If you’re running Windows Server 2003 after July 14, 2015, you might as well pour habanero juice in your eyes. Actually, that’s not true. You should never pour habanero pepper juice in your eyes. And in some cases you might be fine if you don’t replace your 2003 server.
Here are the things you need to know about Windows Server 2003 End of Life.
1: How long do I have?
Windows Server 2003 support is ending July 14, 2015.
What does this mean for you? If you’re operating one of the estimated 12 to 20 million servers with any version of Windows Server 2003 operating system, you will no longer receive security updates. Microsoft is ending support on that day, and it’s almost certain they will not extend the date. Customized support plans will be available, but will be exceedingly expensive.
There have been over 40 critical updates for Server 2003 issued over the last 2 years. After July 14, any new issues of any kind will remain unfixed and your server and data will be vulnerable to a myriad of threats.
2: Why would anyone operate an unsupported server?
The biggest reason for running a 2003 server is the legacy software running on it. It can be an older version of a database application that the company has yet to upgrade, that won’t run on a newer operating system. In this case it’s very important to delay no further. It’s time to upgrade both the server and the line of business application.
Another situation is more common than you might think, and much harder to face. Years ago the organization had someone on staff who developed a database application that is still relied upon. But the programmer is long gone. The choices here are expensive – pay to develop and support another application, or find software on the market with the needed features and functions. Either way the software costs are high, and the expense of migrating data is usually even higher.
3: Are there any circumstances in which we may safely operate Server 2003?
We have CPA clients who will continue to run older versions of accounting and tax softwares on Server 2003. These are not Internet facing servers, and they are not used in the normal course of business. The servers are safely isolated on the local network, and the risk of compromise is low.
You may have a similar situation in which you’re no longer using an application, but you may need to refer to data in the old software from time to time. Doing this on an older physical server is risky – the thing is going to die eventually. Virtualization can be very helpful here.
4: Will antivirus software and firewalls protect Server 2003?
There is not a single endpoint security vendor committed to offering protection for Server 2003. Once Microsoft quits support, it’s simply too expensive.
Most firewalls used by small to medium sized businesses will not help, either.
5: Are we under any legal or regulatory obligation to upgrade?
Regulations like HIPAA, PCI, SOX, GLBA, Dodd-Frank, SAS70, and SSAE all require covered organizations run on supported platforms.
Many small businesses think they are immune, and may not be. If you are a healthcare organization keeping patient records (a Covered Entity), or a vendor supporting a Covered Entity, you are subject to HIPAA.
If your business accepts credit cards, or transmits or stores any cardholder data, PCI DSS requirements apply. This is irrespective of size or the number of transactions.
Regulated organizations can lose customers if they don’t meet requirements. And of course, regulatory fines and lawsuits can cripple or even kill a small business.
6: What are my best options for moving from Windows Server 2003?
The first thing to be done is an inventory of what’s on the server, and an assessment of whether the applications will run in a modern environment.
The ideal would be Windows Server 2012 R2. If your software won’t work in 2012, find out if it will run in a Server 2008 setting, which will be supported until January 14, 2020.
Microsoft is working on Windows 10 Server, but it is not scheduled for release until late summer at the earliest – well after 2003 loses all support.
When you’re planning any server refresh, it’s a perfect time to consider cloud options. There are too many choices and considerations to include here, so a trusted advisor is needed.
You’ll want a consultant or a firm with a wide range of skills, experience, and current knowledge of the rapidly changing cloud computing landscape. Making the wrong choices can negatively affect your operations and finances for years.
The longer you wait, the more expensive it will be to move away from Server 2003. At the time of this writing, there are 5 months till D-Day. Now is a great time to act.
If you have your own IT department, Microsoft offers a Migration Planning Assistant which covers four essential steps.
If MyITpros is your IT department and you have a 2003 server, we’ve already talked to you about it.
If you wish you were our client, we’d love to hear from you. We always make recommendations in your best interests, and only after due diligence and comprehensive needs analysis.
Please give us a call today. And keep that pepper spray out of your eyes.