Windows Server 2003? Your time is up
While most CIOs are likely to be aware of the imminent end of support for Windows Server 2003, what some might not realise is that the deadline - set for 14 July 2015 - is only 100 days away and will not be extended.
I continue to see many IT leaders still struggling to balance the need for innovation while not wanting to rock the boat with old technology like Windows Server 2003. The concern? A survey from SpiceWorks found that 57% of businesses are still using Windows Server 2003, just four months before the end-of-support deadline.
What’s particularly troubling is that many have justified their upgrade delay by saying that they are isolated from the internet. The way we use applications and the network today, I would truly be hard pressed to find a server that is not cloud-facing at all. My guess is, if they are running Windows Server 2003, there is a high chance they are also still running Windows XP. That would be like leaving your back door and your front door open while going on holiday!
We all know running unsupported software increases one’s exposure to security risks and software failures. In fact, running even a single instance of an unsupported server operating system has a higher risk than a desktop operating system, as any compromise will have a significant amplification effect on those who rely on it.
Some might argue that they are being asked to do more with less, and that refreshing old technology that is not mission critical can’t be justified… and neither can the new skills required to support a migration.
However, a recent IDC study commissioned by Microsoft titled ‘Understanding the Business Value of Migrating to Windows Server 2012’ clearly shows that staying on Windows Server 2003 will likely cost more in the long run. Aside from the security and compliance risks, organisations that choose not to migrate in fact suffer from reduced efficiencies, increased data centre operating costs and more resources spent on devising costly workarounds to support newer software.
Glass half full
There’s much to gain from modernising your infrastructure with Windows Server 2012. SMBs saw improved virtualisation density of up to 16.6% while larger organisations saw 12.5% after migration. Automated management also augments the operating efficiency of systems and devices with fewer resources and improved service levels, which is especially valuable for resource-lean SMBs.
It is no surprise, then, that the study also revealed that about a quarter of those who migrated cited positive outcomes in at least one of the following areas: security, compliance, manageability of the IT environment and performance of applications and resources within the IT environment.
The security threat landscape also continues to grow in magnitude and sophistication. Security today is a business problem, not just an IT problem.
Windows Server 2003 was not built for our present cybersecurity context or cloud-based, mobility-centric business models.
Today’s employees expect to be able to use any device they wish and customers expect to be able to interact with businesses anytime, anywhere.
The question now should not be, “why move off Windows Server 2003?,” but rather, “how can I move off Windows Server 2003 by July 2015?”
Lessons learned from our modernisation journey
With only 100 days to go, any organisation that’s planning to migrate from Windows Server 2003 will have to look at drastic and transient solutions. The average migration takes between 250 to 350 days to complete, depending on the number of servers and complexity of the environment.
Realistically, there are four things to focus on.
1. Bring in the experts. Cataloguing solutions and deciding what is required, what is not, how they run and which needs to stay on legacy hardware can be complex and time-consuming. It would be advisable to bring in partners and consultants to assist with the early stages of migration and to conduct training for staff to ensure they have the skills needed to run a modern IT environment.
2. Overprovisioning and identity management. While conducting the actual migration, make sure to overprovision on network capacity at the start and then scale back. Also, ensure you have your identity and authentication strategy in place. The last thing you want is to have all your colleagues unable to access mission-critical workloads and bring operations to a standstill.
3. Look to the cloud. Provisioning hardware might be a challenge as well. The easiest solution here is to migrate directly to the cloud. At Microsoft, we’ve seen significant advantages from moving to a fully public cloud in terms of lower costs, reduced manpower requirements and the ability to scale our compute power more rapidly to adapt to changes in the business landscape.
Jumping onto the cloud even means avoiding future end-of-life instances from affecting the business adversely. Refreshing technology would be far simpler. We have documented our move and share it here.
4. ‘Lift and shift.’ Should you find yourself absolutely pressed for time, you can resort to the ‘lift and shift’ approach where you simply take the operating system machines and move them to a virtualised environment wholesale, without any modifications. While not recommended, it might be best to do it given the time constraints. Get it done and then plan how to organise and catalogue your IT environment moving forward. Remember, a simple lift and shift can cost more in the long run if not followed up with proper curation and optimisation of the environment.
The justifications are clear, the benefits are real and the path to modernisation is simplified. Windows Server 2003 served its purpose well for its time. In many organisations, it probably still serves its purpose. But in the current mobile-first, cloud-first world with its combined high security and privacy demands, it certainly doesn’t enable you to do it better.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.