Windows Server and SQL Server End of Life. What should I expect?
Software doesn’t last forever!
It doesn’t make financial sense for a technology company to continue patching older versions of a particular piece of software, when newer versions are already available - and Microsoft’s products are no exception.
All Microsoft software has a lifecycle, which starts when a new version is released and ends when Microsoft no longer officially supports that version. If your business relies on Windows Server 2008, 2008 R2, 2012 or 2016, or SQL Server 2008, 2008 R2, 2012, or 2014, then all of these releases are rapidly approaching end-of-life.
But what does end-of-life mean? And what are the consequences, if your version of Windows Server, SQL Server, or any Microsoft product, enters end-of-life while your business is still using it?
In this article, we’ll be exploring everything you need to know about end-of-life, and the impact it could have on your business.
Mainstream, extended and end-of life: The software lifecycle.
There are a few different terms that are used when discussing the software lifecycle:
- Mainstream support.
During mainstream support, software continues to receive security updates for any new bugs that are discovered, and as well as new features. You can also contact Microsoft for help at no additional cost.When software leaves mainstream support, it enters extended support.
- Extended support.
During the extended support phase, Microsoft will continue to provide fixes and patches for any security issues they discover, but will not provide any design or feature updates, or any fixes for issues unrelated to security.
Microsoft will also no longer provide complementary support, even if it’s included in your license, although they will continue to offer paid support. At this point, any active warranty claims become invalid.
Once extended support ends, the software enters the final stage, which is end-of-life.
When software reaches this stage, it’s effectively unsupported. Microsoft won’t offer any updates, even for major security issues that pose a significant threat to your business.
What does this mean for Windows Server and SQL Server?
If you use Windows Server 2008, 2008 R2, 2012 or 2016, then it’s vital that you’re aware of the following deadlines:
If you use SQL Server 2008, 2008 R2, 2012, or 2014, then Microsoft have issued the following schedule:
Being aware of lifecycle state, is essential for making more informed decisions about when to update, upgrade, or make any other changes to your hardware and software.If you’re confused about the lifecycle state of any Microsoft product, then you can find Microsoft’s complete and up-to-date schedule, over at their lifecycle fact sheet. Microsoft have also been known to push their deadlines back from time to time in response to consumer pressure, so it’s worth bookmarking this fact sheet, and checking back periodically.
End-of-life: What does it mean for my business?Now that we’ve clarified what the different lifecycle states are, let’s explore the consequences of remaining on any piece of software after it’s entered end-of-life.
1. You’ll be more vulnerable to digital attacks
The biggest problem with using end-of-life software, is that Microsoft will no longer issue any security updates. Even if a substantial security hole is discovered, it’s highly unlikely you’ll ever receive a security patch. In 2017, Microsoft did release a security patch for Windows XP, despite it entering end-of-life back in 2014, but this was to prevent the spread of the infamous WannaCry ransomware. To help keep your business safe, you should assume that once a piece of software enters end-of-life, you’re never going to receive another security update.
New viruses, malware and hacks are being discovered all the time, and without the necessary patches, your business will be particularly vulnerable to any new and emerging threats. It’s also possible that hackers may specifically target end-of-life software, as they represent such an easy target.
Using software that’s no longer supported by Microsoft simply isn’t safe.
2. You may stop receiving third party updates
When Microsoft stop supporting one of their own products, it sends a clear message to all third parties about the future of that product.
For companies who make their money developing third party apps, programs or tools, it simply doesn’t make financial sense to invest time and money into supporting a “dead” system. Even large household names will eventually decide that the cost of remaining compatible with a piece of end-of-life software far outweighs the benefits, for example both Chrome and Firefox no longer support Windows XP.
If you continue using an end-of-life system, then you may eventually wind up “stuck” on an outdated version of your favourite third party software. While you could continue to use this
earlier version, you’ll no longer have access to any security fixes, patches and other updates, which can expose your business to additional attacks. In addition to making your business an easy target for hackers, you won’t benefit from any of the new features included in subsequent third party updates.
The issue of third party support is only going to become worse over time, as more and more third parties withdraw their support, and you lag further behind with your updates.
To make sure you continue to receive the latest versions of all your favourite third party software, it’s crucial that you monitor Microsoft’s lifecycle fact sheet and migrate away from any software that’s approaching end-of-life.
3. It may become impossible to upgrade your hardware
You don’t just need to worry about third party developers: there’s no guarantee that third party hardware manufacturers will continue to support end-of-life software.
If you stick with your end-of-life system, then eventually you might struggle to find compatible replacements for failing hardware components, and you may even discover that it’s impossible to upgrade your hardware without first upgrading your software.
Manufacturers of peripherals will also eventually stop releasing products that are compatible with your system, which can become a problem as your older peripherals begin to fail, or you need to upgrade essential peripherals such as external keyboards and monitors.In the best case scenario, sourcing compatible hardware will become more time-consuming, frustrating and expensive, but in the worst case scenario you may have to resort to alternatives and workarounds that aren’t optimal for your business. Forcing your staff to use sub-standard hardware will negatively affect their productivity, with some workers estimated to be wasting 21 days every single year, due to outdated technology.
4. You may be violating multiple regulations and compliance standards
The majority of regulatory and compliance standards require organizations to take reasonable precautions in order to protect all the sensitive data under their control.
By running end-of-life software you’re exposing your business to a significant security risk, which may constitute a compliance violation. Some regulations even address end-of-life software directly, with the Payment Card Industry Data Security Standard (PCI DSS) stating that organizations must:
“Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.”
Since end-of-life software doesn’t receive any security fixes or patches, you’re immediately violating this standard, which could result in financial penalties and potentially even a prison sentence, in the event of a data breach.
5. You won’t receive any new features
End-of-life isn’t the only stage of the software lifecycle that can cause problems for your business.
As soon as your version of Windows Server, SQL Server, or any other Microsoft product enters the extended support phase, you’ll stop receiving design and feature updates. This lack of updates can put your business at a significant disadvantage, particularly if your competitors have kept their Microsoft products up-to-date, and have access to all the latest features.
To make sure you’re benefiting from Microsoft’s latest and greatest innovations, you should aim to move to new releases, as soon as they become available.
How can I protect my business?
If one or more of your Microsoft products are approaching end-of-life, then you have several options:
● Continue to use unsupported software.
Migrating your infrastructure to a new system isn’t always straightforward! If it’s not feasible to migrate your entire business at this exact moment, then you can reduce the risks associated with using end-of-life software, by increasing your security.
Taking extra precautions might mean installing sophisticated antivirus and anti-malware software, or investing in staff training to ensure all your employees are vigilant against potential security threats. If you do opt to install third party security software, then just be aware that this software is unlikely to support your end-of-life system indefinitely, and you’ll eventually start to run into additional problems, such as struggling to source compatible hardware.
You should only continue to use unsupported software as an interim solution, while you prepare to migrate your system.
● Invest in a custom support contract.
If Microsoft’s past behaviour is any indication, then they’ll continue to create security patches for their end-of-life software, but these patches won’t be released to their general customer base. If you’re a larger organization with a considerable budget, then you may want to negotiate a “custom support” contract with Microsoft, which will give you access to these specialist security patches. However, these support contacts are designed to encourage organizations to move away from unsupported software as quickly as possible, and are therefore notoriously costly. According to some reports, the UK government paid Microsoft £5.5 million for a single year of custom support for Windows XP.
● Modernize your business.
If you’re concerned about Microsoft calling time on Windows Server or SQL Server, then why not take this opportunity to future-proof your business, by migrating to the cloud? At Systems Assurance, we have extensive experience helping organizations of all sizes migrate to Microsoft Azure, and with Microsoft investing $1 billion in their cloud platform every year, there’s never been a better time to embrace digital transformation.
Ready to digitally transform your business?
Schedule a free 15 minute chat with one of our Microsoft Azure experts.
Share this article on social media
If you found this article useful, please share it on social media.
Subscribe to our blog...
We will only use your email to send you new blog posts.