Windows Server 2008 EOL
Microsoft Windows Server 2008 and 2008 R2 moved past their End of Life (EOL) on January 14, 2020. This has serious implications for companies that use these servers for virtualization solutions. It’s important to understand what these are and what you should do to minimize or completely avoid unnecessary business risk.
It’s Actually Called End of Support
If we want to be accurate about it, the right term for what many refer to as Windows Server 2008 (and 2008 R2) End of Life is really called End of Extended Support, or simply End of Support (EOS).
This means that, when the date in question arrives, Microsoft will no longer release patches or security updates for these two products. This can cause security policy and regulatory compliance issues.
Security and Compliance Implications
The absence of security updates leaves your Windows 2008 servers (and the applications running on them) exposed to threats that exploit known vulnerabilities. Security updates that normally address known security vulnerabilities are now gone after EOS.
Unless your organization has purchased Extended Security Updates (ESU), which qualifies it to receive updates until 2022, or a period of three years from EOS. If you have migrated your Windows 2008 Server-based applications to Azure, you are also qualified to receive ESU for the same period.
Because data privacy/protection laws and regulations (such as HIPAA, GLBA, PCI-DSS, and GDPR) are closely intertwined with cybersecurity, an unpatched server could result in non-compliance, in turn, potentially leading to onerous fines and penalties.
Microsoft has already released several security updates for Windows Server 2008 since EOS. If you have not availed of ESU or have not migrated to Azure, your organization may potentially pay huge penalties for staying on Windows Server 2008.
Impact on Virtualization Solutions
Like many other solutions that run on Windows Server platforms, virtualization solutions like Citrix Virtual Apps and Desktops and Parallels® Remote Application Server (RAS) are seriously impacted by any impending Windows Server EOLs.
Any unpatched vulnerability in the platform could compromise these solutions if they’re running on it. That’s why when an EOL or EOS date draws near, companies scramble to plan for migrations.
Windows Server 2008 EOL Migrations: Easier Said Than Done
Migrations are usually unavoidable—there’s no question about that. However, doing a migration is not as straightforward as it appears. First of all, these exercises are quite expensive and complex. Some applications could even break if you forcefully migrate them to another (or newer) platform. That’s why most companies prefer to have a longer grace period. They need ample time to plan, execute, test, and validate upgrades and migrations.
What will it take to upgrade?
If you don’t want to migrate to Azure, upgrading Windows Server 2018 to a still-supported version is your only hope of supporting legacy apps. This entails upgrading to Windows Server 2012, whose mainstream support ended on January 9, 2018.
Microsoft had initially set Windows Server 2012’s EOL date to October 10, 2023, but later extended it by nine months. While upgrading to Windows Server 2012 buys you more time to use legacy apps as Microsoft continues to issue bug fixes and patches, you can’t count on non-security hotfixes that may be vital for compliance regulations.
To continue enjoying all Windows Server features, you need to conduct a multi-step upgrading process. This entails upgrading Windows Server 2018 to Windows Server 2012 and finally to Windows Server 2016, which benefits from mainstream support until January 11, 2022.
Extending Windows Server 2008 EOL Security Updates Via Azure
The good news is that Microsoft is providing a way to extend those security updates for free. Security updates can be extended to your Windows Server 2008 and 2008 R2 for three more years if you migrate your Windows Server 2008/2008 R2 virtual machines to Azure, Microsoft’s cloud computing platform. Those three additional years will give you enough time to prepare thoroughly before upgrading.
Problem with Citrix
Unfortunately, if you’re using Citrix, it would be difficult to take advantage of this opportunity. That’s because Citrix Virtual Apps for Windows 2008 and Citrix Virtual Apps for Windows Server 2008 R2 both reached their own End of Extended Support (EOES) on January 14, 2020.
The Parallels RAS Advantage with Windows Server 2008 EOL
You’ll be in a better position if you’re using Parallels RAS. Parallels RAS currently supports Windows Server 2008 and 2008 R2. What’s more, Parallels RAS itself is also built to run on Microsoft Azure. So if you’re using or intend to use Parallels RAS, you can take advantage of Microsoft’s offer and enjoy three more years of security updates for free.
Avoid the issues that accompany Windows Server 2008 EOL.