By Christian Lappin, Senior Sales Engineer, TierPoint
Microsoft support for Windows Server 2003 (including all service packs) has officially ended. Based on estimates that say as many as 20 million copies of Windows Server 2003 are still running, there is a good chance you have not migrated to Windows Server 2012 R2 — at least with some of your systems.
Microsoft, as you would expect, has outlined several reasons why you should upgrade. It is true that instances of Windows Server 2003 are vulnerable to new threats and pose a security risk that could infect multiple components of your infrastructure. But if migration were easy (and inexpensive) everyone would do it.
Many of the best practices Microsoft put in place with the release of Windows Server 2003 are no longer applicable, especially relating to migration into a new deployment. Branch offices today typically do not need their own Active Directory domain server. Active Directory keeps track of an organization’s user and group accounts and is a core Windows Server component. Today, the average office has so much more bandwidth than it did a decade ago. Now it makes sense for an organization to centralize Active Directory and have branch office access these services remotely.
Some Organizations Want to Upgrade their Hardware with their Software
One reason many companies have delayed upgrading is because they are trying to get as much use from their hardware as possible. Many of these legacy systems running Server 2003 are on aging hardware either approaching or past its end of life cycle. While many organizations already have a “move forward cloud strategy,” others are using this time window to begin the process of investing in new hardware, move into a data center, or look toward sun setting hardware and moving those workloads into a cloud or hybrid cloud solution.
Don’t Update your Server OS Until your Apps are Ready
In addition to upgrading the infrastructure, organizations must also confront the challenge of updating the applications that run on these servers. In particular, Windows 2003 was a 32-bit OS, meaning that any applications that need to be carried forward must be checked to see if they can run in the 64-bit environment of the newer Windows Servers. For commercially supported software, this isn’t so much of a problem, but it can be an issue for home-grown applications.
What to Do If You Have Procrastinated
Step One: Make a Plan
Because using Windows Server 2003 is now a security threat, you have to prioritize the risks to address the most urgent issues first. Typically, anything publically accessible or externally facing should be addressed ASAP. You never want to make it easier for someone to compromise your data.
Here’s another reason you want to create an action plan that you can execute … Windows Server 2003 end-of-date has been highly publicized. Should you get sued at a later date due to a breach, you cannot say you did not know the risks.
Step Two: Backup Your Data
Have a backup and recovery plan. If you have your data already backed up, great! You are further ahead than most. When was the last time you tested it? Can you rely on it if things go bad with your move or any changes you are thinking about? At least one copy should be housed offsite at one of your other locations or a third-party data center. In general, if the data is important to your business, you want to consider having multiple copies in case of a disaster.
Step Three: Test Your Applications
Confirm that your applications will run in a 64-bit environment and then look at the best way of measuring risk and availability of a move or data migration.
The current version of Windows Server is 2012 R2 and the next version is scheduled to be released sometime in 2016. It may be risky to wait. Cloud has to be another part of your migration plans. You may be able to avoid headaches in the future. Work with your staff or consultants and see where the cloud can cut and expenses and save you time. You have numerous options including virtual machines that can be provisioned to speed up data migration and you may get fixed, predictable costs along with up-time guarantees.
If you don’t want to continue having responsibility for managing the underlying infrastructure and OS, then cloud services are a great fit. Patching and managed services are a natural add on here to allow you to keep focus on your core business.
Based on the research we are seeing, you can expect an uptick in zero day exploits. If your shop is dependent on Windows Server 2003, you might be able to kill two birds with one stone, utilizing the end-of-life situation to enhance your security capabilities. Take action now if you have not already. Should a security event happen, you want to be prepared.