Security improvements: Deprecation and end of life (EOL) notices
Deprecation of old public templates
In March 2021, Skytap will retire public templates of operating systems that are no longer supported or have otherwise reached EOL. If you rely on older public templates, we recommend that you save copies of those templates to your account.
The following public templates will be removed:
- Advanced Import Appliance on Ubuntu 18.04.1
- Apache Mesos 0.19.0 - Ubuntu Desktop 14.04 - 64-bit
- Apache Mesos 0.19.0 Slave - Ubuntu Desktop 14.04 - 64-bit
- Chef Server v11.3.1 and Workstation - Ubuntu 12.10 and 14.04 - 64-bit
- Cloud Foundry v2 - Dev Stack
- Cloudera CDH 5.4 Cluster Node Host
- Cloudera CDH 5.4 Manager and Workstation
- Cloudera CDH4 Hadoop Cluster
- Cloudera CDH4 Hadoop Host
- Docker 18.06.0-CE on Ubuntu 18.04.1 LTS Desktop 64-bit - Firstboot
- Docker Machine Template - Ubuntu Server 14.04 - 64-bit
- Hortonworks Hadoop Sandbox and Workstation
- Jenkins v2.121.3 on Ubuntu 16.04.5 LTS Desktop - Firstboot
- Kubernetes v1.1 - 2-node cluster pre-install - Fedora 23
- Learning Puppet VM
- Mesosphere Technology Stack - Ubuntu Desktop 14.04 - 64-bit
- MongoDB v2.4.8
- Nginx Web Server - Ubuntu Server 14.04 - 64-bit
- OpenStack (DevStack) Single VM
- Rational Team Concert 4.0.5 Trial Environment
- Ruby on Rails Server and Workstation - Ubuntu Server 14.04 - 64-bit
- Selenium 2.42.2 Server and IDE
- Vagrant Box - Ubuntu 12.04.1 LTS Server (64-bit) Linux
- XAMPP - CentOS 6.4 64 bit
- Zevenet CE 5.02 Load Balancer
Discontinuation notice for the Skytap Command Line Interface (CLI)
Discontinuation notice for TLS 1.1
Skytap support for TLS v1.1 ends on March 31, 2020. To continue connecting to Skytap, you must ensure that your browser security, automation, scripts, and custom applications can support TLS v1.2 or newer.
Deprecation notice for TLS 1.1 in SmartRDP
TLS v1.1 for SmartRDP connections are deprecated.
Skytap uses Transport Layer Security (TLS) to secure the SmartRDP connection between your local computer and https://cloud.skytap.com. Support for TLS 1.1 will be discontinued. We recommend that you use TLS 1.2 or newer.
Discontinued support for older VPN security protocols
On April 6, 2018, the modp768 encryption method for both Phase 1 Diffie-Hellman (DH) group and Phase 2 PFS group will be removed from the Skytap VPN Settings. After April 6, no new VPNs can be configured to use the modp768 DH group.
On May 4, 2018, VPNs that still use the modp768 DH group will be disabled.
If you have existing VPNs that use the modp768 DH group, you must reconfigure them. We strongly recommend that you use the modp1536 DH group.
Additional VPN changes
Also on May 4, 2018, the modp1024 DH group, the md5 Phase 1 hash algorithm, and the hmac_md5 authentication algorithm will be deprecated. Though it will still be possible to create new VPNs with these protocols, we strongly recommend that you use modp1536 DH group, sha1 hash algorithm, and hmac_sha1 authentication algorithm.
- For information about adding new VPNs, see Creating a VPN connection
- For information about editing existing VPNs, see Editing an existing VPN connection
Discontinued support for TLS v1.0
Skytap support for TLS v1.0 ends on June 6, 2017. To continue connecting to Skytap, you must ensure that your browser security, automation, scripts, and custom applications can support TLS v1.1 or v1.2. Skytap has created a temporary test domain, cloudtest.skytap.com, that you can use to test connection security.
Skytap uses Transport Layer Security (TLS) to secure the connection between your local browser and https://cloud.skytap.com. If you use a recent version of Chrome, Firefox, Safari, Microsoft Edge, or Internet Explorer 11 to access cloud.skytap.com, this change is unlikely to affect you (TLS v1.1 and v1.2 are supported by these browsers by default).
If you or your customers use Microsoft Internet Explorer 9 or 10, you won’t be able to access https://cloud.skytap.com or shared environments after June 6, 2017, unless you do one of the following:
Change the Internet Explorer browser settings to enable support for TLS v1.1 and v1.2:
- In Internet Explorer 9 or Internet Explorer 10, navigate to Tools > Internet Options > Advanced.
- Check the boxes for Use TLS 1.1 and Use TLS 1.2.
For more detailed information, see the Microsoft Developer blog post about TLS support for Internet Explorer.
Skytap-supported browsers (Chrome, Firefox, Safari, Microsoft Edge, or Internet Explorer 11) are not affected by this upgrade. TLS v1.1 and v1.2 are supported on these browsers by default.
Automation, scripting, and custom application security
If you use automation, scripting, or custom applications to interact with https://cloud.skytap.com, make sure your tooling supports TLS v1.1 or v1.2, and that it can negotiate a TLS handshake without 3DES ciphers. For example, Python v2.7.8 and older are not compatible with TLS v1.1 encryption.
In PowerShell scripts, add
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 to enable TLS v1.2 for your session.
Testing the secure connection to Skytap
Skytap has created a new temporary domain, cloudtest.skytap.com, that is already configured with the new TLS profile. We strongly recommend that you test your browser, scripts, and automation at cloudtest.skytap.com, which uses the same live production resources as https://cloud.skytap.com. Note that any changes you make on cloudtest.skytap.com will also appear on https://cloud.skytap.com.
The temporary domain, cloudtest.skytap.com, will be retired on June 6, 2017, when https://cloud.skytap.com is fully updated to use the new TLS profile.
Legacy TLS connections to Skytap
Skytap will add a second temporary domain, legacy.skytap.com, to provide temporary support for legacy TLS v1.0. This domain will become available on June 1, 2017 and will be retired on July 5, 2017, 30 days after cloud.skytap.com is fully updated to use the new TLS profile.
Discontinued support for the SmartClient Java applet
- Support for the legacy, SmartClient Java applet is discontinued. SmartClient provided access to VM desktops from older, unsupported browsers. SmartClient has been replaced by the HTML5-based Secure Remote Access (SRA) browser client, which provides access to VM desktops from all Skytap-supported browsers.
The following changes occurred due to phased out support for TLS v1.0.
Discontinued support for select macOS (Mac OS X) Remote Desktop clients
- Support for Microsoft Remote Desktop Connection Client for Mac is discontinued.
- Additionally, macOS users can no longer access VMs over SmartRDP using Microsoft Remote Desktop, version 8.0.0 or older.
Use Microsoft Remote Desktop, version 8.0.0 or newer.
Discontinued support for TLS v1.0 in older Microsoft Remote Desktop Connection Clients (Windows 7 and Windows Server 2008 R2)
- Microsoft Remote Desktop Clients on Windows 7 and Windows Server 2008 R2 can no longer access VMs over SmartRDP unless a Windows Update is installed. To download the update, see Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2.
Discontinued support for Internet Explorer 9 and Internet Explorer 10
- Microsoft has ended support for Internet Explorer 9 and Internet Explorer 10. Skytap will no longer test these browsers or fix bugs related to them.