Cities need to keep their guard up as Windows 2003 server support ends (with related video)
As the clock winds down to the July 14 end of Windows 2003 server support, IT administrators in cities and other organizations are scrambling. Technology research firm Gartner has calculated that about 8 million installations of the Windows Server 2003 operating system are still running, even as the July 14 end of support approaches. The federal Department of Homeland Security has issued an alert on the topic.
Without support, users will receive no more security updates or patches, and IT networks will be at risk of attack. Systems will no longer be in compliance with key government and industry standards, such as SOX, HIPAA, PCI or NERC. Non-compliance could result in steep potential fines or regulatory sanctions.
What should local government IT officials do if they are still running Windows 2003 for servers? Take action now, says David Mayer, practice director of Microsoft Solutions at Tempe, Ariz.-based Insight Enterprises Inc. The firm is a provider of IT hardware, software and services. Mayer’s firm has a competitively solicited U.S. Communities cooperative purchasing contract for governments.
“Given the short time horizon, we recommend that IT administrators obtain some type of a coverage plan that will extend the support window for server 2003,” says Mayer (photo is to the left). He says the easiest path to coverage is through the fee-based Microsoft Premier Support. Go here for more information on Insight’s offerings as Windows 2003 server support winds down.
GPN reached out to Ted Ross, the interim general manager of the Information Technology Agency in Los Angeles on this topic. Ross’ views are below.
GPN: Do you have any advice for local government IT administrators as the July 14 end of support approaches?
Ted Ross: The advice I have is to take the event seriously. You do not want to have unsupported Windows servers out there. It’s just exposing you from a security perspective. You are also hindering your agency from a functionality perspective. You should also take the end of support as an opportunity to make changes. That could be changes in your operating system to a lower-cost operating system if it makes sense. It also means you can consider switching from a physical server to virtualized servers, which is also a very good investment. Your agency can also consider migrating, to let’s say, the cloud.
GPN: How has your agency approached the end of Windows 2003 server support?
TR: We started the process between 9 and 12 months ago. Running end-of life, unsupported Windows servers is a significant issue from a security risk standpoint. It’s also a major issue just from the lack of functionality for the older versions. So certainly compliance is what drives the need to change, but it is also an opportunity. It’s an opportunity for us to look at lower-cost platforms, to look at cloud migrations, to look at virtualization, etc.
In our organization, we counted 282 Windows 2003 servers. We divided them between physical and virtual. So step 1 was to assess the Windows vs. Linux discussion. We looked into trying to push items that were currently running on Windows 2003 servers onto let’s say a Red Hat Linux type of model. In step 1 we tried to make that assessment. We also considered moving from physical to virtual.
The end of support has given us the opportunity to assess cloud hosting and consider making that migration. If you are virtualized and you are on a newer Windows version, then let’s go ahead and get you hosted up in the cloud, whether it’s with Amazon or Microsoft Azure or any other, simply because that would put us in a better position long term.
GPN: So what will your agency do past July 14?
TR: Well, No. 1, we would disconnect Windows 2003 servers from our network. We do not allow these servers to be unsupported operating systems sitting on a network. No. 2, we are leveraging software. We are using Symantec CSP-Critical System Protection. So let’s say we have an older server that we expect to be replaced in 4 months anyway. So instead of going through a full migration, we would go ahead and leave the Windows 2003 setup, and we’d basically bolster it up. We would use Symantec CSP to lock the server down so that the only functions that it would be able to perform are the ones that are critically necessary. Symantec applies layers of security and constraints on it, so it’s basically hardening up a Windows 2003 server. And then we would run it on Symantec CSP for that limited time frame until we phased it out. And when I say limited time frame, I really do mean a few short months.
GPN: Thank you Ted Ross, for your views.
In the video, see what happens when support ends for Windows Server 2003 on July 14, 2015.