On July 14, 2014, support for Windows Server 2003 will come to an end and organizations that have not taken action will be vulnerable to security breaches and, in certain industries, will risk their state of compliance. Companies must analyze the impact of such an event on their business, evaluate options, and make a decision based on risk and costs. There are several approaches for mitigating the risks associated with migration, ranging from taking no action to migrating all existing systems.
Windows Server 2003 End of Support Options
Below is a list of six different approaches to addressing the impending end of support for Windows Server 2003.
Each of these approaches has its benefits and challenges:
- Taking no action and/or isolation
- Paying for a custom support agreement
- Retiring certain assets using or running on the old OS
- Manual migration to a newer version of Windows Server
- Automated migration to a new version of Windows Server
- Migration to cloud-based infrastructure running a newer version of Windows Server
Taking No Action
Deciding to take 'no action' in response to the end of life event is, in itself, a decision. If an organization chooses this, it must acknowledge the potential scenarios for such a decision. It's important to take into account the discovery of a possible security vulnerability or system failure. Not having access to support could be a major disadvantage if either possible threats occur. Regardless, a careful analysis should be done to assess the risks and costs associated with this approach. For some organizations, the risks might not outweigh the costs and taking no action may be an appropriate response.
Isolation entails isolating older systems in a portion of its networks that is segmented or even disconnected from the larger company network and internet. This approach addresses the problem of new security vulnerabilities but does not solve the problems resulting from lack of access to Microsoft support.
If an organization has a copy of Windows Server 2003 that cannot be migrating or cannot be migrated in time, placing all such instances in Hyper-V virtualized containers might offer some mitigation. Virtualized containers isolate the Windows Server 2003 instances physically to potentially boost security. It may also make eventual migration of whatever workload is running on the server easier (it does not meet compliance standards). Using containers is a tactic for short-term mitigation and not a long-term strategy.
A custom support agreement is a paid offering that may be made available to customers subject to an approval process and documented migration plan. The price increases each year, and the program is only available for a limited time after extended support ends. Custom support agreements will have a major impact on cost which results in a greater impact on smaller organizations. When assessing whether this is the appropriate option or not, it's important to keep in mind:
- Custom support is only offered to customers with active Premier support agreements. Companies that don't already have a Premier support agreement will incur a significant cost in establishing one.
- Microsoft will only sign a custom support agreement with customers who have a fully documented migration plan in place.
- With the combination of a Premier support agreement and a custom support agreement, customers will only have access to critical security patches. However, security patches rated as important and bug fixes are available for additional fees, which can escalate every year.
Custom support is not designed to be a permanent solution. It is best to go this route if an organization needs immediate support for mission-critical systems.
Another option that does not involve migration is to fully retire certain applications. Many applications running on Windows Server 2003 can simply be retired. Enterprises should assess application portfolios to determine which ones have reached the end of their useful lives and can be retired without major business impact. Assessing applications running on Windows Server 2003 with this same intent, can result in a workaround for migration. This approach can be used in combination with other options.
For some applications, manual migration to a server running a newer version of Windows Server may be an option. However, many applications require more than a simple reinstallation for a successful migration. Revisiting the development process may be necessary to understand which applications depend on the OS functionality in Windows Server 2003. Developer modifications might only be an option for internally developed applications. Third-party application developers might be unwilling to reopen development for an application, or they've ceased operation (or became acquired over the years).
Keep in mind, even a partial manual migration effort improves the risk and cost factors of the previous approaches; no action, isolation and customer support.
Automated migration involves using specialized tools that enable encapsulation of applications on Windows Server 2003 and migrating the applications to newer versions of Windows Server. Tool-based migration can reduce the aggregate cost of manual migration because fewer servers will require manual migration. Depending on the number of servers, the cost may be justified.
Manual and Automated Migration Targeting a Cloud Host
An organization that decides on a manual migration, automated migration or both has several options for applications:
- Internal virtual or physical machines
- Hosted virtual or physical machines
- Cloud-based virtual machines
The availability of cloud-hosted virtual machines provides an additional cost-optimization factor. Eliminating physical servers in these scenarios will result in reduced capital expenditures. The decision criteria vary greatly, depending on organizations' needs and size.
For organizations actively looking to transform their existing environment to a cloud-based model, the migration of Windows Server 2003-based applications represents an opportunity to move a significant block of legacy functionality to the cloud.
Review our case studies and engagements where we helped companies just like yours solve a variety of business needs.
Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems. We bring world-class consultants to architect, design and deploy technology solutions to move your company forward. Our proven approach guarantees better business outcomes. With flexible engagement options, your project is delivered on-time and on budget. 11,000 satisfied clients can’t be wrong.