Updated: Sep 3, 2020
Microsoft officially ended extended support for Windows Server 2008 (a.k.a. Service Pack 2) and Windows Server 2008 R2 (Service Pack 1) on January 14 of this year. For many organizations, this move requires immediate focus to ensure their environment remains protected. Users have several options, listed below from worst to best.
Option 1: Do nothing
Although this is a terrible idea, many organizations will delay or ignore these upgrades to work on other, less daunting priorities. However, by doing nothing, these companies will not get security updates or support from Microsoft, which can result in significant security and compliance exposure.
Option 2: Purchase Extended Security Updates for On-Premises or Hosted Environments
For organizations that simply cannot upgrade all their WS2008/2008 R2 environments immediately, Microsoft will provide Extended Security Updates to clients under certain circumstances.
According to the Extended Security Updates for SQL Server and Windows Server 2008/2008 R2 FAQ guide, Software Assurance customers can purchase Extended Security Updates on-premises under an Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), a Server & Cloud Enrollment (SCE), or an Enrollment for Education Solutions (EES). Software Assurance does not need to be on the same enrollment. For Windows Server 2008 and 2008 R2, it includes Security Updates and Bulletins rated “critical” and “important,” for a maximum of three years after January 14, 2020.
This offer does not include technical support, new features, hotfixes or design change requests.
This option costs 75% of the EA, EAS or SCE license.
Option 3: Rehost workloads in Azure with Extended Security Updates (without upgrading OS)
Customers who move WS2008 and WS2008 R2 workloads to Azure Virtual Machines (IaaS) “as is” will have access to Extended Security Updates for three years after the End of Support date for free. Eligible customers can use the Azure Hybrid Benefit (available to those with active Software Assurance or Server Subscriptions) to get discounts on the license for Azure Virtual Machines (IaaS).
This is a viable solution for organizations that could not upgrade their operating systems before January 14 deadline. It provides the same three years of Extended Security Updates as the previous option without the additional licensing costs. Microsoft provides great tools for properly assessing your workloads before migrating to ensure minimal business impact, as well as migration guidelines for smooth transitions.
Option 4: Upgrade On-Premises (or hosted) Workloads
This is a good option for organizations with workloads best suited to remain locally hosted, especially when the company has active Software Assurance. Windows Server 2019 has significant improvements for workloads coming from WS2008/2008 R2, such as System Insights, Server Core App Compatibility, enterprise-grade hyperconverged infrastructure (WS2019’s HCI platform), and security improvements with Windows Defender Advanced Threat Protection (ATP) and Defender ATP Exploit Guard.
Option 5: Rehost your workloads in Azure & Upgrade OS or rewrite with Azure PaaS
This option is ideal for organizations with a comprehensive cloud strategy and view technology as a business differentiator rather than a cost center.
For lift-and-shift IaaS workloads, there are options available to reduce costs and leverage prior investments, including the Azure Hybrid Benefit Program (detailed here), Azure Reserved Instances (detailed here), or rewriting using Azure PaaS (detailed in reference architectures).
And for the Desktop World: An Alert on Windows 7 Support
As of this month, Microsoft will also stop providing support or security updates for Windows 7 -- apart from for those users who are willing to pay for it. The company is offering up to three years of Windows 7 Extended Security Updates (ESU), and pricing has just been revealed. Security Updates will be available only to Windows 7 Professional and Windows 7 Enterprise customers, and the cost doubles on a year-by-year basis. For the first year (January 2020-21), Windows Enterprise customers can expect to pay $25 per device, rising to $100 in the third year. For Windows 7 Professional, the starting figure is $50 per device, rising to $200.
For more information or if you have any questions, contact your ClearEdge representative.
Steve Paradis is a Principal Licensing Specialist (Microsoft) at ClearEdge Partners. Steve compiled this blog using information from Microsoft Partners and ZDNet.