Security improvements: Deprecation and end of life (EOL) notices

Contents

March 2018

Discontinued support for older VPN security protocols

On April 6, 2018, the modp768 encryption method for both Phase 1 Diffie-Hellman (DH) group and Phase 2 PFS group will be removed from the Skytap VPN Settings. After April 6, no new VPNs can be configured to use the modp768 DH group.

On May 4, 2018, VPNs that still use the modp768 DH group will be disabled.

If you have existing VPNs that use the modp768 DH group, you must reconfigure them. We strongly recommend that you use the modp1536 DH group.

Additional VPN changes

Also on May 4, 2018, the modp1024 DH group, the md5 Phase 1 hash algorithm, and the hmac_md5 authentication algorithm will be deprecated. Though it will still be possible to create new VPNs with these protocols, we strongly recommend that you use modp1536 DH group, sha1 hash algorithm, and hmac_sha1 authentication algorithm.

June 2017

Discontinued support for TLS v1.0

Skytap support for TLS v1.0 ends on June 6, 2017. To continue connecting to Skytap, you must ensure that your browser security, automation, scripts, and custom applications can support TLS v1.1 or v1.2. Skytap has created a temporary test domain, cloudtest.skytap.com, that you can use to test connection security.

Browser security

Skytap uses Transport Layer Security (TLS) to secure the connection between your local browser and https://cloud.skytap.com. If you use a recent version of Chrome, Firefox, Safari, Microsoft Edge, or Internet Explorer 11 to access cloud.skytap.com, this change is unlikely to affect you (TLS v1.1 and v1.2 are supported by these browsers by default).

If you or your customers use Microsoft Internet Explorer 9 or 10, you won’t be able to access https://cloud.skytap.com or shared environments after June 6, 2017, unless you do one of the following:

  • Switch to a supported browser. Skytap support for Internet Explorer 10 and older ended earlier this year when Microsoft officially ended support for those browsers.

    or

  • Change the Internet Explorer browser settings to enable support for TLS v1.1 and v1.2:

    1. In Internet Explorer 9 or Internet Explorer 10, navigate to Tools > Internet Options > Advanced.
    2. Check the boxes for Use TLS 1.1 and Use TLS 1.2.

    For more detailed information, see the Microsoft Developer blog post about TLS support for Internet Explorer.

Skytap-supported browsers (Chrome, Firefox, Safari, Microsoft Edge, or Internet Explorer 11) are not affected by this upgrade. TLS v1.1 and v1.2 are supported on these browsers by default.

Automation, scripting, and custom application security

If you use automation, scripting, or custom applications to interact with https://cloud.skytap.com, make sure your tooling supports TLS v1.1 or v1.2, and that it can negotiate a TLS handshake without 3DES ciphers. For example, Python v2.7.8 and older are not compatible with TLS v1.1 encryption.

In PowerShell scripts, add [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 to enable TLS v1.2 for your session.

Testing the secure connection to Skytap

Skytap has created a new temporary domain, cloudtest.skytap.com, that is already configured with the new TLS profile. We strongly recommend that you test your browser, scripts, and automation at cloudtest.skytap.com, which uses the same live production resources as https://cloud.skytap.com. Note that any changes you make on cloudtest.skytap.com will also appear on https://cloud.skytap.com.

The temporary domain, cloudtest.skytap.com, will be retired on June 6, 2017, when https://cloud.skytap.com is fully updated to use the new TLS profile.

Legacy TLS connections to Skytap

Skytap will add a second temporary domain, legacy.skytap.com, to provide temporary support for legacy TLS v1.0. This domain will become available on June 1, 2017 and will be retired on July 5, 2017, 30 days after cloud.skytap.com is fully updated to use the new TLS profile.

September 2016

Discontinued support for the SmartClient Java applet

June 2016

The following changes occurred due to phased out support for TLS v1.0.

Discontinued support for select macOS (Mac OS X) Remote Desktop clients

  • Support for Microsoft Remote Desktop Connection Client for Mac is discontinued.
  • Additionally, macOS users can no longer access VMs over SmartRDP using Microsoft Remote Desktop, version 8.0.0 or older.

Use Microsoft Remote Desktop, version 8.0.0 or newer.

Discontinued support for TLS v1.0 in older Microsoft Remote Desktop Connection Clients (Windows 7 and Windows Server 2008 R2)

March 2016

Discontinued support for Internet Explorer 9 and Internet Explorer 10

  • Microsoft has ended support for Internet Explorer 9 and Internet Explorer 10. Skytap will no longer test these browsers or fix bugs related to them.