 1.1 in their data integration solutions at that time will be prohibited from running integrations with Anaplan.

Why is this happening?

At Anaplan, confidentiality, integrity, and availability are our top priorities. As such, we are continually focused on helping our customers improve their security by using industry-tested best practices in information security. Beginning October 2020, Anaplan will require encryption protocols TLS 1.2, aligning with industry-tested best practices. For further information, please see NIST Special Publication 800-52 “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementatio...”.

Please note that this is an industry-wide deprecation.

What is the impact?

Once TLS 1.1 is disabled, any integration client using TLS 1.1 version will not be able to connect to Anaplan and the jobs will fail. This impacts every integration solution that connects with Anaplan.

Will this impact both read and write integrations?

Yes.

How do I know if I am impacted and what action do I need to take?

The action required by your organization will depend on which integration client you are using.

Integration client Impacted? Action required

Anaplan Connect 1.3.3.5 or lower

Yes 
  • Update your Java version to Java 8u161 or higher. Java 8 supports TLS 1.2 by default. It is recommended to install latest Java 8 version. See the “How do I upgrade Anaplan Connect to Java 8?” section for more details.

  • Recommendation to update your Anaplan Connect version to 1.4 if possible.

MuleSoft v2 Connector for Anaplan (supported on Mule runtime 3.7-3.9) Yes
  • Anaplan v2 connector runs on Mule runtime 3.7-3.9.

  • Mule runtime 3.7 supports Java 7 and 8. Upgrade to Java 8 if your Mule runtime is on Java 7.

  • If you are on Java 8.161, you do not need to take any further steps

DELL Boomi Connector for Anaplan

Yes 

DELL Boomi has said that they don’t anticipate any issue with Anaplan TLS 1.1 deprecation, however, DELL recommends customers follow DELL best practices listed below:

  • DELL Boomi atom (single standalone Java machine) & molecule (JVM cluster) supports Java 7 and 8. Boomi recommends upgrading to Java 8.161.

  • If you are on Java 8.161, you do not need to take any further steps

  • If you are on Java 7, DELL strongly recommends upgrading to Java 8 so as to enable TLS 1.2 by default

  • If you wish to continue using Java 7, and still use TLS 1.2, follow the steps in this guide.

Informatica Anaplan Connector

No 

Informatica Intelligent Cloud Services (IICS) supports TLS 1.2

We have reached out to Informatica to re-confirm any impact of this change.

SnapLogic Anaplan Snap Pack

No 

SnapLogic supports TLS 1.2. View this document about security and this document about configuring your Java version

SnapLogic has confirmed that they support TLS 1.2 since 2 releases back, hence integrations will not be impacted.

Tableau Connector for Anaplan

No 

Tableau supports TLS 1.2

We have reached out to Tableau to re-confirm any impact from this change. 

Anaplan Connect 1.4.x

No 

Anaplan Connect 1.4.x supports Java 8 and above. Java 8 has TLS 1.2 as the default TLS version. Upgrade to Java 8.161 or above, in case you are using Java 8.

MuleSoft v3 Connector for Anaplan (supported on Mule runtime 4.x)

No  Mule runtime engine 4.x supports TLS 1.2 
Any other integration client, connector, or script Yes  
  • If your data integration solution uses Java, update your Java version to Java 8.161 or higher.

  • If your data integration solution does not use Java, check that the solution uses TLS 1.2 by default. If not, upgrade the solution to support TLS 1.2.

  • Test your integration solution by running integrations against Anaplan, and ensuring they run successfully.

 

How do I upgrade Anaplan Connect to Java 8.161?

If your organization uses Java 6.x or 7.x with Anaplan Connect, upgrade to Java 8.161 using the option given here. Refer to your Anaplan Connect user guide to check which Java versions are supported. If your Anaplan Connect installation supports Java 8, upgrade the Java version. If the user guide doesn’t mention Java 8.161 as a supported version, then install the latest Anaplan Connect version (1.4.4) to take advantage of bug fixes and new features.

Anaplan Connect 1.4.4 supports Oracle & OpenJDK Java versions. Visit Anapedia for downloading Anaplan Connect: https://help.anaplan.com/anapedia/Content/Data_Integrations/Anaplan_Connect.html

How can I check my Java version?

If you are using Anaplan Connect or a custom developed integration, work with your IT department to get access to the server where the integration tool is installed. Then, use one of the methods in this link to determine your Java version: https://www.java.com/en/download/help/version_manual.xml

If you are using a third-party Integration solution, like MuleSoft, DELL Boomi, SnapLogic, Informatica etc., reach out to your IT team and refer to the respective user manuals to determine your Java version. In some cases, the integration solutions come bundled with their own or custom Java versions. Their user guides will be able to guide you to the correct Java version.

How much effort will it be to upgrade?

The migration will likely need to be done by your company’s integration developers or IT department. The effort to upgrade will depend on the number of connections that need to be updated.

We recommend that you provision enough time to test your connections.

Still have questions?

Please reach out to your Customer Success Business Partner or support@anaplan.com.