Questo è un articolo interessante preso dall'edizione del 7/7/2015 di sul tema "Fine Supporto di Windows 2003". Prescindendo dalle strategie di migrazione proposte è opportuno ri-sottolineare i rischi di sicurezza legati al mantenimento in produzione di server basati Windows 2003; rischi abbondantemente segnalati da US-Cert già da Novembre 2014. Come già evidenziato in Fine supporto per Windows XP questi sistemi vanno urgentemente abbandonati o migrati sia per l'impatto sui rischi per la sicurezza sia per l'incompatibilità con tutte le best-practices IT esistenti (ITIL, Critical Security Controls 6.1, ..) e con alcune normative italiane (vedi DL 196.03).

Tuttavia, anche se il criterio "Entend life through virtualization" è generalmente valido, in questo caso non è applicabile proprio per l'impatto sulla sicurezza del sistema informativo: la virtualizzazione da sola non risolve i problemi di sicurezza. Si potrebbe generalizzare dicendo: la virtualizzazione, svincolando il software dall'hardware sottostante, permette di far sopravvivere il software (nella configurazione esistente)  ai cambi di server fintanto che il software è supportato dal venditore.

Windows Server 2003 end of support: Five options to avoid upgrading to 2012

With less than a week before Microsoft withdraws support for the OS, Cliff Saran looks at IT leaders’ alternatives

Microsoft’s withdrawal of support for Windows Server 2003 on 14 July is a deadline many IT departments have not been looking forward to. Industry estimates suggest a fifth of servers still run this version, which has now reached the end of its life as far as Microsoft is concerned.

Organizations will have the option to pay a premium for custom support contracts, but some businesses may find the option to migrate to a newer operating system (OS) is out of their control

In November 2014, US government security authority US-Cert issued a warning about the deadline, stating: “Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity and/ or availability of data, system resources and business assets.”

In a report titled Windows Server 2003 end of life: An opportunity to evaluate IT strategy, Analyst Company IDC warned that organizations could face problems with regulatory compliance if they remain on Windows Server 2003.

“Failure to have a current, supported operating system raises significant concerns about an organization’s ability to meet regu­latory compliance requirements, as well as the needs of business units, partners, and customers,” the IT research firm noted in its February 2015 report. However, Windows Server 2003 is still dominant. According to CloudPhysics, which provides big data analytics for datacenters, one in five Windows Server virtual machines (VMs) runs the 2003 version.

While Windows 2003 VM share is declining, CloudPhysics estimated that, at the current rate of decline, the number of serv­ers running the unsupported OS would reach an insignificant level in the first half of 2018 – three years after support ends. “This is a relatively faster decline than Windows 2000, which reached end of life in 2005 but retains a 1% share 10 years later,” the firm said.

Extend life through virtualisation

According to CloudPhysics, since virtualization separates PC server hardware from the OS, legacy operating systems can exist for much longer since they can run on newer servers.

Krishna Raj Raja, a founding member of CloudPhysics, noted that, prior to virtualization, a server refresh generally required an OS refresh. “Newer hardware typically has limited or no sup­port for legacy operating systems, so upgrading the OS became a necessity. With virtualization, however, the hardware and the OS are decoupled, and therefore OS upgrades are not a necessity,” said Raj Raja.

Given that VMware announced support for 64-bit operating systems in 2004, and vSphere supports both 32-bit and 64-bit operating systems simultaneously, there is no need to choose one over the other, with a legacy 32-bit OS (and even 16-bit OS) able to continue to co-exist with newer 64-bit operating systems.

“VMware’s support for legacy operating systems is excellent. It is possible to run a legacy OS such as Windows NT on modern processors that Windows NT natively would not even recognize. Also, the virtual devices in VMs provide encapsulation and pre­vent device driver compatibility issues,” said Raj Raja.

Choose Windows Server 2008 for easy upgrade

Dell Software president John Swainson said some firms are upgrading to Windows Server 2008 as it is less disruptive than going to Microsoft’s newest version, Windows Server 2012 R2.

Swainson said organizations migrate to Windows Server 2008, because it is still supported and does not need the major appli­cation reworking associated with shifting the whole Windows Server infrastructure onto Windows Server 2012.

“Moving to Windows 2012 requires changing applications, and is far more expensive from Windows Server 2003,” he said.

Ringfence vulnerable systems

In the Gartner paper Managing the risks of running Windows Server 2003 after July 2015, one of the suggestions analyst Carl Claunch made for those systems that cannot be moved is to run a demilitarized zone (DMZ).

“The concept of a demilitarized zone has been frequently used to isolate systems that outsiders can access, to minimize what they could do to the rest of the datacenter if they become compromised. Further, much tighter control can be placed on which other systems they are permitted to contact and the types of access allowed,” he wrote.

“This may reduce the usability of a system, but it may be better than the alternative of losing all use if a new vulnerability becomes known. The nature of the vulnerabil­ity and the usefulness of the system in that case will help decide whether a DMZ may be sufficient to address risks.”

Consider architectures such as Linux

Could Linux be a viable option? Red Hat argues that since organizations moving to Windows Server 2012 would incur considerable costs, assessing the viability of running workloads on Linux should not be discarded.

“If your organization is running Windows Server 2003, now is the time to consider Linux. If you upgrade to Windows infrastructure, 2008 or 2012, you’ll incur significant expenses associated with licenses, client access licenses, soft­ware licenses, migration and future maintenance,” claimed Red Hat in its Migrating from Windows to Red Hat Enterprise Linux brief.

Move to public cloud

The cloud is another option. Why run a file server on-premise if a cloud service such as Box can be used instead? Application servers may be run more cost effectively on the pub­lic cloud.

Certainly, moving to the next sup­ported release of Windows Server is not the only approach an IT department can take. Overall, the end of support for Windows Server 2003 represents an opportunity for CIOs to reassess their legacy Windows server appli­cations and a chance to drop them or re-engineer them to run on a different platform.

Progettato e realizzato da con l'aiuto di e flexslider di madebymufffin. PRIVACY POLICY qui!.

Back to top