When faced with a hardware upgrade or replacement, Didier Contis and his team at the Georgia Institute of Technology always try to move to the latest version of the operating system.
Sometimes upgrading isn't an option, like the time Contis supported faculty who had a costly electron microscope connected to a custom-built machine, which wasn't compatible with newer operating systems.
"It's hard to justify spending $150,000 to replace a scientific piece of hardware just to get rid of a server running Windows 2003 or older," says Contis, the director of technology services at the Georgia Institute of Technology College of Engineering.
That's just one of the scenarios making higher ed IT teams anxious about July 14, 2015, when Microsoft is slated to end extended support for Windows Server 2003. Microsoft will no longer release patches or security updates, leaving servers running the outdated OS vulnerable to threats. As the deadline approaches, colleges and universities are simultaneously upgrading the servers they can, while devising plans to secure the Windows Server 2003 machines that must be kept running.
"Last check, we had about 600 Windows Server 2003 systems still communicating with our Active Directory," says Mark Day, deputy director for data center infrastructure at the University of California at San Francisco (UCSF). "It's certainly not a majority, but it's a larger percentage of our Windows servers than I would like."
One blessing — or curse, depending on the perspective — is that IT departments are just coming off of April's end-of-support deadline for Windows XP, so they're aware of the potential risks and the inherent challenges they face.
"The amount of effort involved in the XP end-of-life certainly got our attention, so we started looking early to understand the scope of the effort," Day says. "Our experiences aren't going to be identical, but I think the themes will be similar."
Batten Down the Hatches
Because of the decentralized nature of IT at UCSF, one of the greatest challenges in preparing for the end-of-support deadlines is getting a handle on all of the operating systems used around campus, and the applications they support. "Untangling all of the different applications installed on systems over the years, and understanding which were still critical to the business and which weren't, was an effort," Day says.
But that's exactly the effort institutions should be making at this point, advises Al Gillen, program vice president for servers and system software at IDC. "You want to inventory your systems and triage them, then put them in order of priority for replacement or upgrades," he says.
A static web server with no content or applications isn't as critical as a server holding personal finance or health data, for instance. Once the IT team has a grasp of the inventory, they should determine which servers to upgrade, and in what order. One option is to keep some Windows Server 2003 machines and purchase a custom support agreement from Microsoft. If cost is preventing an upgrade, it probably won't make sense to spend money to support an outdated OS, Gillen says. Securing the network is another option, but that also introduces new expenses — purchasing stronger firewalls and other security appliances.
Contis plans to keep at least some of Georgia Tech's copies of Windows Server 2003 to support equipment or applications that aren't compatible with newer operating systems. In other cases, groups that manage their own servers may choose to delay upgrades due to software compatibility problems.
"We will have to develop strategies to mitigate the risk of those unsupported servers," he says.
He may isolate unsupported servers by putting them behind additional layers of firewall, or simply disconnect them from the network.
Like Georgia Tech, UCSF must keep some machines running Windows Server 2003, but Day says that segregating the network should be relatively straightforward as far as the servers are concerned because more are managed by IT and located in the data center as opposed to edge-of-network Windows XP devices.
Blessings in Disguise
Day also sees the Windows Server 2003 upgrade as an opportunity to virtualize more of UCSF's legacy systems: "That's a little bit of a silver lining."
Georgia Tech recently used Windows 2012 R2 and Windows 8.1 to virtualize some computer labs. Before the project, student access to more intensive compute applications (such as Autodesk Inventor or AutoCAD 3D) was limited to labs. Georgia Tech also implemented VDI using Remote FX, Hyper-V and NVIDIA GRID K1 graphics cards so that students can access engineering applications on personal devices. The new environment also means that Contis can replace aging workstations with less expensive Wyse thin clients. The simplified infrastructure is translating into less time spent on maintenance and lower power and cooling costs.
Florida Agricultural and Mechanical University also is reporting success with Hyper-V. Three years ago, budget cuts forced the Tallahassee school to scale back on its administrative staff.
Ronald E. Henry II, director of enterprise IT at Florida A&M, says he found solutions in consolidation. Virtualizing most of the data center and moving student email to the cloud allowed Henry to cut back on physical machines. Servers that were scattered throughout the campus were brought into one building.
Now, "we can do everything from one console," he says. Henry already had access to Hyper-V because he recently purchased — and was getting ready to upgrade to — Windows Server 2008 R2.
"I can virtualize machines very quickly. I can consolidate, I can centralize and I can save some more dollars because I don't have to have all of these physical boxes in closets in other departments. I can also back up virtual machines for disaster recovery," he says. "And it's free."