As you read this, Microsoft will have retired Windows Server 2008. If your business has built any of its core services on this platform, big decisions have to be made about which platform to move to. One clear option is Azure. However, should your business take this step?
Microsoft is, of course, touting Azure as the easiest route to take, with tempting and free extended support packages. But the question may CTOs are asking is whether this deal is the right one for them.
The main issue is security. CTOs can’t ignore the problem, as, without regular security updates to their servers, they will be vulnerable to attack. And compliance is also an issue, as older servers won’t be able to support new security standards and authentications that are coming.
To gain an insight into how businesses will manage their transition from Windows Server 2008, Silicon UK with leading technologist.
John Titmus, Director of EMEA, CrowdStrike. [JT]
Mike Kiersey, Principal Technologist at Boomi – a Dell Technologies company. [MK]
Ira Winkler, CISSP, Lead Security Principal for Trustwave and Author of Advanced Persistent Security, and the forthcoming book, You Can Stop Stupid. [IW]
Adrian Overall, the CEO of CloudStratex. [AO]
[JT] We still see organisation running with Windows XP in some areas of their business due to the inability to upgrade based on applications, etc. Windows 7 or Windows 2008 in my mind it is the same in that organisation need to look at the potential huge project costs to migrate to other operating systems that are available, downtime, hardware costs, FTE or project costs etc.
Take retail as an example; if my POS devices hardware supported Windows 7 can it support Windows 10. Maybe not, in that case, it’s a full refresh for the business. With tight margins, do I delay or Migrate? Assessing the risks to the environment is equally important as looking to the costs and benefits of moving to new environments. Most organisations we talk with see the advantages or Cloud infrastructure due to the flexibility and potential futureproofing.
[IW] Some CTOs are showing more concern than others. There are some companies where the CTOs are not fully aware of what is out there, and lack of updates may cripple systems that are out of their visibility. Other CTOs who still have these systems are concerned and, understand the implications. Some CTOs are not aware of this, and they have other problems.
[AO] It never ceases to amaze me that we find ourselves at yet another industry-defining and enforced deadline that we knew was coming; however is still a surprise to so many of us. I do worry that CTOs get somewhat preoccupied with shiny and new cloud services such as Azure and, forget that their businesses may be carrying huge legacy environments built on technology, that at the time was itself being pushed as the latest and greatest.
This creates a dilemma for all; the vendor lacks perhaps the influence it needs to drive its next-gen agenda, and the CTO feels somewhat trapped by technology choices that were enforced in the past, and now need modernising. Explaining this to fatigued business leaders is so tough and just pitching the benefits of the latest technology feels a little contrived.
[MK] Microsoft is pretty much everywhere, and they have been waving some attractive offers to move to Azure with three-year support etc. However, it does allow CTO’s to assess the market, their alignment with business objectives and their technology roadmap. This assessment provides both opportunity and risk for Microsoft.
[JT] I think organisations are looking at all options that are available Amazon AWS, Google GCP and Microsoft Azure. A mixture of services across platforms offers benefits based on the different capabilities available. Just because the pricing may be attractive, it doesn’t always mean it provides the best skills for your business. We see organisations that have multiple provides to help fill gaps or are taking a layered approach to border security or address capabilities.
[IW] Generally? No. The better resourced CTOs are looking at all alternatives and trying to come up with the best fit. Some CTOs with minimal resources, if they choose to go to the cloud, Azure is the more natural migration. However, other platforms are otherwise equally considered.
[AO] I think your regular CTO is predisposed to driving next-generation enabling technology and putting that at the forefront of their tech strategies, blueprints and roadmaps. They have a challenge in that it isn’t easy to modernise the applications that run on these legacy platforms; it also costs money and a significant amount of effort.
Many will tell you they have the intent to migrate to Azure for sure. Still, the business case can sometimes be challenging to prove, and they are perhaps reliant on an investment case that is further reliant on an intervention such as a major end of life event.
In this regard, you have business people challenging the rationale and asking questions about options and alternatives. Without getting into the minutiae of platform differentiation, you can see that this is how competitors could barge open the door. I am sure all major public cloud vendors have incentive schemes and favourable deals to offer alternative options to Azure. That said the problems for clients remain the same in that they have to do something no matter what vendor they choose.
[JT] Assessing your businesses needs is always important; different providers offer completing or complimentary services. Also, we need to consider the EoL (end of Life) and support of platforms. Some companies may be concerned about locking themselves into a provider completely and are shopping about now cloud offers much more flexibility than the hardware lock-in agreements.
[MK] If you are a Microsoft shopper and your strategy is to consume more cloud-like services, then Azure offers a lot of great capabilities. I would say that there are no advantages. What I would ask is would you want to put all your eggs in Microsoft’s basket and do you have an architecture that can support this?
As a CTO, a well thought out strategy is clearly needed, with incremental roadmaps to adopt technology today and the ability to consume tech for the future with ease. Having a balance enables internal competition, the ability to align to multiple roadmaps and analysis of supply structures, cost advantages and different consumption models.
[AO] You could argue that many customers would like to stay as-is. Despite our industry hammering cloud adoption and next-gen platforms, many will see it as yet another platform discussion that we have been having since the advent of open systems in the 80s. Moving from a typical CAPEX model to an OPEX model has its challenges, and many clients may not be tooled up to buy, rent their computing on the drip.
It requires a rethink and significant operational integration to buy differently, and many who are trying today are having to go through a substantial transformation to get the benefits. Those that have stood back are definitely more circumspect, and some of the sentiment we hear is that they aren’t as enamoured as perhaps we would like to believe alongside me to alternatives that provide similar functionality but possibly financed along more traditional lines.
[MK] Absolutely. Windows Server 2008 has provided traditional IT services, e.g. Active Directory, DNS, Certification Services, File and Print etc. However, it was the underlying OS for a lot of Tier 1 / Tier 2 business applications, e.g. Email, SharePoint, SQL Server etc. Each supports business functions and promotes the everyday worker.
Alternatives services need to be found, evaluated, tested, purchased, deployed and migration needs to be planned for the users and the associated data. I have been through some very complex, 150,000+ user application and server migrations.
These are not simple programs, with lots of interdependencies and the risk of locking people out of applications and losing data which is of course never good, but the greatest danger is you are changing how people work. Removing old apps and giving them something different. Think training and helpdesk calls; people naturally don’t like IT change.
[IW] While I would typically want CTOs also to consider security as a primary concern, the reality is that the most significant risk does come from applications being no longer supported. Without updates, interoperability becomes a significant concern, as does general support for applications and the like. For example, large software providers, like Oracle, might one day also stop providing updates for their software running in 2008.
[AO] The issue is migration from platform A to platform B. Early doors there was a hell of a lot of lift and shift to the cloud without anything like the necessary diligence done. Some many customers are still suffering from the same old challenges around application dependency, patching etc.
Some have taken the approach that there is no point migrating to the cloud without modernising the apps, so they are graveyarding the legacy and building new. This is a business lead conversation though, as this comes with a price tag and significant upheaval. It all comes down to the appetite for change in my opinion…. this is not a frictionless process that seems to be promoted by an industry that needs change to drive revenues.
[MK] Microsoft has provided several routes for customers to take to migrate through different generations. Again, each needs careful considerations and upgrades are never straight forward.
My personal preference would be to move, for servers running Windows Server 2008 have probably been financially written off the books. Upgrading is risky; you are just laying on software over patched software. I would go clean (start a new baseline), assuming the business applications support the latest version of Windows Server and it isn’t too much cost to upgrade them.
[AO] This is a tough one as I don’t think you can ever future proof your business in respect to technology, as the landscape is continually changing. You can future proof your process though and make sure you learn from the lessons of the past.
Unfortunately, many businesses continue to encounter the same challenges as they often rely on key individuals to maintain and operate systems. Still, they don’t necessarily codify that knowledge or institutionalise it, so are in a constant cycle of relearning. Change is constant and so robust process backed up by expertise leveraging knowledge from the past, means that clients can better cope with and make change part of their BAU activity.
[AO] I think we are in for a market reset and that will come from a number of different levers. We will surely see a reduction in HW vendors across the board, but I do think there will be some winners that can repurpose their business model to become the defacto cloud standard.
After all, you still need servers. Those that can show a seamless integration cross platform stand to win alongside the vendors that can find ways to cannibalise their existing model and make it relevant to customers who are keen to seek alternative pathways. I don’t like the word hybrid, but the fact is that the industry will be carrying a massive amount of multi-platform for a while to come, and that gives the HW vendors time to adjust.
[JT] More organisations are embracing cloud infrastructure such as Amazon AWS, GCP and Azure – helping them take advantage of capabilities such as Elasticity, Flexibility with sizing, reduced CAPEX, automated updates, reduced FTE costs and managed security usually as part of the solution offer.
These are huge advantages over existing hardware offers helping to reduce the CAPEX (Capital expenditure) for organisations. More organisations are embracing Cloud services but should consider this as an opportunity to review existing infrastructure instead of just replicating in the cloud, moving one potential issue to a new environment.
[MK] The server landscape is still growing customers have a multi-cloud strategy in place. However, on-premise still outweighs the cloud. The wave that is gaining momentum is all about containers, moving monolithic applications: developing net new apps in a container world will outstrip that of “virtual machines.” I would say every IT service, application, database needs to run on something, and we do not see any slow down on the growth of applications and data.
Unnamed 'user' files appeal with Facebook's Supreme Court (the Oversight Board) against the 'indefinite' ban…