Performance, security concerns abound as Windows Server 2003 support ends

By Darren Boyd, Service Delivery Manager

On July 14, Microsoft ended its extended support of Windows Server 2003. These machines will no longer receive security upgrades and other support from the company. Most organizations have long since removed these legacy systems from their data centers, however, IT consulting firm SoftChoice reported late last year that 21 percent of servers it scanned were still Windows 2003. Even if a majority of those servers were replaced, there are likely still millions in use. Companies still relying on these machines risk substantial security issues, major compliance fines, and critical workload malfunctions that can cost employees, partners and end users.


Compliance is the obvious issue here. Whether it’s the Payment Card Industry Data Security Standard (PCI-DSS), the Health Information Portability and Accessibility Act (HIPAA) or any other series of regulations, any organization subject to these standards running Windows Server 2003 at the moment is already out of compliance. The possible fines and other sanctions that could come are substantial, as any compliance officer can attest.


Security, like compliance, is pretty straightforward. Without patches, debugging, and other updates automatically rolling in as needed, hackers and other cybercriminals essentially have a free pass. Cybersecurity is a complex proposition even when technology is entirely modern and secure. An unsupported server housing a critical application is a major problem.

Critical workload, application performance

All the time and money invested into guaranteed availability and performance of applications will go to waste as these servers start malfunctioning. Most companies with Windows Server 2003 machines running likely aren’t using them for their most important data. However, IT teams running these legacy systems often struggle to map the interdependencies of the applications running through the outdated servers. Availability- and performance-based service-level agreements (SLAs) are at risk when IT proceeds through migrations without understanding how each component interacts throughout a system.

So, what do you do?

To get off Windows Server 2003 entirely, some estimates I’ve seen peg total time of migration at nearly 200 days. Moving quickly is the only way businesses can try to avoid some of the problems they’re likely to face. Once a Window Server 2003 is identified, determining which workloads run on the machine, what the interdependencies are and relocating them are critical. While this is an obviously frustrating process for some, there’s an opportunity to retire these assets that have long led to performance problems in the infrastructure.

In many ways, companies just now racing to move from Windows Server 2003 are already in some major trouble. There are options to simplify the impending migrations, though. Solutions and platforms that mitigate risk during migrations are essential for any shift to a new technology, but holistic insight is especially critical during the type of migrations Windows Server 2003 users are experiencing now.

Any kind of cloud migration can come with risk. Infrastructure performance management (IPM) from Virtual Instruments is designed to mitigate that risk during the most complex of technological shifts.