Windows Server 2003 Reaches End of Life In July 156
Several readers sent word that we're now less than six months away from the end of support for Windows Server 2003. Though the operating system's usage peaked in 2009, it still runs on millions of machines, and many IT departments are just now starting to look at replacements.
Although Microsoft publishes support deadlines long in advance -- and has been beating the drum to dump Server 2003 for months -- it's not unusual for customers to hang on too long. Last year, as Windows XP neared its final days of support, there were still huge numbers of systems running the aged OS. Companies lined up to pay Microsoft for extended support contracts and PC sales stabilized in part because enterprises bought new replacement machines. Problems replacing Windows Server 2003 may appear similar at first glance, but they're not: Servers are critical to a business because of the applications that run on them, which may have to be rewritten or replaced.
[In many cases, legacy applications are the sole reason for the continued use of Server 2003.] Those applications may themselves be unsupported at this point, the company that built them may be out of business or the in-house development team may have been disbanded. Any of those scenarios would make it difficult or even impossible to update the applications' code to run on a newer version of Windows Server. Complicating any move is the fact that many of those applications are 32-bit -- and have been kept on Windows Server 2003 for that reason -- and while Windows Server 2012 R2 offers a compatibility mode to run such applications, it's not foolproof.
[In many cases, legacy applications are the sole reason for the continued use of Server 2003.] Those applications may themselves be unsupported at this point, the company that built them may be out of business or the in-house development team may have been disbanded. Any of those scenarios would make it difficult or even impossible to update the applications' code to run on a newer version of Windows Server. Complicating any move is the fact that many of those applications are 32-bit -- and have been kept on Windows Server 2003 for that reason -- and while Windows Server 2012 R2 offers a compatibility mode to run such applications, it's not foolproof.
PosReady for Server 2003? (Score:3, Interesting)
Does anyone know if I can use the PosReady registry hack that can be used on XP to get support updates until 2019 on Server 2003?
Re: (Score:2)
Might be something to be found by sniffing around "Windows Server for Embedded Systems", which had a 2003-based version, as did "Windows Compute Cluster Server" and "Wind
MS FAIL (Score:1, Insightful)
This is stupid. WS 2003 is still the default server platform that most companies deploy. WS 2008 is not even close in comparison. If you want something small that can maximize utilization especially in a virtualization environment, then there's no alternative. Vista on my server, no thx. And the new tablet-version, seriously what were you thinking?
Re: (Score:1, Insightful)
Bullshit, WS 2003 hasn't been the default organisations have been deploying for a long time, only those that are incompetent and should not be in IT would still be doing that. I work for a vendor and see mostly 2008 R2 as the default, now getting a lot more 2012 R2 as well (they seem to mostly be skipping 2012 initial release).
Re:MS FAIL (Score:5, Insightful)
Ahhh you work for a vendor. That explains why the idea of a budget, or that IT is unable to upgrade something because of upper management may seem foreign to you.
But by all means, throw the front line workers in the IT group under the bus for something beyond their control.
Re: (Score:2)
That's really not fair. He's responding to someone claiming that Windows 2003 is the default for many companies for new deployments. If you're deploying a new server, you shouldn't be deploying a Windows 2003 server, and that's been the case for a few years. Whether you have the budget to deploy a new server is a different question.
Aside from that, honestly, any company who is relying on servers and other IT resources, and doesn't have an IT budget to fund regular updates/upgrades/replacements, really n
Re: (Score:1)
If you're deploying a new server, you shouldn't be deploying a Windows 2003 server, and that's been the case for a few years. Whether you have the budget to deploy a new server is a different question.
It's not just a budget constraint problem. If you have multiple servers in a farm for an application that is currently running 2003, you don't want to add a new variable into that with a new OS. You'll need to update your existing servers first.
Re: (Score:2)
It's not just a budget constraint problem. If you have multiple servers in a farm for an application that is currently running 2003, you don't want to add a new variable into that with a new OS. You'll need to update your existing servers first.
That's debatable, and depends on the context. I think generally, if you have a server farm, you would want to add a new variable by adding new servers. You'd add new servers, migrate the old services to them, and then decommission the old servers-- re-purposing them if they're still good, tossing them if they aren't. And if you run a server farm, you probably should have started doing that to move from 2003 to 2008R2 a few years ago. At this point, you should be planning your migration from 2008R2 to 20
Re: (Score:1)
WHY should the default be that everything (that is working) still MUST be upgraded?
Why be a member in this hamsterwheel?
THAT is the question people should ask them selves.....
Cheers, /C
Re: (Score:2)
I know it seems like a simple question, but the answer is a bit complicated.
First, the easy part: hardware. You'll want to upgrade/replace hardware for a few different reasons, one being improved performance or new features. Also, inevitably, all hardware eventually breaks, so you'll need to replace it eventually or just cope with its loss. Often, if you're dealing with important hardware, you want to replace it before it actually breaks.
I know, you're thinking, "Why?! That's stupid. If performance i
Re: (Score:2)
But by all means, throw the front line workers in the IT group under the bus for something beyond their control.
I was once told that 25 percent of my salary was devoted to "being wrong".
Re: (Score:2)
Helping the front line IT workers get the tools they need to do their job is not "throwing them under the bus". Establishing that using X constitutes negligence and thus if something goes wrong the company's liability will skyrocket helps them it doesn't hurt them.
Re: (Score:2)
No, your true vendor wouldn't care about something being EOL'd and thus would never bother updating their product to work with something more modern than Windows XP SP2 and IE6.
Re:MS FAIL (Score:5, Funny)
Yes, Server 2012 is touch screen only. There are no classic tools. There is no remote desktop. You have to be in the same room as the server. You have to touch the screen with one hand and masturbate furiously with the other hand.
Re: (Score:2)
Well, at least it has PowerShell. Heck, now it's only 23 characters to change a directory? Who wants to go back??
ChangeDirectory -Please <Directory>
Re: (Score:2)
BTW, are the admin tools metrofied to work only in fullscreen and only to have few lines of text on it since the "more texts just confuses the stupid user, less is more, duh."
No, they're exactly the same as w2k8.
Re: (Score:2)
Agreed. But that doesn't make it the default that organizations have been using.
Re: (Score:2)
We're fairly similar, our counts are 100x 2003 boxes (almost all ready to be retired, only about 20% really have to have projects in the next 6 months to move their functions to new boxes), 304x 2008/2008R2, and 31x 2012/2012R2. Almost all of the 2012 boxes are MS stack functions, most third party vendors either don't have it certified or only on the edition released in the last few months. We actually just started our first LOB app install on 2012R2 yesterday =)
Re: (Score:1)
If companies are deploying Windows 2003 today, or at any point in the past 3 years, they are fucking dicks who deserve to be in this position.
But then, your entire post is just stock anti-MS bollocks, so...
Re: (Score:2)
Place I used to contract had a knee-high pile of Compaq 386 laptops in the radio system engineers' office. When I offered to surplus them and get them out of the way they almost attacked me. They had a half million dollar radio tower that used a bleeding-edge control system when it was first installed. The manufacturer got bought out and the new owner didn't support the thing any more. The control system software would ONLY run on a 386 running DOS 3, nothing else, and that pile of laptops were their ba
Re:MS FAIL (Score:4, Funny)
A reason to go with Open Source (Score:3)
Re: (Score:1)
So, which Linux distro that I installed in 2003 still has active security updates today? Which one even had more than four years of support? Today it's not big deal. I can install CentOS for free and get updates for ten years, but if I installed Linux back then I would have had to personally finance the security patches for at least half the deployment time.
Re: (Score:3)
Bullshit. (Score:1)
That was exactly his point: you can hire another company to continue the maintenance.
Exactly what company are you going to hire to perform security audits and patch an ungodly number of packages for a Linux distribution from 2003?
MythicalUniCorp?
Because I hear they're still patching Windows 3.11 for Workgroups. How? Doesn't matter. If you can imagine it, it must be true!
Re: (Score:2)
Re: (Score:2)
That was exactly his point: you can hire another company to continue the maintenance.
I guess you missed his/her point as well. With Windows you got free updates up until July this year. With Linux you would have had to finance that yourself. Installing Linux in 2003 and paying someone to make updates for you would most likely not have been cheaper.
With Windows, there is no such option even if you were ready to throw cash on the table.
Yep, absolutely. You're screwed once MS stops their support. In their defense though, it is quite good that they provided updates for 12 years.
Re: (Score:3)
I guess you missed his/her point as well. With Windows you got free updates up until July this year. With Linux you would have had to finance that yourself. Installing Linux in 2003 and paying someone to make updates for you would most likely not have been cheaper.
Ah, yes. I missed the point indeed. :)
Re:A reason to go with Open Source (Score:5, Informative)
Fair enough, but there are some really key differences between the Linux world and that of Windows and even Unix.
You distribution tends to package like 90+ % of the software on the system. The left over 10% is whatever in house app the server is running or 3rd party app you bought. All the libraries it uses, and support software that it uses database engines, etc typically are in the distribution. So the integration details library versions supported version issues are all taken care of for you.
On Windows this absolutely not the case. Things like databases, libraries for document rendering, and just about anything else you can think of is maintained outside the OS distribution. So Windows is where you upgrade and discover UAC totally breaks the version of ${SOFTWARE PACKGE} you have installed or changes to winHTTP cause all the web service calls to fail etc. Even if they mostly are other first party applications like SQL Server or Office. Its also true that its harder to isolate things. If you install something to /opt or /usr/local on a Linux box and those are separate partitions you can have reasonable confidence that blowing away / won't and reloading it from distribution media will leave you with a working app where you left it. Good luck with that on Windows unless you designed the package yourself and avoided the registry and tens of other possible pitfalls.
So again speaking in the general case its easier to go from RHEL 6.x to RHEL 7.x with an in place upgrade, as is true for most other Linux distros; however you do it, let package manager figurout distupdage or re-install a fresh /.
In most of my travels I have not seen 10+ year old Linux versions in production unless its at the same kind of shop that also does not care to patch or be on a supported version of Windows. Even in shops that are good about patch management get their WSUS updates applied etc ( I want to be fair to MS here these rarely if ever break anything) there is still lots of legitimate fear around upgrading an application server between major Windows versions. So in lots of cases Windows boxes tend to stay on whatever release for either the life of the hardware or the life of the app whichever is shorter. Linux boxes tend to be upgraded more frequently.
Re: (Score:2)
The climate control system in the building that I'm sitting in uses some Linux version that's close to a decade old, if not older. Don't know what they're going to do when the current "server" (a desktop PC shoved under the maintenance guy's desk) dies. There are a lot of these out there, I know of an access control system running Win 95 in 2008, which hadn't been rebooted in over eight years because they weren't sure whether the machine would come back up and they had no way of getting the data off it.
Re: (Score:2)
That is a valid point. There is a lot Linux in the embedded and 'quasi-embedded' space that does never get updated.
That is a little different than what we normally think of as application servers that IT would be responsible for migrating. In the 'quasi-embedded' like the climate system you describe where there is basically a PC attached to some machinery you are correct. The opsticle to upgrading these things has little to do with Linux or Windows though, and everything to do with the machinery vendors
Re: A reason to go with Open Source (Score:1)
That is because when Linux software is updated there are usually features added, bugs fixed, and backdoors sealed up... M$ is exactly the opposite: they tend to remove/paywall features, introduce new bugs and create new backdoors when the upgrade.
In place dist-upgrade might also contribute to Linux being " more up to date".
Re: (Score:2)
Yep, absolutely. You're screwed once MS stops their support. In their defense though, it is quite good that they provided updates for 12 years.
Microsoft never had a choice in that matter. Back in the bad old days, you could get near-eternal support for Solaris (back to when it was called "SunOS" for the longest time), HPUX, AIX...
Shit, man - there are still people using AIX 5.1 out there, and still getting support for it.
Re: (Score:1)
So, which Linux distro that I installed in 2003 still has active security updates today? Which one even had more than four years of support? Today it's not big deal. I can install CentOS for free and get updates for ten years, but if I installed Linux back then I would have had to personally finance the security patches for at least half the deployment time.
I suspect that it's a matter of scale: If your use simply isn't all that big, or migration sucks; but isn't too terribly costly, the right to get support from anyone willing to offer it is mostly theoretical. Unless you, while personally small, are part of a larger market that wants the same thing, it just won't be economic to pay the necessary people to write the software and then deploy a handful of copies. The cost/unit will be insane.
If your use is much larger, though, or migration is a bowel-looseni
Re:A reason to go with Open Source (Score:5, Informative)
So, which Linux distro that I installed in 2003 still has active security updates today? Which one even had more than four years of support?
RHEL 4.0 [redhat.com] which was available in 2003 and will be given extended support to the end of this month.
Re: (Score:1)
CentOS 4 has not been supported for many years and they don't offer extended support like Red Hat does. They only care about CentOS 5 and later which was released four years after Windows Server 2003.
Re: (Score:2)
It's a different scenario since there have been many updates and versions to choose from in the past 11 years versus (based on the comments here) only one real upgrade choice for windows - and even with that, most people tend to wait a while to upgrade just for MS to get the kinks out.
Re: (Score:2)
If there is a FOSS project that does the job. And if you can get support, and if they do not decide to just kill the project.
I love FOSS but it is does not solve all problems.
For example you will not find a 3d cad system that matches SolidWorks or ProE that is FOSS.
End of support, not "end of life". (Score:5, Insightful)
"End of life" is a marketing term used so Microsoft can sell more copies of Windows, apparently. My understanding is that fixing newly discovered vulnerabilities in Windows XP or Windows Server 2003 would be fairly inexpensive.
I've explored the issues concerning Windows XP: Microsoft Windows XP "end of life": Conflict of interest. [futurepower.net]
Re: (Score:2)
Software end of life usually comes in the form of old hardware dying and no one willing to invest money to write drivers for old software so yeah it does have an end of life, fixing new vulnerabilities is NOT inexpensive either. The human resources of having adequately trained and available devs, support engineers and testers alone runs into the millions.
Microsoft is being paid for updates. (Score:2)
Yes, but Microsoft is taking in millions from "Enterprise" users. See the sub-heading "Large customers are paying huge amounts" in Microsoft Windows XP "end of life": Conflict of interest. [futurepower.net]
Re:End of support, not "end of life". (Score:5, Informative)
My understanding is that fixing newly discovered vulnerabilities in Windows XP or Windows Server 2003 would be fairly inexpensive.
One more downside to being closed source - if Microsoft won't fix vulnerabilities, no one else can for any sane price.
At work I'm still migrating our last two 2003 servers, one migration nearing completion the end of this month, and the next not even started yet but expecting to take 9-12 months.
Exchange server was our primary risk because by its nature it has to handle SMTP, and while you can't poke that server directly from the Internet (a postfix relay server is the only one with direct internet exposed ports) but those emails still flow through it, and it sends outgoing mail directly so has to connect to other MTAs and everything involved with that like DNS queries... A pretty big risk footprint on that one, so no argument from me that it needs upgraded.
The last 2003 server however doesn't technically require being replaced, the risk is very small and mostly controlled for even then. It would likely run fine until enough hardware failures make keeping the server up cost prohibitive, which is really the biggest reason (though a fairly justified one) to upgrade.
The vulnerability risk footprint is limited to the LAN, and then only really to windows file sharing (that and SQL server are the only exposed services)
Not zero for sure, but taken alone not enough of a reason to justify the cost of an upgrade. Only everything taken together combined with a string of purchase approvals to upgrade everything else that demands it, is why it ultimately will be.
If only another big player could release continued security updates, or ideally more than one to help both competition on price and a choice of whom to trust for such a thing.
There is definitely a market for very long term support, which you have to look no further than IBM to see.
In fact many would trust IBM to fill such a role if they were to do so. Others may trust Google. I'm sure there are plenty of other examples as well.
But I don't see "long term windows support" being in many of those companies interests, nor see microsoft going along with such a plan even if they were.
Microsoft wants you to buy their latest shiney instead, Google would prefer you didn't use Windows at all, and IBM doesn't seem to be as big on the support thing these days even for their own products let alone microsofts.
All of those facts factor in to the cost of providing security updates, and does raise the bar quite a bit higher than it would appear at first glance.
Re: (Score:2)
There is definitely a market for very long term support, which you have to look no further than IBM to see.
In fact many would trust IBM to fill such a role if they were to do so. Others may trust Google. I'm sure there are plenty of other examples as well.
I agree with IBM to a point but Google doesn't have the best track record of supporting their products after they decide the product has reached the end of its life. In fact, they probably have one of the worst.
Re: (Score:3)
I agree with IBM to a point but Google doesn't have the best track record of supporting their products after they decide the product has reached the end of its life. In fact, they probably have one of the worst.
Sadly that is true.
In my previous post I was more thinking along the lines of trusting IBM/Google/etc to release updates that actually fix vulnerabilities instead of intentionally injecting new ones - more as in comparison to those shady sites out there hosting windows update msis for people using pirated windows without full access to legit update channels.
While I personally would trust Google in that sense, I do have to agree I can't say the same about them "sticking with it" for the long run.
Of course I
Re: (Score:2)
Re: (Score:2)
Just because something is "inside" doesn't mean you can ignore its security.
I'm curious, which one of "low risk", "risk limited to lan", or "not zero risk for sure" did you interpret as me saying there was no risk and thus security is being ignored?
Or was it just the statement that it actually is being upgraded that sounded like " being ignored"?
I of course was light on details, since they don't really matter here, but I feel I spelled out most of the points in my risk analysis process such that "ignore" is a pretty unfitting adjective for what I actually said.
Re: (Score:3)
End of life - when it's no longer secure (comments above on your statements to this effect... your concept of a "now fully secure" OS is just laughable - there have been OS in place since the 60's and ALL are either still receiving updates or - more likely - have known holes. Nobody has yet made anything "secure" at all).
End of life - when it no longer boots (UEFI vs BIOS, 32 vs 64bit, IDE vs SATA, no certified SAS drivers for the RAID controller so you can't run proper failover clusters, etc.) XP died at
Re: (Score:2)
When you can't log into your damn bank because it's said that IE6 is too old, your system is end-of-life. That's the end of it. Because to fix it, bodge it, fake it, or upgrade it costs more than just following the rest of the world in their lowest-accepted technology standard.
You can just install another browser that is more secure than ANY version of IE anyway, like Firefox or Chrome
Even better, install a secure OS : https://www.debian.org/distrib... [debian.org]
Re: (Score:2)
>I agree that computers "don't get slower", they are always the same speed as the day you bought them, that software "doesn't get worse", it's the same software as the day you bought it. I get the comparative nature of this.
This is true, but at the same time growth in data sets can make this not true too. Start out with a customer database that has a limited number of fields and it works great, everything hot fits in cache, most of the database fits in memory. Then as the years go buy you need to store m
A lot of corporate work is routine. (Score:2)
OpenBSD [openbsd.org] is secure because it was examined carefully for vulnerabilities. Microsoft makes more money if there are vulnerabilities, and if its older products are considered likely to be insecure.
"... when it no longer boots..."
We have corporate users who do the same thing every day on computers installed in 2004. They don't want change.
"... when none of the software you use will still run on the old OS"
Yes, you and I. But some corporate users do specialized corporate
Re: (Score:2)
"End of life" is a marketing term used so Microsoft can sell more copies of Windows, apparently. My understanding is that fixing newly discovered vulnerabilities in Windows XP or Windows Server 2003 would be fairly inexpensive.
Yup, exactly.
Imagine if you would, you have an air conditioner on top of your building. Costs a million or so dollars. Then you get a call from the company you bought it from telling you you need to buy a new air conditioner. You ask why, and they tell you its at "end of life for support". Despite it working fine, and showing no reason it wouldn't work for years to come, they want you to spend a couple mil for the new air conditioner, which only does the exact same thing the old one did.
You of course wo
Re: (Score:2)
Imagine if you would, you have an air conditioner on top of your building. Costs a million or so dollars. Then you get a call from the company you bought it from telling you you need to buy a new air conditioner. You ask why, and they tell you its at "end of life for support"
Happens all the time, if you can't get a new compressor or control board and there are none available on the secondary market you have to scramble to find a correctly sized replacement and get a crane in to do the swap to the newer unit
Re: (Score:2)
Happens all the time, if you can't get a new compressor or control board and there are none available on the secondary market you have to scramble to find a correctly sized replacement and get a crane in to do the swap to the newer unit.
But I am talking about a perfectly functional unit. Imagine if you had to spend all that money every few years to replace units with no problems. That isn't even maintenance, it is planned obsolescence that the late 50's automobile industry couldn't match. At least those cars were falling apart (purposefully) This tactic bears a strong resemblance to extortion.
Re: (Score:2)
There is NO software vendor that offers longer support than MS for free, not one. There are only a handful of products that even offer a supported lifetime longer than 10 years which is the MS standard, and of those the longest other than IBM's mainframe OS is 12 years. This isn't about extortion, it's about the realities of the software industry and the inability of companies to profitably support the very longest of long tails.
Just like with the AC unit, the vendor isn't telling you you may no longer use
Re: (Score:2)
If the operating system has a security bug, that's a problem so your comparison is your "imagine" scenario is pointless. You can keep using 2003, you just don't get support. Basically you're just an idiot.
And so are the others who have spent multiple millions on presently functioning networks, and now have to spend multiple millions more to get their new networks to do - the same thing their old networks did.
Issues like virus vulnerability are details. These new OS's - I'm assuming they are completely secure?
And if you don't get this, you have a lot of chutzpah calling me an idiot.
Re: (Score:2)
Happens all the time, if you can't get a new compressor or control board and there are none available on the secondary market you have to scramble to find a correctly sized replacement and get a crane in to do the swap to the newer unit.
I don't understand why losing a compressor necessitates replacing a whole unit in a commercial context. Why can't you just get another compressor with the same displacement and swap that sucker in there?
COBOL (Score:2)
This is why COBOL and mainframes continue to live on. Applications on them are often 30 or more years old and continue to work.
Companies don't like to pay loads of money for line-of-business apps only to have to pay loads again 12 years later to revamp it for the latest-and-greatest server/language/OS, especially for something with little or no UI.
Microsoft is keeping COBOL and mainframes alive and well.
20 Windows XP computers: No problems. (Score:2)
The point I was trying to make is that, if there is enough attention given, software can be free of vulnerabilities.
Re: (Score:2)
Never is a long time. Next, you are a poor risk assessor. If a bug exist, but is not found by you that does not mean it has not been used or exploited by someone else.
Remember Conficker? (Score:5, Insightful)
But about once a year or so, there is a vulnerability in Windows that is exploitable over the network remotely without authentication, the sort of thing that Conficker used to spread on (i.e. MS08-067). Wormable vulnerabilities are the highest risk, and the time between the flaw being announced and an exploit being created can just be a matter of days.
So, eventually those Windows 2003 boxes are going to get pwned. It might be weeks or years after 2003 goes EOL, but eventually it will happen.
32bit vs 64bit (Score:2)
Can someone please clue me in as to why this is a problem? I mean we run 32bit software on Windows 8.1 so why should this be any different on the server? I was under the impression that the compatibility issues only really existed for drivers and that backwards compatibility was an issue (64bit apps on 32bit OS) but that forward compatibility is assured.
The hangers on for the Windows XP era had a lot more to do with Internet Explorer and the clusterfuck of web services which depended on it at the time. Is t
Re: (Score:3)
But.. although it is a pain, but Microsoft's EOL was well-known many years in advance. Peopl
Re: (Score:2)
Some of the time older programs work, and other times they don't. Take some ancient version of Advantage database server, or a whole pile of proprietary DBs. Installing older versions on newer Windows is almost certain to break. Many have copy protection schemes that make assumptions on how Windows operates.
Re: (Score:1)
Re: (Score:2)
Actually he/she is right. OS X does support running 64 bit binaries on a 32-bit kernel. OS X didn't even have a 64 bit kernel until 10.6 and it wasn't until 10.7 when OS X started to boot into the 64 bit kernel by default, but you could still run 64 bit programs just fine back to 10.2 just as long as you had a 64 bit CPU.
Re: 32bit vs 64bit (Score:2)
Doesn't help if server 2003 sole purpose is to run IE 6.
MS forced it off the desktops with EOL for XP through what some would say extortion.
Server 2003 has IE 6 and with citrix can run due to quirks mode hacks to get it to display at all. So now what? Upgrading is not acceptable. You positively absolutely can never upgrade apps that are the business process which store data in a proprietary format
Comment removed (Score:5, Informative)
Re: (Score:3)
Re: (Score:2)
Linux system reliability because it is so cheap is based on overlap and redundancy. That actually turns out to be a better strategy than moderately more reliable. It isn't as good a strategy as much more reliable and overlap like you have with a mainframe. But once you start going multisite Linux beats out the mainframe.
So in short, it isn't that simple.
Re: (Score:2)
It isn't as good a strategy as much more reliable and overlap like you have with a mainframe. But once you start going multisite Linux beats out the mainframe.
Well, you can have mainframes in multiple locations, but that's an awful lot of money. Thing is, if you aren't multisite, you can't reasonably guarantee uptime. Bad things happen to good sites.
Re: (Score:2)
I agree which is why multisite makes sense. Mainframes can be multisite as well but they aren't designed as well for multisite operations. Too many things assume low latency and more reliable networks than WANs can provide.
Re: (Score:3)
So to all these people saying "just run open source" have never run a multimillion dollar business and relied on Windows to bring home the bacon.
Right, because that would be fucking stupid. If you're relying on Windows, you're relying on Microsoft, and if there is a tech company which has shown itself to be less reliable then Microsoft then it's Oracle and how do we feel about them?
Re: (Score:2)
You've had seven years to plan your upgrade to 2008, how many more do you need?
OS is cheap. Migration is expensive (Score:2)
I have a few places tha
Re: (Score:2)
no, that may teach them to go with a mainframe, for the better or the worse.
Re: It's not simple to just go and upgrade (Score:3)
Yeah with SystemD. Gee where do we sign up?
Time for Wine (Score:1)
Wine emulates 32-bit Server 2003 fairly well. Hell, Visual C++ 6 works perfectly. For all your legacy crap, it's time for Wine.
Re: (Score:2)
Wine emulates 32-bit Server 2003 fairly well. Hell, Visual C++ 6 works perfectly. For all your legacy crap, it's time for Wine.
You do know that that the name Wine is one of those fancy-pants self-referential recursive bacronyms, don't you? You know .. "Wine Is Not an [fill in the blank]"
Re: (Score:3)
Didn't work for us. We have an application that has been developed over about 10 years in VB6. No one has the budget -- either in finance or time -- to port. We looked at Wine as a plug-and-play replacement for XP and the application did not work correctly, 100%. The application is mission-critical, making anything less than 100% compatibility a non-starter. So we're stuck with XP until the next big grant comes in and we can afford to pay someone to port it to a more modern system.
Don't get me wrong, W
Re: (Score:2)
Wine is great. As a supporter of Crossover Office, etc. it can be a great product. For personal use.
I'm not sure I'd ever use it for anything commercial - the risks of a crash at an inopportune (and, by definition, unusual) moment are quite high. You have no way of testing every codepath and it'll be those codepaths that you only do once a year or in special circumstances that will matter. And those will tend to be your important ones that can cause damage if the behaviour isn't exactly as expected.
I ra
Re: Time for Wine (Score:2)
Funny I moved them to server 2003 with Citrix for access. Problem solved ... until now.
I am leaning towards keeping the VMs off the Web so users can use them forever.
Really you or your boss should be fired for running XP. If you do credit card processing you are breaking the law too.
Re: (Score:2)
Well, not breaking the law, but breaking the PCI contract. Even then, it's only if you're doing CC processing on that machine or some transaction related to the processing. The receptionist could be using Win95 for all the PCI cares, as long as she can't touch the financial system.
Re: (Score:2)
Really? Fired? Funny, 'cause I'm the boss. If we had an application running under Windows 95, _and it worked_, there would be absolutely zero reason to do anything with that machine when there are other, more important, ways to spend our time. Granted, that hypothetical machine would not be on the net, 'cause we aren't stupid.
The real machines we have running XP, run our experiments (and they have never been on the net for other reasons); until such time as the boxes die, they will continue to run our s
Perpetual motion. (Score:3)
You wrote (or used) software that only works on Server 2003 / Windows XP / etc.
Then it's your own fault.
No doubt your replacement project will rely on .NET 4.5 or whatever and then when that stops being supported you'll have to do the same things all over again in a few years.
Or you could, you know, not use software that is tied to any particular manufacturer, technology, etc.
I'm just not sure what most places get out of being tied into MS technologies like this. Sure, if you're doing some heavy Office integration all the time with this, that, the other then you've tied yourself in, but where is that necessary compared to your software churning out some intermediate format and then just having the intermediate format converted to the one you need?
I don't get it, honestly, and supposedly "clever" IT businesses still fall for it every time.
Nobody is saying that software is immortal, but really it's blinkered to still be running stuff that's dependent on - what? ActiveX and IE6? Come on!
There's no excuse now. I get frustrated when I still see CCTV units for £50 sold with ActiveX components to do their web-view, when they have Android apps and all the rest working already. Stop it. Seriously. And that's at the cheap-junk end of the market.
If you can't abandon Server 2003 because of the applications you use, DON'T fall into the trap next time. Get yourself something that runs pretty independent of the OS already. There's very, very, very little that can't be done with web-based stuff (without requiring plugins) or just sheer open-ness at the intermediary layer so you can get someone in in ten years time to write a new "XML -> whatever" interface that bolts on to your existing system to replace the "XML -> Win64" interface you have now.
Seriously, people, stop it. If you're going to break the endless cycle of annual renewal of MS licences, you have to get off their locked-in development tools and technologies too. The same with Apple. But there is NOTHING stopping you making something that will work with Windows, Apple, Linux, Android, iPad, Windows Phone, etc. all in one hit now, and could be run FROM any of the above too if you needed it to.
Virtualised environments mean that someone handing you a VM with a Linux Guest OS as their entire product is not uncommon in my industry (Smoothwall, etc.), and it means you can run anything on anything nowadays.
If you're still on 2003, I judge you on so many levels, but the stupid decisions you may be about to make are COMPLETELY AVOIDABLE here, now, today before you make the same mistake again.
Re: Perpetual motion. (Score:2)
IE 6 is the deface standard for corporate America for 10 years. What else should it run on? Name one standard compliant browser with more than 5% market share for the first part of last decade?
Thsee apps related people to save money. They go down then people do not get paid, supplies do not get ordered, contacts can't be signed, etc. They CAN'T be replaced. They have business logic that is custom with macros tailored just to the business. It must always stay the same and never change. What is wrong with yo
Re: (Score:2)
Re: (Score:2)
The mindset in 2003 was different:
1. Network security was not as high profile. The term "Patch Tuesday" was only just invented in 2003 [techtarget.com].
2. The industry had not yet experienced a painful Microsoft EOL. Windows NT 4.0 was not EOL'd until Dec. 31, 2004 [serverwatch.com].
So please stop judging with hindsight.
Re: (Score:2)
Right, the hospital that spent a gazillion dollars on an MRI machine should just throw it away because the control software runs on XP and Win7's security model breaks it. Get out in the real world and see what end users have to work with.
Re: (Score:2)
When that machine is on its own and doing fuck-all? No.
When that machine is needed to join onto, say the UK NHS backbone and thus present a Windows XP machine into the midst of everyone's medical records? Yes.
Want to know why I think this? The doctor that lives with me and works in labs with JUST THIS KIND OF THING is always pushing for them to be thrown out for not just security reasons (i.e. they can't join to the backbone because of shit like this), but because they become rapidly unusable, have to be
Re: (Score:2)
Good rant. We'll have to agree to disagree on this one.
"End of Life" is natural for most software (Score:1)
It is utterly unreasonable to expect a software supplier to provide free updates for software "in perpetuity".
Microsoft is a business, they make money from selling new software. If you don't like that they make their software obsolete, ask them to make change their business plan.
Software could be sold with free updates until a "replacement" is released, and then one pays for an "update subscription".
This way one could have chosen whether one upgraded to "Windows Server 2008", or pays a yearly fee for update
This makes me so happy (Score:4)
Between licensing costs, patches that break key functionality, etc. who the hell wants to stay on Windoze?
I like the Linux update mechanisms between apt-get on Debian and Ubuntu to yum on RedHat and CentOS. And it's fairly easy to roll back an update too. As opposed to windows where even some of your config data gets hosed in the process.
And if you're worried about things like AD, Domains etc. just install SAMBA on a Linux box and couple auth to LDAP. Life gets lots easier.
Re: This makes me so happy (Score:2)
Right because 10 year old linux apps are 100% compatible due to the standard Linux ABI ... oh wait
For this reason we do not run Linux at work.
The Linux ABI *is* standard (Score:1)
What you have heard about, but never understood, since it made a nice "talking point" against linux, hence was all you needed or wanted, the ***KERNEL*** ABI is NOT standardised.
I can still run Heretic and Rune on modern Linux.
Fallout1 and 2 won't work at all on Win7, even with compatibility with 95 or 98 applied.
Re: (Score:2)
I can still run Heretic and Rune on modern Linux.
With the proper special libraries, once you do enough setup diddling.
Fallout1 and 2 won't work at all on Win7, even with compatibility with 95 or 98 applied.
You think that's bad, civ2 won't work in XP Mode, which is actually using a virtual machine. Just, you know, the crappiest one there is.
So firewall it already (Score:1)
If you simply can't live without your Win2003 server and don't plan on paying MS for additional support, make sure you:
* Move everything that can be moved off of that server onto a vendor- or reliable-third-party-supported solution.
* Make and test backups frequently. Make sure you have a way of bringing the server back if your hardware dies or server room goes up in flames/earthquake/flood/whatever.
* Put a vendor- or reliable-3rd-paty-supported hardware* firewall between it and the networks that it is atta
Re: (Score:2)
The problem is that leaves you vulnerable to trojans on the local network which might be able to get user-level access on some newer machine and parlay that into a connection to your win2003 machine and get admin there.
Re: (Score:2)
The tricky situation comes if you've built your application on top of windows network functionality rather than directly on top of TCP/IP. That can make it very difficult to lock things down with a firewall because the high risk ports and the ports your application relies on can be one and the same.
difficult and maybe expensive but not impossible (Score:1)
If you have hardware firewalls that do deep-packet inspection and reject all traffic that doesn't match whitelisted traffic, AND your whitelist is detailed enough so that in practice it rejects all unwanted traffic, you should be okay.
So, unless the traffic of your specific can't-migrate-to-a-supported-OS application is too expensive to distinguish from unwanted traffic, you should be able to firewall a server so well that the fact that the OS is unsupported and otherwise vulnerable to attack is no longer a
Followup (Score:1)
The same type of "deep inspection" firewall trick can and probably should be at least CONSIDERED for ANY mission-critical machine that is deemed "too risky" to put on the same network with "unacceptably high risk of becoming contagious" machines. In some cases it may even make sense to apply this technique to machines that ARE running supported OSes and which are BELIEVED to be very well protected all by themselves.
For example, if you are running an in-house web site to provide selected employees with a we