What’s Happening?
Windows Server 2012 (R2) is approaching its end of support (EOS) date. Microsoft has officially set the clock, marking October 10, 2023, as the day when support for this trusted operating system will come to an end. This means no more security updates, patches, bug fixes, technical support, or online technical content updates.
Why Is This Happening?
The end of support for Windows Server 2012 (R2) is a strategic move towards the future by Microsoft. As technology advances and security threats become increasingly sophisticated, maintaining an older operating system becomes near impossible. Continuing to rely on an unsupported platform could leave your organization exposed to vulnerabilities that malicious actors are quick to exploit.
What are the consequences of this?
The consequences of sticking with Windows Server 2012 (R2) post-‘end of support’ are dire. Infrastructure could become a prime target for cyberattacks, putting sensitive data and critical operations at risk. Security and Compliance requirements may no longer be met, potentially leading to legal and regulatory issues. Downtime, loss of reputation, and financial losses are all potential outcomes.
Options Available
As the deadline is fast approaching, IT professionals and organizations have several paths to consider:
- In-Place Upgrade: Upgrading to a newer Windows Server version may seem like the most straightforward option, but it comes with its own set of challenges and considerations.
- Migration to Azure: Embracing the cloud can offer flexibility and scalability. Microsoft Azure provides a platform for hosting your workloads securely. Additionally it would offer up to three years of free Extended Security Updates (ESUs).
- ESU Licenses: The classic approach involves purchasing Extended Security Updates (ESU) licenses on a yearly basis up to three years. This can be a stopgap measure for those needing more time to plan their migration strategy.
- Azure Arc Monthly ESU Licenses: A new approach, Azure Arc offers monthly ESU licenses, provide a more adaptable and potentially cost-effective way to stay protected.
In this blog post we will delve into each of these options, helping you understand the pros and cons of each approach.
In-Place Upgrade
Choosing to run an in-place upgrade to a newer Operating System version has been a tried and true method in the past and should be the first option to be considered. Moving off the Server 2012 (R2) platform is ultimately the best solution as ESU licenses will only be available for the next three years at which point upgrades still need to happen.
Sadly, an in-place upgrade is not always an option depending on the applications being hosted which requires careful consideration.
You’ll also need to make sure the hardware is still supported considering the wide support for UEFI based Operating Systems now compared to the older BIOS based systems that were common back in 2012.
Speaking of hardware, it may be easier migrate the application(s) to newer hardware running newer versions of Server instead of attempting to upgrade existing systems. However, that requires procuring hardware and may take time to implement.
Hence why there are further options available in order to give organizations more time to upgrade or migrate apps off of the Server 2012 platform.
Another point to consider is which version to upgrade to as there is a limitation of upgrading to a newer version of Windows Server by up to two versions at a time. For example, Server 2012 R2 can only be upgraded to Server 2016 or 2019 (but not 2022). As per usual upgrading the Server version can only jump 2 versions up. More information can be found here: Overview of Windows Server upgrades | Microsoft Learn.
Migration to Azure
Server 2012 (R2) Virtual Machines (VMs) running on the Azure platform will automatically be eligible and receive ESU for free. This also applies for VMs migrated from on-premises into Azure, making this an appealing option for situations where it’s not possible to run an In-Place Upgrade.
Of course, migration of on-premise resources to Azure can be a daunting task all by itself even with the Microsoft-provided tools such as Azure Migrate. It also comes with the costs of running the VMs in the cloud. However, for organizations already invested in Azure cloud or hybrid scenarios it could be a worthwhile endeavor.
In addition, you’ll get all the extra benefits of running infrastructure in the cloud such as resiliency and managed updates. More information about migrating to Azure including cost calculators can be found here: Azure cloud migration and modernization center | Microsoft Azure.
There are also more savings to be had when combining free Extended Security Updates with Azure Hybrid Benefit and Reserved Instances.
Upgrade Operating System During Migration to Azure
A valuable addition would be to utilize the opportunity of migrating to the cloud to perform an in-place upgrade during the migration process.
This process is still in preview and comes with its own set of pre-requisites so be sure to check those before deciding to use this option.
Yearly ESU Licenses
This is the classic option for deploying Extended Security Updates and is similar to what was done for Server 2008.
ESUs will continue for three years, renewable on an annual basis, until October 13, 2026. These can be purchased through the Volume Licensing Service Center (VLSC) and require manual installation on applicable servers.
Costs are as described in the below screenshot with more information that found here.
Once you have the appropriate licenses you can deploy the keys manually for Windows Server following instructions here.
Azure Arc Monthly ESU Licenses
Azure Arc is the last but certainly not least available option for deploying ESU licenses. It’s Microsoft’s newest way of letting Azure administrators create ESU licenses and apply them to Azure Arc onboarded machines.
This allows for automated management of the ESU licenses (including on-premise solutions, AWS and GCP) and monthly billing which makes for much more flexibility. Prices can be found here.
Combining of yearly licenses and later onboarding into Azure Arc will also be valid.
Please note that if you choose not to enroll in any form of ESU at the time of the end of support on October 10, 2023, enabling it at a later date will result in a one-time back-charge.
To learn more about deploying ESU licenses using Azure Arc check out the following documentation:
How to prepare to deliver Extended Security Updates for Windows Server 2012 through Azure Arc – Azure Arc | Microsoft Learn.
Enrolling machines into Azure Arc also provides benefits from cloud capabilities including discovery, management, and patching:
- Inventory and management: After deploying Azure Arc, discover Windows Server 2012 (R2) and SQL Server 2012 resources and manage the enrollment of Extended Security Updates in the Azure portal.
- Pay as you Go billing: be charged on a monthly basis to enable flexibility for managing costs and timelines.
- Keyless delivery: Azure Arc-enabled machines do not require the acquisition or activation of keys for Extended Security Updates.
- Modernize: Add Azure services like Microsoft Defender, Microsoft Sentinel, SQL Managed Instance, Azure Monitor.
- Azure investments: leverage Microsoft Azure Consumption Commitment (MACC) investments and manage costs using Azure Cost Management.
Conclusion
There are a few different options to choose from in terms of ensuring your Server 2012 (R2) infrastructure stays secure. In most cases, wherever possible it should be advisable to upgrade to newer Operating System versions as it will be the most cost-effective in the long term. However, in cases where this is not possible Microsoft has allowed for the option of ESU’s to be purchased either yearly or monthly for up to three years. This gives flexibility in performing upgrades at a later time.
Be on the lookout on this blog for a deep-dive into Azure Arc ESU licenses and how to create/assign them.
Also be sure to join us for the October 2023 Mindcore Tech Event! https://www.meetup.com/mindcore-tech-group/events/296054916 – if this is your first time participating in our Tech Events, you will need to sign up on the Meetup website to register. This will also ensure you get a notification for the Tech event days in the future.
If you have any further questions or inquiries, please do not hesitate to contact us!
Extra resources:
Pricing & FAQ: Extended Security Updates for SQL Server and Windows Server | Microsoft
John Savill: So You’re Still Running Windows/SQL 2012. Now What? – YouTube