As of 14th July 2015, Microsoft will finally be ending the extended support phase of the Windows Server 2003 operating system.
What the end of support from Microsoft means to customers:
Windows server 2003 having no support at all from Microsoft has several serious implications for customers still using this operating system. The first and most significant is that no more security fixes or patches to critical vulnerabilities will be released for this OS or any of its built-in roles or services. As many of our customers who already operate E-commerce sites are aware, using an unsupported edition of Windows server means that you cannot possibly be PCI-DSS compliant alongside other industry standards. These standards are not only used by the PCI council and other governing bodies, but potentially by your client(s) to ensure the environment hosting their applications and data is on a secure platform.
Bugs or functional issues in this edition of Windows can no longer be raised with Microsoft nor will it have any documentation released or updated. As it stands at the moment, should you encounter an issue with Windows Server 2003, you have various resources that are still available to you to troubleshoot a problem:
- Information on the Microsoft support website and Knowledge Base articles that are updated and created where needed.
- Access to Microsoft support on a per ticket basis should you have an issue that needs resolving as soon as possible or if you haven’t been able to resolve the issue yourself.
It is for these reasons that we are unable to continue providing Memset Managed Support for customers still using Server 2003 and we recommend all customers still using this operating system look to migrate to a newer system as soon as possible
What customers should do:
You should look to migrate applications and data to a version of Windows that is supported by Microsoft. Our recommendation at the time of writing this blog would be Windows Server 2012R2. This is the latest stable release of Windows Server and not only does it have full mainstream support from Microsoft until 2018, but it also has many built-in enhancements and new features that could be of great interest to you. I obviously won’t be able to cover them all in this blog, so I will try and focus on the most commonly used role and its improvements. In this instance that is IIS (Internet Information Services). I have mentioned just a few new features and improvements in IIS that are helping existing customers below:
Dynamic IP restrictions - In previous versions of Windows, you had IP restrictions, but this was a very static and laborious process that involved specifying IPs that would be blocked from having their requests processed by your web server. Using IIS 8.5, you can configure thresholds for a certain number of connections to your web server from the same IP address. When these thresholds are hit, a restriction is created and any future requests from that IP will receive a 403 error.
Better Logging - For years, getting the information you needed from IIS has been a bit of a tedious task and often not achievable depending on the fields that you required. Now, however, IIS 8.5 makes it very simple to log additional information to log files. For example, say you wished to log the true client IP address that has connected to your server via a proxy or a load balancer, you can simply add a custom field (X-FORWARDED-FOR) via the IIS manager console.
Automatic rebinding of renewed certificates - Thanks to a new helper mechanism in Windows Server 2012R2, you can enable a feature called ‘Certificate Rebind’. This feature essentially monitors event logs for renewal events and creates jobs in the task scheduler in Windows to rebind a new certificate to the respective site in IIS. Looking at the task scheduler jobs, this works by essentially calling “appcmd” and giving it the thumbprint of the new SSL certificate. The new certificate obviously needs to be present beforehand, but if you have SSL certificates purchased through us, this is certainly something we can do for you. Read more information about our SSL certificates and prices.
Where should I start?
There are many approaches that people can take with a migration and different businesses will give their customers different recommendations. I have, however, tried to produce a high-level migration plan that could be used below:
Find a new Windows server with the required specifications here.
Perform a thorough analysis of all software, dependencies, Windows roles and features and configuration and ensure these are compatible with the version of Windows you decide to migrate to. If you are using IIS, ensure all modules and configuration is compatible with the newer web server you will be migrating to. It is also recommended that you become familiar with the new features of IIS 8(.5) to ensure they aren’t going to be problematic. Becoming familiar with such features will also help you get better value from your Windows server. Some good resources for the new features in each respective version of IIS are below:
If customers have other Windows Roles or features they are concerned about, they are welcome to create a ticket with support and we will gladly assist further.
Ensure that all applications and dependencies are thoroughly tested with an up to date copy of your data on your new Windows server to prevent any potential compatibility issues.
This would include, but not be limited to:
Websites - IIS logging, redirects and resource usage restrictions for application pools.
Database - All local MSSQL server services, SQL server agent jobs and stored procedures.
Scheduled tasks migrated over to the Windows task scheduler.
Remote Desktop Services (previously Terminal services).
All other third party applications and bespoke development.
It is also always worth ensuring that you have up to date, fully tested backups before and after the migration process. Find more information about memset backup options.
Once thorough testing of all applications and services in use on the new Windows server has been carried out, it will be a case of finalising the migration by making the new Windows server your live environment.
This process usually involves the below:
Stopping all services (databases and sites) on the Windows 2003 server to ensure that no new data is created in this environment.
Doing a final copy of data from your old server to your new one.
Either amending DNS records to point to the new IP address that is assigned to your new Windows server, or migrating the IP addresses from your old server and binding them to the relevant services.
The majority of customers prefer migrating IP addresses for a variety of reasons, such as using services dependent on a specific IP, for example, a payment service gateway. However, it is entirely up to you which option you choose.
I hope this has been of use to you, and please feel free to contact support should you have any questions!
POSTED JANUARY 2015 BY SEAN HAYNES , IN OPS