There is no path by which you save money by not upgrading your Server 2003 box and yet remain secure
What not even FreeBSD?
Windows Server 2003 will pass out of Microsoft support on July 14, 2015. Different organisations report different numbers, but all agree that there are millions of Server 2003 servers still running in the wild. Microsoft says there are 11 million Server 2003 servers still running. Gartner says eight million. Several internet …
"What not even FreeBSD?"
Most applications won't run on it. More effort even if they did. Higher risk even after those two. Inferior IO performance. Far more difficult to integrate. Expensive and hard to use and implement new toolsets required to deploy manage, patch and monitor it. Commercially unsupported. Higher TCO for most uses.
Most applications won't run on it. More effort even if they did. Higher risk even after those two. Inferior IO performance. Far more difficult to integrate. Expensive and hard to use and implement new toolsets required to deploy manage, patch and monitor it. Commercially unsupported. Higher TCO for most uses.
Yes we know all that.. but what about FreeBSD?
If a company had the time and expertise to implement FreeBSD as a replacement WITHOUT hiring outside consultants or a new IT team for the job (see the "save money" part), they would either have done it already or had the technical foresight to not end up scrambling to emergency migrate off Server 2003.
Awww, that is so cute, you think IT departments that haven't bothered to upgrade yet are going to jump right on it when support goes away... I wish my experience in IT hadn't killed off that sense of childhood optimism...
Yep, It's only last year we were sent a backup of a database from a client, they wanted us to import the data into their systems. Turns out they were running Microsoft SQL 5 on Windows NT4, we had to build a legacy machine just to read the data!
Of course I can.
Still running two Win Server 2000 boxes as well. No exposure to the Internet, and only used for AD authentication. My organization simply doesn't have the resources to purchase new servers, and the four running Server 2003 are not pointed at the Internet either.
We can survive very nicely, thank you...and have been for a long time.
Wish I could give you half an up and down vote. I've been where you are many, many times since word gets around that if you've got legacy, I'm the go to guy for that (and not just Microsoft). Where "solution" falls down is against internal threats and believe me, schools are the platinum standard for that. It's how/where BSD won its spurs way back when. Art's are another vector but, hopefully, you'll never encounter one of those.
What, nothing that's connected to them has exposure to the net either? Congratulations if your organisation has the discipline and commitment to run with that level of isolation, but I fear most sites have the risk of a client being used as a transmission vector.
It's about being able to actually get some help from Microsoft when it all goes pear-shaped.
Support is a good thing to have ... when it is actually good support. In my experience:
- IBM Support: Send Business Partner to fix. If it requires more people, IBM sends 'em.
- Sun Support: Send BP to fix. If issue not solved after X time, send local Sun engineer. If it still hasn't been fixed, fly in someone from Silicon Valley that will fix it.
- Microsoft Support: Get sent to some Indian dude who will ask for logs and stuff, then answer 5 days later "don't know what happened!"
Want support? Go UNIX. Or Linux. Or even BSD and have your IT department fix stuff up by themselves!
"Right after support ends there will be a surge of attack attempts, malware and other trouble. This will last only so long and then it will simply taper off as the bad guys move on to more lucrative targets."
What will happen is that every time Microsoft releases a patch for any of the newer versions of Windows the malware developers will test the vulnerability against older versions and create new exploits for it. Since Microsoft tends to just add new stuff to what's already there and rarely throws old stuff away, a lot of those vulnerabilities will work on older versions. And Microsoft will not only not provide patches for MS Server 2003, they won't even tell you whether or not the vulnerability applies to it. You'll just have to either come up with some test of your own, or more realistically, assume that your gear is vulnerable. Keeping track of all that and figuring out what it means is time consuming, and time is money.
The idea that malware authors will "move on to more lucrative targets" assumes that everybody but you is going to upgrade to something newer, which sort of goes against the message that loads of people aren't going to upgrade. You'll be the low hanging fruit so far as malware authors are concerned because the exploits will be easy to develop - they just look to see what Microsoft had to patch on supported versions.
Realistically, if you are going to be a Microsoft customer you have already decided that you are going to hand over a wedge of cash to them and to other companies on a regular basis. I'm not a big fan of Microsoft, but I can't honestly advise someone to not upgrade when facing the end of support.
The $600 per server figure is nonsense, we recently talked to Microsoft about extended support for W2K3 and the figure was many tens of thousands of pounds, plus the cost of a premier support agreement. Or you can pay a smaller lump sum and pay per update per server which also ran into tens of thousands of pounds. There is no discount being offered for big clients either...
Used them 3 times in ~15 years
1) Bug in Windows 2k Terminal Services, after a month of back and forth with people in USA, got MS ti admit what was clear from day one, I got told that the bug will get fixed in the nearby future, bu should not wait and instead deploy NT 4 Sp6 terminal services.
MS fixed the bug in Win2k SP3.
2) Bug in XP telephony components, got told by MS USA they will not fix it ever, no, no, no. Weeks of talking to guys in India.
MS fixed it in XP SP2, never bothered to tell us they fixed it, never got any explanation.
3) Licensing issue in Windows 2k8r2 TS, weeks of calls, shocked no one had ever encountered our issue, MS representatives kept telling us we could not do what we were doing, simply because the software did not allowed it. We showed you could to several, in the end we (I) found an explanation for the issues on one oreily book.
In the three cases, the three different companies had support contracts and were large organisations.
MS support is expensive rubbish except for basic things most of the time.
People got a strange idealised image of MS IMHO.
"Unlike Windows XP Server 2003 won’t cling around, zombie-like, at high numbers for years."
Based on what? Previous form? I recently took part in a 2003 decom workshop at my company and was presented with a 3yr plan.The look of horror when I asked about the plans for years 4,5,6,7,8,9 & 10 was hilarious. I explained they were deluding themselves if they felt it was a 3yr programme.