Companies throughout the world have been very busy for the past couple of years upgrading their Windows XP systems before the end of extended support earlier this year. While many began to breathe a sigh of relief when that project wrapped up (and others are continuing to work through it), there really isn’t time to rest. The reason: There is another deadline that is quickly approaching which should be of equal, if not greater, concern.
According to Microsoft estimates, there are approximately 12 million servers running Windows Server 2003. Extended support for that operating system ends in July 2015. At that point, Microsoft will not be providing security patches for Server 2003 unless a company has purchased a Custom Support Agreement from Microsoft, which is cost prohibitive for most organizations.
Applications at Risk?
As companies have been migrating off of Windows XP, the single biggest issue that had to be addressed was whether the applications installed on the older OS would continue to function correctly on Windows 7 or Windows 8. These same concerns exist when addressing a migration from Windows Server 2003 to a server OS that is still within support (Windows Server 2008, 2008 R2, 2012 or 2012 R2).
The concerns are typically more acute for server operating systems because of the broad impact of even a single server application across an entire user base. While an incompatible application on Windows XP might impact a small subset of users, an incompatible application on a server will generally affect a much greater percentage of a user population, and the mitigation of the server application can be much more difficult.
Of particular concern are companies under regulatory compliance, such as with Payment Card Industry (PCI) or the Health Insurance Portability and Accountability Act (HIPAA). Unless they can eradicate Windows Server 2003 from their environment, these organizations run a very real risk of failing an audit which could be catastrophic for their operations.
Questions to Ask
For companies still running Windows Server 2003, the first question that should be asked is this:
Is the discovery, risk evaluation and remediation of the situation something that can be handled in-house with current staff (given their existing workload)? Or do we need to bring in outside help? This is likely to be an undertaking that will require a significant amount of dedicated time.
For those tackling it in-house, there are a number of questions to think through including:
- Do we have a comprehensive list of all systems running Server 2003?
- What applications are running on each 2003 server?
- What is the potential impact to the company if this application/server remains on Server 2003?
- What is the ranked priority for each application/server? This prioritization should include various criteria including the number of users affected and the impact to the business for each application.
- Are the applications compatible with later server operating systems?
- What is the upgrade/mitigation process for each application? This could be as simple as installing the application on a newer server operating system. Or it could be as complex as a rewrite of a custom line of business application to make it compatible with the newer server operating system.
There is a tremendous amount of information to gather and parse to create the migration plan. Then the plan has to be executed. With just nine months remaining until the deadline, there is no time to lose. The clock is ticking!
Feel free to send comments or follow me on Twitter at @VerbalProcessor.