Windows Server 2003 - The End Is Near
In July 2015 Microsoft will be ending Extended Support for Windows Server 2003. What this means is that standard, packaged support offerings will no longer be available and also that Microsoft will stop issuing security patches for this product. Thus, organizations will be exposed to significant risk if they stay on the Windows Server 2003 platform beyond the termination date. Organizations need to start planning for a migration to Windows Server 2012 R2 asap. This pose a significant opportunity for organizations to take a closer look at their entire IT infrastructure, because of the significant evolution in the past 10 years in all IT technology layers.
While organizations can potentially negotiate custom support agreements with Microsoft to provide security patches beyond the cut-off date, this will inevitably raise support costs significantly. Microsoft will stop issuing security patches for Windows Server 2003 when Extended Support ends. This will mean that applications and services built on Windows Server 2003 will be out of support and also out of compliance unless they are migrated to a newer operating system platform.
The first step is to get an overview of all the applications that are running on Windows Server 2003. Once the assessment is underway, the applications need to be prioritized, and a plan devised for migration. This might take quite some time, especially in the development and testing phases. The critical issues are time, skills and budget, as developing and testing a new system architecture and application design is not a trivial task.
The biggest risk from staying on Windows Server 2003 is that Microsoft will no longer provide any security patches and updates to address vulnerabilities that are detected for operational systems. This is not a trivial fact, as Microsoft still issues double digit numbers of critical patches every year under the standard support model. Consequently, Windows Server 2003 installations will increasingly become a target for hackers as unpatched vulnerabilities pile up. Running on unsupported software will also mean that European organizations will be out of compliance with standard industry regulations around data protection or standards such as the PCI DSS. This in turn will restrict their ability to do business effectively.
Next, evaluate the technology options for a new IT architecture. Points to consider include new server hardware platforms, current server operating systems, a potential move from physical to virtualized environments such as Hyper-V, and the data protection and recovery products to ensure resilience and recoverability of the infrastructure.
Once you have made your technology choices, you need to design your new IT infrastructure and plan the system migration, including migrating from physical to virtualized environments. Prioritize those services that
have to be moved, and develop a plan to mitigate risk for workloads that do not need to be migrated.
Plan the migration proccess and elaborate fall-back plans. Some data protection and recovery products can actually help with the migration from physical to virtual infrastructure and take out risk from the migration process by ensuring that you can fail back to an older version of the infrastructure, application, and data if something goes bad.
Do not forget to test your applications in the new environment to verify that everything works as it should. This step is tricky and might take longer than you expected.
Leaving migrations too late can leave you exposed to substantial business risks, whereas acting now enables you to move through the migration process in due time. This is your opportunity to move to a modern, efficient, and high performance infrastructure that will position your organization well for the next decade.