The Real Costs and Risks of Not Upgrading Your Windows InfrastructureNigel Stokes
We all procrastinate.
When it comes to maintenance and busy work (disagreeable chores), we all procrastinate. Delaying mundane chores to focus on new creative work is human nature.
In the Information Technology (IT) world, no task seems more mundane and irritating than patching and upgrading an operating system (OS). We’re all bugged by those persistent messages to patch and re-boot our OS.
On the Server side, patching and maintaining an OS isn’t just a minor pain, it can have significant implications for the stack of applications that run or interact on a server. Databases, libraries, communication stacks, plus performance and other layers of the server environment are frequently impacted by an OS upgrade. Upgrades and software changes can have unintended consequences. So it’s not surprising that IT operations teams sometimes take a short-term, perceived lower risk strategy: (let sleeping dogs lie) and delay applying OS patches to servers that are running smoothly and don’t have issues.
The End of W2003
However, what happens when it isn’t just another OS patch, but a vendor informs you it End of Service (EOS) for a whole OS? As we know, (with steady drumbeat pre-warning) last July Windows Server 2003 went EOS. A traumatic event from an IT operations perspective. No more OS patches or fixes, and a future filled with security, compliance and audit risks. Plus expensive extended support fees. Code Red. (Ouch, the damn dog is clearly awake, and has sharp teeth!)
In early 2015, there were an estimated 22 million W2003 servers still in production. In the run-up to EOS and in the six months since, work on W2003 migration has caused more than a few sleepless nights for IT teams whose businesses rely on it.
At VirtaMove, (where I am CEO and Chairman) we’ve been up too, working with customers, in Banking, Finance, Pharma, Healthcare, Retail and many other industries who run significant W2003 infrastructure and are focused on modernizing it. Frequently, these customers have thousands and sometimes over ten thousand W2003 Servers, and they have hundreds of millions – even billions – invested in the critical applications that run on those servers.
Regardless of the number of W2003 servers a customer is running, one experience seems universal: it is time to modernize. IT audit is likely to raise the risk of running on an unsupported OS during the 2016 audit review. Even with high cost extended support (which will double every 12 months for 3 years), businesses can only delay the problem, not fix it-WS 2003 servers simply can’t run forever. Plus there are tangible benefits and features for customers in a new OS such as W2012. Opening up the applications running on W2003 to new W2012 hardware speeds them up, lets them run in the cloud (if you choose), saves money and promises to make them more secure and stable.
What to do?
Most VirtaMove customers who are obsessed about W2003 modernization are taking 3 steps:
1) Decommissioning: getting rid of some of the W2003 Servers and the applications running on them, if they don’t need them anymore. (throwing out the garbage – removing up to 25% of the W2003 servers);
2) Hand-working: Modernizing and upgrading the W2003 servers through manual upgrades where application vendors provide a simple, fast, predictable upgrade script to a new OS such as W2008 or W2012. Manual upgrades still take significant time, (sometimes weeks per server), and user acceptance testing for the migrated application running on the new OS is still needed. (as a rule, for approximately 20-25% of applications it may be more reliable to upgrade to an new OS with manual effort, if possible);
3) Automated migration: For the remaining 50%+ of W2003 servers, tough work and analysis needs to happen, and automated tools can help. Often install scripts are missing, there are no vendor supported upgrades, and no obvious migration path. You could just sand-box them all and run on W2003 until apps die or are decommissioned? But Sand-boxing tens, hundreds or even thousands of W2003 servers is a lot of risk exposure. Customers are using automated migration tools that will extract and migrate these apps to a new OS. Though success is not guaranteed, 70%+ of the remainder can likely be migrated, with the added bonus that you get a clear understanding why the 30% “non-migratable” apps, should be sand-boxed.