Application Retirement and the Sun-setting of SQL Server 2008
Microsoft’s SQL Server 2008 is the most popular database… ever. Application vendors have relied on it to power their applications for many years. However, the SQL Server 2008 end of support (EOS) has been announced. It will take effect on July 9, 2019, raising the question of what to do with the thousands (hundreds of thousands) of currently running applications built around it. At EOS, security updates will stop, raising security and compliance issues and putting applications and the business at risk. Companies will also run the risk of customers migrating to another application.
Regulatory security risks
Besides losing customers and revenue, a lack of updated security will cause breaches which can trigger litigation and regulatory issues. In fact, the new GDPR regulation carries with it huge fines (and negative PR) if EU citizen PII is stolen. The U.S. based HIPAA (Healthcare) regulation also carries large fines if patient data is taken. Without consistent updates, the possibility of data breaches will rise. Other government regulations affected include:
- Sarbanes-Oxley Act for financial controls
- ISO 27001 for information security management
- PCI-DSS for credit card transactions
- FedRAMP for cloud-computing products services
- GLBA for financial institutions
All applications running SQL Server 2008 will see their security risks quickly rise. The bottom line on security for application vendors and their customers is that doing nothing is not a winning strategy.
Migrating from on premise to the cloud
There are three possibilities for application vendors to address this development; upgrade their on premise applications to a newer version of SQL, migrate and rehost their applications on Azure VMs, or migrate the current database to Azure SQL Database Managed Instance and never need to update or migrate again.
Because 80% of organizations have adopted a cloud-first strategy, rearchitecting the application to a newer version of an on premise SQL server would be a step backward for the customer. Instead, migrating the application data to Azure SQL DB or an Azure-based archive would be the most appropriate strategy.
The Azure SQL Database allows vendors to scale on the fly without any downtime, manage and monitor business critical functions, realize performance improvements, develop additional capabilities, and include additional security-enhanced capabilities with built-in protection and compliance.
Application retirement for legacy SQL applications
The end of support of SQL Server 2008 gives companies a chance to reconsider technology roadmaps, reassess direction, update strategies, and set themselves up for the future. The main question for companies to ask yourselves: is there a better way to accomplish the task? Are the applications running SQL Server 2008 actually being used or should they be retired?
Many companies find that they have tens, hundreds, or thousands of applications that have been abandoned but are still included in the company’s backup and DR processes, Obviously a huge waste of money and resources. Determining ownership of the abandoned application, so a decision about retirement is the first step. There are three main scenarios when looking at application retirement:
Scenario #1: Backup the application for later restoration and then retire it
The most basic process for retiring an application while retaining access to the legacy data is to back it up into the cloud and restore it to a VM if ever needed. The upside is that you can utilize your current cloud tenancy to store the backup and shut the application down. The downside is the data is not easily or quickly accessible.
Scenario #2: Retire an abandoned application, keep the data for eDiscovery or regulatory compliance
Depending on the application and its associated data, the question about what to do with the legacy data is; delete or keep it for litigation or regulatory reasons. Corporate legal departments, being relatively conservative, will most likely want to keep the application data for a period of time for regulatory or eDiscovery actions. But, can the data, without the application, be retained, searchable, and viewable in a human-readable format?
One possibility is to migrate the application, and it’s SQL database to a cloud-based VM in case it needs to be accessed again. The issue with this strategy is that you will still be paying for the application license and vendor support fees - so it hasn’t been retired at all. Also, the turn-around time could be an issue.
The other possibility is to migrate the retiring application data to a cloud-based repository and use the cloud’s services (or third-party applications) to retain access and basic functionality of the data, i.e. be able to search and view the data in a human-readable format, quickly.
Scenario #3: Retire little-used applications and archive the data for reference
The third scenario we run across a lot is when an application shows little or no use/access over a long period of time. Has the application been abandoned or is it accessed only occasionally or annually? In many cases, these applications have been replaced with newer technology, but the data still needs to be available. As was the case with scenario #2, if the application data needs to be retained and accessible, the application could be retired if the data is archived properly.
Archive360 and Microsoft for application/database retirement
In scenario #1, a straightforward backup can be done. However, restoring it to an on premise server or VM will take time – a potential issue when responding to an eDiscovery or regulatory request. However, if the backup was stored in the company’s Azure tenancy, the application could be restored to an Azure VM and accessed much more quickly. Archive2Azure can backup entire applications and their databases to Azure for later restoration.
In scenarios #2 and #3, companies need to keep retired application data easily assessable while allowing them to shut down the application. Archive2Azure can archive and provide access to the data so it can be searched and the data viewed without the need to restore it the retired application. Archive2Azure can also time-slice the archived data down to the transaction layer to show specific transactions over time such as how a particular customer record was changed over time.
With SQL Server 2008 nearing end of support, organizations need to be aware of the potential issues of not addressing it, as well as being aware of the potential strategies available to address it.
Please contact us to find out more about SQL Server 2008 end of support and how Archive2Azure can help.
About Bill Tolson
Bill is the Vice President of Global Compliance for Archive360. Bill brings more than 29 years of experience with multinational corporations and technology start-ups, including 19-plus years in the archiving, information governance, and eDiscovery markets. Bill is a frequent speaker at legal and information governance industry events and has authored numerous eBooks, articles and blogs.