As new releases of SQL keep coming, old versions keep going away. Lifecycle management is something as database professionals that we have to mindful of and be planning for.
If you are running an out of support version of SQL then you need to start thinking about what your plan is for it. If you have a choice and need to keep the server running, then you probably should strongly consider using a later version of SQL. Really, really try to do it. However, several cases here is that you are held to the limitation of a product and as much as you would love to go all “office space” on it, you value your job more, so it sticks around and you have to deal with it. There are some other examples such as licensing concerns, lack of employee participation, resource constraints, etc., but I believe these could and should be resolved.
Any time that you or your company make the choice to run on an old version of SQL (regardless of the reason), you are taking a risk and it is important to understand what these risks are and communicate it to your company. At the very least, you want to provide cover for yourself in case something does happen.
Let’s start by looking at the SQL Server product lifecycle. There are 2 dates that you need to be aware of regarding end of life.
- End of Mainstream support – This means that up to this date Microsoft will fully support the product, as well as, continue to make changes to product design and features.
- End of Extended support – This means that up to this date Microsoft will fully support the product, but they will no longer make changes to product design and features. Anything beyond this date is unsupported software and Microsoft will only support it if you pay for expensive extended support (which is usually limited for up to 3 years)
|Version||Release Date||End of Mainstream||End of Extended|
|SQL Server 2005 (SP4)||12/13/2010||4/12/2011||4/12/2016|
|SQL Server 2008 (SP4)||7/7/2014||7/8/2014||7/9/2019|
|SQL Server 2008 R2||7/20/2010||7/10/2012||7/10/2012|
|SQL Server 2008 R2 (SP3)||9/26/2014||7/8/2014||7/9/2019|
|SQL Server 2012||5/20/2012||1/14/2014||1/14/2014|
|SQL Server 2012 (SP3)||12/1/2015||7/11/2017||7/12/2022|
|SQL Server 2014||6/5/2014||7/12/2016||7/12/2016|
|SQL Server 2014 (SP2)||7/14/2016||7/9/2019||7/9/2024|
|SQL Server 2016||6/1/2016||1/9/2018||1/9/2018|
|SQL Server 2016 (SP1)||11/16/2016||7/13/2021||7/14/2026|
|SQL Server 2017||9/29/2017||10/11/2022||10/12/2027|
If you have something about to come out of support, then you need to start planning for that. I recommend start planning working through upgrades as soon as you can and at minimum a couple of years in advance of end of extended support.
So, tell my why running old versions of SQL is of concern and what I need to communicate.
- Security – Once a version reaches end of extended support, Microsoft is no longer obligated to release security patches. So as new security attacks happen (insert most recent security attack) this leaves your SQL environment at risk. And not only are our databases at risk, but every application that relies on those databases are also susceptible to data theft and corruption.
- Compliance issues –Several regulations such as HIPAA, SOX, GDPR, etc. require that must implement procedures for detecting, guarding against, and reporting malicious software for sensitive data. It is the responsibility of the company to make the appropriate technical and organizational measures. If you are using software that is no longer supported by Microsoft, then you may be out of compliance.
- Maintenance support and\or costs – Once end of extended support has occurred, Microsoft is no longer supporting these, so in the event of any product related issues you will not have support or may be required to pay Microsoft a significant amount of money to get it. Additionally, if you choose to accept the risks and try to isolate these servers within your environment (network segmentation) then you will incur higher maintenance costs because you must maintain legacy servers, firewalls, and perform unique setups to try to guard against intrusions.
- Insufficient performance – The information landscape has changed significantly over the years. Depending on the version of SQL you are running, you could be using a piece of software that has not received enhancements in nearly a decade. Think of all changes that have happened in the information landscape since then and think about the sophistication of today’s cyber-attacks. The features that were enough then just do not meet the needs of current IT environments.
- Numerous product improvements – There is a long list of benefits that comes with an upgrade that can positively affect your applications and user experience that you should take a look at.
Be sure to understand the risks and tell the story of continuing to run on this product and do everything that you can to try to get to a later version.