It's the end of life as we know it for Windows Server 2003
Can you survive without support?
Windows Server 2003 will pass out of Microsoft support on July 14, 2015. Different organisations report different numbers, but all agree that there are millions of Server 2003 servers still running in the wild.
Microsoft says there are 11 million Server 2003 servers still running. Gartner says eight million. Several internet searches bring up various other numbers, but I think it is safe to say somewhere between five and 15 million Server 2003 servers are still out there.
My hunch is that Gartner is under-estimating here. The analyst focuses on enterprises and on the whole wouldn’t care if small businesses were all to get flushed into the sun. A Spiceworks poll of workplaces reports that 57 per cent of respondents have at least one Server 2003 instance still running.
One study looking at un-migrated numbers specific to the UK finds 400,000 units yet to receive TLC there. I have as yet been unable to find numbers for my own country, Canada, but my straw polls say it will be a lot more than people think.
Another poll from late last year says one fifth of businesses will miss the mark.
Among my own client base there are probably 40 or so units left in the wild, and only about 20 of those can be migrated. Once upon a time Server 2003 was the last gasp for applications that should have been ported when Windows NT met its maker. Now, years later, the time has come again for some of my clients, and despite repeated warnings they are not ready.
There are a number of reasons why people don't want to migrate: familiarity with the older operating system; money; and in many cases the complexity of the workloads running on those Server 2003 instances.
Many of those servers probably have not had much attention paid to them in years aside from periodic patching. Administrators responsible for the workloads running on them may well have moved on, and their replacements may be theoretically aware of how to migrate data and settings but have have never had the time to practice doing it.
Tales of the unexpected
Of course, if you don't migrate you have two options: choose to run your operating system without security patches, or cough up for emergency support.
The cost of support for Server 2003 will be higher than it was for dragging instances of XP past their due date. Think $600 per server for the first year, and rising for every year after that, though you an probably bank a discount if you are a big customer.
Weird things can happen during migrations. Take this domain controller bug. Even if things are mostly straightforward, there is really no substitute for experience.
Over the past several years many sysadmins have done Server 2003 migrations. Unfortunately, there are not that many of us who can legitimately say we have done hundreds or even thousands of them. This has led to fear in the channel that one of the things holding migrations back is simply a lack of systems administrators with the skills and experience to do the job.
Fortunately the internet is full of practical guides to migration, so if you end up having to do this on your own you won't be left out in the cold.
To July and beyond
Microsoft's official Support Lifecycle Policy FAQ is here. If you need to talk to Microsoft about extending support past the Server 2003 deadline, that's the place to start.
When planning your migration away from Server 2003 it is worth bearing in mind the end of support dates for its successor operating systems.
Windows Server 2003 in most flavours meets its end on July 14, 2015. Windows Server 2008 support ends January 14, 2020, while Windows Server 2012 support ends January 10, 2023.
Windows Server 2016 is coming out soon, presumably in 2016. It will come with a new nano version. For some it is rather frustrating to have this new version coming out next year and yet have Windows Server 2003 expiring this year. So close, and yet so far.
For those who want to hop on Server 2016 as soon as it lands, Microsoft has Software Assurance as an option. Pay more, buy into the whole subscription concept for licensing and get access to upgrades as soon as they appear.
What everyone needs to remember is that Server 2003 doesn't suddenly stop working when support expires. It will continue doing its thing – but there will be an increased risk of security incidents past that date.
Every bad guy who has been sitting on hidden vulnerabilities is going to pull them out and go to town. Unlike Windows XP Server 2003 won’t cling around, zombie-like, at high numbers for years.
Companies will upgrade their servers. Those that don't will lock them down behind so many defences that nobody outside those organisations will ever know that a Server 2003 unit exists.
Right after support ends there will be a surge of attack attempts, malware and other trouble. This will last only so long and then it will simply taper off as the bad guys move on to more lucrative targets.
But let’s not get too doom-laden. Contrary to what you will be told by those with a vested interest in selling you new severs, it is entirely possible to defend an out-of-support operating system.
There is no path by which you save money by not upgrading your Server 2003 box and yet remain secure
What you need to know before you even consider trying to do so is that if you do it properly you will spend a heck of a lot more defending the operating system than you would on the cost of a new licence.
There is no path by which you save money by not upgrading your Server 2003 box and yet remain secure. If you think you can defend such a box with free tools you are deluding yourself and anyone who listens to you.
Of course, the other thing to consider is that in many cases the cost of migration is more than simply the cost of a new server and new operating system licence. Where the workload in question is on the complex side, administrators probably don't know how to migrate it or as migrations delve deep into the inner workings of Windows additional costs will appear.
These can be as simple as the cost of calling the application developer's support line and paying it to help you migrate. It can also evolve into multi-vendor support fiascos that can really run the meter, or require bringing in outside consultants charging some quite exorbitant fees.
Most migrations away from Server 2003 will be easy. Some will be hard. A few simply won't be possible at all.
Cry for help
If you are a small business needing help migrating away from Server 2003 IT network Spiceworks is perhaps the best place to find a local service provider. It has a list which will help you to find a provider operating in your area – one that charges you rates you can afford.
It is a place to start, but it covers anyone who chooses to list themselves as a service provider and there is no vetting of any kind. But although that may sound like a dire warning, there are great companies to be found on the Spiceworks IT providers list.
I strongly recommend cross checking these companies against the Microsoft partner list. This will give you a decent idea of how much a company is committed to the Microsoft ecosystem. A search on Spiceworks will also give you a good idea of the competence (and personality traits) of the people who work there.
My local managed provider of choice, Optrics, is on both lists. And no, this is not just a plug for my mates; these folks have certainly done well by me, but even skilled and experienced systems administrators need help from time to time.
There are plenty of aspects of IT that I don't have the experience to handle, or the time to learn. None of us can do it all, and none of us should be afraid to seek help if we feel our Server 2003 migrations involve a little more than we can handle.
Larger companies are not likely to find what they need in the Spiceworks or Microsoft partner lists. The bigger you get the more you need to start engaging name brand managed providers.
Before hitting Google I recommend having a conversation with your application's developers first. Most problems in migrating away from Server 2003 are related to specific workload incompatibilities. Your application developer may know of a company with experience of handling migrations of its software. If there is such a team out there, go with the pros.
If what you need is help migrating the more in-depth Windows features and coping with esoteric issues, then any old managed IT service provider will not do. What you want is a Microsoft MVP.
July 14 is coming up fast. Will you be ready in time?
Sponsored: Global DDoS threat landscape report