Server Virtualisation and Hyperconvergence for SMEs

Server virtualisation runs several independent virtual machines on a single physical host, so one server can do the work of many. Most Melbourne SMEs still keep some on-premises compute for performance, control or cost reasons. The 2026 question isn’t whether to virtualise — it’s which hypervisor, and whether you need hyperconverged infrastructure at all.

This post explains virtualisation in plain terms, walks through the hypervisor shake-up after Broadcom’s acquisition of VMware, and tells you honestly when hyperconverged infrastructure (HCI) earns its keep — and when it’s overkill. Most small SMEs don’t need it.

What server virtualisation actually is

A physical server has finite CPU, RAM and disk. Run one operating system on it directly and most of that hardware sits idle most of the time. Virtualisation inserts a thin software layer — a hypervisor — between the hardware and the operating systems, so you can run multiple virtual machines (VMs) on the one host. Each VM behaves like its own separate server: its own OS, its own applications, its own network identity, isolated from its neighbours.

The payoff is consolidation. A business that once had a domain controller, a file server, a line-of-business application server and a print server on four ageing boxes can run all four as VMs on a single modern host, with capacity to spare. Fewer machines to power, cool, patch and replace. VMs are also portable — you can back one up as a file, move it to another host, or spin up a copy for testing without touching the others.

Why SMEs still run on-premises compute

The cloud handles a great deal of what used to live in a server room, but on-premises compute hasn’t gone away, and for good reasons:

  • Latency-sensitive applications — CAD, large file editing, manufacturing line systems and some practice-management software perform better when the server is on the same LAN as the users.
  • Data gravity — when you hold terabytes of project files, shifting it all to cloud egress charges and re-downloading it daily makes no financial sense.
  • Specific software — plenty of legacy line-of-business applications simply aren’t built to run as SaaS.
  • Control and predictability — a fixed capital outlay every five years can beat an ever-climbing monthly cloud bill for steady, predictable workloads.

A construction firm in Box Hill we work with keeps its estimating and document servers on-premises precisely because the project files are enormous and the estimators can’t tolerate cloud latency mid-tender. Their email and collaboration live in Microsoft 365; their heavy compute stays local. That hybrid split is typical.

The hypervisor landscape in 2026

For over a decade VMware vSphere was the default choice and the safe one. That changed when Broadcom acquired VMware and overhauled the licensing — moving to subscription-only bundles, raising minimum core counts, and discontinuing the free ESXi hypervisor and the perpetual licences many SMEs relied on. For a small business running two or three hosts, the renewal quotes have in many cases multiplied. The result is a genuine migration away from VMware among cost-conscious SMEs, and a healthier set of alternatives than the market has had in years.

HypervisorWhat it isBest fit for SMEs
VMware vSphereThe long-standing enterprise standard; mature, feature-richExisting VMware shops who can absorb the new subscription costs
Microsoft Hyper-VBuilt into Windows Server; included with the licence you likely already buyWindows-centric SMEs wanting a no-extra-cost, well-supported option
Proxmox VEOpen-source virtualisation with clustering and built-in backupBudget-conscious businesses with capable IT support; no licence fees
NutanixHCI platform with its own hypervisor (AHV); compute and storage combinedGrowing SMEs wanting an integrated, scalable appliance approach
Azure Local (Azure Stack HCI)Microsoft’s hybrid HCI stack, managed through AzureMicrosoft-aligned businesses wanting on-prem hardware with cloud management

For most Melbourne SMEs already invested in Windows Server, Hyper-V is the pragmatic answer. It’s a Type 1 hypervisor that ships with Windows Server, it’s well documented, and the live migration and replication features that used to cost extra in VMware are built in. Proxmox is a strong open-source alternative where there’s no appetite for licence fees and the IT partner is comfortable supporting it. Nutanix and Azure Local are HCI platforms — which brings us to the next question.

What hyperconverged infrastructure (HCI) is

Traditional virtualisation often kept three things separate: the servers that provide compute, a shared storage array (a SAN or NAS) that holds the VM data, and the network switching that ties them together. That works, but it means buying, managing and troubleshooting three distinct systems, often from three vendors.

Hyperconverged infrastructure collapses compute, storage and networking into clustered nodes — standardised server units that each contribute CPU, RAM and local disk to a shared pool, managed as one system through a single software layer. Add capacity by adding another node. There’s no separate SAN to maintain; the storage is software-defined across the cluster. A three-node HCI cluster can lose a whole node and keep running, because the data is mirrored across the others.

When HCI suits a growing SME

HCI makes sense when an SME has outgrown a single host but doesn’t want the complexity and cost of a traditional SAN-plus-hosts build. The signals we look for:

  • You’re running enough VMs that one host is no longer enough, and you need genuine high availability — workloads that must survive a hardware failure without downtime.
  • You expect to grow and want to scale by adding nodes rather than forklifting in a bigger array.
  • You want fewer moving parts and a single support relationship rather than separate storage, compute and hypervisor vendors.
  • You have, or your MSP provides, the discipline to manage a clustered platform properly.

A manufacturer in Dandenong we support moved to a three-node HCI cluster when their ageing single host couldn’t run their ERP, MES and file workloads with any headroom — and a hardware failure would have stopped the production line. The cluster gave them the ability to patch and reboot a node during business hours without anyone noticing, which a single host never could.

High availability, backup and disaster recovery

Virtualisation makes resilience easier, but it does not provide it automatically. Three distinct things often get muddled, and the distinction matters when a server room floods or ransomware hits.

High availability (HA) keeps workloads running when a host fails. In a cluster, if one node dies, its VMs restart automatically on the surviving nodes. HA protects against hardware failure — it does not protect your data from deletion, corruption or encryption.

Backup is your independent, recoverable copy. The cardinal rule is that a VM snapshot is not a backup — snapshots live on the same storage as the VM and vanish with it. You need proper, application-aware backups written to separate storage, ideally following a 3-2-1 approach with at least one immutable, off-site copy that ransomware can’t reach. We go deeper on this in our guide to backup and disaster recovery for Melbourne businesses.

Disaster recovery (DR) is the plan and the tested capability to get the whole environment running again somewhere else after a serious incident. Virtualisation helps enormously here — because a VM is just a file, you can replicate it to a second site or to the cloud and bring it up there. The numbers that govern this are your recovery time objective and recovery point objective, which we unpack in RTO vs RPO explained. Set those targets before you design the platform, not after.

Cloud vs on-premises vs hybrid

The honest position is that this is rarely all-or-nothing. Three broad paths:

  • Cloud-first — run workloads in Azure or AWS, or replace servers with SaaS entirely. Best for businesses with variable demand, distributed teams, or no desire to own hardware. You trade capital cost for an operating bill that scales with use.
  • On-premises — keep compute local for latency, data gravity or cost predictability. Best for steady, heavy workloads where the maths favours owning the kit.
  • Hybrid — the common reality. Keep latency-sensitive and data-heavy workloads on-premises, push email, collaboration and backup targets to the cloud, and use the cloud as a DR site. Our cloud services work is mostly designing and running exactly this kind of split.

The mistake we see is treating cloud as automatically cheaper. For a server that runs flat-out twenty-four hours a day, owning the hardware over five years often beats the equivalent cloud instance. For a workload that’s busy three days a month, the cloud wins easily. Match the model to the workload.

Right-sizing: most small SMEs don’t need HCI

Here’s the part the appliance vendors won’t lead with: the majority of small businesses do not need hyperconverged infrastructure. A five-to-twenty-person professional services firm with a couple of VMs is perfectly well served by a single well-specified Hyper-V host with solid backups and a tested cloud DR plan. HCI starts to earn its cost at three nodes and a real high-availability requirement — below that, you’re paying for resilience and scale you won’t use.

Equally, plenty of SMEs we onboard are running more on-premises than they need to. If your file server, line-of-business app and identity could all sensibly move to Microsoft 365 and Azure, the right answer might be fewer servers, not a fancier cluster. Right-sizing cuts both ways — sometimes up to HCI, often sideways to hybrid, occasionally down to almost nothing on-site. The discipline is matching the architecture to the actual workload and risk tolerance rather than the brochure.

The MSP role in design and management

Virtualisation and HCI are easy to buy and easy to get wrong. The value of a competent MSP is in the design decisions made before anything is purchased: sizing the hosts to the workload with genuine headroom, choosing the hypervisor that fits your licensing and skills, designing HA and backup so they actually protect you, and setting RTO and RPO targets you’ve signed off on.

Then there’s the ongoing work — patching hosts and guests, monitoring capacity before you run out of it, testing DR restores so you know they work rather than hoping, and keeping the platform aligned to the Essential Eight. TechAssist is a Melbourne-based MSP founded in 2014 with 13 Australian-employed engineers — not offshore — and our managed IT services include this design-and-run work under fixed per-user monthly pricing rather than scope-creeping hourly billing. Our 24/7 NOC in Tecoma watches the hosts overnight so a failed node at 2am gets handled before you walk in.

Frequently asked questions

Is server virtualisation still worth it for a small business in 2026?

Yes, for almost any business running more than one server workload. Consolidating several roles onto one virtualised host saves on hardware, power and management, and makes backup and recovery far simpler because each VM is portable. The only businesses that genuinely don’t benefit are those that have moved everything to SaaS and the cloud and keep nothing on-premises.

Should I move off VMware because of the Broadcom changes?

Not reflexively — but it’s worth pricing the alternatives at your next renewal. If your VMware subscription quote has jumped substantially, Hyper-V (which you likely already licence through Windows Server) or Proxmox can deliver the same outcomes for an SME at far lower cost. Migration takes planning, so don’t leave it to the week before renewal.

What’s the difference between virtualisation and hyperconverged infrastructure?

Virtualisation runs multiple VMs on a host. HCI is an architecture that combines compute, storage and networking into clustered nodes managed as one system, removing the need for a separate storage array. All HCI involves virtualisation, but you can virtualise perfectly well on a single host without any HCI at all.

Do I need high availability or just good backups?

They solve different problems. High availability keeps you running through a hardware failure; backups let you recover from data loss, corruption or ransomware. A single host with excellent, tested backups is fine for many small businesses. If even an hour of downtime is unacceptable, you need HA as well — but never HA instead of backups.

Getting the architecture right

Server virtualisation is settled technology; the interesting decisions in 2026 are which hypervisor, how much resilience you genuinely need, and where the line between on-premises and cloud should sit for your business. Get those right and you spend nothing you don’t have to. Get them wrong and you either over-build a cluster you’ll never fill or under-protect a server you can’t afford to lose.

If you’re facing a VMware renewal, an ageing host, or a growth jump that’s straining your current setup, get in touch. We’ll look at what you actually run before recommending anything — and quite often the right answer costs less than you expect.

SASE and ZTNA are the cloud-delivered model replacing the traditional VPN for hybrid teams. Rather than dropping a remote worker onto your whole network, they grant access to one application at a time, based on who the user is and the state of their device — closing gaps a VPN cannot.

The VPN was built for a world that no longer exists — a head office, a server room, and the occasional laptop dialling in from a hotel. Hybrid work broke that model. This post explains why, what ZTNA and SASE mean once you strip out the acronyms, and the realistic path an SME takes to adopt them.

Why the traditional VPN is showing its age

A VPN does one job: it extends your corporate network to a remote device. Once a laptop in Camberwell connects, it behaves as though it is plugged into the office switch. That was fine when “remote” meant a handful of people occasionally. With half your staff working from home most weeks, the design becomes a liability for three reasons.

Performance and the hairpin problem

Most VPNs backhaul all traffic through a central concentrator at the office. A staff member in Ringwood opening a Microsoft 365 document sends their traffic to the office VPN box, which routes it out to Microsoft’s cloud and back again. This “hairpin” adds latency to every cloud app — which, for most businesses now, is nearly all of them. Teams calls stutter, SharePoint feels slow, and staff start turning the VPN off so things work.

Broad network access

This is the real problem. A VPN authenticates the user once at the door, then trusts them on the whole network. A connected laptop can usually reach the file server, the accounting system and a dozen other things the user never needs. If that laptop is compromised — through a phished credential or malware — the attacker inherits the same broad reach. The VPN never asks whether this person should reach this specific system; it only asked, once, whether the login was valid.

Attack surface

A VPN concentrator must be exposed to the internet for remote staff to reach it, which makes it a target. Unpatched VPN appliances have been behind some of the most damaging intrusions of recent years, and the Australian Cyber Security Centre (ACSC) has repeatedly issued advisories about actively exploited VPN flaws. A model that removes that exposed door is structurally safer.

What ZTNA actually is

Zero Trust Network Access (ZTNA) replaces “connect to the network” with “connect to an application”. Instead of dropping a device onto your LAN, ZTNA brokers access to individual apps one at a time. Each decision weighs two things: who the user is (verified identity, usually with MFA) and the context of the request (is the device managed and patched, where is it connecting from, does the sign-in look risky).

The practical differences are sharp. A user who needs the practice management system gets that and nothing else — they cannot see or reach the file server, because as far as the network is concerned it was never exposed to them. Applications sit behind a broker rather than the open internet, so there is no concentrator for an attacker to probe. And access is continuously evaluated, not granted once at login.

If your business runs on Microsoft 365, you already own a meaningful slice of this. Conditional Access in Microsoft Entra ID is identity-and-context-based access control for your cloud apps, and it is the natural starting point — we have a full walkthrough of Conditional Access policies if you want the detail.

What SASE actually is

Secure Access Service Edge (SASE, said “sassy”) is the bigger picture ZTNA fits into: the convergence of networking and security into a single cloud-delivered service, rather than a rack of separate appliances at your office. Security and routing follow your users and data wherever they are, enforced at a cloud edge close to the user instead of forced back through a head-office chokepoint.

SASE bundles several components that were once separate boxes:

  • SD-WAN — software-defined networking that intelligently routes traffic across whatever links you have (NBN, 4G/5G, fibre).
  • ZTNA — the per-app access model described above.
  • SWG (Secure Web Gateway) — filters web traffic and blocks malicious sites, wherever the user is.
  • CASB (Cloud Access Security Broker) — visibility and control over which cloud apps staff use, catching the “shadow IT” of an unsanctioned file-sharing tool.
  • FWaaS (Firewall as a Service) — firewall capability delivered from the cloud instead of a physical appliance.

The selling point is that these stop being five disconnected products and become one policy framework. Full convergence, though, is an enterprise journey — for an SME, the value is in the components, not the badge.

How this maps to zero trust

SASE and ZTNA are the network and access expression of zero trust. The principle is “never trust, always verify” — assume no user or device is trustworthy by default, verify every request explicitly, and grant the least access needed. A VPN violates that on its face: it trusts broadly after one check. ZTNA implements it directly, verifying identity and device context on every request. If the idea is new to you, our zero trust security model explained post covers it in full. SASE is simply how you deliver those principles to a distributed workforce without anchoring everything to a head-office firewall.

VPN versus ZTNA at a glance

AspectTraditional VPNZTNA
Access grantedWhole networkSingle application
Trust modelVerify once at loginVerify every request, continuously
Device postureRarely checkedChecked on each access
Internet exposureConcentrator published to the internetApps hidden behind a broker
Cloud app performanceHairpinned through the officeDirect to the cloud edge
Blast radius if a device is compromisedThe entire networkOnly the apps that user was granted

The realistic SME adoption path

Here is the honest part most vendor material skips: you do not buy “SASE”. There is no single SKU that delivers it, and any SME chasing a full convergence project will spend a fortune and stall. You adopt the components in order of value, and most Melbourne SMEs already own the first ones:

  1. MFA everywhere, no exceptions. The foundation of every model that follows. If a single shared mailbox or service account is still exempt, fix that first.
  2. Conditional Access. Use Entra ID to enforce identity-and-context rules on your Microsoft 365 apps — require a compliant device, block risky sign-ins, restrict by location. This is ZTNA for the apps most of your business already runs on.
  3. ZTNA for the remaining internal apps. Line-of-business systems that are not cloud SaaS — an on-prem ERP, an internal web tool — go behind a ZTNA broker so you can decommission the VPN for them.
  4. Layer on SWG, CASB and FWaaS as the case arises. Worth adding when scale and risk justify them.

Done this way, you reach the security outcomes of SASE incrementally, and the VPN gets retired app by app rather than in one risky cutover. Plenty of capable vendors play here — the major identity, networking and security platforms all have ZTNA and SASE offerings — and we stay deliberately vendor-neutral. The right stack depends on what you already run and your appetite for consolidation. Chasing a brand-name “SASE platform” before MFA and Conditional Access are locked down is putting the roof on before the walls.

A Box Hill example

A professional services firm in Box Hill we work with came to us frustrated that their VPN made every cloud document feel sluggish, so staff habitually disconnected it — leaving their security control off most of the day. We did not sell them a SASE platform. We hardened MFA, built out Conditional Access in Entra ID so their Microsoft 365 access enforced compliant-device and location rules, and put their one remaining on-prem application behind a ZTNA broker. The concentrator came off the internet entirely, cloud apps got faster, and their attack surface shrank to nothing.

The MSP role

This is where an MSP earns its keep, because the failure modes are subtle. Conditional Access with one too many exclusions, or a ZTNA policy so broad it recreates the VPN’s flat-access problem — these are configuration details, and they are where the value and the risk both sit. The point of moving off a VPN is least-privilege access; a half-configured replacement gives you the complexity without the benefit.

TechAssist is a Melbourne-based MSP, founded in 2014, with thirteen Australian-employed engineers and a 24/7 NOC in Tecoma — no offshore helpdesk. We design and run these transitions as part of our cybersecurity services, and because our pricing is per-user fixed monthly, the configuration and ongoing tuning are in scope, not a surprise project fee. We treat the VPN-to-ZTNA move as an identity-hardening exercise first, because that is where the leverage sits.

Frequently asked questions

Do I have to replace my VPN all at once?

No, and you should not. The sensible approach retires the VPN application by application. As each internal system moves behind Conditional Access or a ZTNA broker, the VPN has one less reason to exist, until eventually you take the concentrator off the internet.

Is ZTNA the same as a VPN with MFA bolted on?

No. Adding MFA to a VPN strengthens the front door but changes nothing after login — the user is still dropped onto the whole network. ZTNA changes the model: access is granted per application, evaluated on every request, and the apps are never exposed to the open internet.

We already use Microsoft 365 — do we have any of this?

Yes. Conditional Access in Microsoft Entra ID is identity-and-context-based access control, the core of ZTNA for your cloud apps. If you are on Microsoft 365 Business Premium you already hold the licence. The question is whether it is actually configured — for many tenants it is not.

Talk to us about moving off the VPN

If your VPN is slowing your team down, exposing an appliance to the internet, or granting more access than anyone needs, there is a better model — and you probably already own the first pieces of it. Our cybersecurity team can audit what you have and map the path off the VPN. Get in touch and we will tell you plainly where you stand.

If you are still running Windows Server 2012 R2 or 2016, the clock has already gone off. Windows Server end of support arrived for 2012 and 2012 R2 in October 2023, and Server 2016 leaves mainstream support behind with extended support ending in January 2027. Unsupported means no security patches. Plan the migration now, before something forces your hand.

Where the dates actually sit

The confusion around server end-of-support comes from Microsoft’s two-phase lifecycle. Every server release gets a mainstream support window, then an extended support window where you only receive security updates. When extended support ends, the patches stop completely. That is the date that matters.

ProductMainstream support endedExtended support endsStatus today
Windows Server 2012 / 2012 R2October 201810 October 2023Out of support — no patches
Windows Server 2016January 202212 January 2027Security updates only — plan now
Windows Server 2019January 2024January 2029Extended support
Windows Server 2022October 2026October 2031Current, supported

So 2012 and 2012 R2 have been unsupported for getting on two years. If you are running one, every month that box stays online is a month of unpatched vulnerabilities sitting on your network. Server 2016 is in a better spot, but “January 2027” is not far away once you account for procurement, testing and a cutover that has to happen outside business hours. The businesses that get caught are the ones that treat 2027 as a 2026 problem and discover in November that the line-of-business app vendor needs six weeks to certify the new platform.

What “unsupported” really costs you

The headline risk is obvious: no security updates. When a critical vulnerability lands in an unsupported Windows Server, Microsoft does not ship a fix for it, and attackers know exactly which versions are exposed. But the knock-on effects are where most Melbourne SMEs actually feel the pain.

  • Cyber insurance. Insurers now ask whether you run supported operating systems. Running an out-of-support server can void a claim or get your renewal declined outright. We cover this in detail in our cyber insurance guide for Australian SMEs.
  • Compliance and the Essential Eight. Patching operating systems is a core Essential Eight control. You cannot patch an OS that no longer receives patches, so an unsupported server is an automatic black mark in any maturity assessment.
  • Software compatibility. Vendors drop support for old server platforms too. Newer versions of your accounting package, your SQL-backed database or your industry software may refuse to install or run.
  • Hardware. Servers that old are frequently running on hardware well past its warranty, so you are carrying a failure risk on top of the patching risk.

A construction firm in Box Hill we work with discovered this the hard way at renewal time. Their broker’s questionnaire asked, in plain terms, whether any server ran an unsupported operating system. The honest answer was yes — a 2012 R2 box still hosting their estimating software. The premium loaded, and the underwriter wanted a remediation date in writing before they would bind cover. The migration that had been “next year’s project” became a four-week sprint.

The question nobody asks first: do you even need the server?

Before you price up a replacement, ask the harder question. A lot of the on-premises servers we decommission across Melbourne metro exist out of habit, not necessity. The workloads they were bought for have moved on, and the business is paying to keep a box alive that it could retire entirely.

Work through what the server actually does, role by role, because the answer changes the whole project:

  • Active Directory / domain controller. If AD is the main reason the server exists, many smaller businesses can move to Entra ID (Azure AD) and Intune, manage devices in the cloud, and drop the on-prem domain controller altogether. Others genuinely still need it. This is the role that most often decides whether you keep a server at all.
  • File server. File and folder shares are one of the easiest things to move. SharePoint and OneDrive in Microsoft 365 handle most SME file needs without a server, with versioning and external sharing built in. Heavy CAD or large-media workflows sometimes still warrant on-prem or a hybrid approach.
  • Line-of-business applications. The make-or-break role. Some legacy apps only run on a Windows Server and tie you to keeping one. Increasingly, the vendor has a SaaS version, and migrating to it removes the server requirement and the maintenance burden together.
  • SQL Server. Often hiding behind a line-of-business app. SQL Server 2012 and 2014 are themselves out of support, so a server migration is the moment to deal with the database engine too — either upgrading it or moving to Azure SQL.

For a genuinely cloud-ready SME, the best migration is often no server at all. Move files to Microsoft 365, identity to Entra ID, the line-of-business app to its SaaS edition, and the box goes in the bin. No replacement hardware, no Server licence, no patching for the next five years. That is not the right answer for everyone, but it should be the first option you rule in or out.

Your migration options

Once you know what the server does, there are three broad paths. Most businesses end up using a mix.

1. Replace with Windows Server 2022 or 2025

If you have workloads that genuinely belong on a server — heavy file workloads, an app the vendor only supports on-prem, a domain controller you are keeping — then a clean build on Windows Server 2022 or the newer 2025 release is the straightforward path. You provision new hardware or a new virtual machine, build it current, migrate the roles and data across, and retire the old box. This keeps everything on-premises and under your direct control, which suits businesses with specific latency, data-sovereignty or application-compatibility reasons to stay local.

2. Move to Azure

Lifting the workload into Microsoft Azure replaces the physical box with a cloud virtual machine. You stop worrying about hardware failure and capacity, and you can scale up or down. There is one detail worth knowing: if you run Windows Server 2012/2012 R2 or 2016 inside Azure, Microsoft provides Extended Security Updates at no additional cost while you complete your migration to a current version. Running those same versions on-premises means paying for ESU separately. So Azure can buy you a supported runway while you finish the project properly, rather than leaving an unpatched box exposed. Our cloud services team handles these migrations end to end.

3. Retire the server into SaaS and cloud platforms

The option covered above — move the workloads to cloud services and decommission the server entirely. No replacement, no licensing, no ongoing maintenance. For many SMEs this is both the cheapest long-term option and the most secure, because there is simply less infrastructure to patch and protect.

PathBest whenServer to maintain?ESU situation
New Windows Server 2022/2025Workloads must stay on-premYesCurrent version, fully supported
Azure VMYou want cloud flexibility, less hardware riskManaged VMFree ESU for 2012/2016 during migration
SaaS / cloud, retire serverApps and files can move to the cloudNoNot applicable — no legacy OS left

Planning the migration properly

A server migration goes wrong when it is treated as a like-for-like swap done over a weekend. It is a project with a discovery phase, and the discovery is where the surprises live — the scheduled task nobody documented, the printer driver hosted on the old box, the app that authenticates against the local domain.

  1. Assess. Inventory every role, application, dependency and integration on the server. Confirm with each software vendor which platforms they support and what they need. This is where you decide replace, move to Azure, or retire.
  2. Back up first. A verified, tested backup of the current server is non-negotiable before you touch anything. If the cutover goes sideways, the backup is your way home. Our backup and recovery approach treats this as the foundation of any migration, not an afterthought.
  3. Build and test in parallel. Stand up the new environment alongside the old one and test the line-of-business apps against it before you commit. Catch the compatibility problems while the old server is still running.
  4. Cut over outside business hours. Schedule the switch for an evening or weekend, with a rollback plan and a tested backup behind you. Communicate the window to staff so nobody loses work mid-flight.
  5. Decommission cleanly. Once the new environment is confirmed stable, retire the old server, revoke its access, and update your documentation and asset register so the next person knows what changed.

This is core MSP work, and it is exactly the kind of project our managed IT services are built around. TechAssist has been migrating Melbourne SMEs off ageing infrastructure since 2014, with 13 Australian-employed engineers and same-business-day on-site support across the metro when a cutover needs hands on the hardware. We run the assessment, handle the build, and own the cutover so your team is not improvising at 9pm on a Saturday.

Frequently asked questions

Is Windows Server 2016 still safe to use right now?

It still receives security updates until extended support ends on 12 January 2027, so it is patched for now. But “supported until 2027” is not the same as “leave it until 2027”. Migrations take planning, vendor coordination and a tested cutover, so start the assessment well before the deadline rather than scrambling in the final months.

Can I just keep running Windows Server 2012 R2 if it still works?

Technically it runs, but it has had no security patches since October 2023. New vulnerabilities go unfixed, it can void a cyber insurance claim, and it fails Essential Eight patching expectations. “It still works” is true right up until it is the entry point for a breach. Treat it as a liability to remove, not a server to keep.

How do free Extended Security Updates in Azure work?

If you migrate a Windows Server 2012/2012 R2 or 2016 workload into an Azure virtual machine, Microsoft provides Extended Security Updates for that legacy operating system at no extra charge while it runs in Azure. Running the same version on your own hardware means buying ESU separately. It is a runway to finish your move to a current version, not a permanent fix.

Do we actually still need an on-premises server?

Often, no. If your file shares can move to SharePoint and OneDrive, your identity to Entra ID, and your main application to a SaaS version, you can retire the server entirely. The deciding factor is usually one stubborn line-of-business app or a heavy file workload. The assessment tells you which camp you are in.

The short version

Windows Server 2012 and 2012 R2 are already out of support, and Server 2016 follows in January 2027 — so this is a now problem, not a later one. Start by asking whether you still need the server at all, then choose between a current Windows Server build, an Azure move with free Extended Security Updates while you migrate, or retiring the box into cloud and SaaS. Whichever path fits, the work is the same: assess properly, back up first, test in parallel, and cut over with a rollback plan. If you are running an ageing server and want a clear-eyed assessment of where it should go, get in touch and we will map your options before the deadline maps them for you.

Ready to Make IT Your
Competitive Advantage?

Book a free consultation with our team. No pressure, no jargon — just a clear-eyed look at where you stand and what's possible.