Leveraging Azure Arc to Enable Extended Security Updates

Author: Melissa Fernando – SAM Consultant at The Mastermind Group

Azure Arc is a solution offered by Microsoft that extends its cloud platform services and capabilities to on-premise, multi-cloud, and edge environments. The solution can also be leveraged to provide customers with an alternative option to seamlessly deploy Extended Security Updates (ESU) for Windows Server 2012/2012 R2 or SQL Server 2012 as part of their existing Azure billing. This article will discuss the benefits, prerequisites, licensing, and management of ESUs enabled by Azure Arc.

With Microsoft no longer supporting Windows Server 2012/2012 R2 or SQL Server 2012, organisations utilising this outdated software will cease to receive critical security updates, thereby placing your IT environment in a potentially vulnerable position.

To continue running these legacy versions, the usual recommendations are to;

  1. Purchase yearly ESUs through Software Assurance via specific volume licensing programs or;
  2. Migrate the workloads to Azure and receive ESUs for a period of three years after the End of Support dates. Apart from the fee associated with running the virtual machines in Azure, there are no ESU costs involved.

Last year, Microsoft announced a third option; leveraging Azure Arc to provide critical security updates for on-premise or multi-cloud environments.

Azure Arc is a Microsoft service that extends Azure services and management capabilities to resources deployed outside of Azure.

It allows organisations to maintain control and visibility across diverse infrastructure deployments such as; on-premise, multi-cloud and edge environments, and all within a centralised control plane.

One of the key features of enrolling servers in Azure Arc is the ability to deliver ESUs for Windows Server 2012/2012 R2 and SQL Server 2012. The service entails a monthly subscription fee and provides customers with the financial flexibility to align deployment numbers with budgetary requirements. Purchasing ESUs through a volume licensing program where the ESU license quantity is locked-in for a year isn’t as flexible when compared to the cost benefits provided via Azure Arc which allows you to reduce ESU costs throughout the year as you progress with upgrading, migrating, or decommissioning legacy software.

ESU licenses are based on a per virtual core or physical core model;

  • Windows Server is subject to a minimum of 16 physical cores per server or 8 virtual cores per VM.
  • SQL Server is subject to a minimum of 4 physical core per server or 4 virtual cores per VM.

Please note, to be eligible for subscription ESUs your organisation must have initially purchased the Year 1 ESU from the Microsoft 365 admin center. If you have purchased Year 1 ESUs and are yet to renew for Year 2, this is a great opportunity to switch to the ESU subscription via Azure Arc. However, if your organisation has already renewed for Year 2 ESUs, unfortunately you will be required to wait until Year 3 before transitioning. It’s important to highlight, these terms and offerings may change so it is recommended to discuss with your Licensing Solution Provider (LSP) for further guidance and clarification.

Summary of the ESU support terms for Windows and SQL Server:

It is essential to review the official Microsoft support lifecycle policies and announcements for specific products and services to understand the available support option.

To enable ESU by Azure Arc the following are several requirements to consider:

  • An existing Azure subscription
  • Windows and SQL Server licenses with active Software Assurance, for versions and editions that are eligible for ESU.
  • Purchase of at least Year 1 ESU
  • Onboard to Azure Arc, by installing the Azure Connected Machine agent to connect on-premise or non-Azure servers to Azure.

Enrolling in Azure Arc is a great way to secure aging on-premise infrastructure by providing a centralised management tool to deploy, manage, and monitor extended security updates. Organisations should also consider leveraging the monthly payment model to incentivise server upgrade and/or migration processes, as it gives organisations the opportunity to reduce costs monthly while this transition takes place.

Author: Melissa Fernando – SAM Consultant at The Mastermind Group

If you would like to hear more information about how you can reduce your ESU costs, please reach out to us via email at info@tmg100.com.