SQL Server 2008/R2 and Windows Server 2008/R2 will go out of support in July 2019 and January 2020 respectively.
Many organisations across the globe are still running these server editions within their infrastructure and have, at a maximum, 18 months left until they are left without support from Microsoft.
The end of extended support will mean no more security updates for these products.
Security is of paramount importance to organisations, even more so in the light of incidents such as Equifax, TicketMaster (link) and Typeform (link). Running even one server no longer receiving security patches is leaving the door open to cyber criminals – data theft, ransomware, corporate espionage and more all become possible.
For Microsoft, creating security patches, releasing new hotfixes and maintaining compatibility with other Microsoft products and those of 3rd parties all take time, effort and money – things which Redmond would prefer to see put towards the Cloud.
They’ve known for a long while that the 2008/R2 editions of Windows Server & SQL Server stood to be the “next XP” – perhaps even more difficult as they support many key platforms for organisations around the world. Microsoft realised that simply saying “That’s it – no more” was going to cause friction with their customer base and their partners, and most likely result in changes and extensions like those seen with Windows XP – so they introduced Premium Assurance.
However, Microsoft were able to see that not all organisations would be ready/able/willing to stop using these products – so they introduced Premium Assurance.
Launched in March 2017, Premium Assurance gave a way for organisations who “need to keep running on-premises without disruption” to purchase 6 years of additional support for Windows Server 2008/R2 and SQL Server 2008/R2 – extending the total support lifecycle to 16 years.
After only a short time, Premium Assurance was removed from the Microsoft Product Terms document. There was no announcement of its demise – simply a removal from the Product Terms and the Microsoft website. It seems there are only a few of us even aware it ever existed!
Perhaps the adoption of Premium Assurance was poor, due to it being an additional purchase on top of Software Assurance with various rules and a tiered pricing structure. Perhaps Microsoft realised it wasn’t driving the behaviour they wanted. Growing cloud revenue, cloud customers and cloud consumption is a huge priority for Microsoft – and making it easy for customers to stay on older, on-premises software isn’t going to help that.
Microsoft have now announced they will supply customers with a further 3 years of free support for Windows Server 2008/R2 & SQL Server 2008 R2…if they migrate the workloads to Azure.
Microsoft position this as a solution with no downside – not only do organisations get 3 more years to plan and execute their migration from the 2008/R2 editions, but they also get the benefits of cloud such as reduced costs, greater flexibility, and easier management.
It is around the cost elements where Microsoft have been working to create a compelling offer, a package comprised of:
Reserved Instances provide a way for organisations to pre-purchase specific Azure virtual machines, on a 1 or 3-year basis, for significant discounts. These work particularly well for long term, stable workloads where the size of the VM can remain static over time.
These allow Volume Licenses with Software Assurance to be used to cover Windows Server virtual machines in Azure, saving up to 40% over regular Azure costs.
Recently introduced, although still classed as “in preview”, these are akin to having a dedicated server and deliver “close to 100%” compatibility with support as far back as SQL Server 2005. This removes a major blocker, in Microsoft’s eyes at least, to SQL workloads being moved into Azure.
Like the rights for Windows Server, these allow Azure costs to be reduced through the use of Volume Licenses with Software Assurance. (Link to article).
The choice organisations must make is:
Neither option 1 or 2 will be easy and both will need considerable planning, but one must be done. The 3rd option – continuing to run unsupported Operating Systems and Databases – is almost unthinkable in today’s security climate.
For organisations who cannot migrate to Azure or upgrade on-premises, Microsoft will make the extended support available as part of a paid-for customer support agreement. This will be available to Enterprise Agreement customers on an annual basis and can be purchased for just the specific servers.
To make the best decision about handling this upcoming end of support, an organisation must be aware of its position on Azure.
If it is not on the cards for at least 3 years, performing on-premises upgrades probably makes the most sense. Where you have these products covered with Software Assurance, there will be little/no additional licensing costs but there will, of course, be other costs.
If, however, moving to Azure is a strategic goal within the next 18-24 months, this could be a great opportunity to begin. Yes, it may be sooner than anticipated but it gives a real purpose to the use of cloud – which helps limit the scope of the initial cloud use, making it easier, and more cost effective, to manage. It is also likely there will be additional planning and migration support available for Microsoft.
An organisation will also need a total understanding of its environment – how many impacted servers are there and what applications and systems do they support? ITAM will be key to this but should be involved in so much more too. Decisions will need to be made on strategic technology direction, cost comparisons of on-premises & cloud options, plans for utilisation of licensing and programmatic allowances, and more. ITAM should be involved in all these conversations.
It is also important the business understands the knock-on effects these decisions can have and, as many of these will impact the ITAM function, it is key you’re there to make them aware. Making a saving on Azure will seem like a great idea to most parts of the business – but what about the extra admin required to track the license allowances – how much will that cost the business? What about the new licensing non-compliance risk – how much might that cost the business? I think it’s fair to say ITAM are the only people who will consider these things and the extra work and risk will become part of your day, so be sure to get involved!
Whilst many may see this situation as a problem, for an ITAM team it could present a great opportunity. An opportunity to drive business transformation, to reduce costs, and to show the importance of the ITAM function to the business.
Microsoft support announcement – https://azure.microsoft.com/en-gb/blog/announcing-new-options-for-sql-server-2008-and-windows-server-2008-end-of-support/
Microsoft SQL Server Managed Instances – https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance#database-migration
Equifax breach – https://itassetmanagement.net/2017/10/19/equifax-itam/
TicketMaster breach – https://itassetmanagement.net/2018/07/03/get-me-in-to-your-personal-information/
Typeform breach – https://www.theregister.co.uk/2018/07/04/typeform_breach_continued/