Ides of March TLS deadline

Options
John Heizer
John Heizer
Ancient Membership 500 Likes 500 Comments Photogenic
in Blackbaud Raiser's Edge NXT®: General Discussion
I just wanted to report that we survived the March 15 deadline without upgrading to RE 7.96.  Admittedly we don't run any extra BB products that might require RE to communicate with BB servers (no OLX, BBNC, BBMS, etc.), but we're still running just fine on 7.93 for the moment.


We'd planned to have our conversion completed by the 15th, but some of our staff that were needed for testing our interface with our Galaxy ticketing system (used to sell memberships that then come directly into RE) were not available.  We kept a close eye on things the 15th and 16th with a backup plan to do an immediate conversion if RE completely failed, but we didn't have even a blip.  We're completing testing this week and if there are no problems we'll convert our live data early next week.
Tagged:

Comments

  • Joanne Felci 2
    Joanne Felci 2
    Ninth Anniversary 1,000 Likes 1000 Comments Photogenic
    <<<VIRTUALLY HIGH FIVE>>>


    We did the same John - still on 7.93, all is working fine...


    After all the 'sky is falling' and multiple, multiple, multiple...I mean hello MULTIPLE emails it was all fine


    We do not run any credit cards thru RE, not currently using BBMS (but I'm going to start conversations with them, so who knows) and I kept saying logically WHY would this be an issue if it is PCI compliance issue


    I am planning to upgrade to 7.96 - probably this summer, in a slower time - and would love to hear how everything goes for you
  • John Heizer
    John Heizer
    Ancient Membership 500 Likes 500 Comments Photogenic

    Joanne Felci:

    <<<VIRTUALLY HIGH FIVE>>>


    We did the same John - still on 7.93, all is working fine...


    After all the 'sky is falling' and multiple, multiple, multiple...I mean hello MULTIPLE emails it was all fine


    We do not run any credit cards thru RE, not currently using BBMS (but I'm going to start conversations with them, so who knows) and I kept saying logically WHY would this be an issue if it is PCI compliance issue


    I am planning to upgrade to 7.96 - probably this summer, in a slower time - and would love to hear how everything goes for you

    It's good to know we're not alone in postponing.


    We've never entered/processed credit cards in RE and don't use any of the ancillary BB products, so I was fairly confident that we wouldn't be affected, but wanted to get upgraded before the 15th anyway because our work load starts picking up in April.  I had a bit of a scare earlier this month when I realized that we DO get credit card numbers put directly into RE Gifts from our ticketing system that we use to sell memberships, but found out that those come across as already obfuscated text, so RE never sees it as a "real" credit card number that it might need to tokenize through BB servers (which is what happens if you try to store a credit card number on a Constituent record).


    Just to clarify, the TLS upgrade is required for PCI compliance, but it involves much more than just credit cards, it involves all encrypted data flowing over the internet, which would affect data coming into RE from Online Express, NetCommunity, etc.  Essentially anything where RE communicates with another Blackbaud system even if credit card numbers aren't involved.


    I'll go ahead and add that our test conversion has gone VERY smoothly.  We've gone directly from 7.93 to 7.96 Patch 8 and haven't had any of the problems early adopters had with phone number conversion.  There may need to be some minor cleanup, but for the most part everything seems to have converted very well.  We won't be able to take advantage of some of the new features, like having multiple "Home" phone numbers because of our interface with external systems that can't support them, but we're accustomed to that sort of trade-off.

  • Steven Cinquegrana 2
    Steven Cinquegrana 2
    Ninth Anniversary 500 Comments 250 Likes Name Dropper
    Hi John, all,


    I have a client we are in the midst of performing a full upgrade for, including BBNC, and they are also OK at the moment despite not upgrading.


    I think in your situation - where your clients are only communicating with your own internal server - effectively nothing has changed, nor could it due to the Blackbaud TLS1.0 changes. That makes sense to me.


    But for sites where there is BBNC, OLX, etc interconnectivity with BB I'd suggest not delaying things too long. My guess is that Blackbaud is being prudent with its decommissioning of TLS1.0 and allowing for clients who are running late on their patching, etc to catch up. (Blackbaud said it would start decommissioning on March 15, not have it completed by then.) And they can see all of the TLS1.0 traffic hitting their servers; they would be crazy to proceed en-masse while there is significant TLS1.0 traffic and will likely leave a window over the next few weeks before shutting things off completely. DISCLAIMER: These are just my thoughts on the matter; I have no idea what the actual machinations are!


    Cheers,

    Steve Cinquegrana | CEO and Principal Developer | Protégé Solutions

     
  • Joanne Felci 2
    Joanne Felci 2
    Ninth Anniversary 1,000 Likes 1000 Comments Photogenic

    Steven Cinquegrana:

    Hi John, all,


    I have a client we are in the midst of performing a full upgrade for, including BBNC, and they are also OK at the moment despite not upgrading.


    I think in your situation - where your clients are only communicating with your own internal server - effectively nothing has changed, nor could it due to the Blackbaud TLS1.0 changes. That makes sense to me.


    But for sites where there is BBNC, OLX, etc interconnectivity with BB I'd suggest not delaying things too long. My guess is that Blackbaud is being prudent with its decommissioning of TLS1.0 and allowing for clients who are running late on their patching, etc to catch up. (Blackbaud said it would start decommissioning on March 15, not have it completed by then.) And they can see all of the TLS1.0 traffic hitting their servers; they would be crazy to proceed en-masse while there is significant TLS1.0 traffic and will likely leave a window over the next few weeks before shutting things off completely. DISCLAIMER: These are just my thoughts on the matter; I have no idea what the actual machinations are!


    Cheers,

    Steve Cinquegrana | CEO and Principal Developer | Protégé Solutions

     

    Lots of good points Steve!


    I just hope I can skate by until the summer...even June...as right now I can't begin to give this any thought.


    I'd also like to test it first but am having a lot of push back from my IT department for server space (which is my own personal problem)

  • Lily Barger
    Lily Barger
    Eighth Anniversary 10 Comments Photogenic Name Dropper
    Hello!  We are locally hosted and ended up doing the upgrade last week, on the 13th, although we hadn't planned to since we are upgrading to NXT shortly.  The reason we did so was that even though we don't process transactions through BBMS or BB payments, we were told by Blackbaud that our NetCommunity would no longer be functional because that ability to process payments is built in.   We ended up rushing to convert, and so far we are ok, but we do have a lot of phone number cleanup which I wish we'd had more time to prepare for. 

Categories