Anaplan is committed to providingindustry-tested best practices for information security for our customers. In line with this commitment, we are deprecating support for TLS 1.1 in data integrations in October 2020. From October, integrations that connect with TLS 1.1 will no longer be able to connect with Anaplan and data will no longer flow from your source into or out of Anaplan. Please read below for information on how to check whether you’re impacted and how to migrate to TLS 1.2. We will be updating this article with more information as it arises.
What is TLS?
TLS stands for Transport Layer Security. It is a protocol that provides privacy and data integrity between two communicating applications. TLS is the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1, 1.2, and 1.3.
What is the change?
Anaplan is requiring customers upgrade their data integration solutions to support TLS 1.2 by the beginning of October 2020. On that date we will disable the TLS 1.1 encryption protocol.Any customers still using TLS 1.1 in their data integration solutions at that time will be prohibited from running integrations with Anaplan.
Why is this happening?
At Anaplan, confidentiality, integrity, and availability are our top priorities. As such, we are continually focused on helping our customers improve their security by using industry-tested best practices in information security. Beginning October 2020, Anaplan will require encryption protocols TLS 1.2, aligning with industry-tested best practices. For further information, please see NIST Special Publication 800-52 “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementatio...”.
Please note that this is an industry-wide deprecation.
What is the impact?
Once TLS 1.1 is disabled, any integration client using TLS 1.1 version will not be able to connect to Anaplan and the jobs will fail.This impacts every integration solution that connects with Anaplan.
Will this impact both read and write integrations?
How do I know if I am impacted and what action do I need to take?
The action required by your organization will depend on which integration client you are using.
Anaplan Connect 18.104.22.168 or lower
Update your Java version to Java 8u161 or higher. Java 8 supports TLS 1.2 by default. It is recommended to install latest Java 8 version. See the “How do I upgrade Anaplan Connect to Java 8?” section for more details.
Recommendation to update your Anaplan Connect version to 1.4 if possible.
MuleSoft v2 Connector for Anaplan (supported on Mule runtime 3.7-3.9)
Anaplan v2 connector runs on Mule runtime 3.7-3.9.
Any other integration client, connector, or script
If your data integration solution uses Java, update your Java version to Java 8.161 or higher.
If your data integration solution does not use Java, check that the solution uses TLS 1.2 by default. If not, upgrade the solution to support TLS 1.2.
Test your integration solution by running integrations against Anaplan, and ensuring they run successfully.
How do I upgrade Anaplan Connect to Java 8.161?
If your organization uses Java 6.x or 7.x with Anaplan Connect, upgrade to Java 8.161 using the option given here. Refer to your Anaplan Connect user guide to check which Java versions are supported. If your Anaplan Connect installation supports Java 8, upgrade the Java version. If the user guide doesn’t mention Java 8.161 as a supported version, then install the latest Anaplan Connect version (1.4.4) to take advantage of bug fixes and new features.
If you are using Anaplan Connect or a custom developed integration, work with your IT department to get access to the server where the integration tool is installed. Then, use one of the methods in this link to determine your Java version: https://www.java.com/en/download/help/version_manual.xml
If you are using a third-party Integration solution, like MuleSoft, DELL Boomi, SnapLogic, Informatica etc., reach out to your IT team and refer to the respective user manuals to determine your Java version. In some cases, the integration solutions come bundled with their own or custom Java versions. Their user guides will be able to guide you to the correct Java version.
How much effort will it be to upgrade?
The migration will likely need to be done by your company’s integration developers or IT department. The effort to upgrade will depend on the number of connections that need to be updated.
We recommend that you provision enough time to test your connections.