Windows Server 2003: The end is nearer than you think
With a year left before Microsoft finally ends support for Windows Server 2003, migrating to a new OS might not seem like a pressing issue. But Microsoft technical evangelist Pierre Roman warns that it really is just around the corner.
“We estimate that a full server migration can take up to 200 days to perform,” he wrote in a recent TechNet blog post. “If you add applications testing and migration as well, your migration time can increase by an additional 300 days.”
So if you did not get ahead of the game, you already are late.
Do you really need to transition to a new OS? “In a lot of cases, when things are working fine people feel it’s best not to tamper with it,” said Juan Asenjo, senior product marketing manager for Thales e-Security. This is especially so in the case of servers running mission critical applications for which uptime and availability are critical performance metrics.
This means that there is a large installed base of Windows Server 2003 in government enterprises. The Energy Department’s Lawrence Berkeley National Laboratory called Windows Server 2003 “the most secure out-of-the-box operating system that Microsoft has made.” But it also noted that it was not perfect and that “a large number of vulnerabilities have surfaced since this OS was first released.” The end of Microsoft support means that every vulnerability discovered in the software after July 2015 will be a zero-day vulnerability and will remain so, putting many mission-critical applications at risk.
Server 2003 was the first Windows server to include functionality for PKI cryptography, used to secure many applications. “It was a good incentive for the adoption of PKI technology,” said Asenjo. But the security offered by the 11-year-old server often is not adequate for current needs, which increases the risk of leaving it in place.
Mainstream support for Windows Server 2003 ended in 2010, after it had been superseded by Server 2008. Server 2012 has since been introduced. Microsoft’s lifecycle support policy gives a five-year grace period of extended support, however, which includes security updates and continued access to product information. That period ends July 14, 2015, unless organizations can qualify for and afford the costly custom support.
Information Assurance Guidance from the NSA warns that not only will the unsupported server be vulnerable to newly discovered vulnerabilities, which creates a “high level of risk,” but that newer applications eventually will not run with it. The agency “strongly recommends that system owners plan to upgrade all servers to a supported operating system well before this date in order to avoid operational and security issues.”
Roman recommends the same basic four-step program for transitioning to a newer server OS that is used in any migration program:
- Discover: Catalog software and workloads.
- Assess: Categorize applications and workloads.
- Target: Identify the end goal.
- Migrate: Make the move.
The process is not necessarily simple or fast, however. “There is no single migration plan that suits all workloads,” said Joe Schoenbaechler, vice president of infrastructure consulting services for Dell Services.
Fortunately, Dell – and a number of other companies – are offering migration assistance with help in developing and executing plans. If you don’t already have a plan, or are not well into it, you might consider asking for some help.
Posted by William Jackson on Jul 11, 2014 at 9:29 AM