If you’re still using Windows Server 2003, you probably know that support for it is being totally phased out next year, and that the time to upgrade is coming up very soon. Although your Windows 2003 server will still operate after the support end date, the real problem comes shortly after when security updates are no longer released and PCI compliance is compromised.

Migrating a server takes a lot of time – sometimes up to a year to fully integrate to a new system. The time it takes to migrate depends on the size of your organization, the amount of applications tied into the server, and the number of other systems you have running that needs to be upgraded at the same time. However no matter what your situation, it’s best to upgrade your server as soon as possible to avoid having an unsupported and unsecure server.

When will support for Windows Server 2003 officially end?

Mainstream support from Microsoft for Windows Server 2003 ended in July 2010. Windows Server 2003/R2 has been on Extended Support since then, which means only security updates are released. But all support for Windows Server 2003 will officially end on July 14th, 2015. That marks today, September 17, T-minus 300 days and counting, a conservative minimum time to migrate.

The end of Windows 2003 support means:

  • No more updates. 37 critical updates were released in 2013 for Windows Server 2003/R2 under Extended Support. No updates will be developed or released after end of support.
  • No more PCI compliance. Lack of compliance with various standards and regulations can be devastating. This may include various regulatory and industry standards for which compliance can no longer be achieved. For example, lack of compliance with the Payment Card Industry (PCI) Data Security Standards might mean companies such as Visa and MasterCard will no longer do business with you. Or, the new cost of doing business will include paying catastrophic penalties and astronomically high transaction fees.
  • No safe haven. Both virtualized and physical instances of Windows Server 2003 are vulnerable and would not pass a compliance audit. Microsoft Small Business Server (SBS) 2003 servers are also affected.

credit card PCI compliance

Why you need to act now

Although July 2015 might seem a ways away, you actually don’t have that much time to migrate your server. From start to finish, migrating to a new server system takes 200-300 days minimum. So if you wait until Spring 2015 to begin the process, you could be left for months with a server that is vulnerable to security risks and that doesn’t meet PCI compliance anymore.

To run a secure IT infrastructure, and to meet the legal and regulatory requirements of many jurisdictions, you will have to put a lot of resources into monitoring and shielding any servers running Windows Server 2003. Additionally, if you process credit cards, this function may no longer work on Windows 2003 because of PCI compliance issues.

Keeping your Windows Server 2003 will end up costing you more in the end. Maintenance costs for aging hardware will also increase. Added costs will be incurred for intrusion detection systems, more advanced firewalls, network segmentation, and so on, simply to isolate Windows Server 2003 servers. Many applications will also cease to be supported once the operating system they are running on is unsupported. This includes all Microsoft applications.

Server 2003 Upgrade Options

What are your server upgrade options?

You have a few choices when upgrading your 2003 server. Each choice depends on how complex your system is, how many related systems you need to upgrade in order to work with the new server, your budget, and your security needs. Depending on how secure you need your server to be, whether or not you need to maintain PCI compliance, and what other systems in your organization need to be migrated, different options may be better for you.

Your upgrade options include:

If the rest of your infrastructure isn’t quite ready for the upgrade, you can can purchase Windows Server 2012 as an OLP license and use the option to downgrade to 2008 until the rest of your infrastructure is ready to upgrade to a newer version. This can give you more flexibility while you work on the upgrade, and a chance to tackle your server upgrade before moving the rest of your organizational infrastructure over as well. Windows Server 2008 and 2012 are available in OEM, full retail, and open licenses. Royal Discount sells all versions in all editions and all licenses, and can consult about which is the best option for your needs. We are an authorized Microsoft Dealer and sell Azure packages at a discount as well. Some products aren’t available for online checkout so please give us a call at 877-292-7712 to speak with a licensing specialist.

Upgrading your server to Windows Server 2008, Windows Server 2012, or Azure as soon as possible is imperative to avoiding wasted time and money in the future. Although it can seem burdensome, failing to upgrade your server will result in a lot more work for you in the future.