According to a recent tweet from Microsoft Distinguished Engineer Jeffrey Snover:
Not updating from WS2003 is like the guy who jumps off a building on the way down says, "so far so good". #ThisIsNotGoingToEndWell
— Jeffrey Snover (@jsnover) March 2, 2015
After July 15, 2015, Microsoft Windows Server 2003 and 2003R2 will no longer be a part of Microsoft’s Extended Support Lifecycle. This means that vendor support will no longer be available and that Critical and Security patches will no longer be released for the operating system. Once a product transitions out of support, no further support will be provided for the product. After the transition, customers will not have access to:
- Security updates or non-security hotfixes
- Free or paid assisted support options
- The option to engage Microsoft product development resources
- Updates to online content (KB articles, etc.)
Organizations that are in the business of maintaining security or compliance like HIPAA or PCI are particularly in the danger zone if they have not migrated or have alternate plans to replace the outdated OS. While the July 15th EOS date may have slipped off the radar, regularly updated security patches (which go hand-in-hand with annual compliance audits) will no longer be available after July 15, causing serious panic. Not to mention, any organization that is still running 2003 will become a prime target for “Hacker Nirvana” that undoubtedly will occur with all those security vulnerabilities hanging out there, begging for some attention.
Popular opinion is that if an organization has not yet migrated off the outdated OS, the WS apocalypse will come and go and leave those unsecured companies in its wake. But there are options – even at the eleventh hour. It starts with auditing those machines still running the OS and ends with a migration plan that could decrease TCO and lock up security. In particular, a few basic tips to migration include:
- Audit your machines running the OS and identify areas of exposure.
- Determine the purpose of those machines; would they be excluded from an audit?
- What’s running on those systems? Can it be migrated to a machine already running a new OS?
- Once you identify that a workload can and should be migrated, it’s time to begin testing (at Connectria, we facilitate by providing a testing environment for your systems before moving to production).
If It Ain’t Broken, Why Fix It?
Yes, there’s definitely a cost involved in migration. But the cost of sticking with an OS that will be out of service will prove far more detrimental than the upgrade. You’ll need to invest in other network prevention detection, firewalls and labor to support the OS without vendor support, and either internal training for IT or external resources to support it.
To add to your headache, many software vendors that provide managed services – including any kinds of tools or services – will drop support of 2003 also leaving you very much on your own.
Maybe It’s Time to Consider the Cloud
Any change in the IT landscape represents a perfect time to consider modifications to your infrastructure, including a move to the cloud. Simply stated, moving at least some of your applications to the cloud offers long-term TCO reduction – a real benefit to the bottom line. Tactically, IT can deploy patches to ALL machines, schedule multiple machines patches and have serious control over machines.
If you haven’t migrated off WS2003 (or if you’re simply considering a move to the cloud), don’t be misled by myths about migration time; based on the size of your organization and the number of servers, we can likely have you up and running in no time!
To learn more about Connectria’s cloud hosting services, please visit us and speak with one of our expert engineers.