Beat the Clock: Making the Move from SQL Server 2005

Security and compliance drive Michigan and Montana’s migration efforts.

When it comes to migrating away from Microsoft SQL Server 2005, state and local governments know the drill. Agencies underwent similar upgrades with Windows XP and Windows Server 2003 in recent years.

This spring, Microsoft has set an April 12 deadline to cease support for SQL Server 2005. Most IT departments have had migration plans underway because they know the security risks inherent in running software that lacks patches and updates.

The Michigan Department of Technology Management and Budget began upgrading from SQL Server 2005 about a year ago, says Kirt Berwald, a general manager with the department.

His staff will complete the migration to SQL Server 2010 and SQL Server 2012 ahead of the April deadline. “We’ll be ready; all of the SQL database servers will meet the time frame,” Berwald says.

Berwald notes that security has been a top priority in Michigan, mainly because the state could not comply with federal Criminal Justice Information Services (CJIS) mandates or comply with HIPAA or IRS regulations if it ran the old software.

“As a policy, we do not run software for databases that would not be supported by the vendor,” Berwald says. “If Microsoft no longer issues patches for SQL Server 2005, we’d open ourselves up to security issues. Plus, there’s no way we could comply with all the different state and federal mandates.”

Lynne Pizzini, deputy CIO and chief information security officer for the state of Montana, concurs that security was the main concern that prompted Montana to migrate. Charged with managing technology for 14,000 users across 26 agencies, the state’s IT services division made the decision once it learned that Microsoft would no longer distribute security patches for SQL Server 2005.

“We sent out an email about 18 months ago to all the agencies and have monthly IT management meetings and weekly technical management meetings, so everyone is very well informed about the migration,” Pizzini says. “We’ve been working closely with the agencies to determine which version of SQL Server would be best for them to deploy. It really depends on how well a certain version supports an agency’s business apps.”

Getting Fair Warning from Microsoft 

Carl Olofson, research vice president for application development and deployment for IDC, says while it’s always difficult for software makers to determine when to pull the plug on a product, Microsoft has given organizations ample time.

“We’re talking about software that has been around for a decade or more,” Olofson says. “Plus, government agencies that want to provide more services online, such as virtual registration for the DMV, need to be running current software. Not to make the investment in upgraded software really does seem like a penny-wise and pound-foolish approach.”

Denys De Castilhos, an operations/quality assurance manager who works with Berwald in Michigan, points to several reasons why agencies should migrate from Microsoft SQL Server 2005.

For starters, Microsoft didn’t support encryption in SQL Server until 2008. Plus, the latest versions of SQL Server have much better compression, which will help Michigan save money by reducing its storage requirements. Finally, updated versions of SQL Server support auditing.

“Before 2008, administrators would have to write code to run audits. Today, we can find out automatically what we need to audit,” Castilhos explains. “So while security and compliance are important, migrating off SQL Server 2005 also makes our jobs easier by letting us work more efficiently and faster.”

IDC’s Olofson says that IT departments understand that software can’t last forever. “It’s just a fact of life in our industry today — technology moves on,” he says. “When you buy software it’s very rare that it will do the job it did when you purchased it 10 years later.”

Shawn O'Neil/Flickr
Feb 18 2016