Review: Pantheon SQL Server Connectivity Improvements in PHP Runtime Generation 2 and the Real Drupal Deployment Risks
Pantheon announced on March 6, 2026 enhancements for SQL Server connectivity on PHP Runtime Generation 2. This changes the connection path for any Drupal site relying on external SQL Server backends.
For teams running Drupal with SQL Server backends, this is meaningful. It changes both the connection path options and the failure modes you need to test before Pantheon's Generation 1 removal window in April 2026.
What Actually Changed
According to Pantheon's release note and Gen 2 docs:
sqlsrvandpdo_sqlsrvare now available on Gen 2 for PHP 8.3+ (v5.13.0).- Microsoft ODBC Driver 17 and 18 are installed for PHP 8.2+.
- Gen 1 removal auto-upgrades start April 6, 2026 (Dev/Multidev) and April 13, 2026 (Test/Live).
This means SQL Server-connected workloads are no longer limited to the previous ODBC-only pattern on newer runtimes. You can use native PHP SQL Server extensions on supported PHP versions.
Drupal-Focused Compatibility Reality
The Drupal SQL Server contrib driver (drupal/sqlsrv) now has modern paths to support these runtime changes.
// Example settings.php for SQL Server on Pantheon Gen 2
$databases['external']['default'] = [
'database' => 'my_db',
'username' => 'admin',
'password' => 'password',
'prefix' => '',
'host' => 'sqlserver.example.com',
'port' => '1433',
'namespace' => 'Drupal\\sqlsrv\\Driver\\Database\\sqlsrv',
'driver' => 'sqlsrv',
'pdo' => [
PDO::SQLSRV_ATTR_ENCODING => PDO::SQLSRV_ENCODING_UTF8,
PDO::SQLSRV_ATTR_DIRECT_QUERY => TRUE,
],
];
That is helpful, but you still need environment-level validation because:
- The driver layer (Drupal DB driver) is separate from the runtime layer (Pantheon extensions + ODBC packages).
- A site can be "module-compatible" but still fail at runtime due to TLS/cert defaults, missing connection options, or subtle SQL behavior differences.
- Drupal 11 requires PHP 8.3, which aligns with Pantheon's new
sqlsrv/pdo_sqlsrvavailability, but your deployed connection config might still assume older ODBC behavior.
For WordPress teams: this matters primarily when custom code or middleware touches SQL Server, not for standard WordPress/MySQL setups. Agencies managing both CMS stacks should still treat this as an infra control-plane update.
Key Deployment Risks (Ordered by Impact)
1) Encryption/certificate breakage on ODBC 18 paths
Microsoft documents ODBC 18 as the modern driver family, and ecosystem guidance repeatedly flags the encryption-default change (Encrypt defaults to mandatory/yes) as the main migration break.
Risk pattern:
- Existing SQL Server endpoints with weak/self-signed cert chains.
- Connection strings with no explicit encryption settings.
- Runtime upgrade triggers connection failures that look like generic SQLSTATE transport errors.
Mitigation:
- Test ODBC 17 and ODBC 18 behavior separately in Dev.
- Make encryption intent explicit in connection configuration.
- Prefer trusted cert chain fixes over permanent
TrustServerCertificatebypasses.
2) Mixed driver path drift (ODBC vs sqlsrv/pdo_sqlsrv)
Pantheon now supports both native extensions (PHP 8.3+) and ODBC packages (PHP 8.2+). Teams can accidentally run different paths across environments.
Risk pattern:
- Dev on PHP 8.4 with native
pdo_sqlsrv; Live still 8.2 path through ODBC assumptions. - Different connection options and error signatures across envs.
Mitigation:
- Pin and document one intended connection stack per site/environment.
- Add runtime assertions in health checks (loaded extensions, connection attributes, TLS mode).
- Keep php version + runtime generation + db driver metadata in deployment checklists.
3) Timeline risk from Gen 1 removal
Pantheon has explicit non-optional auto-upgrade windows in April 2026. Waiting until Test/Live auto-upgrade dates to validate SQL Server connectivity is operationally risky.
Mitigation:
- Upgrade Dev/Multidev first and run full Drupal smoke tests (
drush status, cache rebuild, write/read flows, background jobs). - Promote only after verified SQL Server transaction paths (imports, queues, cron, complex query workloads).
Recommended Rollout Pattern for Drupal Teams
- Baseline now: capture current runtime generation, PHP version, loaded SQL Server extensions, and DSN/connection settings.
- Force explicit connection settings: encryption, trust behavior, timeout, charset, and retries.
- Test on Gen 2 with production-like cert chain and database version.
- Validate Drupal-specific paths: schema updates, entity saves under load, queue workers, and contrib modules with custom SQL.
- Promote through Dev -> Test -> Live with rollback criteria pre-written.
Bottom Line
Pantheon's March 2026 SQL Server update is a positive capability upgrade, especially for Drupal teams that needed native sqlsrv/pdo_sqlsrv on modern PHP. The real risk is not feature availability; it is configuration drift plus certificate/encryption assumptions during Gen 2 migration.
Treat this as an infra migration with database-connector QA, not as a patch-level runtime bump.
Sources
- Pantheon release note: SQL Server connectivity improvements for PHP Runtime Generation 2 (8.2+)
- Pantheon docs: PHP Runtime Generation 2 (timeline, known changes)
- Drupal.org project: Drupal driver for SQL Server and SQL Azure
- Drupal.org releases: sqlsrv
- Microsoft msphpsql GitHub repository (driver prerequisites and release stream)
- Microsoft Learn: Download ODBC Driver for SQL Server
- Microsoft Learn troubleshooting note on certificate trust after moving to newer SQL Server drivers