Although Microsoft stopped supporting Windows XP on April 8, 2014, many businesses are still scrambling to remove Windows XP systems from their networks, causing headaches for everyone. IT has been busy getting new machines ready and making sure business applications won’t experience disruptions, compliance managers are trying to determine what the repercussions may be, and employees are struggling to learn how to use the new operating systems. And yet, the nightmare continues.
On July 14, 2015, another Microsoft system reaches its end-of-life date, meaning Microsoft will no longer develop or release updates for Windows 2003 Server/R2, leaving it exposed to identified vulnerabilities and putting organizations out of compliance with most regulatory standards in the event the operating system is still in use after the end-of-support date.
Hopefully, your organization is aware of this date and has a plan in place to migrate business processes and applications onto newer servers. In the event this is news to you, however, let’s determine the key steps that should be followed.
Determine the assets that are affected from the end-of-support date by identifying the number of Windows Server 2003/R2 machines currently in use and the applications that are currently installed and in use on the servers. This will aid in identifying the scope of the project and the amount of resources that will be necessary to perform the migration.
Upon identifying affected assets, a risk ranking should be performed to help identify which business processes are most critical for business operations. These identified critical applications should take priority in the scheduling process for migration onto new target systems. An assessment needs to be performed, in the order of criticality to the business, for each application to identify compatibility issues with newer server systems that may cause business disruptions. The targets or new servers that each application will be migrated onto should be decided based on results of the assessments and the resource requirements of each business application (RAM, storage space, processing capabilities, etc.).
Next, create a plan to identify clearly which server each application will be migrated onto; ideally, all links between applications will be identified as well. The goal is to migrate all systems by July 14, 2015. If this isn’t possible, prioritize the migration of critical systems first, and aim to have those completed prior to the-end-of support date. In the event your organization is unable to complete the migration in a timely manner, the risk is mitigated by reducing the exposure of vulnerabilities on critical business systems and applications.
Based on completed assessments, your organization can then begin to procure and install the additional new server systems required and initiate the migration process according to the migration map or plan. Precautions should be performed to reduce the risks of business disruptions by first migrating the critical applications’ ancillary systems and following your organization’s Change Management Policies and Procedures. Rollback procedures should be well documented and ready in the event of migration failures where a rollback is necessary to keep business functions operating properly.
Prepare for the next one
This process of dealing with systems retirement and migration is not restricted only to Microsoft but is applicable to all systems, including critical third-party applications, antivirus software, and backup management systems. Your organization should be prepared for the next end-of-life system by creating a System Life Cycle Management process that identifies the end-of-support date for all systems within your organization and provides a plan for the retirement and migration of each system. Hopefully with enough forewarning and planning, the migration process will be pain free and seamless.