As you all know, Windows 2003 has been the reliable workhorse of the Microsoft server family for many years. Sys Admins globally came to respect its reliability and simplicity. However all good things come to an end, and now you probably find yourself with multiple Windows 2003 servers that may contain or provide access to sensitive information. Worse still certain industries are bound by security standards that dictate strict procedure and control (PCI DSS anyone?).
So what are your options?
1. Accept the risk.
In some cases this will be an acceptable option and some mitigating controls can be put in place to protect against some potential threats. For most however, this simply will not be an option. Malware is already being written to exploit the now vulnerable Operating System as hackers seek to take advantage of the millions of Windows 2003 servers still active globally.
2. Continue Microsoft Support.
Continue Microsoft support? But how? Yes it’s possible to continue development on patches for bugs and vulnerabilities however it will cost your business dearly. The standard pricing for continued support from Microsoft (and it is only Microsoft that can provide this support) is $600 per server. These costs escalate rapidly for larger organisations with multiple Windows 2003 servers. Some government organisations are already paying Microsoft millions of pounds per year to provide these services.
3. In place Upgrade to Windows 2008.
As discussed within some of our other blogs – it is possible to migrate Windows 2003 to Windows 2008 in place and retain your operational environment. Windows 2008 EOL is 2020 so as long as your business accept this timeline then you have a reasonable option. The caveat here is to ensure that extensive application testing it undertaken to ensure there is no operational impact to your business.
4. Decommission and Replace.
The ‘cleanest’ option is to decommission your Windows 2003 estate and replace with Windows 2012 R2. Detailed assessments will need to be undertaken to ensure that you retain application compatibility, however this option will ensure you have a secure and stable environment for many years to come.
The key to all the above is understanding the scale of the impact Windows 2003 EOL has to your business. Many organisations struggle with this due to a lack of CMDB and general asset control. Do you really know where all your servers are? Do you know and understand the software installations that are on these servers given that some may have been installed many years ago? Did past colleagues create quality documentation so you understand all the interfaces a server may have?
You are clearly not alone in having to face these questions. See here for more information on how to easily deal with these core issues.