A blog article by Sabrina Rohenroth, Team Manager Specialized Sales Microsoft, and Martin Steiner, Solution Sales Infrastructure & Apps at COMPAREX
Announced some time ago, the new version of Windows Server hit the stores in October 2018: Windows Server 2019. Besides a stack of new features, this also means a goodbye to proven products that were appreciated by many companies. After all, extended support for SQL Server 2008 and 2008 R2 will end on July 9, 2019, and extended support for Windows Server 2008 and 2008 R2 will draw to a close less than a year later, on January 2020.
Naturally companies can continue to use SQL Server and Windows Server on premises precisely the way they have been doing so far. But the security updates for the 2008 version of Server will stop with the end of support.
Even if the risk seems marginal at first – after all, servers are mostly protected behind a firewall as well – the absence of security updates presents a major vulnerability for companies. Attacks like WannaCry demonstrate clearly that hackers will exploit any opportunity to mount an attack and are able to find creative ways of unleashing a steady stream of new threat scenarios on companies.
What’s more, the use of legacy software can also – in certain circumstances – mean incompliance with individual requirements, which might include placing a current ISO certification at risk.
The first piece of good news is that there is still enough time to make all the important decisions and preparations. So there’s no need to panic – but neither should the issue be postponed indefinitely.
Essentially there are three options to deal with the end of support for Windows Server and SQL Server, and the following will introduce you to what they are:
Probably the most obvious thing to do is to upgrade the servers from 2008 to the latest – or at least a more recent – version. Besides the expenditure on actual migration, this may also involve incurring costs for a new license. But when buying their current license, many companies picked one with Software Assurance (SA) and therefore the right to receive the most recent version. In this case they would not have to pay extra for licenses.
Companies in this position would be advised to migrate to the latest version, for instance Windows Server 2019. Firstly this prevents them having to repeat the whole process just a few years later, and secondly the technological advances from 2008 to 2019 are immense. The following example illustrates wonderfully how much has happened in the last ten years: When Windows Server 2008 hit the markets, the first iPhone had only recently been released in Germany. And plenty has happened since then with SQL and Windows Server, not just on the smartphone sector.
Of course there are scenarios in which this kind of migration is not doable, for instance if software is installed on the server that has certain technical dependencies which need a 2008 version. Microsoft caters to these cases with its paid “Extended Security Updates”.
The “Extended Security Updates” will be made available by Microsoft for the coming three years – but, as things stand, are only available to customers with an Enterprise Agreement (EA, EAS or SCE) who purchased their Windows Server or SQL Server with active Software Assurance or as a subscription. What’s more, the costs for Extended Security Updates are quite considerable and are quoted by Microsoft at 75% of the price for a fully licensed version of the latest Windows Server, i.e. SQL Server. Bear in mind, though, that the updates only need to be bought for the servers that actually need them. In addition, the updates are extended annually, so customers can gradually reduce the costs by implementing incremental migration.
It is not quite clear at present how the Extended Security Updates will be purchased. But they will be available no later than at the end of support for the specific server.
There is a third option for companies that would have difficulty migrating their servers and who are reluctant to fork out on the Extended Security Updates, although it is predicated on the ability to run the servers and their applications in a virtual environment: Migrating the servers to Azure.
In keeping with the general focus on cloud topics, Microsoft is also offering the option of receiving the aforementioned Extended Security Updates free of charge if the customers migrate their 2008 or 2008 R2 versions of SQL Server and Windows Server to virtual machines mounted on Azure.
The first thing that’s needed is, of course, an Azure environment. Azure can be purchased in many different ways, and it comes with application scenarios that go beyond simply hosting virtual machines. For example, an SQL Server in Azure can be operated as a “database as a service”, in which patches or availability are assured automatically. Our experts would also be available to you for technical migration to the cloud, backing up your Azure environment and managing the costs.
There’s also some good news for customers that have active Software Assurance for their SQL Server and Windows Server. They receive a hybrid use benefit and can save almost 80% of the costs for their virtual machines.
Time to say goodbye? A summary
So by announcing the end of support for SQL Server and Windows Server 2008 and 2008 R2, Microsoft is not yet forcing customers to bid their final farewells to the 2008 versions, as the vendor is providing plenty of alternative options. But a decision to implement any of these alternatives will take a lot of advance planning and preparation, which is why companies should make good use of the time that remains.