This is server software for equipment that's not being sold any more. Nothing is changing. If they weren't willing to commit later money, they should have put some in a trust up front.

Err, no - anybody who actually works in software will tell you everything is changing.

Server and package vulnerabilities get discovered all the time.

And load is never constantly - it's not like you have 1000 users, and they do the same thing every day, 365 days a year.

And there are an army of script kiddies out there trying to break into your servers. Or maybe somebody more skilful, trying to break in and steal some PII (personally identifiable information).

Point is - the environment and your users are constantly changing. If you don't take that into account, it can blow up pretty bad.

Updating a server and redeploying should be automated and take only minutes in the vast majority of cases.

Load isn't constant, but if you're not selling the device any more it's doubtful you'll have significant load increases after the first year.

Shutting down a tiny fraction of your servers isn't going to protect you against hacking.

Worst case scenario: Remove all PII from the server, and have a single employee spend a few hours a week checking on the server and updating anything necessary. It might go down occasionally, but it's infinitely better than no server at all, and it costs basically nothing compared to the original development effort.

> Updating a server and redeploying should be automated and take only minutes in the vast majority of cases.

There's much more to running a product than 'running a server'.

Eventually, the software is going to stop working on my SOE. Which means more and more boxes are going to be running non-standard deployments in my environment (or it costs me to update). Every maintenance window, infrastructure upgrade, disaster recovery exercise (and event), has to take those servers into account.

Perhaps I pay licenses for those servers to run - OS, support, databases, backup, whatever. Maybe I have a contract with an SI to run all this as a managed service and this costs. There's opportunity cost in terms of resources for keeping all these legacy products on as well - both infrastructure and resource related.

And that's just the technology related part of it. There's business and accounting impacts as well.

> Eventually, the software is going to stop working on my SOE. Which means more and more boxes are going to be running non-standard deployments in my environment (or it costs me to update). Every maintenance window, infrastructure upgrade, disaster recovery exercise (and event), has to take those servers into account.

If you're fussy about nonstandard servers on your infrastructure, go get a handful of basic servers from hetzner or amazon. Completely silo them. No access from them to your 'real' servers, and don't include them in maintenance windows or disaster recovery. The person who is paid to spend a few hours per week keeping the server mostly-up will use part of their time on basic updates and backups, and nobody needs to worry if something occasionally breaks.

> Perhaps I pay licenses for those servers to run - OS, support, databases, backup, whatever. Maybe I have a contract with an SI to run all this as a managed service and this costs.

If you have license/contracting costs, you should have pre-allocated money for that when you released the product. If it sold to expectations, a later decision to discontinue the line shouldn't be a problem.

> There's opportunity cost in terms of resources for keeping all these legacy products on as well - both infrastructure and resource related.

There should be no infrastructure impact, and the equipment/employee cost should have been part of the initial product scope, not treated as an externality that can be trimmed at will.

> And that's just the technology related part of it. There's business and accounting impacts as well.

Like what, having to process a quarterly bill for the servers?

Let me put it this way: While the costs are real, they were expected, and can be made pretty low. They should be able to run or outsource a basic legacy server without any hurting. I bet if there was a contract saying they had to refund $2 to every customer for every month the servers were down, they could get plenty of offers to take over hosting for half that price.