Countless numbers of smaller and midmarket organizations, as well as those in less regulated industries such as manufacturing and retail, have delayed upgrading. Is this you?
Time is speeding by and you’ve got enough to worry about. Here is something more — and it’s a pretty big deal for many of you.
Microsoft is ending its extended support for SQL Server 2008 and 2008 R2 versions on July 9, 2019. On January 14, 2020, it is eliminating extended support for Windows Server 2008 and 2008 R2 versions. These were popular versions of each product with huge install bases for much of the past decade. For organizations that haven’t upgraded to newer versions, Microsoft will no longer provide security and product updates as of those dates. Companies can continue using the non-supported products at their own risk, but will be out of compliance with GDPR and other industry standards. They’ll also miss out on further product innovations.
The security issues here could be frightening, with the volume of malware and other attacks trending higher each year. Organizations may choose to take the risk and assume ownership of it by trying to beef up their firewalls, intrusion systems and other edge tools. But they could over-spend and still be in danger of a breach.
It’s hard to get a read on how many businesses, government agencies, schools and other organizations will be impacted by these deadlines worldwide. Microsoft has released at least two versions of each product in the past 10 years, so the population affected isn’t what it once was. Many larger enterprises, plus companies in heavily regulated industries such as healthcare and financial services, have already upgraded as part of their digital transformation initiatives. Yet Microsoft justifiably sees this as a massive opportunity to increase Azure consumption, as migrating to the cloud is one of two major paths to resolution. Some estimates have placed the global opportunity as high as $40 billion.
Indeed, countless numbers of smaller and midmarket organizations, as well as those in less regulated industries such as manufacturing and retail, have delayed upgrading. Is this you? If so, we understand — to a degree. We’ll discuss below the many challenges involved. But then we’ll come back to the familiar refrain, “With many challenges also come opportunities.” We have some tips and advice for those facing these challenges.
This is a prime opportunity to put all the delays and false starts behind you and get on the road to IT modernization. However, the clock is ticking — and the SQL Server deadline is imminent.
It is important to note that a substantial number of organizations are still on both SQL Server 2008 (or 2008 R2, its follow-up release) and Windows Server 2008 (or 2008 R2). A few of you out there may have even older, non-supported versions, such as SQL Server 2005 or Windows Server 2003 R2.
However, many of you may be just on one 2008 server release, but not the other.
If your organization must upgrade only Windows Server, you have more time and your paths to resolution are much simpler. You can:
Microsoft is doing a lot to get organizations to adopt hybrid infrastructures with Azure. You can move workloads to Azure virtual machines running Windows Server 2016, 2012 or even 2008. You can also containerize applications with Windows Server 2016 or rewrite them using Azure PaaS (Platform-as-a-Service). With this option, Microsoft will provide you with free extended security updates for three years beyond the January 14, 2020, deadline.
If you’re unable to move all your workloads to the cloud, or if certain compliance requirements demand that you keep your servers on-premises, you can instead upgrade to the latest version of Windows Server and purchase support – a la carte – for individual licenses.
With the second option, you don’t get the free extended security updates, but you can purchase them annually for 75 percent of the total license cost of Windows Server 2016. This only works if you have active Software Assurance or subscription licenses. This option could get costly. However, if it is the best one for your organization, it does set you up to more easily migrate to the cloud at a future date.
Note: If you have legacy, non-supported applications dependent on Windows Server 2008, you must upgrade your applications before upgrading your Server version. Otherwise, the Server upgrade alone simply doesn’t gain you a lot. Security vulnerabilities and performance issues will linger, among other problems.
Conversely, the upgrade from SQL Server 2008 (and 2008 R2) is more complicated because it serves databases as well as applications. There are greater numbers of dependencies involved. For most changes you end up making to your environment, data applications will have to be recertified and vetted again for performance, which takes time and expertise.
You also have the user or customer experience to consider for any moves made. Your databases are often the back-end to key front-end applications that touch your customers.
Here’s why you may not have upgraded by now:
Your IT environment is complex. It’s possible you’ve lost track of which software resides on your respective servers, and which applications are receiving data. You may be using some servers that are up-to-date with those that aren’t. You need more than a server inventory; there’s dependency mapping that must be done as well, and that takes time and energy you don’t have.
Your systems architects are long gone. Those who built your SQL Server 2008 database system eight to 10 years ago probably customized some of the data feeds and applications to meet your needs at that time. Now these IT pros are at other companies. Those who replaced them may even be gone. You know how to maintain the status quo but have no access to documentation regarding the shaping of your current environment.
Your executive support is lacking. Surprisingly, your executive team may not be buying the fact that you need money to upgrade legacy database servers before they lose extended support. This is frustrating, for sure. But some organizations truly believe that if it ain’t broke, don’t fix it.
The cost of upgrading is greater than the risk. Yes, the cost of upgrading is significant. It is rarely ever greater than the risk, but it may sometimes seem like it.
It takes a level of maturity as an IT executive or professional to understand all the ramifications involved. If you happen to be leaning toward inaction, here is why it could be costly to your organization:
You’ll get a poor reputation among customers. Taking security risks and falling out of compliance will likely tarnish your reputation among customers and prospects. Many will not want to do business with an organization that doesn’t see fit to prioritize its own security and well-being. Some may be forced to give you the stiff arm — a customer bound by GDPR, for example, may be prohibited from using products and services from an organization ignoring the regulation.
You’ll have a bad rap among partners. Again, if your organization is non-compliant with GDPR or other regulations, and a partner is relying on a service from you, the partner may view itself as not being compliant. That could mean the end of your partnership and a serious disruption to your partner ecosystem.
The paths to upgrading your SQL Server 2008 or 2008 R2 system are similar to those of Windows Server, with a slight twist.
Again, Microsoft is offering incentives such as enabling you to lift and shift servers and databases in a hybrid cloud environment while you modernize on your own for three years. You can move SQL Server data and workloads to Azure virtual machines in an Infrastructure-as-a-Service (IaaS) platform or to an Azure SQL Database managed instances under a PaaS option. Again, you get free extended security updates for three years after the July 9 deadline.
If you’re unable to move all your workloads to the cloud, or if certain compliance requirements demand that you keep your servers on-premises, you can instead upgrade to the latest version of SQL Server. You can purchase extended security updates annually for 75 percent of the total license cost of SQL Server 2017, if you have active Software Assurance or subscription licenses.
For those organizations that view cost as the No. 1 priority, Amazon Redshift provides a scaled down version of database software that enables SQL Server 2008 users to migrate to AWS. If you are currently only using basic SQL Server features and don’t foresee requiring the more expanded functionality that SQL Server offers, Redshift is an option.
As a last resort, Microsoft has discussed providing extended security updates to organizations unable to upgrade at this time. This option is not recommended. For one thing, the cost of the updates has not yet been announced and is likely to be burdensome. Further, this option stalls organizations from acting at a time when action is critical.
At the time of publication, the SQL Server EOS deadline is less than four months away. Any organization that has put this off until now is going to be challenged to meet the timeline. You must get going. Here are some important steps to take:
A cloud MSP can take away some of the operational heavy lifting in three key ways:
An overall IT assessment and cloud transformation strategy. This assessment of your environment is combined with recommendations for consolidating operations, so you can avoid wasteful spending and migrate only necessary items to the cloud.
A health check of your data estates. The cloud MSP will evaluate each estate to determine its usage, performance, and growth potential, how it can be optimized, and how it fits (from a budget and compliance perspective) in your overall environment.
A compliance audit. If you have older applications and budget limitations, having a third-party audit can be helpful in persuading executives making budget decisions that IT modernization must be made a higher priority.
In the meantime, this is not the time to lament the end of support for SQL Server and Windows Server 2008 versions. They are both 10 years old — think about the features of a smartphone 10 years ago. It’s time to move forward. Consider this challenge an opportunity.