Updated: February 2020
SQL Server 2008 and SQL Server 2008 R2 have now left Extended Support and no longer receive security updates. This blog and infographic explain what this means and how unsupported products can affect your business:
- The Support Lifecycle
- Why do businesses run SQL Server 2008?
- What are the risks of using an unsupported platform?
- What can I do now?
The Support Lifecycle
Microsoft products have:
- 5 years of Mainstream Support
- 5 years of Extended Support
Mainstream Support provides customers with bug fixes and security updates, while products on Extended Support only receive security fixes. This enables products to remain compliant.
Once a product has moved beyond Extended Support, Microsoft no longer has an obligation to provide security updates.
Why do businesses run SQL Server 2008?
SQL Server 2008 was released ten years ago and there have been four subsequent SQL servers launched since SQL Server 2008 R2, however its popularity seems to have endured.
This is due to four main reasons:
- Application compatibility – moving to a newer version could mean updating far more than just your Microsoft data platform
- SQL Server 2008 is good enough – companies find that the server suits their needs and see no need to switch over to a newer version
- Upgrade cost and complexity – prior to end of life, the cost and complexity of an upgrade may have outweighed the benefits
- Lack of knowledge or skills – some businesses have been unable to move platforms due to a lack of in-house knowledge.
What are the risks of using an unsupported platform?
Choosing to run applications on an unsupported platform carries several important risks that your organisation must consider:
Security
Now that SQL Server 2008 and SQL Server 2008 R2 have moved out of Extended Support, they will no longer receive security updates. Without patching vulnerabilities, your data will be at risk from cyberattack. While physical security measures such as a firewall or anti-virus software may provide some protection, this is unlikely to be enough for most organisations to be confident if they are hosting sensitive data.
Compliance
With increased security risks comes the danger of becoming non-compliant. Many industry regulations and standards, such as GDPR and PCI DSS, require organisations to use supported platforms. Retailers accepting card or online payments are required to maintain vendor support and inability to demonstrate this could render them unable to process card payments in line with their obligations. Non-compliance has real legal and financial implications for your business, along with the risk of a loss of reputation or damaged relationships with your customers.
Financial costs
Maintaining unsupported platforms comes with a high price. Microsoft generally discourage customers from running out of support software by charging a premium for Extended Security Updates to detract customers from this approach. In the first year the annual cost of this is expected to be 75% of the licence cost.
Compatibility
Organisations must maintain their software assets and modernising the underlying data platform is part of this journey. Many organisations already use database compatibility levels to mimic behaviour of down-level versions to avoid code fixes required by more modern servers.
What can I do now?
To ensure your organisation remains supported, we’re recommending our proven methodology with the following four-step process:
- Identify - create an inventory of your organisation’s estate and identify any SQL Server 2008 R2 (and earlier) workloads along with configuration, feature usage and workload benchmarks.
- Plan - plan the migration of the workloads identified in the first step. Determine the best migration approach for each workload.
- Execute - put your plan into practice. Our team deliver cloud migration projects with reduced risk, cost and complexity.
- Optimise - once in Azure, organisations have a 3-year window to upgrade or re-platform to optimise for performance and deliver the best value for their Azure investment. Our Dedicated Support team is currently helping customers with this ongoing activity.
