What to Do When Your Windows Server Runs Out of Support

By Jacob Picart | January 17, 2020

When is the last time you checked with your infrastructure team that your public-facing websites and applications are running on Windows Server 2012 or newer?

You’d be surprised how many technology executives and IT managers I’ve consulted respond with, “I’ll have to get back to you on that,” or “I’m sure all our workloads are on supported systems and follow our patching cadence.” I don’t know about you, but these responses don’t instill much confidence. In fact, it’s often the case after a quick assessment that production and critical applications are still running on Windows Server 2008, or even Windows 2000. There is a plethora of reasons why an organization may still be running these older operating systems, but as any respectable security practitioner will say, applying patches is the first line of defense against network-based threats.

If your organization is still running workloads on Windows Server 2008 and/or SQL Server 2008, those products reached end of support on July 9, 2019 and January 14, 2020 respectively, which means you risk exposing these applications to the next wave of vulnerabilities, as Microsoft will no longer support or release security patches for these products.

If you find yourself in this predicament, don’t panic. There are options available, such as refactoring, rearchitecting, or even subscribing to Microsoft’s Extended Security Updates (ESU), which will extend patching for a maximum of three years. However, the ESU option can be cost prohibitive and doubles in cost each year you extend (you can only purchase ESU annually). In some scenarios, this option makes sense, but what about the rehosting option? You’re likely thinking that doesn’t make much sense because it’s essentially a “lift and shift” migration and doesn’t solve the problem, and you’d be right, but not with Azure. If your 2008 end of support workloads are migrated to Azure as IaaS, Microsoft will offer their ESU program for both Window Server and SQL Server at no additional charge above the cost of running the virtual machine in Azure. Furthermore, customers with active Software Assurance or Server Subscriptions can take advantage of Azure Hybrid Benefit reducing your IaaS costs. And don’t forget about Reserved Instance pricing as well, further reducing your monthly cloud spend.

These are just some options for your legacy workloads. The ESU program essentially buys you more time to plan for a long-term strategy; it keeps your applications patched and protected against online threats while not incurring additional licensing costs. Too complicated and not practical? Well, without going too deep into the weeds, if you know exactly what you want to migrate you can simply use Azure Migrate or Azure Site Recovery (ASR) to migrate your workloads using block-level replication with very little downtime.

However, if you’re in the group of users who don’t know what you don’t know, then you first need to have an environmental awareness of your workloads; fortunately, this can be done with Azure Migrate which will do an assessment of your existing environment and identify which candidates are ideal for migration. Both tools are available at no charge, with ASR only free for the first 31 days. By migrating your 2008 workloads to Azure, you’re buying more time to address the larger challenge ahead, whether that’s refactoring to a newer platform or architecting onto a cloud native database like Azure SQL or CosmosDB.

If the thought of migrating workloads sounds overwhelming, you’re not alone. Sometimes an existing team does not have the cycles to perform these projects, or simply doesn’t know where to start. If this scenario is one your organization is facing, let InterVision’s solution architects and cloud engineers help with your cloud strategy, so you can focus on transforming the business.

Reference Info Links:
https://www.microsoft.com/en-us/cloud-platform/extended-security-updates
https://azure.microsoft.com/en-us/services/azure-migrate/
Image Source: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/contoso-migration-rehost-vm