Microsoft has announced that the end of life (EOL) for Windows Server 2003 is July 14, 2015. That means that as of July 14, 2015 you can no longer get Extended Support for WS 2003; #WS2003EOL. If a server running WS2003 starts misbehaving, you’ll be on your own to identify and resolve the issue. No further patches or security updates will be issued for this operating system. No new threats will be addressed and your WS2003 systems will become a security risk and compliance nightmare. In a recent blog post, Microsoft warns us to “watch out for performance bottlenecks,” but that’s the least of the worry.
Have you taken the appropriate steps to protect yourself? To protect your infrastructure? To migrate your applications from servers running WS2003?
What steps are you taking to minimize your risk?
Industry experts estimate that there are more than 10 million machines still running WS2003 that are soon-to-be stranded. Especially for those in regulated industries, this will cause a heavy compliance burden. The Register, recently ran an article that stated “To run a secure IT infrastructure – and increasingly to meet the legal and regulatory requirements of many jurisdictions – you will have to pour resources into monitoring and shielding any servers running Server 2003. You will also have to work on separating the data and applications from the operating system so that you can nuke the server back to “known good” when the system falls to the inevitable.”
Once WS2003 goes end of life any services or servers running on this Operating System will fail to pass a compliance or security audit. For those that are in regulated industries it could mean that valuable business or trading partners won’t do business with you. Both PCI and HIPAA regulations require Operating Systems that are in current support and fully patched against security threats.
This is big. Really big.
So, you might be saying “Alright, I get it. WS2003 is going EOL. What can I do about it”. The first thing to do is to make a plan. July isn’t that far off and taking appropriate action will take time to test and complete. There are several strategies to migrate your applications onto newer Operating Systems. First, determine what Applications need to me migrated from WS2003 servers. While this seems like a straightforward question, we often see incomplete or unsuccessful migrations caused by overlooking one or more inter-related applications. With this information determine if you should upgrade/update the target Applications. An event such as WS2003 going end-of-life may be the perfect opportunity to upgrade/update applications to a newer version. This often brings enhanced features and greater integration with newer technologies such as mobile and touch. If the Applications that were running on WS2003 need to move and can’t be upgraded the appropriate method of migration must be determined. As you can imagine, there are many methods to accomplish such a migration.
Typically, using an application virtualization approach makes straightforward work of Application migration. Using this method, applications are packaged into single isolated executables and simply transferred onto the new server environment. There are some workloads that are not recommended for this approach however. Some Database servers, security products, and Microsoft Exchange servers are examples of these. These applications can require different migration strategies that range from application rehoming to reinstallation and reconfiguration. Once an application migration strategy has been identified it’s time to go to work! We employ either on-premises or cloud-based test environments in which to model application performance on newer Operating Systems. The creation of this environment is a practice we strongly recommend to our clients in order to ensure a seamless migration. With a test environment in place, iterative documentation, migration, and testing of target Applications can begin. Performing thorough procedural documentation and application testing at this phase is critical to a successful migration! Once your testing has completed successfully and you’re satisfied with the results it’s time to migrate target Applications onto new a production environment that matches the test environment. Following the procedural documentation that was created during the migration testing phase this process is typically met with little difficulty. There are a few things to consider after you’ve successfully migrated your applications from Windows Server 2003. First, unless it’s absolutely critical, don’t keep those old WS2003 servers around! They are both security and performance risks. Most audits will fail if they remain in the production environment at all!
Second, carefully consider the impact (and opportunity) to Active Directory that removing WS2003 servers brings. Domains and Forests can oftentimes be upgraded to newer and higher performing schema versions following the removal of WS2003 servers.
Finally, consider legacy software licensing. Many legacy products used licensing models that didn’t take into account virtual servers, hot-standby VM’s, active replication, and even variable RAM or CPU configurations. Consult your Application vendor(s) to ensure that the licenses you have in place are sufficient for your new production environment. It has been a frequent experience that System Administrators learn that they can reduce the licensing costs of legacy Applications by using new more powerful virtual server technologies and/or leveraging VM-friendly licensing terms from Application vendors.