It’s no secret that Microsoft wants us to move off old and unsupported versions of SQL Server. It’s good for their bottom line. But it is definitely not simply a money grab.
To be honest, as a Microsoft Data Platform MVP and an independent software vendor (ISV), I also want you to move off old, unsupported versions of SQL Server. Why, you might ask? For the same reasons that Microsoft does from a technical perspective—supporting a never-ending parade of software versions makes life harder and harder. Consider the test matrix for ISVs to ensure that their app can work for both old and new versions of SQL Server and Azure SQL Database. It boggles the mind how quickly the number of test cases increases with each new SQL Server release.
In my experience, the most common reason companies will continue using old, unsupported versions of SQL Server, such as SQL Server 2008 R2 or earlier, is that an application they are using still requires that SQL Server version. Since the app “just works,” you figure it’s not worth the fight to get the application vendor to upgrade, and you move on to more pressing matters. If you own the licenses to that version of SQL Server and the OS it runs on, then that is your right. However, it doesn’t make for good technology management practices, especially when it comes to security and legal compliance.
(Note that Microsoft wants to know about any ISVs who do not maintain and upgrade their products to support new releases of the Microsoft server products. They will work with the ISV to see if they can help them to build a new release on a modern version of SQL Server.)
So, you’re running a version of SQL Server that is no longer supported by Microsoft, and you’ve encountered an issue that you need help with. Let’s take a look at your support options.
Getting Started with Microsoft Support
In case you have never initiated a support call with Microsoft (or it’s been so long that you’ve forgotten how to do so), you will want to get started here. Then, follow the wizard to fully describe your issue. Provide as much information as you can, such as the version and edition of the product that needs support and how to reproduce the issue. You can also upload images and screenshots to further explain the issue. Once you’ve fully described the issue, set up a call back number. (Note that the legalese of your rights and expectations when you make a call to Support are described here.)
If your company has a Microsoft Support contract or you have a personal support contract, the support call is covered by your plan. This support plan should be associated with the account under which you file the support request so that it won’t cost you anything.
However, if you don’t have a Microsoft Support contract, you can pay a service fee to get help with supported products. (Current one-time incident fees run about $500.) As is always the case, there are terms and restrictions when you create an incident report. For example, Microsoft Support is not going to perform a review of a giant batch of custom T-SQL code for your new product. To learn more about the T&Cs, reference this article.
My advice is to recognize that your time and the time for your entire organization is very valuable. If the situation is urgent, I encourage you to spend the money to get help with the issue. It’s often a poor use of your time and talent to spend days on an issue that could be fixed with a 30-minute call to Microsoft.
I’m Experiencing an Issue with Old Faithful SQL Server 2008. Now What?
So, let’s say that tried-and-true SQL Server 2008 breaks in some horrible way due to a bug or security issue. You really need help from Microsoft now. What does Microsoft Customer Service and Support (CSS) tell a user who calls about a problem on old and unsupported versions? Do they refuse to help in any way for unsupported versions? Or will they help resolve known issues that have known fixes, but go no further than that?
How Microsoft responds depends a bit on whether your organization has a support contract in place. If you don’t have a support contract in place, your options are more severely limited. If you currently have a Unified Support contract or an Enterprise Agreement with Software Assurance, usually used by large organizations, then you might have additional options available to you that other companies and business entities can’t access. (Special thanks to Microsoft’s Amit Banerjee for help on this research.)
Let’s dive into the available support options. For on-premises instances of SQL Server, the software follows the same lifecycle as all other Microsoft enterprise on-premises products. The following are the Microsoft support phases for on-premises software:
- Mainstream Support—Microsoft provides full support for five years after a product is released to manufacturing. You can get bug fixes and design changes subject to feasibility and prioritization, as determined by Microsoft.
- Extended Support—Five years after RTM, the product goes into Extended Support for an additional five years. You can still call CSS for support but you will not receive any fixes for free, other than security updates. Occasionally, Microsoft might choose to release non-security updates that are deemed critical in nature, like they did when they added TLS 1.2 support for SQL Server 2008 and SQL Server 2008 R2, to products in extended support. But there’s no guarantee that will happen.
- If you want a bug fixed or a design change during Extended Support, you must have an Extended Support agreement in place, which are common only among large enterprises. Note that if you do not have an Extended Support agreement, that does not mean that CSS will not help you with your issue. I would describe their response as best effort, meaning that they will point out KB articles and Microsoft docs that can help and things like that. But they will not pursue a bug fix or a design change if you request one. Design changes or requests for performance improvements are very unlikely in the Extended Support phase of the product.
- Beyond Extended Support or End of Support (EoS)—Once a SQL Server version has reached the EoS phase, you can purchase an additional support plan, such as Extended Security Updates (ESUs), if your company participates in specific volume-licensing programs. This option is typically available only to participants in specific volume licensing programs. If you buy into the ESU program for SQL Server, for example, then you are eligible for support and critical security fixes for the SQL Server version you purchased.
- Currently, CSS will assist you for SQL Server 2008 and SQL Server 2008 R2 outside of Azure if you have purchased ESUs and have an active support contract.
- There is a special exception where you can get free access to ESUs. If you are moving on-premises workloads running on SQL Server and Windows Server 2008 / 2008 R2 into Azure virtual machines (VMs), then you have free access to ESUs for three years after EOS.
- Prior to SQL Server 2008 and SQL Server 2008 R2, Microsoft offered Custom Support Agreements for SQL Server 2005 and SQL Server 2000. (Those older products are no longer supported by ESUs.) Also note that ESUs typically provide recourse only for critical security fixes, not design changes or performance improvements.
- Beyond ESUs/Customer Support Agreement—For customers that are not covered by these previously described programs, you won’t be allowed to open a support incident with Microsoft. Your only option, at this stage is to use self-help support, such as KB articles and blog posts.
Here is a helpful table that summarizes the support options listed above from the ESU KB article referenced earlier.
|
Type of support |
Mainstream Support |
Extended Support |
Beyond End of Support |
|
Request to change product design and features |
Available |
Not available |
Not available |
|
Security updates |
Available |
Available |
Available via Extended Security Update Program |
|
Non-security updates |
Available |
Available1 via Unified Support |
Not available |
|
Self-help support2 |
Available |
Available |
Available |
|
Paid-support |
Available |
Available |
Available3 |
Source: https://support.microsoft.com/en-us/help/14085/fixed-lifecycle-policy
So, What Are My Options?
SQL Server 2008 and SQL Server 2008 R2 have both reached the EOS phase but still have a large user base, especially outside of North America and Western Europe. Therefore, Microsoft has taken additional steps to provide users of those SQL Server versions with several options for continued support. You can migrate your on-premises SQL Server instances to Azure VMs, migrate to Azure SQL Database, or stay on-premises and purchase the ESUs that I mentioned earlier.
When you migrate to Azure VMs to run your old and obsolete SQL Server apps, as mentioned earlier, you’ll receive free extended security patches. The gist of this offer is that you won’t have to make any code changes of any kind for at least three years. To learn more about this option and to get advice about how to migrate to Azure VMs, see “Extend support for SQL Server 2008 and SQL Server 2008 R2 with Azure.”
One Final Nudge
So far, I’ve discussed the technical reasons for why you might or might not have upgraded to a newer version of SQL Server or Azure SQL Database. But let me give you one more powerful reason to upgrade—security and legal compliance. (Hat tip to MVP Susan Bradley for feedback on this section.)
Older versions of SQL Server are less secure than new versions. It’s as simple as that. SQL Server is the most secure platform in the relational database industry, but it still has vulnerabilities. If you use an obsolete SQL Server database, you put your company, its data, and your customers at greater risk of hacks and potential lawsuits. Hackers are always on the lookout for easy prey, and old, unpatched systems are perhaps the easiest prey of all. Although hackers worry me, I’m actually more scared of what might happen to a company if angry customers staged a class-action lawsuit.
Does your database store any data that might be considered personal? If so, you might be culpable under the European GDPR legal standard and/or the California CCPA legal standard. If you’re not familiar with these legal standards, I recommend that you get up to speed on them right away. And if no one else at your workplace has heard of them, might I suggest that you either get those databases migrated or that you start looking for a new job with a better employer!
Kevin (@kekline) serves as Principal Program Manager at SentryOne. He is a founder and former president of PASS and the author of popular IT books like SQL in a Nutshell.
Kevin is a renowned database expert, software industry veteran, Microsoft SQL Server MVP, and long-time blogger at SentryOne. As a noted leader in the SQL Server community, Kevin blogs about Microsoft Data Platform features and best practices, SQL Server trends, and professional development for data professionals.
