By Peter Wanyonyi
On July 14th this year, Microsoft will end all support for Windows Server 2003. After that date, there will be no more security updates for that Operating System (OS), and there will be no support from the company go_ing forward, unless there are very special circumstances – in which case very expensive support will be provided. This is a bigger issue than it seems: Windows Server, in its various editions, accounts for 73% of all server OS installations worldwide. The end of extended Microsoft support, therefore, is a very big deal – because much of this 73% is in fact Windows Server 2003. Many organisations will be caught out by the ending of support, and systems administrators who have not planned on upgrading their servers will suddenly find that they are very much on their own with their outdated, unsupported server software.
Software vendors typically provide two phases of product support. The first is “Mainstream support”. This provides paid incident support for a software system, security updates, hotfix support for all installations, free incident support, warranty claims and changes in design or features. Typically, mainstream support for server OS installations lasts for about 5 – 7 years after the OS release date – in the case of Windows Server 2003, mainstream support ended on July 13, 2010. Despite the best efforts of software vendors, however, there will always be customers lagging behind and holding onto outdated software – sometimes due to the costs involved in upgrading, many times due to a lack of internal policy regarding software versions. Today, there are organisations out there running Windows NT Server 4.0 – a server OS from the 1990s!
Software vendors, recognising this, provide support beyond the Mainstream support phase. This is called “Extended Support”, and it offers paid support per incident and also provides security updates. Where customers want to have this support, they have to pay quite dearly for it. Design and feature requests are also not available in the Extended Support phase.
When the Extended Support phase ends, users typically are on their own. Some vendors can provide limited custom support at a considerable fee, but most will typically only extend this support to customers that can prove they are actively working on migrating to a fully-supported version of the software product in question. Other than this, the ending of Extended support – which is what Windows Server 2003 faces on 14thJuly 2015 – really is the end of support of any sort from the vendor. The implications of running an unsupported server OS can be severe: those servers running in environments requiring regulatory compliance, such as law enforcement, accounting, law firms, security firms, medical companies and so on will find themselves breaching compliance requirements. But this can seem like a remote concern for most organisations in Kenya. More immediate worries are the lack of patches and security updates, the absolute lack of support, the inability to address application compatibility issues, and the lack of access to features that are included in the latest iterations of those Operating Systems.So then, how to avoid getting caught up in this nasty organisational cul-de-sac technology-wise? The first step is to develop a software versioning policy that is then strictly adhered to. In software circles, the current version of any software product is usually called the “N” (for “Now”) version. In the case of Windows Server, for example, the “N” version of the software is now Windows 2012 Server. Behind this, there is an immediate lower version, called the “N-1” version, which is Windows 2008 Server. This was in turn preceded by Windows Server 2003 – therefore, broadly speaking (without going into in-version releases), Windows Server 2003 is, today, the “N-2” version of Windows Server.
An excellent policy is to always ensure that operating systems within the company are at the very lowest at “N-1” status. That means the oldest server OS that an organisation should be running today should be Windows Server 2008. This policy ensures that the organisation’s software is always within the vendor support window, always receives updates and hotfixes, and is easy to upgrade to the “N” version of the server OS in question – this is because most vendors require that upgrading a server must go through all intervening versions for all features to be enabled. Thus, upgrading a Windows Server 2003 to Windows Server 2012R2, the very latest server OS from Microsoft, requires that the server is first upgraded to Windows Server 2008, then to Windows Server 2008R2, then….and so on until one gets to Server 2012R2. This is expensive and is prone to potential errors along the upgrade process.
The “N-1” software version policy can also be extended to cover applications software. Today, for example, the “N” version of Microsoft Office is Office 2013. Using the “N-1” policy would mandate that everyone within an organisation should at worst be running Office 2010. This ensures that potential compatibility issues when communicating with other organisations are avoided, as the most current document formats are always maintained with version upgrades.
Cost is a significant issue when upgrading software, but this is because most organisations have a poor understanding of software licensing. Many organisations simply purchase software licenses and install the software – especially application software – on the computers of employees that don’t need that software. Next month, we will discuss software licensing in depth, to explain the options open to organisations when purchasing licenses for the most commonly-used software packages.