Q: As an MSP business owner, I know Windows Server 2003 end of life (EOL) is coming up fast. The end of support is only a month away, and I haven’t heard a peep from some of my small business customers. How can I get them to take this problem seriously?
Unfortunately, the Windows Server 2003 end of life is as dramatic as it sounds. It’s literally the end of support for this Microsoft product. That’s why it’s so important for your customers to understand the consequences of running Windows Server 2003 after July 14.
That said, it’s no surprise to us that they’re not rushing to reach out to you for help yet because they’re not aware of what’s happening or things are working fine for them. Windows Server 2003 is 13 years old, but 61 percent of businesses are still running at least one instance of it within their networks. But there are a number of problems your customers face if they fail to migrate off Windows Server 2003 soon.
Paul Hanley, one of Intronis’ senior partner support engineers, knows how to deal with situations like these. Paul talks with our partners every day and understands both the needs of MSPs and their small business customers. For this reason, we asked him what problems businesses face as the date for Windows 2003 end of life approaches and what recommendations he has for everyone involved.
Here’s Paul’s advice:
What SMBs need to understand
The small businesses still running Windows Server 2003 need to understand that their computers are not going to stop working suddenly on July 15. But—and this is a huge but—they’re leaving their businesses vulnerable to a myriad of threats. Here are the three most important issues:
1. Security vulnerability
The biggest problem is that businesses that fail to migrate to a newer version of Windows Server will open the door to cybercriminals, welcoming hackers in through the front door. Microsoft’s EOL declaration means they will no longer provide any sort of security patches or critical fixes to the product. This will leave users vulnerable to attack, and Microsoft won’t be willing to help out—at least not without a hefty cost.
Of course, cybercriminals are also aware of the end of life date and are presumably readying their attacks now. With this vulnerability, small business owners need to protect the data on their network. Backing up business-critical data before the EOL date will allow customers to at least restore their information in the wake of a cyber attack.
To be safe, small businesses should reach out to their IT service providers and ask about migrating to a new server. As they help with the migration, MSPs can suggest adding cloud-based protection to their customers’ service contracts in order to have backups of their important files and folders in preparation for migration.
Another major issue for small businesses running Server 2003 is that they will no longer be compliant with numerous privacy and protection statutes, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS). Click to tweet this quote. HIPAA and other compliance standards require frequent updates to operating systems and IT infrastructure in order to conform to those standards’ technical safeguards requirements. All small businesses in the healthcare industry should understand the ramifications of being non-compliant. Hopefully, customers in these industries have already moved on to more recent OS versions.
3. Time and money
Many small businesses continue to use this legacy OS software because it continues to work well. For them, the thought of upgrading means new hardware and spending more money. You need to remind them that short-term thinking can compound costs in the long run. The cost over time of regular maintenance and upgrades is far less than the cost of compliance fines, security breaches, and lost business. It’s simply more expensive to wait.
The extra time SMBs spend patching and maintaining legacy software will add up to lost productivity and higher labor costs. So, whatever savings they chalk up on hardware, they’re losing in productivity, security, and labor.
How MSPs can help
Managed service providers are on the front lines, so you need to have a game plan for how you’ll address this issue with your customers.
1. Encourage customers to upgrade as far as they can afford
It’s best to upgrade to the most recent version. Server 2012 R2 is the latest Windows server available, but there will likely be another release in the coming months. It’s up to MSPs to discuss the pros and cons of waiting for the new release. Either way, MSPs should try to migrate their customers off of Windows Server 2003 as soon as possible.
2. Remind customers that Windows Server 2008 is only a short-term fix
Upgrading to Windows Server 2008 can be a quick-fix, but if your customer decides to migrate to Windows Server 2008, there are a few things they should know. Most importantly, as Microsoft comes out with its next release Server 2008 will be the next to go. While 2008 and 2008R2 are not scheduled to enter their end of life phases for another five years, they are already starting to show their age in terms of being able to support newer hardware like 4k sector drives and other storage technologies.
Also, in the 2008 release, Microsoft changed the way system-state backups work, saving them as VHDX files and taking a snapshot of the system at the time of the backup. What this means is that these snapshots take into account the operating system and cannot restore to dissimilar operating systems.
3. Tell customers to budget for an upgrade plan as part of their disaster recovery plan
Once customers understand the importance of maintaining infrastructure updates, you have a perfect opportunity to add an upgrade plan to their managed services contract. This plan should trigger (and budget for) a refresh on software and hardware on a set basis. For example, you can plan to update their software every two years and their hardware every three years. Of course, the number of years between upgrades will depend on the budget of each individual business.
Remind customers that this cost over time will only be a fraction of the total cost of dealing with obsolete software. By introducing this cost into their business and financial plans, they’ll save on labor costs and lost productivity in the long run.
Bottom line, it’s critical for small businesses to stay up to date on what operating systems, software, and hardware they’re using in their day-to-day operations. Using Paul’s advice, educate your customers on the threats associated with operating Windows Server 2003. But, also let them know you’re there as a partner, available and ready to help manage the migration work and everything this might impact. This is a great opportunity for MSPs to engage with their customers and reassure them that there’s still time to develop a strategy and protect their businesses.
Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.