Comprehensive software reviews to make better IT decisions
What Can Be Done When Microsoft Products Pass the Extended Support Deadline?
Over the last decade, Microsoft aimed to reduce the the number of years of support that is required per product and streamline update cycles. This in turn would minimize the number of product versions, exemplified by the turn from on-premises licenses to subscription based with an 18-month lifecycle. This has enabled the decrease in number of customer support hours and problem resolution tickets leading to significantly reduced costs and shifting resources from firefighting to innovation.
Microsoft’s existing product support lifecycle policy is five years of mainstream support and five years of extended support. At the end of extended support, Microsoft does offer Extended Security Updates (ESUs). Per Microsoft, ESU “includes Critical* and/or Important* security updates for a maximum of three years after the product’s End of Extended Support date. Extended Security Updates will be distributed if and when available. ESUs do not include new features, customer-requested non-security updates, or design change requests.” ESUs are available for SQL Server, Windows Server, and Windows OS.
Eligibility requires Software Assurance be on the relevant server and CALs licenses, and at a cost of 75% of on-premises license per year. This is in addition to all other license and SA costs paid. ESUs can be purchased through the Enterprise Agreement, Server and Cloud Enrollment, Enrollment for Education Solutions and Cloud Solution Provider program. This SKU does not need to be purchased for all three years, but rather can be added for the required number of years. ESUs are not a benefit of Unified Support.
An alternative option for extended security updates is to migrate legacy servers to Azure. In past years, Microsoft has offered organizations free extended security benefits on Windows Server and SQL. As of March 2020, these offers are still available. An example can be found on Microsoft’s website, “To address this need, we are pleased to announce that Extended Security Updates will be available for free in Azure for 2008 and 2008 R2 versions of SQL Server and Windows Server to help secure your workloads for three more years after the end of support deadline. You can rehost these workloads to Azure with no application code change.”
If migrating to Azure is a possibility, it is necessary to calculate potential uptime costs examining factors such as RAM, storage, and high availability. This will be in addition to testing for compatibility, migration timeframes, and any other costs such as dedicated resource time.
- Align upgrade cycles with Microsoft’s support lifecycle. Once server products are at end of support by Microsoft, organizations leave themselves vulnerable to security flaws and potentially attack, which could have more costly implications than extended support costs.
- Where necessary, leverage ESUs, but with a plan to upgrade legacy systems to newer versions. This effectively pushes the decision a few years down the line on what should be done.
- Use Azure for specific workloads in a cost-effective manner. It is easy to over quantify what may be needed, and in the time frame a migration can be achieved. Start small and scale from there.
Want to Know More?
Q headlines a bevy of announcements at AWS re:Invent 2023 in Las Vegas that shed more light on the cloud service provider’s AI strategy and where its differentiation from other vendors lies.
This note outlines some tips and tricks that you should be aware of when embarking on the installation and configuration of a Kubernetes cluster. Such an endeavor should only be attempted if the need for an enterprise-grade container orchestration solution is required.
It’s simply not enough today to pit your traditional application security toolkit against today’s advanced threats, especially those attacks that target APIs or mobile platforms. Bolstering your CI/CD pipeline by introducing more advanced and accurate SAST, SCA, IAST, and DAST will most certainly improve your security posture, but the journey does not end there. There are attacks and use cases that need careful consideration for how you approach security. Appdome believes it has those unknown challenges addressed and can significantly improve your application security program with very little effort from your development and security team, a welcome change from solutions that required a good bit of work to introduce problem-free into your code base four years ago.
This post provides a review of Zoom’s 2023 conference, Zoomtopia 2023. Core aspects covered include what major product releases and upgrades Zoom announced at Zoomtopia 2023, and what these announcements mean for Zoom’s market positioning in 2024.
Contact center as a service (CCaaS) enterprise providers are steamrollering ahead with embedding generative AI functionality in their platforms – whether organizations are prepared for it or not. In this post, I explore a positive outlook for how generative AI can be used to enhance organizations' customer experience capabilities while generating ROI. This includes: 1. Listing the major use cases for generative AI in the contact center. 2. Discussing how we might calculate ROI from utilizing generative AI in the contact center. 3. Considering what organizations can do to prepare for CCaaS vendors’ release of generative AI functionality.
In June 2023, I decided to remove the password on my primary email account as well as the one used to log-in to all of my devices. Did I wait too long? Am I too optimistic this will work without issue? Are there kinks that still need to be worked out? I recently attended Identiverse 2023 and got a FIDO2 hardware token intending at some point in the future to go passwordless. Why wait though? I was pumped up with all the passkey and passwordless sessions I attended and was eager to try this out and share my experience.
If you’re in the market for a password manager or are interested in secrets management, Bitwarden has a powerful platform for you. This unified platform is delivered via a thoughtful and intuitive UI, which Bitwarden Password Manager users will recognize. Bitwarden ranks as top of the Leader Quadrant in SoftwareReviews under the Password Management category, and the company believes its optimized, wide-range passwordless solution set will address most organizations’ needs.
Next-generation firewalls were smarter than previous firewalls, able to deeply analyze traffic and integrate with complementary security solutions. Today our needs are more complex, however, with a 742% increase in software supply chain attacks over the past three years. Sonatype Nexus Firewall has been paying attention and claims its firewall product is smarter about these attacks.
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.