While the deadline for the end of support for Windows 7 — Jan. 14, 2020 — has been top of mind for federal agency leaders for all of 2019, there are other Microsoft-related deadlines with significant implications for IT professionals.
In fact, one has already passed. SQL Server 2008 and SQL Server 2008 R2 reached their end of support on July 9. Windows Server 2008 and Windows Server 2008 R2 will hit their deadline on Jan. 14, 2020.
Given how important cybersecurity is in federal IT environments, it’s not at all advisable for your agency to keep using outdated software that will not receive security patches. So there are two main options: Pay for extended support or migrate to newer and more advanced platforms, such as Azure, or Windows Server 2016 and SQL Server 2017.
Purchase Extended Support for SQL 2008
The easiest and least painful thing to do if your agency has missed the July deadline is to kick the can down the road for up to three years by purchasing Extended Security Updates from Microsoft.
However, this is only available to agencies using SQL Server or Windows Server with an active subscription to the Software Assurance licensing program. If you go this route, you can buy Extended Security Updates in one-year increments for up to three years before reaching the final deadline.
This plan is not exactly a long-term solution, though. When the final deadlines arrive, agencies will need to migrate to a more current version of Windows and/or SQL Server. It’s likely going to be better in the long run to upgrade now.
How much do Extended Security Updates cost for Windows Server and SQL Server 2008 and 2008 R2? According to Microsoft, “customers with active Software Assurance or subscription licenses can purchase Extended Security Updates for approximately 75% of the on-premises license cost annually.” For those in hosted environments, the extended support can be purchased for “approximately 75% of the full on-premises license cost annually or from their Microsoft reseller for use in the hosted environment.”
Shift to New Microsoft Platforms
The best path forward for agencies is to simply upgrade to more recent versions of these products: Windows Server 2016 and SQL Server 2017.
Doing so will not hurt the functionality of applications in all likelihood, but I would recommend that all production deployments should be tested and put through a change management process.
Another path forward is migrating to Azure and getting free security updates. Agencies can rehost SQL Server 2008 and 2008 R2 with few or no application code changes in an Azure SQL Database Managed Instance for a “version-free” platform. Agencies can also move to Azure Virtual Machines to get three years of Extended Security Updates at no additional charge and upgrade to a newer version when they are ready.
Newer platforms bring new features and innovations, lower costs and enhanced security and compliance.
The bottom line is that agencies should not wait to deal with this problem. And the good news is that since Microsoft’s standard support policy is to offer software updates for 10 years following a product’s release, agencies that make the switch now won’t face another upgrade deadline until 2026.