Moving on: How to cope when Windows Server 2003 expires

How to overcome challenges when Microsoft ends support for Windows Server 2003 next year

How to overcome challenges when Microsoft ends support for Windows Server 2003 next year.

Microsoft is ending support for another product in its operating systems portfolio.

Earlier this year, the company withdrew support for Windows XP, and now Windows Server 2003 is up for the chop – an event many companies may find more difficult to deal with than the demise of XP.

From 14 July 2015, Windows Server 2003 users with a standard support package will not receive updates or patches.

For those willing to pay extra, continued support will be available, but this should only be viewed as a last resort.

Companies are better off dealing with the operating system’s expiration by using available funds to update systems. Why?

Windows Server 2003 is more than a decade old and many of its internals are even older. Over time, it has become a multi-layered mess of patches and updates to keep pace with changes in business and technology, while trying to keep ahead of security threats.

It is now unfit for purpose. In 2003, the internet was relatively undeveloped in terms of how businesses and individuals used it: security issues were different and organisations were mainly concerned with internal connectivity. Now the value chains between organisations, their customers and suppliers mean requirements for the technology platform have changed considerably.

However, the rush to move from Windows Server 2003 does not seem to have occurred everywhere. For every company that is moving to an alternative platform before support ends, another seems to be sticking fingers in its figurative ears and going "La, la, la!".

Microsoft estimates there are more than 10 million live systems relying on Windows Server 2003, with almost one-third of those being in Europe. Companies could keep running the operating system without updates and hope all goes well, but this is a risky decision. To be safe, they will need to migrate in the next nine months or pay Microsoft or a third party for support. Analyst firm Quocirca says the only viable option is to migrate.

However, the main issue for most companies is dependence on applications not compatible with later operating systems. The applications may have come from a supplier that has closed or since been acquired by a company that no longer provides support, or perhaps the application was created internally and its documentation has since been mislaid. Either way, there are several ways to solve this problem.

Tough choices

First, use discovery tools to identify servers on your network and which operating system they are running. Ensure these tools can identify what is running on the servers. Most tools will identify common commercial packages from the past decade or so. They should also identify running executable files, even if the software source cannot be identified. System management suppliers include CA, BMC, IBM, HP and smaller suppliers such as Centrix Software and RES Software, along with software as a service-based suppliers such as ServiceNow. All have some level of discovery capability in their systems management or IT service management suites.

Second, identify how these systems are being used. Many IT staff are surprised to find that what they thought was a mission-critical system is actually rarely used by the business. Many variations in resource usage are automated events launched by the application itself to run garbage collection, reporting, backup or other events. If those applications are barely used, ask if they are of any importance. If not, get rid of them.

Obsolete applications

For heavily used programs or those critical to the business, there are a couple of options. One is to see if the functionality provided by the application can be superseded by a more up-to-date application to which existing data can be exported. The new software does not have to be Windows-based. In fact, selecting a cloud-based service could remove the risks and costs from of managing an IT stack. It could also provide more flexibility and support for a business with a variable workload.

A recent Microsoft platform may also handle the application. For instance, Windows Server 2012 is a more functional platform than Windows Server 2003 and has updated security architecture and support for today’s technical environment.

Many systems integrators and technology suppliers, such as Dell, IBM, HP, Accenture and TCS, can help migrate applications. For businesses looking to perform migration themselves, suppliers such as AppZero provide software that can interrogate and migrate old applications and get them running. This is similar to how ChangeBase and AppDNA fix desktop applications that will not run on later operating systems. For in-house applications, the company may wish to rewrite the application. However, Quocirca says this approach could see your organisation in the same situation further down the line.

Windows Server on a virtual machine

For firms using a mission-critical service that cannot be migrated from Windows Server 2003 and has no modern alternative, Quocirca advises running the application as a virtual machine in a more modern operating system – for example, Windows 2003 Server can run in a contained virtual machine on Windows Server 2012. However, interactions with the outside world should always be through the latest operating system to ensure security. This may have some impact on performance but, if the base environment is a virtualised or cloud-based system, sufficient resources should be deployed to the virtual machine to avoid such issues.

Windows Server 2003 instances must be addressed one way or another. Running the operating system without support is a major security threat. Doing nothing is not an option.


Clive Longbottom is founder of analyst Quocirca

Read more on Microsoft Windows software