When it comes to maintenance and busy work (disagreeable chores), we all procrastinate. Delaying mundane chores to focus on new creative work, is human nature.
In the Information Technology (IT) world, no task seems more mundane and irritating than patching and upgrading an operating system (OS). We’re all bugged by those persistent messages to patch and re-boot our OS.
On the Server side, patching and maintaining an OS isn’t just a minor pain, it can have significant implications for the stack of applications that run or interact on a server. Databases, libraries, communication stacks, plus performance and other layers of the server environment are frequently impacted by an OS upgrade. Upgrades and software changes can have unintended consequences. So it’s not surprising that IT operations teams sometimes take a short-term, perceived lower risk strategy: (let sleeping dogs lie) and delay applying OS patches to servers that are running smoothly and don’t have issues.
However, what happens when it isn’t just another OS patch, but a vendor informs you it End of Service (EOS) for a whole OS? As we know, (with steady drumbeat pre-warning) last July Windows Server 2003 went EOS. A traumatic event from an IT operations perspective. No more OS patches or fixes, and a future filled with security, compliance and audit risks. Plus expensive extended support fees. Code Red. (Ouch, the damn dog is clearly awake, and has sharp teeth!)
In early 2015, there were an estimated 22 million W2003 servers still in production. In the run-up to EOS and in the six months since, work on W2003 migration has caused more than a few sleepless nights for IT teams whose businesses rely on it.
At AppZero, (where I am CEO and Chairman) we’ve been up too, working with customers, in Banking, Finance, Pharma, Healthcare, Retail and many other industries who run significant W2003 infrastructure and are focused on modernizing it. Frequently, these customers have thousands and sometimes over ten thousand W2003 Servers, and they have hundreds of millions - even billions - invested in the critical applications that run on those servers.
Regardless of the number of W2003 servers a customer is running, one experience seems universal: it is time to modernize. IT audit is likely to raise the risk of running on an unsupported OS during the 2016 audit review. Even with high cost extended support (which will double every 12 months for 3 years), businesses can only delay the problem, not fix it-WS 2003 servers simply can’t run forever. Plus there are tangible benefits and features for customers in a new OS such as W2012. Opening up the applications running on W2003 to new W2012 hardware speeds them up, lets them run in the cloud (if you choose), saves money and promises to make them more secure and stable.
Most of AppZero customers who are obsessed about W2003 modernization are taking 3 steps:
1) Decommissioning: getting rid of some of the W2003 Servers and the applications running on them, if they don’t need them anymore. (throwing out the garbage – removing up to 25% of the W2003 servers);
2) Hand-working: Modernizing and upgrading the W2003 servers through manual upgrades where application vendors provide a simple, fast, predictable upgrade script to a new OS such as W2008 or W2012. Manual upgrades still take significant time, (sometimes weeks per server), and user acceptance testing for the migrated application running on the new OS is still needed. (as a rule, for approximately 20-25% of applications it may be more reliable to upgrade to an new OS with manual effort, if possible);
3) Automated migration: For the remaining 50%+ of W2003 servers, tough work and analysis needs to happen, and automated tools can help. Often install scripts are missing, there are no vendor supported upgrades, and no obvious migration path. You could just sand-box them all and run on W2003 until apps die or are decommissioned? But Sand-boxing tens, hundreds or even thousands of W2003 servers is a lot of risk exposure. Customers are using automated migration tools that will extract and migrate these apps to a new OS. Though success is not guaranteed, 70%+ of the remainder can likely be migrated, with the added bonus that you get a clear understanding why the 30% “non-migratable” apps, should be sand-boxed.
So why are some Apps “non-migratable”? Several factors impact the migration of W2003 applications to a new OS. While over 70% should move using one automated technique or another, factors like unsupported Java libraries, encryption, hidden authorization keys and other factors which are not supported in the new OS environment impact the ability to migrate. The factors that prevent application migration can be highlighted using automated tools, and can provide clear justification for sand-boxing servers. The few apps that cannot be migrated can run to End of Life on W2003, while broader app replacement strategies are developed.
Turns out, in IT doing nothing, costs money (not surprising)! Many of AppZero’s customers, (in both regulated and unregulated industries) are paying extended support fees to Microsoft annually for up to 3 years (until July 2018, if they need them). Extended support fees may exceed $3,000 per server by 2018.
In the event a W2003 server is unsupported and a security breach or outage occurs, the cost of business interruption per day can be hundreds of thousands and even millions of dollars for many customers. Plus, fees for running data centers out of compliance can wreak havoc with businesses. In those cases, IT departments are essentially betting on their businesses and hoping nothing happens.
Migrating W2003 apps by hand also costs money and burns time (often weeks of work/server). Automated migration tools can save more than 15 days of labor and thousands of dollars per migration. If a customer has hundreds and even thousands of servers to migrate, those savings add up.
For example if you have a hundred servers you can move with automation: (100 servers) times ($1,000/server in reduced extended support
+$10,000/server in reduced manual migration effort) => $1M in migration savings.
When it comes to upgrading OSs, both for W2003, and the pending W2008 migration cycle, there’s real work to be done. By working smart you can save millions of dollars, save time and get your business on a new OS infrastructure that will last for years, while simultaneously creating a path to future application modernization and cloud implementation. There really is no reason to procrastinate.
"Application owners have highly customized applications that are no longer supported by the original ISV and sitting on out of warranty hardware in EOL 2003 Win Server Operating Systems. AppZero gives them an opportunity, the only option, to resolve 2 out of 3 of these compliance issues without completely changing their applications; the AppZero tool is awesome."
Amit Kapoor - Windows Support at GAP-HCL