Cybersecurity Blog

16 min read

Windows Server 2008 and SQL Server 2008 End of Service: Should I care?

Jun 11, 2019 9:14:43 AM

Microsoft will no longer release security updates for SQL Server 2008 and SQL Server 2008 R2 after July 9, 2019. In addition, they will no longer release security updates for Windows Server 2008 and Windows Server 2008 R2 starting January 14, 2020. Remaining on legacy infrastructure exposes your business to security threats, makes you non-compliant with regulations, and is more costly to operate.

 

You can bet hackers have the SQL and Windows Server 2008 a end of service date penciled in their calendar. They will be adding their finds to the list of SQL Server 2008 vulnerabilities and list of Windows Server 2008 vulnerabilities. Once hackers have crowd-sourced the list of vulnerabilities, they will conduct a quick Google search to download a list of companies currently on unsupported servers and will begin exploiting those companies. 

companies using windows server 2008_1

It really is that easy. So instead of dealing with a data breach and explaining to your CEO and customers that you remained on legacy systems past the end-of-service date, you should probably just upgrade your IT infrastructure. I mean... it's over 10 years old anyway, it's about time you move on!

The rest of the blog addresses your options for both Windows 2008 and SQL Server 2008. Also let it be known that when I say 2008 I also mean 2008 R2, and will be referring to both as 2008. Skip ahead to section that addresses the technology you're trying to migrate away from.

Windows Server 2008 End of Support

You have 3 options. One, Microsoft will allow you to perform a 'lift and shift' of your Windows 2008 servers, migrating them into Azure. You can re-host your workloads in Azure with no application code changes. Doing so will give you 3 more years of extended security updates (until July, 2023) at no additional cost and frequently answered questions about extended security updates are addressed here. By re-hosting those same workloads on Azure you'll even be able to take advantage of Azure Hybrid and save money. Microsoft is giving you this option because they would rather you have secure infrastructure while you plan for the future than have you simply run unsupported technology. It will give you a taste of the realm of possibilities with Azure, keep your servers secure, and give you a little more breathing room to think about upgrades.

 

Two, you can upgrade your on premises 2008 to Windows Sever 2012, 2016, or 2019 by January 14, 2020 and leave it on-premise. Three, you can migrate and upgrade from Windows Server 2008 on-premise to Windows Server 2019, hosted on Azure. You'll reap the most benefits with this option as you'll be updating your in-house infrastructure to a PaaS model, shifting the burden of all the dirty work onto Microsoft, and freeing you up for more creative, high-level IT work. In addition, you'll get the benefits of cost savings and built-in security. Why do you save so much money? Because with Azure you only pay for the consumption you use, instead of paying for all the underutilized hardware you have in the office right now.

Step 1 - Assess

Now that you know your options, I'm going to prepare you by making sure you have the right tools and are thinking about the scope of the project. First, you'll obviously have to identify which workloads are running on Windows 2008 and assess the business priorities and risk involved with touching them. So you know, do you have a back up? Is there redundancy? What are your server roles? Does it need to be migrated at night when no one is using it? What are your custom line-of-business and Microsoft applications? What will the impact on your network be?How will a migration affect your budget and costs? Those types of questions. To get you started, take an inventory of your apps and workloads by the following types: custom applications, Microsoft server applications, Microsoft partner applications, and Windows Server workloads (DNS/file/print). Then score the business impact of those categories and how important they are to your business operations. Then also give a score for the complexity of the application, based on the expertise and confidence you and your team has in migrating them.

Machine Group all processes

Second, you'll want to run the Microsoft Assessment and Planning (MAP) Toolkit, which Microsoft describes as a "an agentless, automated, multi-product planning and assessment tool that enables faster and easier desktop, server, and cloud migrations". This tool will give you deep insights into the scope of work set out for you and offer recommendations so that your migration is as smooth as possible. When you're done with that, check out Azure migrate, a Microsoft service that allows you to access on-premise workloads to determine the migrations suitability of those machines by providing VM sizing recommendations based on your current workload's performance history.

Third, you're probably wondering how much it's going to cost you. You can check out the Azure Total Cost of Ownership (TCO) calculator to receive a ball park estimate of your monthly spend. Microsoft is really pushing Azure on everyone, so there are a ton of financial incentives set aside for customers that migrate, so be sure to ask about them when you reach out to us.

Step 2 - Migrate

Once you've assessed your infrastructure you'll have to think about your migration approach. You can re-host your Windows Server 2008 workloads using Azure Site Recovery in order to migrate the machine images (either physical or virtual machines) into Azure VMs while using Azure Networking Services to relay them back to your servers. For your Line-of-Business (LOB) applications, you can migrate them in Azure using containers with minimal to no coding. You can even test how your legacy LOB applications will function by creating a sandbox environment in Azure. You can learn how to do a lot of this from the Azure Learning Center. Many companies still use Windows Server 2008 to host their Active Directory, DNS, and file and print services. Azure can easily take care of all of that, taking the burden off of your IT team to manage that infrastructure. For one, you can move you on-premises Active Directory to the cloud-based identity and access management service, Azure Active Directory. Doing so will improve reliability, security, and allow your team to manage IT remotely. In addition, you can reduce your workload by migrating your DNS server to Azure DNS, further reducing the burden of your IT team to perform tedious maintenance tasks. Furthermore, use Windows Server Storage Migration Service to easily migrate your file server data to OneDrive for Business. After all, you're already paying for it through your Office 365 or Microsoft 365 licenses, and OneDrive data is automatically encrypted and backed up. A little side-note about OneDrive for business, my favorite feature is file-on-demand, which allows you to see all of your businesses' cloud files without needed to download them to your desktop. 



preparing for windows server 2008 end of support from end of support to azure a path cover page


 

With a clean installation you can move to the latest version of Windows Server on the same hardware, and you do this by installing the newer operating system over the old one, which is then deleted. When you're done you'll need to migrate your server roles. In addition, it's important to note Microsoft's advice on moving to Windows Server 2019, "If you’re using Windows Server 2008 or Windows Server 2008 R2, you’ll need to plan to use the server role migration method or upgrade from Windows Server 2008 to Windows Server 2012 R2 and then upgrade again to Windows Server 2016, and then Windows Server 2019, as direct updates are not supported". You can read the complete guide to migrating your Windows Servers for more details.

Step 3 - Optimize

Azure makes optimization easy and transparent when it comes to cost management, security, and governance. You can plug in Azure Cost Management for right-sizing your workloads for cost reduction, and Azure Advisor for best-practice recommendations. You should also use the Azure Trust Center and Office 365 Security and Compliance center for your data governance and compliance needs. While I can't cover everything, this is the foundation for what you'll need when upgrading and migrating away from Windows Server 2008!

SQL Server 2008 End of Support

You have nearly identical options with Windows Server as you do with SQL Server 2008. First, you can migrate your SQL 2008 Server to Azure, giving you 3 more years (until 2022) of extended security updates for free. Second, you can upgrade your on premises 2008 to SQL Server 2012, 2014, 2016, 2017, or 2019 by July 19, 2019 and leave it on-premise or in Azure. Or for your third option, you can migrate and upgrade from SQL Server 2008 on-premise to Azure SQL Database Managed Instance.

Step 1 - Assess

Before you to anything, use the Microsoft Data Migration Assistant to assess your workloads before migrating. This tool detects compatibility issues that can impact the functionality of your database on a newer version of SQL Server. It can also move your schema, data, and uncontained objects from your source server to the new target server. Read the step-by-step guide to using the Data Migration Assistant to get started.


 migrating to SQL Server to Azure SQL Database Managed Instance cover page   an easier path to sql 2017 cover page


Next, you'll want to use the Microsoft Assessment and Planning (MAP) Toolkit, a tool to evaluate your IT infrastructure. Doing so will allow you to discover all database assets and their characteristics, including size and database details, statistics on the number of tables, views, as well as stored procedures within those databases.

It's been a long time since 2008, what version of SQL Server should we go with now? The answer to that is Azure SQL Database Managed Instance. Why Azure SQL Database Managed Instance? Because it's a fully managed Platform-as-a-Service (PaaS) solution where Microsoft automatically patches and updates your workloads with automated backups, built-in high availability, and security. All of this decreases management overhead when it comes to maintenance, dramatically decreases total cost of ownership, but most importantly frees up YOUR precious time so you can do more creative and productive tasks! Skeptical? Here are stories from 4 Microsoft customers who moved to Azure SQL Managed Instance. And for more details on the platform itself, watch the video below for more details.

 

Not ready to fully commit and completely change how you do IT? No worries, it can be a lot for some, which is why SQL Server 2019 hosted on Azure or on-premises is your next best option. You'll still be able to take advantage of a huge leaps in technology and lots of savings! You can even check out the top 10 reasons people choose SQL Server 2019.

Step 2 - Migrate

Let's fast forward a few weeks when you and your team has assessed your environment, has decided they want to go with Azure SQL Managed Instance, and are ready to go. The following are the steps to migrate to Azure, which you can read in more detail in Microsoft's step-by-step guide.

  1. Provision and configure an Azure Virtual Network (VNet)
  2. Create an optimally sized Azure SQL Database managed instance
  3. Create an Azure Storage account for backing up your source database
  4. Create a Database Migration Service migration project with the source and target defined
  5. Connect and test your application

Step 3 - Optimize

Once you're done it's time for post-migration optimization! Because you're moving to an edition of SQL Server that is 10 years newer than your current one, and is now managed by Azure instead of being on-premise, you may run into query regression issues. You can fix this by changing the compatibility level of your source database then going into query store to drill-down on performance before and after your changes. Next you'll want to check for missing or incorrect indexes, as they waste memory and CPU. To fix that problem, use the Database Engine Tuning Advisor.

Thank you for reading and I appreciate you taking the time to drudge through some pretty dry material. Of course it's important to remember that *ideally* these steps will work exactly as described, but as everyone in IT knows, things never go as instructions say they will. But this article should get you going in the right direction. Have fun!

 


More readings
  1. Preparing for Windows Server 2008 End of Support
  2. From End of Support to Azure - A Migration Path
  3. Lead Your Team Through End of Support
  4. SQL Server 2008 and 2008 R2 End of Support is Coming
  5. An Easier Path to the Cloud for Your Legacy SQL Server Data
  6. Migrating SQL Server to Azure SQL Database Managed Instance
  7. Cloud Lessons Learned: 4 Companies that Migrated Their SQL Data
  8. Extended Security Updates After End of Support for Windows Server and SQL Server 2008 and 2008 R2
  9. Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions
  10. Cloud Lessons Learned: Four Companies that Migrated Windows Server

 

Need help with that migration?

Schedule a meeting

Brandon Lecoq
Written by Brandon Lecoq

Cybersecurity Manager

Post a Comment