Windows and SQL Server 2008 Support Expiring in 2020: Threat or Opportunity?
Microsoft has been reminding their customers, for quite some time now, that Windows Server 2008 and SQL Server 2008 will be out of support as per its lifecycle support schedule. Although there is less than a year remaining for the support to expire, many organizations still have their applications hosted on these platforms.
ProductEnd of Mainstream SupportEnd of Extended SupportWindows server 2008/2008 R213 Jan 201514 Jan 2020SQL server 2008/2008 R208 July 201409 July 2019
What Does This Mean to Your Business and Why Should You Act
End of extended support means Microsoft will stop providing any security updates for these products, which means that all apps hosted on these platforms will be vulnerable to security threats. With so many regulations to comply with nowadays, and especially with the GDPR in place from 2018, the last thing any organization want is loss of revenue and reputation resulting from a security breach. Therefore, it is crucial for organizations to act now before it is too late.
What Options Do You Have?
In 2014, when we were facing with a similar risk — for Windows 2003 and SQL 2005 — we did not have many options. You had to either:
- Upgrade to Windows 2012 OR
- Pay Microsoft to “extend” the extended support OR
- Just hope and pray every day that your organization is not in the news for a security breach
Thankfully, it is 2019 and we have made several technological advancements that can provide us with more options. Here is a quick summary of what you can do:
Option 1: Do Nothing
Given the potential for incidents like WannaCry ransomware attack, this is certainly not a reasonable option. Without any commitment from vendors to provide patches for vulnerabilities, you are always at the risk of a security breach when new threats are identified. Time and reputation lost in recovering from a security breach could adversely impact any business.
I still remember that weekend of WannaCry incident, when we had to pull together teams to install the last-minute patch on Windows 2003 servers, for our clients globally. Patches for Win2008 and Win2012 were already released and those servers were updated as part of the patching cycle.
Option 2: Buy More Time
Yes, you can get 3 more years of free security updates from Microsoft, if you can find the money and time to migrate all of those 2008 servers to Microsoft’s public cloud — Azure. With this option, all you are doing is postponing the risk as you still have to spend money and effort to migrate those apps at a later date. This option reminds me of how we dumped most of our items in the garage when we moved to our new home. Though we got some sorted on the day we moved, we still had to spend the entire Christmas break sorting and moving things out of the garage and into our new home!
Microsoft does provide some useful tools to help with the migration process, but you still need to evaluate each application and plan the migration to Azure — all this needs to be done by the end of the year!
Option 3: Upgrade to the Latest Windows 2016 and SQL 2016
This is an option worth considering if you only have a few applications that you want to keep beyond 2019, and are already planning to rewrite those applications. Be under no illusion that this is a straight forward project; you will have to make changes to your application to get it to work on the latest OS and database, assuming that you still have the knowhow to make changes to those applications.
I was actively involved in a project to migrate Win2003 to Win2012. Although it sounds straightforward, it took us more than 2 years to rewrite parts of the application, test and migrate to Win2012/SQL2014. Even with all our efforts, we still had many servers left in 2003 that could not be upgraded for many reasons!
Option 4: Modernize the Landscape through Containerization — Recommended Approach
With the announcement of Docker Enterprise now supporting Containerization of 2003 and 2008 applications and hosting them on Windows 2016, with little or very minimal changes to the application, the threat from out-of-support OS/DB suddenly seems like an opportunity to modernize the IT landscape.
Docker and Containers have been around for several years now, but it is only last year that the same technology has been used to containerize legacy apps and to host them on the newer versions of Windows server OS. This is definitely an option worth exploring.
What Is Containerization and How Can You Implement It?
Containerization is about packaging your application and all its dependencies together, excluding the OS kernel. For apps hosted on Win2003/2008, this means that you take one of the base server images provided by Microsoft (such as Windows server core or nano server) and add layers of your application components to package them into a single container. Once containerized, you can run this application ‘container’ on any Windows server 2016 installed with Docker Enterprise Edition — it is that simple!
Why Is Containerization Such a Big Deal?
Benefit 1: Reduced IT Footprint and Costs
Containers — due to the way in which they are packaged — have a much smaller footprint than a virtual machine as it only includes the application and its dependencies, so it requires fewer resources to run, manage, and of course, reducing your overall IT footprint and licensing costs.
Benefit 2: Increased App Availability and Performances
With container orchestration tools like Docker Swarm and Kubernetes, you can increase availability and performance of your application through features like self-healing, auto-scaling — all of which are available out of the box.
Benefit 3: Increased Agility
Once you have packaged your application in a ‘container’, it presents an opportunity to fully automate your build, test, and release processes with tools like Jenkins and integrating it with Docker/Kubernetes. With features like auto-deployment of newer container images, you can even release application changes as frequently as you wish. That’s true, no more “weekend-only” deployments!
Benefit 4: Increased Portability — Not Tied to One Server/DC Anymore
The process of containerization ensures that you have all the dependent components of your application packaged together. This means that you can now run these containers literally anywhere, such as on any Windows server 2016 server, including on-premises servers and servers hosted on your favorite public cloud platform.
What Are Your Next Steps?
If you haven’t had prior experience with containers, Docker, or Kubernetes in your landscape, most of what I mentioned above may sound too good to be true. Even for those who have worked with containers in a Linux environment, the process of containerizing an app on Win2008 and hosting it on Win2016 server may still be hard to digest!
Step 1: Build a POC in Your Own Landscape
As they say — the proof of the pudding is in the eating — so, why not go ahead and build a proof of concept (POC) in your own landscape. Select that very application you couldn’t get off 2003 last time around. You could of course build and test the containers on a Windows 10 PC, but to get a real feel of some of the benefits I explained above, setup a Docker EE or Kubernetes cluster for testing the containers and the deployment process.
You can get one of these container clusters set up on Alibaba Cloud in no time at all!
Step 2: Build a Business Case
Containers, like I said, require a fraction of the resources you’ve currently allocated for the VMs. I could boldly say that you’d need only 30% less infrastructure when you containerize your apps. But don’t take my word for it, check it out during your own POC.
There are also tools available to simplify the process of containerizing your apps, and the efforts will most certainly be less than re-writing parts of application, to make it work on a new Windows 2016 server.
Step 3: Get the Migration Initiated
Once you are convinced with your design, it is important to get started even with a few apps as the clock is ticking. Get the project executed in an Agile manner; learn as you migrate apps to your Docker/Kubernetes cluster and improvise along the way.
Step 4: Transition Your Team and Processes Too
There is no point in having modern technologies if your team continues to utilize old software development methods. Transition your team to a DevOps culture, automate your build, test and deployment processes incrementally. By the end of this project, you’d have modernized not just your landscape but your entire organization too!
Let 2019 be the year, where you spend your IT budget not only to manage and mitigate risks but also to invest on optimizing and modernizing your IT Infrastructure. Let your team and business stay ahead of the competition with containerization and DevOps. Good luck!
Learn more about Alibaba Cloud’s Container Service at https://www.alibabacloud.com/product/container-service
Author: Sajith Venkit