Windows Server 2003: Microsoft's next support sinkhole
JUNE 16, 2014
Windows 2003: Microsoft's next support sinkhole
Microsoft won't support Windows Server 2003 after July 2015, and businesses need to think about migration sooner, not later
By Serdar Yegulalp | InfoWorldFollow @syegulalp
Quick: Name a Microsoft operating system whose end of support will soon create major problems for the businesses that depend on it.
If you guessed Windows XP, guess again. There's another widely used version of Windows that'll be sailing off into the sunset in the coming year: Windows Server 2003.
The official end-of-support date for Windows Server 2003 is July 14, 2015, according to Microsoft's Support Lifecycle information. This includes all versions of Windows Server 2003 and all the subeditions of the product: the Itanium and x64 editions, the Compute Cluster Edition, the Datacenter Edition, the Web Edition, and the Enterprise edition.
It's not like they'll all spontaneously stop working, but any future attacks aimed at vulnerable components on those platforms won't be patched. Microsoft stopped delivering service packs for Windows Server 2003 in 2010, but the operating system has since continued to receive security updates and paid per-incident support. All that ends 13 months from now.
Judging the exact impact of Windows Server 2003's end of life is tricky, since many of its installations aren't public-facing and can't be detected by Web server stats. But research analyst Wes Miller of Directions on Microsoft believes the installed based for Windows Server 2003 is sizable: "There are a surprising number of them [Windows Server 2003 installations] out there, in SMBs, and we're still seeing it pretty regularly in the enterprise space."
While Miller admits his perceptions are garnered more from "anecdata" (as he put it) than hard numbers, they stem from dealing directly with users he's encountered in the Microsoft licensing boot camps run by Directions of Microsoft.
To Miller, users stay on Windows Server 2003 for many of the same reasons as Windows XP: It's good enough. "Windows Server 2008 and later editions did change the game quite a bit," Miller said, "but a lot of people were happy with Windows Server 2003 R2. A lot of businesses have a sunk cost with it and are happy with it, so there's no motivation to change it."
Earlier this year, Forrester analyst Mark Bartrick offered a concurring view: "While it's a common occurrence to see support for older products retired by software vendors, it's annoying if either the old stuff is still running perfectly well or if the upgrade option is financially onerous, will significantly disrupt the business or offers little in the way of real added benefit."
Another key issue is the way migration away from Windows Server 2003 is made tougher by the general end of 32-bit editions of Windows Server products. "All of these Windows Server 2003 and 2003 R2 systems out there are predominantly 32-bit," Miller said, "and for Windows Server 2008 and above, you're talking 64-bit."
This also goes for the 32-bit server products that run on Windows Server itself. Exchange Server 2003, which at the time of its release did exist in a 32-bit version, would need to be replaced with a 64-bit version, since no 32-bit editions of Exchange are offered anymore.
Apart from migrating away entirely from Windows Server 2003, Miller identified two other common strategies for dealing with Windows Server 2003's end of life. One is to simply let it keep running -- what he described as the "well, it's been secure so far, it should stay secure" mindset. The other is to "recognize the risk and mitigate it -- put [the server] in a corner, lock it down, and do as much risk mitigation as you can. That's dangerous with a client, and exceedingly dangerous with a server."