SQL Server 2012 is fast approaching its Extended Support end date of 12th July 2022. After this date regular security updates will no longer be provided, exposing your data to significant security and compliance risks. In addition to this, support for Windows Server 2012 and 2012 R2 will end in October 2023. This blog will explain what this means and how unsupported products can affect your business:

The Support Lifecycle

Microsoft products have:

• 5 years of Mainstream Support
• 5 years of Extended Support

Mainstream Support provides customers with bug fixes and security updates, while products on Extended Support only receive security fixes. This enables products to remain compliant.

Once a product has moved beyond Extended Support, Microsoft no longer has an obligation to provide security updates.

Why do businesses run SQL Server 2012?

SQL Server 2012 was released nine years ago and introduced some great new features, such as Columnstore indexes, Database Audit, and Always On Availability Groups. There have been several releases since that have built on and improved these features, but the popularity of SQL Server 2012 has remained high.

This is due to four main reasons:

• Application compatibility – moving to a newer version could mean updating far more than just your Microsoft data platform.
• SQL Server 2012 is good enough – companies find that the server suits their needs and see no need to switch over to a newer version.
• Upgrade cost and complexity – prior to end of life, the cost and complexity of an upgrade may have outweighed the benefits.
• Lack of knowledge or skills – some businesses have been unable to move platforms due to a lack of in-house knowledge.

What are the risks of using an unsupported platform?

Choosing to run applications on an unsupported platform carries several important risks that your organisation must consider:

Security

When SQL Server 2012 moves out of Extended Support, it will no longer receive security updates. Without patching vulnerabilities, your data will be at risk from cyberattack. While physical security measures such as a firewall or anti-virus software may provide some protection, this is unlikely to be enough for most organisations to be confident if they are hosting sensitive data.

Compliance

With increased security risks comes the danger of becoming non-compliant. Many industry regulations and standards, such as GDPR and PCI DSS, require organisations to use supported platforms. Retailers accepting card or online payments are required to maintain vendor support and inability to demonstrate this could render them unable to process card payments in line with their obligations. Non-compliance has real legal and financial implications for your business, along with the risk of a loss of reputation or damaged relationships with your customers.

Financial costs

Maintaining unsupported platforms comes with a high price. Microsoft generally discourage customers from running out of support software by charging a premium for Extended Security Updates to detract customers from this approach. In the first year the annual cost of this is expected to be 75% of the licence cost.

Compatibility

Organisations must maintain their software assets and modernising the underlying data platform is part of this journey. Many organisations already use database compatibility levels to mimic behaviour of down-level versions to avoid code fixes required by more modern servers.

What can I do now?

To ensure your organisation remains supported, we’re recommending our proven methodology with the following four-step process:

1. Identify - create an inventory of your organisation’s estate and identify any SQL Server 2012 (and earlier) workloads along with configuration, feature usage and workload benchmarks.
2. Plan - plan the migration of the workloads identified in the first step. Determine the best migration approach for each workload.
3. Execute - put your plan into practice. Our team deliver cloud migration projects with reduced risk, cost and complexity.
4. Optimise - once in Azure, organisations will receive free Extended Security Updates (ESU) for SQL Server 2012 and Windows Server 2012 and 2012 R2 for three years after end of support, allowing time for applications to be upgraded or re-platformed to optimise for performance. Customers can combine this with Azure Hybrid Benefit to use existing on-premises licenses to deliver the best value for their Azure investment. Our Dedicated Support team is currently helping customers with this ongoing activity.