1.8 Configuring TLS Protocols for Migrate Hosts

PlateSpin Migrate server supports connections using Transport Layer Security (TLS) 1.0, TLS 1.1, or TLS 1.2 protocol, according to the protocols enabled on its host operating system. We recommend that you enable TLS 1.2 protocol in the Windows Registry settings on the Migrate Server host. For instructions, see TLS 1.2 in Transport Layer Security (TLS) Registry Settings in Microsoft Documentation.

NOTE:For the PlateSpin Migrate Server images available in cloud marketplaces, TLS 1.2 is enabled by default on the Migrate Server host. See Section 2.1.5, TLS Protocols.

The TLS settings on the Migrate Server host must allow connections appropriate for the source workload. Conversely, the TLS settings and .NET Framework version installed on each source workload operating system must allow connections appropriate for the TLS protocols you enable for the Migrate server host OS.

The TLS protocols that you enable on the Migrate server host OS determine what TLS protocols that source workloads can use to connect. Allowing TLS 1.0 or TLS 1.1 enables you to migrate source workloads with older operating systems that do not support TLS 1.2 or that do not support TLS 1.2 by default. For example:

  • Windows Server 2008 does not support TLS 1.2.

  • Windows Server 2008 R2 supports TLS 1.2, but that protocol is disabled by default. To enable the source workload to connect to a Migrate Server using TLS 1.2, you must enable TLS 1.2 for the operating system on the source workload.

  • Microsoft .NET 3.5 does not support TLS 1.2 by default. You must do one of the following on the source workload to enable connections using TLS 1.2:

    • Apply a Microsoft patch.

      -OR-

    • Install Microsoft .NET 4.x.

Enabling connections using TLS 1.2 protocol on a source workload might require that you install OS patches and Microsoft .NET Framework on the workload and modify its Windows Registry settings. For information about enabling TLS 1.2 on source Windows workloads, see Configuring Source Workloads to Connect Using TLS 1.2 in the PlateSpin Migrate 2019.2 User Guide.

You can optionally disable TLS 1.0 and TLS 1.1 protocols for the operating system on the Migrate Server host. The same Registry settings can be used for the Migrate Client host and for source workloads that support TLS 1.2. For information about disabling TLS 1.0 and 1.1 protocols for Windows operating systems, see TLS 1.0 and TLS 1.1 in Transport Layer Security (TLS) Registry Settings in Microsoft Documentation.

IMPORTANT:Disabling TLS 1.0 prevents operating systems that do not support TLS 1.2 from migrating.