Significant cost increases for Microsoft and Java legacy software support.

Published 31 July 2019

Last updated 21 April 2020

What is happening?

In 2019 and 2020 the cost to support Windows 7, Windows Server 2008, SQL Server 2008, and Java SE 8 are significantly increasing. CCS has identified that public sector organisations may still have a substantial dependency on some of these software products and we are looking to work with Microsoft and Oracle (Java) to mitigate their commercial exposure.

How does this affect me?

Using Windows Server 2008 as an example, Extended Support ends in January 2020 and customers are being moved to Extended Security Updates (ESU). This will involve significant increases in costs for patching (around 75% of the license cost plus Software Assurance (roughly 25% of the license cost)). Windows Server 2008 is the most widely used Windows instance and a significant portion of business-critical applications depend directly or indirectly on the Windows Server 2008 operating system. There is estimated to be a significant security incident related to this by 2022 if systems are left unpatched.

What can you do about it?

Please complete the below surveys so that CCS can understand the public sectors consumption of these software products. CCS is looking to negotiate with software vendors to reduce the likelihood of public sector estates running unpatched. Our customers input and cooperation is essential in undertaking these tasks.

Microsoft survey
Java survey

In the meantime

The options for actions you can take vary by product and customers are advised to draw up mitigation plans. Using Windows Server 2008 as an example, the options are as follows:

  • upgrade – upgrade the operating system/applications to a supported version of Windows (on-premises or in Azure) or refactor to leverage containers
  • move workloads onto Azure – move Windows Server 2008 workload Virtual Machines to Azure and receive 36 months of ‘free’ extended security updates
    • for this option you must have Software Assurance in place and existing licenses can be leveraged through Microsoft Azure Hybrid Benefit to reduce costs
  • pay for ESU – purchase up to 36 months of extended security updates for applications that cannot quickly be moved to a supported version of Windows
    • note: this will incur significant cost to your organisation and to qualify for extended security updates, Microsoft will require a migration plan
  • isolate/retire — retire or isolate and protect applications

Complete the survey

The CCS software category team are on hand to assist public sector customers with end of support concerns however we would ask that in the first instance you complete the short Microsoft survey and / or Java survey as applicable to allow us to understand your circumstances.

Visit the Microsoft website for a full list of products reaching end of support.

News and blogs