Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Yeshim Deniz, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Microsoft Cloud, Agile Computing

@CloudExpo: Blog Post

Windows Server 2003 - I'm Late, I'm Late, for a Very Important Date! | @CloudExpo #Cloud

With zero time left, many enterprises have chosen to delay remediating or migrating

Windows Server 2003 End of Support is here and there is little most enterprises can do at this point to change the fact that they are now dependent on an unsupported operating system. Here we are at Microsoft's World Wide Partner Conference again, muttering "I'm late, I'm late," just like the herald-like white rabbit of Lewis Carroll's Alice's Adventures in Wonderland, (We have a cool White Rabbit twitter campaign going this week - check it out) except that we cannot manipulate time. This is the event where, last year, there were many sessions highlighting processes, tools and partner ecosystem to help companies migrate off of Windows Server 2003. Analysts, the media and Microsoft were talking in terms of close to 20 million machines in production still running Windows Server 2003. Back then, the opportunity was characterized as a Y2K situation that would result in as much as 45 billion dollars spent helping to remediate this event.

In the past year, there have been thousands of articles, blogs and other content aimed at educating the market. Check out our blog series, "Everything You Ever Wanted to Know about Windows Server 2003 Migration." For most companies, the deciding equation to move or not boiled down to assessing the risk of running on an unsupported OS increasingly vulnerable to security attacks or paying to remediate the risk. The key question: Do I pay $2,000, $3,000, $4,000 or more to migrate, or can I isolate my apps from bad things, not get hurt and save the money?

With zero time left, many enterprises have chosen to delay remediating or migrating. Historically, risk and negative outcomes are hard for most people and organizations to quantify (one of the reasons the insurance industry is so big and profitable). In the financial collapse of 2008 few if any financial institutions (okay, maybe Goldman Sachs) understood the risk of being involved in the US mortgage market. A good question: What is the cost of breach or an attack on those machines running Windows Server 2003? They have been running fine for years. We now know there is much evidence that applications running on older operating systems have high amounts of downtime, costing the business unplanned time and money. But as Alice articulates: "I went along my merry way, and I never stopped to reason. I should have known there'd be a price to pay, someday..."

There are a couple forms of delay that we see happening among customers attempting to lower the security risk of Windows Server 2003. First, many large enterprises just kick the can down the road by writing a check to Microsoft for extended support via a Custom Support Agreement (CSA). There are a few things you have to do to qualify; and this route is expensive and does not address the underlying problem. It does get you support and patches during the term of the agreement. A material risk in this approach is that organizations with a large number of machines, 5,000-10,000 or more, will not be able to remediate that many applications before the CSA expires. The amount of disruption in an organization necessary to solve this problem is very large and change management processes will slow the move.

A second approach is to isolate the machines that will have this increased venerability by adding a security layer and/or moving them to the cloud. This is likely a feel good approach and obscures the risk but does not solve the underlying problem. Who validates and protects the isolation approach? What happens when the isolation layer is flawed? It is understandable that some organizations adopt this approach as a stopgap measure. They are trying to buy time to address the core of the problem.

We've been working closely with more than 100 system integrators on the Windows Server 2003 challenge, companies that specialize in helping customers modernize, consolidate, relocate or move mission critical applications and have a deep understanding of what the enterprise is experiencing when it comes to Windows Server 2003 EOS. AppZero conducts an annual "State of Readiness for Windows Server 2003 End of Support" survey, now in its third year, as well as frequent polling surveys, including a most recent update conducted on June 18.

The headline from this polling survey, "Customers Didn't Budget for Windows Server 2003 End of Support," shows just how far down the rabbit hole customers are. When asked the about the timing of projects, more than two thirds of our partners see projects as yet to start or in early definition/planning phases.

More Stories By Greg O'Connor

Greg O'Connor is President & CEO of AppZero. Pioneering the Virtual Application Appliance approach to simplifying application-lifecycle management, he is responsible for translating Appzero's vision into strategic business objectives and financial results.

O'Connor has over 25 years of management and technical experience in the computer industry. He was founder and president of Sonic Software, acquired in 2005 by Progress Software (PRGS). There he grew the company from concept to over $40 million in revenue.

At Sonic, he evangelized and created the Enterprise Service Bus (ESB) product category, which is generally accepted today as the foundation for Service Oriented Architecture (SOA). Follow him on Twitter @gregoryjoconnor.

CloudEXPO Stories
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Get started on automating your way to a brighter future!
Serveless Architectures brings the ability to independently scale, deploy and heal based on workloads and move away from monolithic designs. From the front-end, middle-ware and back-end layers, serverless workloads potentially have a larger security risk surface due to the many moving pieces. This talk will focus on key areas to consider for securing end to end, from dev to prod. We will discuss patterns for end to end TLS, session management, scaling to absorb attacks and mitigation techniques.
Crosscode Panoptics Automated Enterprise Architecture Software. Application Discovery and Dependency Mapping. Automatically generate a powerful enterprise-wide map of your organization's IT assets down to the code level. Enterprise Impact Assessment. Automatically analyze the impact, to every asset in the enterprise down to the code level. Automated IT Governance Software. Create rules and alerts based on code level insights, including security issues, to automate governance. Enterprise Audit Trail. Auditors can independently identify all changes made to the environment.