Windows Server 2003 Migration is a MUST

Windows Server 2003 Migration is a MUST for any company with regulatory or compliance requirements for data protection. Gartner recommends that all companies migrate before the Windows Server 2003 support end date to avoid potentially serious data vulnerabilities.

As the July 14, 2015 Windows Server 2003 end of life date approaches, companies need to start thinking about how they are going to move to the latest operating system, what servers can be consolidated or retired, whether to upgrade or migrate and how to move their data. Migration must be viewed as a priority, as it is simply not safe to leave your data at risk by continuing to use an unsupported operating system.

Millions of Servers Worldwide are Running Windows Server 2003

After over a decade on the market, it’s amazing that there are still well over a million servers worldwide running Windows Server 2003. About two-thirds of the install base for Windows Server 2003 are classified as small to medium-sized business. This means that a large number of companies running legacy Windows Server 2003 servers will be facing the migration process with little to no IT support behind them. Luckily, in addition to vast array of information online, like the Windows Server 2003 end-of-support website, there are also amazing local reseller in your area that can help you with the whole migration process if you are running slim in the IT department.

Take Inventory & Document Usage Information

One thing to keep in mind as you start thinking about migrating to a newer operating system like Windows Server 2012 R2, is that you may also need to purchase newer hardware to support that newer operating system. This is why it is a good time to take inventory of your servers to determine how many are running Windows Server 2003, what your memory and CPU usages are, and how much disk space you are currently utilizing. This discovery process will allow you to better understand the current workloads that each server supports, so you can determine what is actually needed for the migration. You should also take a look at the applications you are running on each of the servers, determine if they are supported on the newer operating system or if they will need to be upgraded.

According to a survey conducted by Spiceworks shown on their latest infographic, the top three reasons companies are still running Windows Server 2003 are:

1. Lack of time
2. Budget constraints
3. Compatibility issues with current software applications.

Since time is of the essence, if you have not already started planning for how to handle the Windows Server 2003 end of life, now is the time to do so. You want to give yourself enough time to avoid the stress of being forced to make quick, reactive decisions. So let’s first look at what your options are.

Options for Windows Server 2003 End-of-Life

1. Do Nothing. This is always an option, although not recommended as you are likely to face unexpected vulnerabilities that could put your company and your data at risk.
2. Upgrade Your Server(s). This involves moving away from your existing Windows Server 2003 operating system to a newer operating system like Windows Server 2012 R2, while using the same hardware. Depending upon your server refresh cycle, your server may or may not support the latest operating system. If your server has a 32-bit processor, this option will not be available to you as Windows Server 2012 R2 requires 64-bit. I would recommend verifying the system requirements for Windows Server 2012 R2 before considering this option.Let’s say for example that your existing server supports all of the system requirements for Windows Server 2012 R2, there are still risks that should be considered. Since you would be using your existing hardware, you would be faced with resolving any issues that arise in a live environment. If you’re running older applications that are not supported on the new operating system, you could run into issues that could halt user productivity. Application errors, in a live environment can cause a significant interruption, while you diligently work to diagnose the issue, get funding for software upgrade (if an upgrade is even available), get all needed apps purchased and installed.

   This option is not recommended as it leaves you at risk of system downtime. If your company cannot handle the ramifications of having this server down, don’t risk it. You could be facing 24-48 hours or more of downtime if something goes wrong.

3. Server Migration. This is the best option. It involves keeping your existing server in production, while you perform a clean install on a second server. If money is tight there are options that can help to reduce your costs on your server refresh. You could for example, opt to lease a server, or buy a refurbished server, instead of purchasing a new server.Migration provides a clear transition path from x86 to x64 OS, allows you to do a clean system install, and reduces the risk of down-time because your source file continues to run during the migration. If your migration fails for any reason, your source server is still live and will not be disrupted.Microsoft provides Windows Server migration documentation that is designed to help you migrate one role or feature and its data at a time. You can also take a look at the Microsoft Migration planning assistant for help you to start your migration planning.

   Migration takes time, so do not put off getting started. The estimated time to do a server migration is 200 days. If you have applications on top of that you are looking at about 300+ days.

Consider Compliance Issues & Risks

Another aspect to consider is your data. The whole reason you are migrating to a new operating system is to ensure that your data is safe and not vulnerable to attacks due to an unsupported operating system. After July 14, 2015 Windows will no longer release patches to close vulnerabilities. Like we have seen in the past with Heartbleed and Shellshock, these vulnerabilities get exploited, leaving your company’s data at risk. Depending upon your industry, there is also the issue of compliance when it comes to the security of client and patient data. There are strict rules in place to ensure that individuals’ electronic personal health information is protected. The question then becomes, will Windows Server 2003 no longer be considered HIPAA compliant after July 14, 2015? As I understand it, an unsupported operating system is by definition insecure, and thus poses a risk not only to the data stored on it, but also to the network it resides on.

According to Health & Human Services, the security capabilities of the operating system may be used to comply with technical safeguard standards. As such, any known security vulnerabilities should be considered in a risk analysis. You many need to ask yourself will Windows Server 2003 contain any known vulnerabilities. Once patches are no longer available because the operating system isn’t supported by the manufacturer, your company could quickly move from compliant to not and that last thing you want is to leave patient data unsafe and face the penalties associated with falling out of compliance.

If you are a business doing online commerce, the end of support for Windows Server 2003 means that you will not pass a compliance audit if you choose to not update your server operating system. Without PCI compliance, Visa and MasterCard may no longer do business with your organization. This could have a very significant effect on your business remaining profitable. It very well could be a make it or break it for some companies and should not be left to chance.

Backup & Restore Your Data

Before you start any migration process, it’s important to create a backup of all of the data so you can quickly restore the data from your backup to your new server.  Even if Microsoft doesn’t support it, you can still protect your data with NovaBACKUP software. If you don’t have a backup software solution, you can download a copy of NovaBACKUP Business Essentials. I would recommend running a full file backup of your data to a local device. This will allow you to simply install the backup software onto the new server, import the backup and restore all of your data to the new server so you can get back to what you do best…whatever that might be.