Microsoft ESU – What’s the deal?
Following the end of support for SQL Server 2008/2008 R2 on July 9, 2019, Windows Server 2008/2008 R2 also reached the end of support on January 14, 2020.
What does this mean and what are the alternatives?
Microsoft’s support policy states that products have a 10-year lifecycle during which Microsoft will provide support. These 10 years are split into two periods – 5 years of mainstream support followed by 5 years of extended support. At the end of extended support, there is no more support from Microsoft (except in very exceptional circumstances), which immediately introduces security risks if you are still running these versions. Specifically, these servers are no longer receiving security patches, and any newly discovered flaw is an attack vector for trojans, ransomware etc. to potentially infiltrate your enterprise.
What are the options and is it already too late?
The first recommendation is to make sure your plans align with Microsoft’s support lifecycle, so you are only running software that is supported. Microsoft strongly encourages organizations to ensure they are running at least Windows Server 2012, which is supported until 2022. Moving to Windows Server 2016 (supported until 2026) and Windows Server 2019 (supported until 2029) will give you a longer period before this situation occurs again.
What are the (real) options?
If you are still on the impacted versions and you want to get protected ASAP, there is only one real option – Microsoft Extended Support Updates (ESUs). These extend the support deadline to 2023 but give only security updates – for Windows Server, it is those updates rated “Important” or “Critical”. There are two ways to access the ESUs:
1) Purchasing ESUs via your licensing agreement
2) Migrate your legacy servers to Azure
Purchasing ESUs for on-premises servers
ESUs are available to purchase via the following licensing programs and channels:
- Enterprise Agreement (EA)
- Enterprise Agreement Subscription (EAS)
- Server & Cloud Enrolment (SCE)
- Enrolment for Education Solutions (EES)
- Cloud Solution Provider (CSP)
And you need to have Software Assurance (SA) on the existing server licences, the Client Access Licenses (CALs) that connect to those servers, and on any external connector licenses for those servers too. That SA, however, can be on a different agreement.
On-premises customers will receive additional ESU keys via the Volume Licensing Service Centre (VLSC) website but must install certain packages before activating the keys. KMS activation is not possible.
For CSP customers, the relevant Server Subscription licenses allow ESUs to be purchased.
How much does it cost?
Extended Support Updates for Windows Server (and SQL Server) cost approximately 75% of the on-premises license cost PER YEAR – taking Microsoft Extended Support Updates is by no means a cheap option! If you cover a server with ESUs for the full 3 years, you will pay 2.25 x the price of a full license. You could most likely have bought Windows Server 2019 with SA for that price.
Migrating to Azure
If you need/want to remain on the older releases, another option is migrating the on-premises servers into Microsoft Azure, as cloud servers running Windows (or SQL) Server 2008/R2 receive ESUs at no additional cost. On the face of it, that makes the equation:
On-premises = 2.25 x cost
vs
Azure = Free
But, of course, it isn’t that straightforward! Once you get the server into Azure, you need to pay for the virtual machine, storage, networking etc. but even before that, the journey to the cloud is costly too.
The time needed to test compatibility, convert, and then migrate the physical server into the cloud is rarely a quick process and will incur plenty of “soft” costs through internal time and resources. Equally, if this move to the cloud is quicker than your organization originally planned, you may find higher costs in on-going maintenance and management of the Azure-based servers too.
Hybrid Use Benefit
Those of you with Software Assurance (or Server Subscriptions) can take advantage of the Azure Hybrid Use Benefit to reduce the cost of your Windows Server virtual machines running in Azure.
For every 16 core licenses you have with active SA, you can run up to 2 VMs with up to 16 cores. Interestingly, the Microsoft guidance such as licensing datasheets, Microsoft Docs etc. says that each VM can have “up to 8 cores”. However, this isn’t reflected in the Microsoft Product Terms which instead state “16 Virtual Cores allocated across two or fewer Azure Base Instances”.
Windows Server Standard licenses can be used on-premises or in Azure, while Windows Server Datacenter licenses can be used on-premises and in Azure simultaneously – on shared servers. For Windows Server Standard, there is a 180-day migration period where you can run the licenses on-premises and in the cloud at the same time, to facilitate the migration process.
Hybrid Use Rights are also available for SQL Server, although the rules are slightly different. You can use them to reduce costs on SQL in Azure in both IaaS and PaaS scenarios, but there is no concept of simultaneous use between on-premises and Azure – save for the same 180 dual-use rights to allow migration to the cloud.
Conclusion
As already stated, if you’re looking at the Microsoft Extended Support Updates now, they’re probably your only real option, at least for the first year. That said, it can be a good opportunity to review your software refresh policies for the future, as similar situations will come around before you know it; it’s not long before Windows Server 2012 leaves extended support.
Get an overall picture of your server estate, match it against Microsoft’s support end dates, and then sit down with the relevant stakeholders to find out why the old versions are still in use and what can be done to make a change – hopefully upgrading the on-premises infrastructure more rapidly and/or creating a smooth, easily repeatable process for moving servers into the cloud.
What about SamBox.io?
What’s the link between ESU questions and SamBox.io? Well, as previously explained, Microsoft licensing rules are complex, and it might be difficult to estimate the cost of a sub-perimeter that you want to apply ESU on. That’s why our SamBox.io self-service platform enables you to estimate that cost, make simulations, and make infrastructure changes to optimize your Microsoft estate.
By Damien Juillard, March 20, 2020