From the President & CEO of AppZero - The Inventor of the ESB

Greg O'Connor

Subscribe to Greg O'Connor: eMailAlertsEmail Alerts
Get Greg O'Connor: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Microsoft Developer

Blog Post

Windows Server 2003 - I'm Late, I'm Late, for a Very Important Date! | @CloudExpo #Cloud

With zero time left, many enterprises have chosen to delay remediating or migrating

Windows Server 2003 End of Support is here and there is little most enterprises can do at this point to change the fact that they are now dependent on an unsupported operating system. Here we are at Microsoft's World Wide Partner Conference again, muttering "I'm late, I'm late," just like the herald-like white rabbit of Lewis Carroll's Alice's Adventures in Wonderland, (We have a cool White Rabbit twitter campaign going this week - check it out) except that we cannot manipulate time. This is the event where, last year, there were many sessions highlighting processes, tools and partner ecosystem to help companies migrate off of Windows Server 2003. Analysts, the media and Microsoft were talking in terms of close to 20 million machines in production still running Windows Server 2003. Back then, the opportunity was characterized as a Y2K situation that would result in as much as 45 billion dollars spent helping to remediate this event.

In the past year, there have been thousands of articles, blogs and other content aimed at educating the market. Check out our blog series, "Everything You Ever Wanted to Know about Windows Server 2003 Migration." For most companies, the deciding equation to move or not boiled down to assessing the risk of running on an unsupported OS increasingly vulnerable to security attacks or paying to remediate the risk. The key question: Do I pay $2,000, $3,000, $4,000 or more to migrate, or can I isolate my apps from bad things, not get hurt and save the money?

With zero time left, many enterprises have chosen to delay remediating or migrating. Historically, risk and negative outcomes are hard for most people and organizations to quantify (one of the reasons the insurance industry is so big and profitable). In the financial collapse of 2008 few if any financial institutions (okay, maybe Goldman Sachs) understood the risk of being involved in the US mortgage market. A good question: What is the cost of breach or an attack on those machines running Windows Server 2003? They have been running fine for years. We now know there is much evidence that applications running on older operating systems have high amounts of downtime, costing the business unplanned time and money. But as Alice articulates: "I went along my merry way, and I never stopped to reason. I should have known there'd be a price to pay, someday..."

There are a couple forms of delay that we see happening among customers attempting to lower the security risk of Windows Server 2003. First, many large enterprises just kick the can down the road by writing a check to Microsoft for extended support via a Custom Support Agreement (CSA). There are a few things you have to do to qualify; and this route is expensive and does not address the underlying problem. It does get you support and patches during the term of the agreement. A material risk in this approach is that organizations with a large number of machines, 5,000-10,000 or more, will not be able to remediate that many applications before the CSA expires. The amount of disruption in an organization necessary to solve this problem is very large and change management processes will slow the move.

A second approach is to isolate the machines that will have this increased venerability by adding a security layer and/or moving them to the cloud. This is likely a feel good approach and obscures the risk but does not solve the underlying problem. Who validates and protects the isolation approach? What happens when the isolation layer is flawed? It is understandable that some organizations adopt this approach as a stopgap measure. They are trying to buy time to address the core of the problem.

We've been working closely with more than 100 system integrators on the Windows Server 2003 challenge, companies that specialize in helping customers modernize, consolidate, relocate or move mission critical applications and have a deep understanding of what the enterprise is experiencing when it comes to Windows Server 2003 EOS. AppZero conducts an annual "State of Readiness for Windows Server 2003 End of Support" survey, now in its third year, as well as frequent polling surveys, including a most recent update conducted on June 18.

The headline from this polling survey, "Customers Didn't Budget for Windows Server 2003 End of Support," shows just how far down the rabbit hole customers are. When asked the about the timing of projects, more than two thirds of our partners see projects as yet to start or in early definition/planning phases.

More Stories By Greg O'Connor

Greg O'Connor is President & CEO of AppZero. Pioneering the Virtual Application Appliance approach to simplifying application-lifecycle management, he is responsible for translating Appzero's vision into strategic business objectives and financial results.

O'Connor has over 25 years of management and technical experience in the computer industry. He was founder and president of Sonic Software, acquired in 2005 by Progress Software (PRGS). There he grew the company from concept to over $40 million in revenue.

At Sonic, he evangelized and created the Enterprise Service Bus (ESB) product category, which is generally accepted today as the foundation for Service Oriented Architecture (SOA). Follow him on Twitter @gregoryjoconnor.