cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
akline
Moderator Moderator
Moderator

FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change

FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change

 

Upcoming scheduled maintenance notice

 

TLS (Transport Security Layer) is a cryptographic protocol that secures communications over networks. It is the successor of the SSL (Secure Socket Layer) protocol. TLS Version 1.0 was first defined in 1999 and since then has been superseded by newer versions. Due to existing vulnerabilities in TLS 1.0 and 1.1, Flexera will discontinue support for these versions in FlexNet Operations Cloud and FlexNet Connect Cloud using the following schedule:

UAT
PDT Tuesday, June 11, 2019 10:00 AM - 12:00 PM
UTC Tuesday, June 11, 2019 5:00 PM - 7:00 PM

UAT endpoints affected:
FNO LLM Producer Portal - manageruat.flexnetoperations.com, manageruat.subscribenet.com
FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname
Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com
FlexNet Connect Cloud - *.installshield.com

Production
PDT Tuesday, September 10, 2019, 10:00 AM - 12:00 PM
UTC Tuesday, September 10, 2019, 5:00 PM - 7:00 PM

Production endpoints affected:
FNO LLM Producer Portal - manager.flexnetoperations.com, manager.subscribenet.com
FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname
Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com
FlexNet Connect Cloud - *.installshield.com

After these dates, browsers or API clients connecting to these endpoints must connect via TLS 1.2. Please pay special attention to this notification if you have any integrations running against the FlexNet Operations service.

It is especially important for customers to test their FNE clients in UAT before the change is made in Production. FNE clients can communicate with FNO and/or CLS over one of two endpoints; the Enterprise Portal (customer-name.flexnetoperations.com) or the compliance endpoint (customer-name.compliance.flexnetoperations.com).

If you have any questions related to this notification or any difficulties applying the required changes, please do not hesitate to reach out to our support desk. Details to contact Flexera Support can be found here https://community.flexera.com/t5/Support-Information/Support-Contacts/ta-p/94720.

(5) Replies
akline
Moderator Moderator
Moderator

In the past when we have depreciated SSL protocols the majority of the problems were seen with integrations that were using some older version software that did not support the latest SSL protocols.  For example one customer was using JAVA 1.6 which didn't support the newer SSL protocols.  Another customer was running an older version of TIBCO that didn't support the newer SSL protocols.  In both cases the customers had to upgrade the software to newer versions that supported the newer SSL protocols.

For FlexNet Embedded (FNE) customers if your FNE clients are running on older OS's that do not support TLS 1.2 or higher communication with FNOC will fail and cause FNE licensing to fail.

ke5dto
Level 3

Could you point me to documentation that would help us migrate our tools that depend on the SOAP interface given this change?  Thanks.

0 Kudos

Unfortunately there is no magic document for this.  You need to identify which components and versions are involved in sending the communication to our systems.  Your tools that send the SOAP requests may be built on JAVA, .NET or another platform and you will need to check the version and see if and how to include support for the TLS 1.2 protocol.  You OS may also be a factor.  For example if you are running a Linux system you may be using a version of OpenSSL to control secure communication and will need to check these to make sure they support TLS 1.2.  You may need to apply an update to an individual component or take some action to enable TLS 1.2 support.  Hopefully this will help get you started on where and what to look for with your integration.

We were able to resolve this issue in our C# cloud based tool by updating to .NET v4.6 which defaults to using TLS v1.2.  When we changed the project settings, we needed to manually change the reference to the httpRuntime targetFramework.  We also needed to update the SOAP created objects by going to our Connected Services and then right clicking on each of the services (ours are EntitlementOrderService, ManageDeviceService, and UserOrgHierarchyService) and selecting "Update Service Reference".

With these changes, we are now compatible with the recent changes.  Hopefully this will help someone else if they run into something similar.

akline
Moderator Moderator
Moderator

Please note the TLS changes in Production were postponed from the original September 10 date and the changes were made on October 1st.

0 Kudos