Windows 2003 Server – End of Life… Do I really need to retire mine?

Just like when Windows XP became end of life in 2014, the server version of the XP kernel (Windows 2003 Server), and arguably the most stable Windows Server operating system, comes to the end of its supported life on July 14, 2015.

So you have one or more Windows Server 2003 machines in your environment, but do you really need to retire them?  If so, how quickly?  Will they all just burst into flames on July 15th?  Well, the short answer is that you should migrate onto a newer server side operating system, but the longer and real-life answer is that it depends on multiple factors.

Internet Facing Systems

If you have any Windows 2003 servers in Internet facing roles (Terminal Servers, Web Servers, Proxy Servers, etc.,) you should transition them to a supported server operating system ASAP.  The biggest driving factor is that vulnerabilities are discovered ALL THE TIME for ALL SYSTEMS (remember heartbleed?).  If the vendor of said system (be it Apple, Microsoft, IBM, Facebook, Google, etc.) does not address the vulnerabilities, then exploits (usually automated) are soon to follow.

Windows Server 2003 End of Life means Microsoft will not be fixing any new bugs, vulnerabilities, compatibility issues, adding features, or doing any maintenance at all for this operating system.  It will not be long before the system becomes vulnerable to a slew of new exploits, and the biggest conduit to receive them is via the Internet.

Internal Systems

If you have Windows 2003 systems buried internally on your network with no direct access to the Internet, then the potential for an exploited system decreases.  However, the Internet is not the only way these systems can be exposed.

For example, an end user PC could potentially become infected with a virus or malware.  The payload for that infection could be an automated process that attacks a recently discovered vulnerability affecting Windows 2003.  Suddenly (hypothetically) you could find yourself without your server, or worse, your data from that server could be leaked outside of your network.

So while not as critical as an Internet facing system, the remaining 2003 servers must be addressed going forward.

Other Factors

I have come across many companies that have not migrated away from Windows Server 2003 due to a need to run a 16-bit application requiring a server with 32-bit architecture.  (Meaning they can’t use a server with a 64-bit architecture which all Windows servers starting with 2008 R2 now are).

So what can be done?

The initial version of Windows Server 2008 (not R2) is available and can be installed with 32-bit architecture.  End of life is not expected until 2020, giving you a few more years to transition the remaining 16-bit applications in your environment to a newer platform that will run on the 64-bit architecture machines.

Alternatively, you may be able to run your 16-bit application on a non-server Windows 7 PC.  This would allow you to get a new supported kernel but still run the application in question.  Remember, from a basic programming perspective:

  • Windows XP = Windows Server 2003
  • Windows Vista = Windows Server 2008
  • Windows 7 = Windows Server 2008 R2
  • Windows 8 = Windows Server 2012
  • Windows 8.1 = Windows Server 2012 R2

So if you have some aversion to Vista/2008 you still have options.

Taking that one step further, since Windows Server 2008 and Windows Server 2012 both come with Hyper-V as part of the core operating system, you could potentially purchase your new 64-bit architecture hardware, install the 64-bit operating system of your choice, and then virtualize your Windows 7 or 2008 system in 32-bit to run your 16-bit apps!

In a nutshell, although you really do need to address any Windows Server 2003 systems in your environment, you likely need to reflect on why they are still there and then create an appropriate plan to transition into a newer environment that will continue to support your business needs.

Of course, if this sounds overwhelming, this is the type of project System Lifeline has been through on many occasions, and we would be happy to speak to you about your needs.  We are IT Solutions providers after all, with an extremely strong background in infrastructure and infrastructure planning.