Don’t Let the End of Support Become the Start of Trouble
Use SQL Server 2008 and Windows Server 2008 EOS to Jumpstart Your IT Modernization
By Todd Pekats, VP of Cloud and Services PCM
Time is speeding by and you’ve got enough to worry about. Here is something more — and it’s a pretty big deal for many of you.
Microsoft is ending its extended support for SQL Server 2008 and 2008 R2 versions on July 9, 2019. On January 14, 2020, it is eliminating extended support for Windows Server 2008 and 2008 R2 versions. These were popular versions of each product with huge install bases for much of the past decade.
For organizations that haven’t upgraded to newer versions, Microsoft will no longer provide security and product updates as of those dates. Companies can continue using the non-supported products at their own risk but will be out of compliance with GDPR and other industry standards. They’ll also miss out on further product innovations.
The security issues here could be frightening with the volume of malware and other attacks trending higher each year. Organizations may choose to take the risk and assume ownership of it by trying to beef up their firewalls, intrusion systems, and other edge tools. But they could over-spend and still be in danger of a breach.
It’s hard to get a read on how many businesses, government agencies, schools, and other organizations will be impacted by these deadlines worldwide. Microsoft has released at least two versions of each product in the past 10 years, so the populous affected isn’t what it once was. Many larger enterprises plus companies in heavily regulated industries such as healthcare and financial services have already upgraded as part of their digital transformation initiatives.
Yet Microsoft justifiably sees this as a massive opportunity to increase Azure consumption, as migrating to the cloud is one of two major paths to resolution. Some estimates have placed the global opportunity as high as $40 billion.
Indeed, countless numbers of smaller and midmarket organizations, as well as those in less regulated industries such as manufacturing and retail, have delayed upgrading.
Is this you? If so, we understand — to a degree. We’ll discuss below the many challenges involved. But then we’ll come back to the familiar refrain, “With many challenges also come opportunities.” We have some tips and advice for those facing these challenges.
This is a prime opportunity to put all the delays and false starts behind you and get on the road to IT modernization. However, the clock is ticking — and the SQL Server deadline is imminent.
Path is clearer for upgrading Windows Server
It is important to note that a substantial number of organizations are still on both SQL Server 2008 (or 2008 R2, its follow-up release) and Windows Server 2008 (or 2008 R2). A few of you out there may have even older, non-supported versions, such as SQL Server 2005 or Windows Server 2003 R2.
However, many of you may be just on one 2008 server release, but not the other.
If your organization must upgrade only Windows Server, you have more time and your paths to resolution are much simpler. You can:
- Migrate to Azure. Microsoft is doing a lot to get organizations to adopt hybrid infrastructures with Azure. You can move workloads to Azure virtual machines running Windows Server 2016, 2012 or even 2008. You can also containerize applications with Windows Server 2016 or rewrite them using Azure PaaS (Platform-as-a-Service). With this option, Microsoft will provide you with free extended security updates for three years beyond the January 14, 2020, deadline.
- Upgrade to the latest on-premises version, Windows Server 2016. If you’re unable to move all your workloads to the cloud, or if certain compliance requirements demand that you keep your servers on-premises, you can instead upgrade to the latest version of Windows Server and purchase support – a la carte – for individual licenses.
With the second option, you don’t get the free extended security updates, but you can purchase them annually for 75 percent of the total license cost of Windows Server 2016. This only works if you have active Software Assurance or subscription licenses. This option could get costly. However, if it is the best one for your organization, it does set you up to more easily migrate to the cloud at a future date.
Note: If you have legacy, non-supported applications dependent on Windows Server 2008, you must upgrade your applications before upgrading your Server version. Otherwise, the Server upgrade alone simply doesn’t gain you a lot. Security vulnerabilities and performance issues will linger, among other problems.
Why the SQL Server upgrade may be more challenging
Conversely, the upgrade from SQL Server 2008 (and 2008 R2) is more complicated because it serves databases as well as applications. There are greater numbers of dependencies involved. For most changes you end up making to your environment, data applications will have to be recertified and vetted again for performance, which takes time and expertise.
You also have the user or customer experience to consider for any moves made. Your databases are often the back-end to key front-end applications that touch your customers.
Here’s why you may not have upgraded by now:
- Your IT environment is complex. It’s possible you’ve lost track of which software resides on your respective servers, and which applications are receiving data. You may be using some servers that are up-to-date with those that aren’t. You need more than a server inventory; there’s dependency mapping that must be done as well, and that takes time and energy you don’t have.
- Your systems architects are long gone. Those who built your SQL Server 2008 database system eight to 10 years ago probably customized some of the data feeds and applications to meet your needs at that time. Now these IT pros are at other companies. Those who replaced them may even be gone. You know how to maintain the status quo but have no access to documentation regarding the shaping of your current environment.
- Your executive support is lacking. Surprisingly, your executive team may not be buying the fact that you need money to upgrade legacy database servers before they lose extended support. This is frustrating, for sure. But some organizations truly believe that if it ain’t broke, don’t fix it.
- The cost of upgrading is greater than the risk. Yes, the cost of upgrading is significant. It is rarely ever greater than the risk, but it may sometimes seem like it.
It takes a level of maturity as an IT executive or professional to understand all the ramifications involved. If you happen to be leaning toward inaction, here is why it could be costly to your organization:
- You’ll get a poor reputation among customers. Taking security risks and falling out of compliance will likely tarnish your reputation among customers and prospects. Many will not want to do business with an organization that doesn’t see fit to prioritize its own security and well-being. Some may be forced to give you the stiff arm — a customer bound by GDPR, for example, may be prohibited from using products and services from an organization ignoring the regulation.
- You’ll have a bad rap among partners. Again, if your organization is non-compliant with GDPR or other regulations, and a partner is relying on a service from you, the partner may view itself as not being compliant. That could mean the end of your partnership and a serious disruption to your partner ecosystem.
Migrate to Azure (or Amazon Redshift, a simpler alternative)
The paths to upgrading your SQL Server 2008 or 2008 R2 system are similar to those of Windows Server, with a slight twist.
- Migrate to Azure. Again, Microsoft is offering incentives such as enabling you to lift and shift servers and databases in a hybrid cloud environment while you modernize on your own for three years. You can move SQL Server data and workloads to Azure virtual machines in an IaaS (Infrastructure-as-a-Service) platform or to an Azure SQL Database managed instances under a PaaS option. Again, you get free extended security updates for three years after the July 9 deadline.
- Upgrade to the latest on-premises version, SQL Server 2017. If you’re unable to move all your workloads to the cloud, or if certain compliance requirements demand that you keep your servers on-premises, you can instead upgrade to the latest version of SQL Server. You can purchase extended security updates annually for 75 percent of the total license cost of SQL Server 2017, if you have active Software Assurance or subscription licenses.
- Migrate to another cloud provider. For those organizations that view cost as the No. 1 priority, Amazon Redshift provides a scaled down version of database software that enables SQL Server 2008 users to migrate to AWS. If you are currently only using basic SQL Server features and don’t foresee requiring the more expanded functionality that SQL Server offers, Redshift is an option.
As a last resort, Microsoft has discussed providing extended security updates to organizations unable to upgrade at this time. This option is not recommended. For one thing, the cost of the updates has not yet been announced and is likely to be burdensome. Further, this option stalls organizations from acting at a time when action is critical.
It’s time to act: Here’s help
As you read this, the SQL Server EOS deadline is less than four months away. Any organization that has put this off until now is going to be challenged to meet the timeline. You must get going. Here are some important steps to take:
- Assess your environment from the ground up. Start with a discovery session on how your database and infrastructure operate. Use the tools you have available to you, such as your own management platform, the free Microsoft Assessment and Planning (MAP) Toolkit, or similar tools from Movere, Turbonomic, and others. Review your entire environment to detail your number of servers and versions, databases and versions, applications and versions, active usage, and other key factors.
- Identify the line-of-business or technology owners to help you prioritize data estates. The tools mentioned above can get you 90 to 95 percent of the information you need, but the remainder may be the toughest part: Identifying the custom data tables and applications built (perhaps a decade ago), and who owns them. You will need the what and why behind these to decide which data estates are most critical to your business. At this late stage, you may not be able to save all your data estates. But you may detect some that are little used and aren’t worth saving.
- Review your current commitments to IT vendors. You can’t effectively prioritize assets without knowledge of all your licenses and commitments, including any recent purchases. These transactions could dictate some of your next steps.
- Determine if you have any long-term commitments to consume Azure. Such commitments may be part of the software licenses you purchased from Microsoft. Like point No. 3 above, they may have a bearing on your next steps.
- Beware of potential cloud service latency issues. Migrating to the cloud may be your No. 1 choice. For the most part, it is not hard for your cloud provider to pull it off. But you must consider the potential latency problems. Latency issues typically happen when databases and data sources are physically separated by a great distance. The greater the distance, the more likely it is that your users will experience significant delays getting their questions answered and requests fulfilled. Your users’ expectations should remain a top priority — which may mean keeping database servers on-premises for a time, or rearchitecting your environment.
- Know your on-premises capacity requirements. You may favor upgrading to the more current on-premises versions, but to do so, you must have the server capacity for up to three more years. If you don’t, migrating to the cloud may be the more budget-friendly option.
- Formulate a plan, and prioritize, prioritize, prioritize. What are your mission-critical data applications? What is your low-hanging fruit (i.e., things you can get done right away)? What is your long-term strategy? How can you meet the July 9 deadline (or how can you get reasonably close)?
- Reach out to a third-party for help, if necessary. If you need help, get it. It could save you dearly in the long run. A cloud managed services provider (MSP), could assess your environment and help you quickly come up with a plan of action.
How a cloud MSP can help your modernization strategy
A cloud MSP can take away some of the operational heavy lifting in three key ways:
- An overall IT assessment and cloud transformation strategy. This assessment of your environment is combined with recommendations for consolidating operations, so you can avoid wasteful spending and migrate only necessary items to the cloud.
- A health check of your data estates. The cloud MSP will evaluate each estate to determine its usage, performance, and growth potential, how it can be optimized, and how it fits (from a budget and compliance perspective) in your overall environment.
- A compliance audit. If you have older applications and budget limitations, having a third-party audit can be helpful in persuading executives making budget decisions that IT modernization must be made a higher priority.
For more information on PCM’s cloud services, please visit http://www.pcm.com/cloud. In the meantime, this is not the time to lament the end of support for SQL Server and Windows Server 2008 versions. They are both 10 years old — think about the features of a smartphone 10 years ago. It’s time to move forward. Consider this challenge an opportunity.
Todd Pekats, Vice President, PCM, Inc.
Todd Pekats is a Solutions Architect with 30 years of experience in the production, operations, support, management and design of complex high-end technology solutions. Todd currently works at Stratiform USA and is chartered with providing enterprise consulting services focused on Microsoft technologies and infrastructures. Todd’s experiences combine global engineering, and operations management, along with disaster recovery and business continuity. Todd has run a number of successful consultancies in the New York metropolitan area and has extensive experiences in the financial markets. Todd is a v-TSP and a Device TSP, he is also a Windows 7/10 Ranger and was recognized by Microsoft as the Evangelist of the year.