Fine supporto per Windows Server 2003
Questo è un articolo interessante preso dall'edizione del 7/7/2015 di ComputerWeekly.com sul tema "Fine Supporto di Windows 2003". Prescindendo dalle strategie di migrazione proposte è opportuno ri-sottolineare i rischi di sicurezza legati al mantenimento in produzione di server basati Windows 2003; rischi abbondantemente segnalati da US-Cert già da Novembre 2014. Come già evidenziato in Fine supporto per Windows XP questi sistemi vanno urgentemente abbandonati o migrati sia per l'impatto sui rischi per la sicurezza sia per l'incompatibilità con tutte le best-practices IT esistenti (ITIL, Critical Security Controls 6.1, ..) e con alcune normative italiane (vedi DL 196.03).
Tuttavia, anche se il criterio "Entend life through virtualization" è generalmente valido, in questo caso non è applicabile proprio per l'impatto sulla sicurezza del sistema informativo: la virtualizzazione da sola non risolve i problemi di sicurezza. Si potrebbe generalizzare dicendo: la virtualizzazione, svincolando il software dall'hardware sottostante, permette di far sopravvivere il software (nella configurazione esistente) ai cambi di server fintanto che il software è supportato dal venditore.
Windows Server 2003 end of support: Five options to avoid upgrading to 2012
With less than a week before Microsoft withdraws support for the OS, Cliff Saran looks at IT leaders’ alternatives
Microsoft’s withdrawal of support for Windows Server 2003 on 14 July is a deadline many IT departments have not been looking forward to. Industry estimates suggest a fifth of servers still run this version, which has now reached the end of its life as far as Microsoft is concerned.
Organizations will have the option to pay a premium for custom support contracts, but some businesses may find the option to migrate to a newer operating system (OS) is out of their control
In November 2014, US government security authority US-Cert issued a warning about the deadline, stating: “Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity and/ or availability of data, system resources and business assets.”
In a report titled Windows Server 2003 end of life: An opportunity to evaluate IT strategy, Analyst Company IDC warned that organizations could face problems with regulatory compliance if they remain on Windows Server 2003.
“Failure to have a current, supported operating system raises significant concerns about an organization’s ability to meet regulatory compliance requirements, as well as the needs of business units, partners, and customers,” the IT research firm noted in its February 2015 report. However, Windows Server 2003 is still dominant. According to CloudPhysics, which provides big data analytics for datacenters, one in five Windows Server virtual machines (VMs) runs the 2003 version.
While Windows 2003 VM share is declining, CloudPhysics estimated that, at the current rate of decline, the number of servers running the unsupported OS would reach an insignificant level in the first half of 2018 – three years after support ends. “This is a relatively faster decline than Windows 2000, which reached end of life in 2005 but retains a 1% share 10 years later,” the firm said.
Extend life through virtualisation
According to CloudPhysics, since virtualization separates PC server hardware from the OS, legacy operating systems can exist for much longer since they can run on newer servers.
Krishna Raj Raja, a founding member of CloudPhysics, noted that, prior to virtualization, a server refresh generally required an OS refresh. “Newer hardware typically has limited or no support for legacy operating systems, so upgrading the OS became a necessity. With virtualization, however, the hardware and the OS are decoupled, and therefore OS upgrades are not a necessity,” said Raj Raja.
Given that VMware announced support for 64-bit operating systems in 2004, and vSphere supports both 32-bit and 64-bit operating systems simultaneously, there is no need to choose one over the other, with a legacy 32-bit OS (and even 16-bit OS) able to continue to co-exist with newer 64-bit operating systems.
“VMware’s support for legacy operating systems is excellent. It is possible to run a legacy OS such as Windows NT on modern processors that Windows NT natively would not even recognize. Also, the virtual devices in VMs provide encapsulation and prevent device driver compatibility issues,” said Raj Raja.
Choose Windows Server 2008 for easy upgrade
Dell Software president John Swainson said some firms are upgrading to Windows Server 2008 as it is less disruptive than going to Microsoft’s newest version, Windows Server 2012 R2.
Swainson said organizations migrate to Windows Server 2008, because it is still supported and does not need the major application reworking associated with shifting the whole Windows Server infrastructure onto Windows Server 2012.
“Moving to Windows 2012 requires changing applications, and is far more expensive from Windows Server 2003,” he said.
Ringfence vulnerable systems
In the Gartner paper Managing the risks of running Windows Server 2003 after July 2015, one of the suggestions analyst Carl Claunch made for those systems that cannot be moved is to run a demilitarized zone (DMZ).
“The concept of a demilitarized zone has been frequently used to isolate systems that outsiders can access, to minimize what they could do to the rest of the datacenter if they become compromised. Further, much tighter control can be placed on which other systems they are permitted to contact and the types of access allowed,” he wrote.
“This may reduce the usability of a system, but it may be better than the alternative of losing all use if a new vulnerability becomes known. The nature of the vulnerability and the usefulness of the system in that case will help decide whether a DMZ may be sufficient to address risks.”
Consider architectures such as Linux
Could Linux be a viable option? Red Hat argues that since organizations moving to Windows Server 2012 would incur considerable costs, assessing the viability of running workloads on Linux should not be discarded.
“If your organization is running Windows Server 2003, now is the time to consider Linux. If you upgrade to Windows infrastructure, 2008 or 2012, you’ll incur significant expenses associated with licenses, client access licenses, software licenses, migration and future maintenance,” claimed Red Hat in its Migrating from Windows to Red Hat Enterprise Linux brief.
Move to public cloud
The cloud is another option. Why run a file server on-premise if a cloud service such as Box can be used instead? Application servers may be run more cost effectively on the public cloud.
Certainly, moving to the next supported release of Windows Server is not the only approach an IT department can take. Overall, the end of support for Windows Server 2003 represents an opportunity for CIOs to reassess their legacy Windows server applications and a chance to drop them or re-engineer them to run on a different platform.