Although they are fast approaching end-of-life status, Windows Server 2008 and 2008 R2 continue to drive mission-critical functions in many organizations. The two versions of Microsoft’s workhorse server operating system facilitate a broad range of important roles, including file server, mail server, application server, Web server and print server.

It’s obviously important that those critical functions aren’t disrupted in any way, yet the risks associated with Server 2008 and 2008 R2 are likely to increase substantially when they reach end of life on Jan. 14. After that date, Microsoft will no longer provide automatic patches, updates or online technical assistance — nor will it fix any vulnerabilities discovered after that date.

For about three years, Microsoft has been urging customers to prepare to upgrade, either by updating to a newer version of Windows Server or by migrating these servers to Microsoft’s Azure cloud platform. There are plenty of stragglers, however. It’s estimated that nearly half of Microsoft’s server installed base, representing nearly 20 million servers, still runs Server 2008 and 2008 R2.

It is understandable that companies want to squeeze the last dollar of value from these systems. Migration can be a long, complicated and expensive process. As with any major OS migration, there’s also a learning curve and the potential for downtime. Nevertheless, delaying an upgrade could be a perilous decision.

A Target for Hackers

Cybercriminals are well aware of the deadline and will most certainly target Server 2008 and 2008 R2 systems to exploit unpatched vulnerabilities. Recent history illustrates the risk. Shortly after Microsoft ended mainstream support for the Windows 7 PC operating system in 2017, the WannaCry ransomware attack hit hundreds of thousands of computers in more than 200 countries. It was later found that 98 percent of those machines were running Windows 7. Computers running Windows 10 were unaffected.

In addition to the risk of cyberattack, organizations that haven’t upgraded will likely encounter hardware compatibility issues, and key business applications may become unsupported. As a result, organizations could find themselves in violation of legal and regulatory obligations.

Multiple Choices

Perhaps the simplest upgrade path is through the cloud. Microsoft has created a straightforward path to Azure, the company’s suite of cloud-based services and applications.

For organizations looking to maintain an on-premises solution, Microsoft is offering an in-place upgrade path to Windows Server 2019 — but it won’t be simple. It will require multiple upgrades, first to Server 2012, then to Server 2016 and finally to Server 2019.

It is possible to upgrade to the still-supported 2012 or 2016 versions. Of the two, Server 2016 is more attractive due to a host of cloud-like benefits. According to Microsoft, the Server 2016 architecture has been “deeply refactored” to create tight integration with the Azure cloud platform. Windows Server 2019 also makes significant chunks of the Azure code available on premises. This means developers can build applications that can run either in the data center or in the Azure public cloud.

All the upgrade choices include newer security features and ongoing support to help address evolving threats and new threat vectors. That is of critical importance given the essential services that depend on a reliable server operating system.

If you’re running Windows Server 2008 and 2008 R2 in your environment, contact ICG for help in determining the best upgrade path and developing a migration plan.