This article is more than 1 year old

Windows Server 2003 support deadline is TOMORROW – but thousands don't care

Security risks? Well, yes, maybe. We'll take our chances

Tomorrow marks the end of support for Windows Server 2003 but plenty of customers, of all shapes and sizes, weighed up the cost versus the risk factors and will continue to make do with their dusty old boxes.

From 14 July, Microsoft will not issue any further security patches or firmware upgrades, and buying custom support is an expensive option that most firms won’t be able to afford.

Gartner veep and distinguished analyst Carl Claunch told us he does not have a formal number, “but my working assumption is that there will be around 2.5 million physical servers running WS 2003.”

Clearly the warnings about security or software compliance are not resonating with customers in the same way they used to. Maybe the scare stories just aren’t that scary any more.

“The server market, especially with Windows operating systems, tends to migrate based on the end of support dates rather than periodic upgrades or the lure of new features,” Claunch said.

Microsoft has offered “extraordinarily generous support timeframes”, so migration projects are “infrequent but large and expensive.”

“As such, they are evaluated each year against all the competing projects, which often deliver more business value to the user than a migration to reduce the risk of being hacked,” added Claunch.

According to “guesstimates” from the market’s biggest server shifter, HP, around one third of the 400,000 physical servers running WS 2003 in Blighty last December have still not migrated.

Angela Cross, UK & Ireland country manager for HP Servers, says her “gut feeling” based on interactions with customers is there are around 120,000 machines out there in the wild locally.

She told us that public sector and private sector organisations across different verticals and of all sizes are still running machines on the 12 year-old OS. Why did these customers choose not to migrate?

“Apathy” is one reason, said Cross, who is also affectionately referred to internally as the First Lady of the Enterprise Group.

“Perhaps because they haven’t had a major breach or don’t have the money to do the upgrade they have decided to take the risk,” she said. “In 2014 there were in excess of 30 security related breaches, and there is a genuine potential that something could go wrong. This is not hype, [up-to-date] patches and firmware are needed,” she added.

The WS 2003 factor comes 15 months after Microsoft closed support for Windows XP, and coming so soon after customers grappled with this cost, some may not have the budget to move, said HP.

Distributors previously revealed that migration projects were slow to take off and Cross confirmed that unlike the XP scenario, there wasn’t a deluge of last minute project sign-offs.

“We haven’t seen a surge in activity toward the end [of support deadline], I genuinely believe there is still a significant quantity that have not migrated,” said Cross. “Tomorrow is D-Day.”

It can take from six to nine months on average to migrate from WS 2003, according to some estimates, and the tell-tale signs of the slow upgrade path were evident in February.

Nick East, CEO at tech provider Zynstra, told us at the time that roughly half the customers who contacted it about migration were still only at the discussion stage. Consultancy Avanade predicted about one in five projects will miss the support cut off date.

According to application migration specialist Camwood, the real threat to enterprise sticking with WS 2003 is the compliance risk rather than an imminent security threat.

“The cost of being ‘left behind’ because third party application vendors won’t provide patches and upgrades that work on WS 2003 will be difficult to quantify… but I imagine should an application fail and shut down a business process, the cost will be very real and easily quantifiable,” said Ed Shipley, solutions architect at Camwood.

One thing is certain, he added; buying custom support from Microsoft “won’t be cheap.” According to estimates by licensing expert Paul DeGroot of Pica Communications, Microsoft will charge $600 per server for the first year. Microsoft has refused to confirm this.

The company doesn’t want to offer custom support, no matter how lucrative, because it has bigger fish to fry rather than usurping developers' time on a product that isn’t strategic.

Claunch at Gartner reckons that, just as organisations face “real risks” from fires or natural disasters, the chance of a given company experiencing migration-related problems “is quite low, but the impact if it happens will be quite large.”

“So, too, there is a low but not ignorable risk that any given organisation would be hacked based on the vulnerabilities… after extended support ends this month,” he said, adding: “Other risk mitigation steps may be taken to manage, but not totally eliminate, the risk of compromise of their servers through a security flaw.”

Another huge support deadline has almost passed but IT directors and their tech suppliers should taken note – end of support dates for Windows Server 2008 and 2012 are looming. You’ve got less than five and eight years respectively to get your houses in order. ®

More about

TIP US OFF

Send us news


Other stories you might like