Not everything lasts forever - just as Windows XP is no longer supported by Microsoft, so too is Windows Server 2003 reaching the end of the line. After July 15, 2015, the Server OS released in April 2003 will no longer be supported by Microsoft. 10 years is a pretty long run in the IT world, so companies that invested in the technology certainly got their money’s worth, but now is the time to look into migrating to one of the newer options available from Microsoft, Server 2008 or 2012. It was important to replace XP last year, and it is just as important, if not more so, to replace 2003 to prevent giving attackers easy access to your applications and data.
Simply put, leaving the older operating system in place is putting your mission-critical application and sensitive data at risk to any hacker with the sense to determine the operating system in place. Since security updates will stop coming in after the end of support, if any major OS vulnerabilities are uncovered then Microsoft will have no obligation to make any adjustments at all. Microsoft did release an extra patch for Windows XP because of a major vulnerability uncovered a couple of days after end of support for that OS, but this isn’t something to be expected from Microsoft, and the longer you keep 2003 the bigger a liability it becomes, since hackers will just need to google ‘Server 2003 exploits’ to ransack your data.
Fortunately, depending on how you upgrade, there is some help available to make the process easier. Many server manufacturers such as Dell have upgrade plans and software teams available to assist you in migrating applications to a newer operating system and server configuration. Microsoft also offers their own tool known as the Microsoft Assessment and Planning (MAP) toolkit to assist their customers in migrating to the new operating systems as well. It’s also important to reconfigure tools such as Active Directory following the installation, so performing a migration is time consuming, but it’s much better than the alternative.
Since the end of support is so nearby, it is important to have a plan in place to mitigate the pain of the migration. Best practice would be to upgrade servers that are the most likely to suffer if they have any time without security updates - this includes servers collecting sensitive information such as data that has regulatory compliance issues, or payment card data. If a server is a massive security risk, and it won’t be upgraded before the end of support, consider reaching out to Microsoft for extended support. It will have a cost associated with it, but business continuity is an important factor to consider in addition to security aspects.
Make no mistake that moving from Server 2003 to 2008/2012 will be a big change. Since you will be upgrading the operating systems in your environment it is also a good idea to look into upgrading hardware and server infrastructure. Consider reaching out to any IT groups that you work with (Service providers, colocation providers, etc.) to see if they can assist you with procuring replacement hardware. Others that have been considering a move to the cloud can use the opportunity to be able to take advantage of the elasticity and agility of the cloud in addition to leaving Server 2003 behind.