What To Do Next If You’re Still Running a Windows Server 2003

An important IT issue for many organisations recently highlighted in Computer weekly is the large number of businesses who are still running an unsupported server.

Microsoft ended its support for its Windows 2003 server in July this year. What this essentially means is that patches will not be produced and distributed for any newly discovered vulnerability. This could make it much easier for hackers and cyber criminals to infiltrate networks running the Windows 2003 Server thus posing a potentially serious security risk.

You’re Not Alone

If you think you’re in the minority of organisations running this server however you can take some comfort from a recent Spiceworks survey which found that 6 out of 10 companies, large and small are also still running at least 1 Windows 2003 server. 

For many companies it’s simply a case of not having the time or the budget available yet to upgrade them, not knowing they’re running an unsupported system, or upgrading being one job that’s not as pressing as the many above it on the daily list of things to do in the business.

Planning Important

There have been many warnings over several years of the date that this OS was going to be unsupported from July this year but this makes little difference now if you are still using it. It is not as simple however as simply loading everything on to another system. If for example you are using the 2003 Server for critical applications you will need to plan and take time to make sure that you are able to migrate everything across to the right system for your organisation without causing major disruption to the business and its infrastructure.

What To Do

What you actually decide to do really depends upon the workloads that you are running, how exposed you believe you are to the risk, budgetary considerations, how much time you will need to tackle it and your own specific, individual complications and migration challenges. In short it depends on the specific circumstances of your company how you proceed. As a back of envelope guide though you may want to consider some or all of the following points:

Migration can take time so start doing the background work now. The longer you leave the problem the greater the cost will be for maintaining your existing system and upgrading, and the greater the security threat will become. 

If you are not sure what Server 2003 machines you have running or how many, you can use inventory discovery tools to confirm exactly what the current situation is. 

You can choose to pay for extended support from Microsoft to buy more time but this can be an expensive option. 

Some IT security companies offer services and software to isolate the Server 2003 systems for the open Internet and keep them running. 

Work closely with your IT Support Company to help you to decide what OS / Server to upgrade to e.g. Windows Server 2008, Server 2012 or the cloud. 

If you are already using Server 2008 as part of your infrastructure it may be best to migrate to this in the interest of having a unified platform. 

If you are starting from scratch moving to either Server 2008 or Server 2012 can be just as complicated so it may make more sense to move to the newer 2012 platform, plus this may have a longer shelf life (Support for Windows Server 2008 will end in 2020). 

Consider the benefits of moving to the cloud e.g. Microsoft Azure or Amazon Web Services for certain applications.