Making the case for upgrading from Server 2003
Time to ditch an old friend, says sysadmin Trevor Pott
Server 2003 has been a good friend for the past decade. I have built a career on this operating system, I know its personality and its tics, and quirks have become second nature to me.
In 2015, we will see the official end of support for Server 2003, so the time has come to start polishing the business case for the migration to Server 2012.
Look, no support
The hardest question to answer is the simplest: why make the move from Server 2003 to Server 2012?
I do not buy into the value of using the newest software as an end in itself. The end of support, however, is the obvious bogeyman and there is some validity to the fear.
To run a secure IT infrastructure – and increasingly to meet the legal and regulatory requirements of many jurisdictions – you will have to pour resources into monitoring and shielding any servers running Server 2003.
You will also have to work on separating the data and applications from the operating system so that you can nuke the server back to “known good” when the system falls to the inevitable.
Server 2003 doesn't suddenly stop working as soon as support expires. Your Server 2003 file server will still serve files. Your Server 2003 financials server will still host the financials app. The world keeps turning, your users will still be able to access the resources they require.
This is a blessing and a curse. Believe it or not, there are still Windows NT 4 systems in active service. I have a fleet of Windows 2000 systems still in use that will probably remain live for years to come.
But as is about to happen to Server 2003, keeping these systems online means operational expenses start to mount.
The problem is that selling operational costs decreases is always hard. Pointy-haired bosses and bean counters are also hardwired to grok capital expenses.
Management is quick to point that finger right back at IT and say “suck it up”. It is not difficult to deny funding to to someone whose argument is “please let me buy this because it makes my life easier”.
There are capital expense discussions to be had concerning end of support. For instance, upfront costs of required tools – intrusion detection systems, more advanced firewalls, network segmentation and so forth – are such that buying new Server 2012 licences is almost guaranteed to be cheaper.
New vulnerabilities won't be addressed and your Server 2003 systems will become a massive security risk
The legal requirement to have an independent audit performed at regular intervals if you run outdated software is another consideration for an increasing number of businesses. Those audits can be pretty pricey, again often coming in at more than the cost of new licences.
Regardless of the path you choose to discuss this with the powers that be, the importance of end of support cannot be ignored. When support ends in 2015, bug fixes basically stop. New vulnerabilities won't be addressed and your Server 2003 systems will become a massive security risk.
There are a few rare corner cases where keeping Server 2003 around past end of support can make sense, even with the increased operational costs. A large and expensive piece of industrial equipment incorporating custom hardware and applications that absolutely require Server 2003 is a mirror of what keeps me running Windows 2000.
In such a scenario, you need to start running the numbers and make absolutely sure it is worth keeping that equipment in play. Without active support addressing newly discovered vulnerabilities you can't trust the operaing system not to be compromised at any point – no matter how many layers of shielding you put between that server and the internet.
If it ain't broke
Server 2012 contains a vast array of new technologies, but it is hard to turn a shiny new feature list into an argument for fixing something that is working just fine.
If your Server 2003 system is sitting in the corner serving files to the network, then you won’t convince anyone to open the purse strings by crowing about Server 2012's awesome virtualisation and remote-access technologies.
In the past 10 years almost every possible area of the operating system has been improved. A smallish amount of research should allow you to focus on the individual tasks your aged servers perform and make cogent arguments for their replacement.
Are you using Server 2003 as a routing and remote access server? If so, why? Server 2012 is better at that role in every possible way; indeed it adds new capabilities such as SSL virtual private networks and DirectAccess to that role, which can make a real difference for end-users.
Server 2003 as a file server? I don't even know where to start. Server 2012's storage subsystems received such an overhaul in 2012 that it is hard to believe the two operating systems are related.
SMB 3 alone should make that sale. Remote Direct Memory Access support, the various layers of storage virtualisation, the evolution of Distributed File System Replication and Network File System, BrancheCache and all the other buzzword bingo items make me ask how, exactly, this jump hasn't been made already.
It would take a whole series of ebooks to fully explore the new technology arguments, but I suspect you get the drift. Do the legwork and prepare some demos. It shouldn't be hard to sell Server 2012 upgrades on the grounds that “things work better with these new technologies”.
Many Server 2003 licences are tied to the physical box. If you still have physical boxes running Server 2003 then chances are that the system is past its expected end-of-life date. Windows runs on commodity hardware and commodity hardware lives only so long.
You read about the odd exceptions – the Novell server built into a wall that ran for years before being decommissioned and so forth – but these are the exceptions that prove the rule. Commodity hardware is built by the lowest bidder, and your $20,000 server can be brought down by the failure of a $0.05 capacitor.
Those capacitors will age and die. The disks will give out; the Dimms will give up the ghost too. Every element of that physical system has a shelf life.
If you do have transferable licences, you need to ask yourself if perpetually moving Server 2003 to newer hardware is remotely worth it.
Putting the issue of finding drivers for such an aged operating system to one side, Server 2003 is 10 years old. Multi-core processors were just coming out when that operating system was written. Modern power-saving technologies weren't even a gleam in an electrical engineer's eye.
Server 2003 simply cannot take full advantage of modern hardware. How many copies of Server 2003 have to be running for how long on your infrastructure before the simple cost of electricity makes upgrades almost pay for themselves?
How many systems could you collapse into a single physical box (or a much smaller cluster) by going to Server 2012?
Making the move
The most obvious transition mechanism is virtualisation. If your Server 2003 instance isn't virtualised already, you can simply block migrate your install individually (using an excellent sysinternals tool) or in bulk using System Center Virtual Machine Manager. It is quite good at converting both physical boxes and other types of virtual machines.
Once virtualised you can copy the system easily and start getting whatever applications and roles that system runs transitioned to Server 2012.
One of the easiest routes – though not the best – could be simply to upgrade the system one operating system version at a time until you hit 2012. More often than not, you will find that applications that ran on Server 2003 can simply be installed on Server 2012 and work without a problem.
In the rare cases where you can't get the application moved – and you either can't afford the new version or the vendor can't provide an upgrade – then at the very least your Server 2003 instance is now in a virtual container. This makes it much easier to defend past end of life if you must keep it going.
The Microsoft Assessment and Planning toolkit is provided to help you scan your network and conduct an inventory of systems. It can identify those that need migration and even drill down to the application level (for a limited number of supported applications) and identify migration paths.
Server App-V is probably the best path forward if you can get your applications packaged up for it. It enables you to stream applications to your users and offers a very good chance of successfully supporting applications that would otherwise be a real pain to migrate.
In the longer term, it helps disconnect the application from the operating system, making future upgrades easier.
For some, the pain of upgrades lies in the legwork of testing and certification of the new operating system, getting apps ported and training admins on the new administrative interfaces.
The jump from Server 2003 to Server 2012 is a big one. RSAT 2012 is a real break from previous iterations and PowerShell opens a whole new world of administrative possibility that Server 2003 admins rarely touched.
For others, the pain comes from the amount of political capital you have to burn to get the funding unlocked. I feel your pain; I face some massive Server 2003 migrations over the next few years.
Not only are the arguments for migrating to Server 2012 fairly obvious, but justification for staying on Server 2003 is becoming work in itself.
If you have successfully made the argument, why not add to the discussion in the comments. Your fellow systems administrators can learn from your successes... and your failures. ®
Sponsored: 2016 Cyberthreat defense report