Microsoft Ends Windows Server 2003 Support But What Now?

Microsoft will no longer provide extended support for one of its most popular platform, but what does this mean for businesses?

Microsoft has officially pulled the plug on extended support for Windows Server 2003 (WS2003), leaving businesses with a choice of upgrading or remaining exposed to a number of risks – just as they were with Windows XP last year.

WS2003 is one of the most widely used server platforms in Microsoft’s history, shifting 27.8 million licences between 2003 and 2013. According to various accounts, it is estimated that between 8 and 11 million licences are still active, including as many as 400,000 in the UK.

Research released in May by the Cloud Industry Forum (CIF) states 58 percent of UK businesses surveyed are still running WS2003 – a figure which dropped just two percent over the preceding 12 months – while AppZero research suggests as many as 1.76 million WS2003 systems will not have been migrated in time.

But what does this mean for businesses? The most basic answer is that Microsoft will no longer offer security updates, bug fixes or technical assistance for systems running the decade-old platform. This leads to some inevitable risks and complications.

What are the risks?

Server AnomalyMicrosoft issued 37 ‘critical’ updates for WS2003 In 2013 and 21 in 2014, figures which suggest that not all bugs have been ironed out during the platform’s lifetime and that businesses could be a target for cyber criminals armed with zero-day vulnerabilities, intent on stealing corporate and customer data.

This could mean companies in regulated industries will struggle to prove compliance, especially if they handle sensitive information like credit card details.

Another potential issue is functionality. While WS2003 may no longer be supported, applications running on the platform may well be and future updates could be affected by a bug in the platform that will never be fixed.

Microsoft has been using the ‘carrot and stick’ method to encourage companies to migrate. The security and compliance risks have been well publicised, but Microsoft has also claimed businesses still running WS2003 are missing out on the technological advantages and opportunities of using a more modern OS rather than a decade-old platform.

So why not upgrade?

But if the advantages of upgrading and the disadvantages of staying still are so obvious then why are so many companies not interested? Suggested reasons include the complexity of legacy applications, a lack of internal skills and the cost of migration, while Avanade research suggests 18 percent of companies are ‘OK’ with the potential risks outlined above.

Oscar Arean, technical operations manager at disaster recovery service provider Databarracks, suggest it is caution, not complacency, that is preventing many IT managers from upgrading and says more guidance should be provided.

“As Windows Server 2003 reaches end of life, organisations are under pressure to make changes to their IT infrastructure in order to stay protected,” he says “It’s clear from the research by CIF that a lot of organisations still need to act but are perhaps lacking guidance on the best way to do this.

“From the outset it’s important to communicate the risks of staying with Windows Server 2003. This includes the possibility of security breaches and potential data losses, as security patches will no longer be released to protect against vulnerabilities.

“Certain applications will no longer be supported by vendors, and these could also include your backup or replication software. While they may work fine for a while, if you do have an issue, the vendor won’t be able to help and your data may be unrecoverable. While there are security products available to allow you to keep Windows Server 2003, that option will prove expensive. Additionally, expect IT support companies to increase the cost of support of 2003 boxes.”

What are the options?

Windows-Server-2012The simplest decision is to upgrade to a newer version of Windows Server. Microsoft wants users to move to Windows Server 2012 R2 (pictured right), while Windows Sever 2016 is slated for a release early next year. This is seen as a much cleaner option than moving applications to a more modern server, which could cause complications.

The other alternative is to move some applications to the cloud and many firms see the end of support as an opportunity to move some processes off-premise. The CIF believes cloud adoption is set to rise in the coming months as firms move to ‘hybrid’ systems of cloud and on-premise infrastructure.

“You’re in a better situation if you’re already virtualised, and better yet if you have cloud services,” added Arean. “Spinning up additional virtual machines is extremely low-cost, so it’s fairly simple to add a new server and migrate your applications over. But how much work this is depends on the types of servers and how many you need to move.”

You could, of course, just take your chances, but this isn’t recommended.

“By failing to make the switch to a newer operating system, whether that’s Server 2008, 2012 or a cloud-based alternative, businesses are also opening themselves up to a number of legal challenges, falling out of compliance and risking potentially hefty fines,” says Adam Foxall, CEO of application migration firm Camwood. “At the end of the day, this isn’t just bad IT practice, it’s also bad for business.”

The last option is to cut a deal with Microsoft. Just like Windows XP, Microsoft will continue to provide updates for those who can pay for it, but be prepared to fork out. Foxall says this particular course of action could cost $600 per server, per year.

 How much do you know about Microsoft? Take our quiz!