Two major enterprise computing platforms are reaching their end of life this week. Tomorrow (January 14th), in fact. While this may seem like a last-minute blog entry, we know there are plenty of you out there still running Windows 7 on corporate desktops and Windows Server 2008 or 2008 R2 in your data centers.
Microsoft itself estimated that 60% of its Windows Server install base was still running 2008 back in August. Some of those instances may have been upgraded or migrated to cloud VMs, but we’re betting many of them remain. Unofficial estimates peg the number of Windows 7 machines worldwide at around 200 million.
Change can be hard, especially when your systems seem to be working properly and upgrading appears to be a complex and time-consuming endeavor. But operating systems that have reached End of Support open the door for vulnerabilities, bugs, and incompatibility with newer infrastructure. They also make it more difficult to deploy and support newer software that can improve employee efficiency and empower the business to drive revenue in new areas and to compete with others in the industry. With Windows 7 and Windows Server 2008 End of Support upon us, what are your options?
We understand – your critical applications may not be compatible with a newer OS. Or you may have a hardware incompatibility like a driver for add-on hardware that is used widely throughout your organization. Most of this thinking however is outdated. Look at healthcare, where a significant number of desktops are virtualized now. Most hardware supports USB 2.0 at a minimum allowing for integration into newer operating systems.
While the disruption to daily work may seem like more trouble than its worth, leaving systems vulnerable will result in more of a disruption down the road, alongside many other negative effects for your business. If these systems are accessible via the internet and connected to other infrastructure, a cyberattack could cascade beyond the system in question and into the larger data center or network environment. Your cyber insurance may not cover outdated, end of life operating systems, either.
Both Windows 7 and Windows Server 2008 are already in their extended support periods, with regular support halted years ago. Microsoft has still released critical patches for both products but as of tomorrow, that’s over with.
Unless you purchase Extended Security Updates (ESU) of course, which extend security patches beyond the extended support period. This is costly at a rate between $25 per desktop for high volume customers and $62 per desktop for small businesses. This rate is paid annually for a maximum of three additional years of critical patches and doubles each year. And the costs per server are even higher.
ESU may make sense for very large corporate customers who need some additional planning time. Smaller organizations who wish to purchase Extended Security Updates must do so through a Microsoft approved Cloud Service Provider (CSP). It is also vital to note that ESU updates do not cover all vulnerabilities, only those deemed by Microsoft as critical and important. Threats rated “moderate” or “low” will not be addressed.
If you wish to continue business as usual, the simplest option is likely upgrading in place. For critical applications that can’t afford downtime, deploying an updated solution alongside the outdated systems is best, so you can cut over with minimal breaks in service.
Another option is to wrap additional security measures around your Windows Server 2008 instances or your PCs running Windows 7. That will already be an additional effort, so you may as well start the heavy lifting for an upgrade.
If a specific application will stop working due to the upgrade, you can either live with the vulnerability or purchase ESU for the systems running it while you figure out how to update the app, replace it, and migrate your data. Refactoring or replacing applications is another expense and time-sink, but it must happen eventually. Just remember that if you update to the latest OS version, you’re set for practically a decade of continued support.
Finally, you can migrate your Windows Server instances to Azure. If you migrate as-is, you can apply with Microsoft to receive the entire three years of ESU for free. You may also be eligible for the Azure Hybrid Benefit, which will reduce your licensing costs for Azure VMs or SQL Instances.
For desktops, a cloud migration is not so practical. While Windows Virtual Desktop is a compelling product, VDI is not an ideal use case for every workstation.
Ultimately the decision to run with an outdated OS, upgrade, or migrate hinges on your unique risk profile. If you have a few dozen Windows 7 computers that are not connected to the external internet, the risk is much smaller. Similarly, Windows Server 2008 R2 might be running on an internal network for a specific application. If you can setup security zones and isolate your risky machines, it may be acceptable to continue running them, as long as you don’t run afoul of any industry compliance mandates.
An OS update is a great opportunity to modernize your infrastructure, however. There’s a lot of chatter over digital transformation these days. This is a perfect concrete example. New features and capabilities can really change the way you manage your IT, which in turn can help modernize your entire business. This is especially for Azure-based Windows Server deployments, which enable a whole array of IaaS and PaaS technologies that can completely revolutionize your infrastructure management processes.
It is all to easy to be paralyzed by the status quo. If you need guidance to find the best path for your remaining Windows 7 or Windows Server 2008 machines, an expert Microsoft CSP can help you strategize and execute with limited downtime or other negative impact on your users.
Green House Data consulting services provide assistance to customers to upgrade both servers and desktops. If you are interested in learning more about our per desktop upgrade pricing or our server migration experience, please contact us. We’d be happy to schedule a no-cost and no-obligation meeting to discuss your goals and objectives. We may even be able to apply for Microsoft funding to offset some of the service costs.