/

Blog

/

Securing Legacy Systems


Windows Server and SQL Server end of support: Keep your customers secure

By: Adam Burke, Andrew Cook, Dale Kirby, Fede Pacheco

Microsoft provides flexible options to keep your customers’ servers secure. With the end of support (EOS) milestone for Windows Server 2012 on October 10, 2023, along with that of SQL Server 2012 in 2022, it’s important to understand your options and the actions needed to keep your customers’ legacy systems secure and compliant.

This Security Update for SQL Server 2012 was released in February 2023. Using the following guidance, you can provide your customers with access.


Meet your customers where they’re at

Your customers have three options to choose from when evaluating the best path forward for securing their legacy end of support workloads:

    1. Move to Azure and unlock new capabilities. You can securely migrate the infrastructure and databases to Azure or modernize on premises with options such as Azure Arc-enabled SQL Server and Azure Arc-enabled SQL Managed Instance.
    2. Go hybrid and get free extended ESU for three years after end of support. This includes hybrid destinations like Azure Stack, Azure VMWare Solution (AVS) and Nutanix Cloud Clusters on Azure to give flexibility to partners and their end customers.
    3. Deploy ESUs with Azure Arc. Purchase Extended Security Updates directly through the Azure portal by Arc-enabling their Windows and SQL 2012 servers.



Our Data Center Optimization team has programs that can help you get the expertise and resources you need for your cloud journey. Learn More




Now let’s take a closer look at the latest option that Azure Arc has brought to the table. When you onboard legacy Windows Server 2012 or SQL Server 2012 with Azure Arc, it opens a world of possibilities. Specifically, it empowers you to offer ESUs directly through the Azure portal, utilizing your customers’ Azure subscriptions as the conduit.

This approach introduces a flexible billing mechanism, where ESUs are billed on a monthly basis. It’s worth highlighting that when a partner deploys ESUs, the billing takes into account the release date of the ESU. For instance, if ESUs are purchased in December, the customer will still be billed for October and November, aligning with the ESU release timeline.

The ESU opportunity creates additional opportunities for our hosting partners. For the first time, Services Provider License Agreement (SPLA) licenses are eligible for ESUs, offering your customers the chance to extend their upgrade timeline. It also sets the stage for a host of new opportunities. With Azure Arc infrastructure deployed and a CSP relationship established, you can provide your customers with a broader range of services and solutions, all within the Azure ecosystem. This transition not only enhances your service offerings but also strengthens your position as a trusted partner for your customers’ evolving needs. It’s also worth mentioning that if you’re managing infrastructure on other clouds, you can use the same Azure Arc deployment to provide ESUs and additional services to those customers as well.


What is Azure Arc?

Azure Arc acts like a bridge to extend the Azure platform to secure, view, organize, and govern IT inventory anywhere. With Azure Arc, your customers will have clear visibility into the entire IT estate, enabling them to make intelligent decisions about which servers require ESU. Once ESUs are purchased through the Azure portal, security updates can be directly assigned to server workloads in the same interface. On top of that, patches for these servers are also delivered through Azure or an existing patch management solution, so everything necessary for managing ESUs can be done through the portal.

A screen shot of Azure Portal.

To summarize, the Extended Security Updates through Azure Arc offer:

    1. Flexible billing and savings through a monthly billing model centralized in Azure to run end-of-support operating systems.
    2. Visibility and reliability to ensure consistent performance with high availability and visibility of the entire data and server estate.
    3. Security and compliance.

Azure Arc offers management, governance, and security
Azure Arc offers much more than just ESU updates. With Azure Arc, customers can also bring the power of Azure cloud tools to their on-premises servers. Azure Arc provides capabilities like support for Azure Monitor, Update Management, Guest Configuration, and many other tools for managing hybrid server workloads. Customers that onboard their on-premises/hybrid workloads with Azure Arc get management and governance with a common toolset in a single pane of glass.

Azure Arc also makes it simple to protect and secure their on-premises/hybrid servers using tools like Microsoft Defender for Servers and Azure Sentinel. With Azure Arc, Defender can be deployed as an extension to an Arc-enabled server. Once deployed, customers get vulnerability assessment, just-in-time access, malware protection, and other tools to protect server workloads. Defender also provides a robust set of compliance controls and a Compliance Dashboard to help customers with industry and regulatory compliance requirements.

Now, with Azure Arc-enabled SQL Servers connected to Azure, you have the option of purchasing SQL Server using a ‘pay-as-you-go’ model instead of purchasing licenses. This model is a great alternative if you’re looking to save costs on SQL Servers that have variable demand for compute capacity over time; such as when you can turn off a SQL Server at night or on weekends, or even just scale down the number of cores used during less busy times. It’s also a great option if you only plan to use SQL Server for a short period of time and then won’t need it anymore. Pay-as-you-go, billed through Azure, is now available for all versions of SQL Server from 2012 to 2022.


How to purchase ESUs

Extended Security Updates can be purchased for both Windows Server 2012 and SQL Server 2012. To purchase and configure ESU for Windows Server 2012, follow these few simple steps:

    1. Access Azure Arc through the Azure portal.
    2. Onboard your customers’ servers to Azure Arc by deploying the Azure Connected Machine Agent.
    3. View their complete server inventory and determine which servers will need ESU.
    4. Purchase and activate ESUs and apply to their servers. ESUs can also be deployed through Azure Policy.

The process for deploying SQL Server ESU is similar and can also completed through the Azure portal:

    1. Open the Azure portal and onboard SQL Servers.
    2. View your customers’ entire SQL Server inventory and select the servers where you want to apply ESU.
    3. Subscribe to ESU and configure how patches will be delivered.

Next steps

Are you ready to explore how Azure Arc can help you manage your customers’ legacy Windows and SQL Server workloads, keeping them secure and compliant? Get started with these Microsoft Learn resources:

Lifecycle FAQ – Extended Security Updates

Extended Security Updates for Windows Server Overview

How to get Extended Security Updates (ESU) for Windows Server

Extend Azure services to your SQL Server instances with Arc-enabled SQL


Related posts

Manage, govern, and secure all your SQL Servers with new hybrid capabilities enabled by Azure Arc – Microsoft SQL Server Blog