In April of 2003 Microsoft released what turned out to be one of its most successful server products, Windows Server 2003. It is estimated that this product and its R2 update has been deployed to between 10 and 20 million servers worldwide. Eleven years later Windows Server 2003 is still deployed on both physical and virtual machines running core applications for organisations. But on the 14th of July 2015 Microsoft will stop all support for this product leaving it open to potential security vulnerabilities.
So what does End of Life Support actually mean?
Currently Microsoft offer support on Windows Server 2003 meaning that users can call for support if they run into issues. Microsoft also actively produce patches and updates when vulnerabilities are found in the software. If a hole is found in the operating system Microsoft will release an update through its Update Service. In 2013 alone, Microsoft released 37 critical patches under its Extended Support agreement, all of which were deemed necessary to fix. From the 14th of July 2015 Microsoft will stop both of these services. If a bug or security hole is found in the operating system, Microsoft will not provide a fix or patch to correct the issue leaving your systems vulnerable. In addition, software vendors will also stop supporting their own applications running on this operating system meaning it may not just be Windows Server 2003 that is left open to vulnerabilities and bugs. This will be a critical issue if your organisation is part of a regulated industry or handles regulated data.
Why is Windows Server 2003 still in use?
There are many reasons why, but for most organisations it’s because it still does the job. For some though, the cost of upgrading can be a financial commitment they are not prepared to make if the “If it ain’t broke, don’t fix it” rule applies.
Even after the deadline next year, servers running Windows Server 2003 will continue to run and serve up your files as usual, but going forward that system will become insecure and less manageable than the current up-to-date systems.
So what if my organisation is subject to regulatory compliance?
If your company operates in a regulated industry or handles regulated data such as Payment Card Industry (PCI) data, then being in a compliant state is critical to your everyday business. Being out of compliance could lead to fines and issues trading with partner companies. For example, Visa and Mastercard may cease doing business with you if you are running software which is not supported and does not meet PCI compliance policies.
So what can I do?
Migrating to a newer server operating system such as Windows Server 2012 R2 gives many advantages to your organisation including:
- A fully supported operating system
- Ability to take full advantage of physical hardware such as multi core processors
- New features built into the operating system
- Cloud services
- Full compliance with regulators
‘Migration’ may sound like a scary and expensive term but this isn’t always the case. Many services provided by Windows Server 2003 can be easily and quickly migrated to Windows Server 2012 R2 using the built-in migration tools. Many applications which run on 32bit operating systems should be capable of being hosted on a newer system, although testing should be conducted first. Differences in the way memory is allocated and accessed may mean issues arise running legacy code on newer operating systems. Products do exist, such as Citrix’s AppDNA and Microsoft’s Application compatibility toolkit, that analyse and check application requirements before migration commences. Detailed reports can be created showing whether a legacy application will run on the selected operating system and if not, suggest solutions to bypass the issue. Again, extensive testing should be performed which can take time, this is why Microsoft and its partners are talking about this now, with several months before the deadline occurs.
It’s not all bad news!
Migrating operating systems can improve performance, productivity, supportability and efficiency. Windows Server 2012 R2 is able to utilise multi core CPUs, considerably better than its 2003 counterpart, therefore leading to a higher return on investment on new server hardware purchased. Out of the box Windows Server 2012 R2 gives IT departments access to virtualisation using Microsoft’s version 3 of Hyper-V. This allows IT teams to run multiple virtual servers on a single piece of hardware and again would maximise a return on investment for IT hardware.
Where to start?
Microsoft have provided a great deal of information and documentation around migrating away from Windows Server 2003, be it to the latest operating system or to the cloud. Their 4 step process is as follows:
- Discover – determine in your IT estate what is running on Windows Server 2003 and which services and applications it provides
- Assess – look at your discovery process and categorise by type, complexity or importance
- Target – multiple targets exist to migrate applications to, including Windows Server 2012 R2, Microsoft Azure or Office365. Determine which best suits your IT and organisational requirements
- Migrate – compile a migration plan and perform the migration yourself, with a partner or use a service
- It is vital that organisations provide secure and robust IT services that are well protected from vulnerabilities and cyber attacks
- Migrating away from Windows Server 2003 is critical before the 14th July deadline so you don’t become vulnerable
- Server migration need not be a scary or painful process but proper planning, testing and execution is required to make the process as smooth and streamlined as possible
- Upgrading operating systems can actually improve your IT service and if selected appropriately can maximise a return on your investment