On July 14, 2015, Microsoft will pull the plug on Windows Server 2003, effectively ending a long period of plugging security holes with patches on a regular basis. Small and medium-sized businesses who have no plan to migrate to a newer server platform may be putting themselves in jeopardy, and numbers indicate there are still plenty of them.
The world was very different when Windows Server launched 12 years ago. There was no cloud, no social media, no smartphone penetration and not even a thought about employees bringing their own devices to integrate into the company’s IT infrastructure. All that has changed, of course, and with support about to dry up, Microsoft is sounding the alarm and angling vendors to adopt something much newer.
“Windows Server 2012 is really a gateway product that allows customers to start to embrace the cloud,” says Jason Hermitage, vice president of marketing and operations at Microsoft Canada. “For small businesses, it’s really around modernization and making sure that your application running on 2003 is up with the times. Knowing that it’s a very significant investment to secure and update to that operating system, we need to focus on the future products.”
Hermitage views the cloud with great esteem, suggesting SMBs can embrace it on their own premises, allowing them to run their own private cloud with an integrated set of tools that would allow for a data centre in a box. “It’s basically pooling all your servers around your business together to one virtual pool, which you can scale up or down as you need it,’ he adds.
Naturally, he’s quick to admit that the migration process over to Server 2012 can be a slow one for a business of any size. Thus, a concerted plan and timeline is necessary to not only ensure a smooth transition, but to also build a new infrastructure backbone that can help SMBs better engage with people using online and social media tools.
The challenge is that Windows Server 2003 is tied to Exchange and Active Directory. Exchange manages email, and it looks into the Active Directory to authenticate users to have email access. As Exchange 2003 isn’t upgradeable, it effectively means that email migration moves to the cloud under Server 2012, unless a business insists on having an in-house mail server, which is too expensive to manage anyway.
“If you have a server that’s running 2003, and you also have Exchange on it, the discussion that we would normally have is that there’s a great opportunity to dramatically reduce the risk of your IT infrastructure so that your email is hosted in a completely different place than the rest of your office,” says Brendan Howe, president of TDCNet, a Toronto-based managed IT and network services firm. “This means the business can continue to run if everything goes down in the office. It’s cheaper in the long run than just upgrading the in-house server.”
Howe believes part of the problem is that this all too often becomes a technical conversation when it needs to be a business conversation about the real impacts to the status quo. Included with that is the opportunity lost of not moving ahead to Office 365 or leveraging other cloud-based technologies or other potential efficiencies that are out there.
Of course, this requires convincing executives or business owners who control the purse strings. Security tends to be given priority more often after a breach rather than prior to it, a fact Howe acknowledges but feels can be dealt with by making the right business case.
“We have to lay out the reasons why it’s an investment that leads to benefits and opportunities,” he says. “Think of the downtime that a business experiences every time an Exchange Server goes down because of a power outage or Internet problem. When you quantify that time, and when you actually make the business case, they need to see numbers on how investing in new technologies helps the bottom line because it’s the language they understand.”
Demystifying the cloud and cloud-based technologies would help, he adds, particularly when there is “plenty of opportunity to be more efficient and flexible” because of it.
“The reality now is that you have many more businesses being proactive about this because they’ve already had a breach from malware, like Cryptolocker, which affected many businesses,” he says.
The message, however, seems to be disseminating slowly. IDC Canada’s research found that 60% of medium-sized businesses in Canada still had some Server 2003 installed. It didn’t break down how much or how little of the old server was deployed, on average.
Companies seem to be in no rush to migrate, says Tarun Bhasin, research manager of Infrastructure Solutions at IDC Canada. Generally, most IT departments are fairly comfortable with running some WS 2003, at least in the short term. Some reasons for the lack of urgency from IT departments include comfort with security, maintenance time/costs and admin skill sets.
“Eventually, all organizations will migrate away from Server 2003, but past experience has shown that Canadian organizations tend to hold on to legacy equipment a bit longer when compared to other regions, like the United States,” says Bhasin. “One example of this is the higher percentage of the server market revenue in Canada still coming from Unix and mainframe systems.”
This has a residual cost, he says, because the malaise regarding Server 2003 limits IT options from a business standpoint. Using legacy applications running on older hardware portends a struggle to keep pace with business demands.
“In our research of overall IT maturity in Canada, firms with higher IT maturity — and less of obsolete technologies like Server 2003 — show higher revenue growth,” he says. “While it’s not too late to devise a plan, we strongly recommend that organizations develop a strategy for migrating and modernizing their Server 2003 applications as soon as possible.”