“We have SQL Server version 20 years ago, and it runs fine. So what’s the problem? Why should we upgrade it?”
The short answer is that the more your SQL Server is out of date, the more things become
⦁ vulnerable,
⦁ broken and unfixable,
⦁ limited in features, and
⦁ expensive.
Vulnerable
“Vulnerability = liability.”
-Anon
Older versions of any software are less secure internally than their newer cousins. After all, “the good old days” of computers are always slightly simpler and slightly less dangerous. For example, versions of SQL Server pre-2012 kept the passwords of logged in accounts in clear text in memory. It’s a very simple matter to collect passwords from memory, if you know how.
Software vendors fix major vulnerabilities like this one by releasing a new version, or a new patch (which is then rounded up into the next version). It’s easy to see that, after a handful of new versions, there’s no point in continuing to produce patches for decades-old software that’s chock full of vulnerabilities. No new patches means your systems will be vulnerable to new viruses and other attacks.
And it’s not just SQL Server. If you keep old versions of software, there will come a point when you can’t upgrade the underlying operating system and hypervisor. That leads to even more vulnerabilities and compliance issues!
Broken and unfixable
Software ages out. Software support ages out, too. Microsoft sets an “end of mainstream support” date, as well as an “end of extended support” date, for each version. So when something goes wrong with your SQL Server 2008 box, you can’t get any help from Microsoft…they stopped supporting it in 2019!
What’s more, DBAs and consultants with experience with SQL Server 25 Years Ago Version will become more and more difficult to find.
Features
Microsoft SQL Server is meant to be used as backend software for applications – whether home grown, or third party. As your applications move up in versions, they’ll eventually mature past the old backend, forcing you to upgrade SQL Server in order to use the shiny new program.
Leaving old SQL Server versions lying around also means your shop misses out on cool new features. SQL Server 2019 is light-years past SQL 2005 in terms of performance, high availability, encryption, and all the bells and whistles. Keep the “old and busted” SQL, and your company will fall behind its competitors.
Expense
We mentioned mainstream versus extended support, above. Extended support simply costs you extra, and it only provides security updates…not functional, performance, or scalability updates.
How much will extended security updates cost for … SQL Server 2008 and 2008 R2? On-premises: Customers with active Software Assurance or subscription licenses can purchase Extended Security Updates for approximately 75% of the on-premises license cost annually. Pricing is available on published price lists.
– Microsoft.com
There are hidden costs in addition to the obvious ones. The longer you wait too upgrade, the more effort it takes. Coding around deprecated features and regression testing have tripped up many an upgrade project over the years.
Being several versions behind can also give you a crooked path to upgrading. For example, you cannot upgrade SQL Server 2008 directly to 2017. The extra steps may mean an extended outage.
In conclusion
SQL Server: Super Old Version may be “running just fine”, but in reality you have a server that’s vulnerable, hard to fix, limited, and – eventually – expensive and troublesome to upgrade. It’s probably time to do a little SQL housecleaning.
Further reading: