What is it?
On January 14th, 2020, security updates for Windows Server 2008 an 2008 R2 will end. At this point, servers running those operating systems will become increasingly vulnerable.
Microsoft Lifecycle Policy provides 10 total years of support. 5 years for Mainstream Support and then 5 years for Extended Support. This applies to the most common versions Windows Server (Standard, Datacenter, and Enterprise). End of Support means patches stop being made available causing significant security and compliance threats as well as the potential of exposing your customer’s data.
Time is short, what options does your business have?
The first option is keeping your servers and applications as is and purchasing Extended Support. Since I don’t recommend “doing nothing” as an option, this is the least invasive option. Naturally there is a cost to this. The cost is 75% of your Enterprise Agreement, Enterprise Agreement Subscription, or Server and Cloud Enrollment. You can find detailed information on Extended Security updates on the Microsoft-maintained documentation found here. With this, Windows Security patches will be made available to the machines you sign up with this for and the day to day basically continues as usual. This is available for up to 3 years.
The next option is upgrading your on-premises systems. With this, you can either deploy your applications on fresh installs of the latest supported Windows Server versions or attempt an in-place upgrade of the OS. For an in-place upgrade, (assuming you are on 2008 R2 looking to go to 2016) you will need to go from 2008R2 to 2012 to 2012 R2 to 2016. Before attempting any of these upgrades, make sure you take a good backup of the systems! For up to date information regarding upgrade paths, please refer to the Microsoft Documentation on Server Upgrades.
Migrating to new systems is recommended to enable all the features of the new Operating System and to avoid the baggage of old Operating Systems left behind after the upgrade.
The final option if upgrading Operating Systems is not an option, is to “Lift and Shift” the groups of existing servers running your applications to Azure. Leveraging Azure’s Infrastructure as a Service offering, this route offers 3 extra years of Extended Support patching at no additional charge. With this, you also gain the high availability and scalable nature provided by Azure infrastructure allowing you to stop worrying about on-premises hardware contracts and potentially disastrous hardware failures.
In the Azure Portal, you can take a look at the migration center to help you plan moving your affected servers. You will be responsible for the associated costs of compute and storage consumed. An assessment is important to perform before any project is started. Azure provides multiple assessment tools to help resource planning as well as perform a cost analysis.
For official tutorials and more information about 2008 server end of life, see the official documentation.