Latest posts by Ed Wolfman (see all)
- Windows Server 2003 End of Life Part 3: What Are Your Options? - June 24, 2015
- Windows Server 2003 End of Life Part 2: What Now? - June 17, 2015
- Windows Server 2003 End of Life Part 1: Are You Ready? - June 9, 2015
Windows Server 2003 End of Life Part 2: What Now?
This article is Part 2 in our series about Windows Server 2003 reaching its end of life. Here’s where you can read Part 1.
As many of you know, on July 14th of this year, Microsoft will end extended support for Windows Server 2003—in other words, Server 2003 will reach its end of life.
If your business is one of the 2 to 3 million predicted to still be deploying Server 2003 by the time its end of life rolls around, it’s easy to feel like the hassle of getting your ducks in a row overshadows the benefits—if you even know what your options are.
So what are your options?
Do nothing. As I discussed in my previous post, doing nothing opens you up to extensive security vulnerabilities and compliance burdens, not to mention costly support fees, either from Microsoft or a third party. By continuing to run Server 2003, you’re running the risk of unsupported servers and applications, functional errors, potential loss of business, and security breaches—and for those businesses that fall under their industry’s regulations, you risk high transaction fees and penalties for falling out of compliance.
Staying put should only be an option if you actually rely on your Server 2003 applications, and you’re already working towards replacing all your applications and architecture from the ground up. Even then, you have to be prepared to fix every problem on your own, without any extended server support.
Migrate. The other option is to migrate and update your server. In almost all cases, this is the best, safest, and most effective decision. By migrating to a new server, you will continue to receive important patches and updates, save on the rising costs of maintaining legacy servers, and come back into compliance standards.
However, as of today, there is less than a month left until end of life and, according to AppZero, a company that specializes in Server 2003 migrations, the average migration away from Server 2003 will take approximately 200 days, which means that the clock is already ticking down.
There are a few things to keep in mind, however, that could speed up or slow down this average for you. If, for example, you’re migrating an application that’s still on the market and has a newer version, that could shorten the time. On the other hand, if the application has been through some radical changes, that could lengthen the time instead.
Regardless of how much time your migration is expected to take, the bottom line is that you need to start preparing now.
What can you do now to prepare for a migration?
The first step you need to take is alert any and all impacted stakeholders of the migration, then get their full cooperation. This doesn’t mean just the IT department—consider all business units that would be affected by the migration, including the finance department.
Next, you need to scope the project. As mentioned before, the average migration takes 200 days, more or less, and includes assessment, implementation, migration, and debugging. A solid plan is critical to avoiding costly pitfalls and ensuring your migration goes as smoothly as possible.
The goal of project scoping is to allow you to set a timeline and budget for the migration, your last steps. As with any project, you will need a clear picture of your potential risks, how much everything will cost, and how long everything will take. In the latter’s case, it is especially important to be realistic and not to rush your migration, as that can easily end up costing you more time and money in the end.
Even if you’re starting the process of migrating now, the overwhelming odds are that you will reach Server 2003 end of life before it’s finished, which means that you need to take extra steps to reduce your risk exposure.
What can you do in the meantime?
According to IT World, you’ll first need to restrict and monitor access to your server. Make sure that permissions and user access are as limited as possible, and that logging is turned on to monitor suspicious activity or unauthorized access.
This lockdown could also extend to isolating your server from the rest of your network. If possible, segment your machines from central services and cut off any connection to the Internet unless it’s absolutely necessary. This may not be feasible for email, domain, or any other solutions that rely on the Internet, but for isolated departments or teams, this method will provide extra security for your servers.
Additionally, you’ll also want to consider application whitelisting. By controlling which applications are allowed to run on your server, instead of controlling which ones aren’t allowed to run via blacklisting, you’ll protect yourself even more strongly from malware and other exploits.
You’ll also want to back up your data as often and thoroughly as possible. Because you can’t count on any more support from Microsoft, any unpatched bug could potentially cause data loss or corruption. In those cases, keeping a backup of your data is the only way you’d be able to restore what you’ve lost. You might also want to consider using a cloud backup service, as the cloud doesn’t require any hardware and can be enacted immediately.
Another step you can take is through multi-layer security, by having a network firewall and then a network application firewall. This would take most of the security burden off your server, as well as add an additional layer of security to protect you.
Finally, you’ll probably want to consider finding an expert to advise you on your migration and any steps you can take to protect your servers in the meantime.
Still feeling overwhelmed? Let’s talk. We can go over more options that may be far better than facing the unknown.