Windows Server 2003 - Have you migrated?

Published on
6,253 Points
4 Endorsements
Last Modified:
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around the world.

A recent survey by Spiceworks shows that in Asia Pacific alone, almost 60% of organisations are still running at least one instance of Windows Server 2003 (as of March 2015). Although this figure has dropped from almost 65% in June 2014, it is still a huge number of 2003 servers with only 3 weeks to go.

Gartner states that there are over 8 million Windows Server 2003 instances in operation and 20% of those will miss the EOS date. That will leave around 1.6 million servers with no more security patches, no vulnerabilities fixed, and no more support for problems that may arise.

AppZero surveyed Fortune 1000 companies and reports that the majority of these companies won't finish their migration from Windows Server 2003 before the EOS date. Other key figures from the AppZero survey showed:
  • Almost half (47%) are not aware of the EOS date or have no plans (yet) for remediation
  • Only 21% of respondents have a remediation plan in place
  • Security compliance and vulnerability management remains the largest concern (>50%)
  • Fully one quarter (25%) of respondents still have more than 500+ Windows Server 2003 machines
I work at a firm who also still have around 8-10% of servers running Windows Server 2003 for various roles including critical applications, and it’s highly likely we will miss the deadline. The migration path for some of these roles is exceedingly difficult, requiring downtime of critical systems, and applications to be rewritten to support things such as 32bit to 64bit architecture changes, .NET Framework application changes, and more.
The main challenge for us in the server and storage team is working with the other teams to migrate the services that run on these servers. It’s easy for us to design and provision new servers running Windows Server 2012 R2 whether it’s virtual or physical, present some storage, and it’s ready to go. But then we start work with the DBAs to migrate a SQL cluster, or the developers to migrate a web farm, and this requires additional planning and resources from their teams, on top of BAU and existing projects.
Where possible, we are migrating all of our Windows Server 2003 instances to Windows Server 2012 R2. This isn’t always possible though and so we are still deploying Windows Server 2008 R2 instances for the migration. It is also an opportunity for server consolidation, for virtualisation, and to standardise and adhere to our most recent best practice deployments that have been designed since the original 2003 servers were put in place.
After July 14th 2015, if vulnerabilities are discovered, you’re on your own. There won’t be any more fixes, patches, or support. Your servers, applications, or infrastructure will be at risk. If you don’t have a migration plan in place already or you still have servers that will be running past the EOS deadline, you need to get prepared.
Gartner says a ‘typical’ migration can take around 9-15 months from initial research to rollout. Whether you have 1 or 100 Windows Server 2003 servers still running and you haven’t got at least a plan for migration, you’re going to miss the deadline.
Author:Lee Osborne
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free