Microsoft is encouraging users to migrate away from Windows Server 2003. Support for the 12 year old operating system comes to an end in the middle of July, and companies are encouraged to seriously consider moving to Windows Server 2012 R2, Microsoft Azure, or Office 365.
Previously published figures suggest that most of those who are yet to upgrade from Windows Server 2003 will do so before the end-of-life deadline. But this still leaves around a fifth of businesses who have to consider what action to take.
For companies who are yet to put migration plans in place, the timing is now a little awkward. The launch of Windows Server 10 is not too far away so those keen on ultimately making the switch to the latest (and presumably greatest) operating system have a couple of choices.
Firstly, they could continue to use Windows Server 2003 without support until Windows Server 10 RTM makes its way out of the door, or they could jump to Windows Server 2012 R2 as a stop gap measure and then upgrade to Windows 10 in due course -- of course, this involves additional cost.
With Microsoft’s current infatuation with the cloud, it should come as little surprise that Azure and Office 365 are being pushed. In a post on the Microsoft blog, Takeshi Numoto -- Corporate Vice President of Cloud and Enterprise Marketing -- explained the risks associated with sticking with Windows Server 2003 after the support period comes to an end:
Windows Server 2003 instances will, of course, continue to run after end of support. However, running unsupported software carries significant security risks and may result in costly compliance violations. As you evaluate security risks, keep in mind that even a single unpatched server can be a point of vulnerability for your entire infrastructure.
To illustrate just how far we have come in a relatively short period of time, Numoto points out that the power of most modern smartphones far exceeds the minimum system requirements of Windows Server 2003. But demands have also increased. He also goes on to suggest that some customers may be under a legal obligation to upgrade from the aging software:
Important financial and healthcare regulations also include provisions around security: US PCI DSS section 6.1 states that all organizations must “ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed,” while HIPAA section 164.308(a)(1)(ii)(B) states that covered entities must “implement security measures sufficient to reduce risks and vulnerabilities to a reasonable appropriate level.” Industry regulations are often country specific, so you should consult your legal, security and audit teams to ensure you understand your compliance landscape.
The costs associated with upgrading server software are not insubstantial, and Microsoft suggests that companies might want to consider replacing physical servers with Hyper-V alternatives.