Time to Say Goodbye to Windows Server 2003 – Preparing for Migration (Part 2)

If you would like to be notified when Deb Shinder releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

If you would like to read the first part in this article series please go to Time to Say Goodbye to Windows Server 2003: Preparing for Migration (Part 1).

Introduction

In Part 1 of this article series, we looked at some of things that made Windows Server 2003 great in its day, and why (in addition to the impending lack of support and cessation of security updates) it’s time to move on now. Then we discussed the options that organizations have as they’re faced with the end of support for the OS. Finally, we talked about how “breaking it off” with Server 2003 can be costly like any divorce, but can actually have cost benefits in the long run.

Now in Part 2, we’re going to look more closely at the first migration path you might choose: maintaining the traditional datacenter model (which might or might not be supplemented by some cloud computing services) and upgrading your on-premises infrastructure to the latest, most full-featured and most secure version, Windows Server 2012 R2.

Benefits of upgrading to Windows Server 2012 R2

The first and most obvious benefit of migrating from WS2003 to WS2012R2 is security. But the security advantage goes way beyond the fact that security updates will no longer be issued for WS2003 after extended support ends in July 2015. WS2012R2 contains a plethora of security mechanisms and improvements to security in feature across the board.

AppLocker, BitLocker, biometrics, smart card support, and security auditing are just a few features that offer better security. Identity and authentication are improved, UEFI and Secure Boot protect against root kits and boot viruses, and Early Launch Anti-Malware (ELAM) gets anti-malware software into memory first, ahead of fake AV programs. DNSSEC (secure DNS) is integrated to require authoritative DNS servers to sign their responses and make DNS resolution more trustworthy. Dynamic Access Controls and Claims improve the granularity of file and folder permissions. Kerberos is improved to work across domains and forests. Group managed service accounts use a new type of security principle.

The Internet Information Server (IIS) web server component has many security improvements, as well, including in sandboxing and Dynamic IP restrictions. Password policies can be set granularly and the Fine Grained Password Policy (FGPP) feature that was introduced in WS2008 has been improved and is much easier to use. Another very important security feature is the ability to install Windows Server in server core mode, which was introduced with WS2008 and provides a minimal, more secure iteration of the OS.

For organizations that must comply with regulatory requirements, or that need top level security to protect their own interests, the security factor alone would be reason enough to upgrade from WS2003 to WS2012R2. But there are many other benefits in addition to the increased security.

If your organization is growing rapidly, or is anticipating significant growth in the future, scalability is important. WS2012 R2 offers ten times the scalability in processor support and 4 times the scalability in memory support, along with support for over 1000 active virtual machines with Hyper-V hosts and clustering support for up to 64 nodes and 4000 VMs.

Speaking of Hyper-V and virtual machines, virtualization has become the cornerstone of modern datacenter strategy for a number of reasons, including easier backup/management, reduced physical footprint, reduced hardware needs and ease of moving to new hardware. WS2012R2 allows you to migrate VMs among different hosts on different clusters or servers with no storage sharing and almost no downtime. You can isolate network traffic from different departments or customers on a shared infrastructure with Hyper-V network virtualization, and Hyper-V Replica lets you replicate VMs easily to a remote site for redundancy.

For those who prefer to use the command line interface, WS2012R2 will greatly increase your efficiency and ease of use. It supports more than 2000 PowerShell cmdlets, in contrast to only a little over 100 supported in WS2003R2. For example, there are now PowerShell cmdlets for managing the Windows Firewall and for deploying Active Directory Rights Management Services (RMS) and AD FS (Active Directory Federated Services).

Another important enterprise feature that WS2012R2 offers, which isn’t available with WS2003, is Virtual Desktop Infrastructure (VDI). It’s easy now to deploy VDI through the wizard-based setup procedures, and you have centralized management with the unified management console.

Given all of the above, it’s obvious that you can do much more with WS2012R2, and do it more securely. So why are so many organizations still running WS2003? It all comes down to a basic philosophy: “If it’s not broke, don’t fix it.” You might be well aware that a new 2014 model of your favorite car will have more bells and whistles and safety features than your old 2001 model, but the latter still gets you where you’re going so you keep on driving it – until the day it stops working. Although WS2003 won’t stop working next July, it will become much less safe to “drive.” So let’s look at how you can head off an “accident” by getting something with that nice “new OS” smell.

The four-step process

Microsoft obviously has a vested interest in helping customers to upgrade before the end-of-support date arrives. We saw what happened with Windows XP, with significant numbers of individual and businesses continuing to use the OS even after security updates were discontinued. So the company has come up with tools and processes to help make it easier.

Microsoft recommends a four-step process for migrating from WS2003 to WS2012R2:

  1. The first step is to use the Microsoft Assessment and Planning Toolkit to determine which applications you have running on WS2003. This is important for assessing which can and can’t be migrated to the new OS and which might have to be replaced.
  2. The second step is to put those applications into categories based on type, importance and degree of complexity.
  3. The third step is to target a migration destination for each application and workload. You may choose to place some applications in the datacenter and move others to the cloud.
  4. The fourth step is to create a migration plan and download the Microsoft Deployment Toolkit.

Each of these steps is far more complex than it might appear on the surface. There are a number of things that are involved in assessing and categorizing your applications. You may (probably will) need to re-architecture your infrastructure before you can deploy WS2012 and migrate your Active Directory. You’ll need to consider file servers and modern storage options. WS2012R2 offers Storage Spaces, for example, which allows you to group files together in a storage pool.

The Microsoft Assessment and Planning Toolkit (MAP)

Before you can even think about migrating, you need to know what you have now. MAP is a free tool that you can download from the Microsoft web site to inventory your current WS2003 environment and assess it for platform migration. It collects data about your hardware, operating system and software applications and doesn’t require that you install agent software on the target systems. It can help you migrate to WS2012R2, and it can help you migrate applications, for example to Office 2013 or to Office 365.

You must prepare the environment before you install the MAP toolkit. This consists of enabling WMI, configuring the System Center Configuration Manager (if you plan to use it for discovery of computers in your environment), enabling PowerShell on certain servers if you plan to collect data for tracking their usage, configure log files/audit policy to capture logon information, and configure the ports used for connecting to various servers and services. This is a detailed process that is discussed in depth in the TechNet Wiki.

There are wizards that make collecting the correct data easier. The first and most relevant to this scenario is the Inventory and Assessment Wizard. You will have to have the proper credentials for connecting to the target systems.

The inventory collection tool will report on the total number of computers discovered, inventory data and the objects collected across all the devices. Here is a screenshot of the collection status screen.

The MAP tool provides you with custom reports, including a Windows Server 2012 hardware assessment that summarizes the readiness of your servers’ hardware for a migration to Windows Server 2012. This is an important tool that will help you to determine which of your physical machines can be upgraded and which will need to be replaced or their roles consolidated in VMs on other machines.

Another important report is the Virtual Machine Discovery summary that identifies both the physical computer and the VMs that are running on each of them and includes detailed information. It works with both Hyper-V and VMware virtualization platforms.

Another useful report for our purposes is the Server Consolidation Recommendation that gives you information on how servers can be consolidated through virtualization.

You’ll also want to pay particular attention to the Legacy Windows Server Inventory Report. This report gives you the details you need about all the computers that are running Windows Server 2003 (and Windows Server 2000, if you still have those) and includes the applications that are running on each of those servers as well as their current roles.

These are only a few of the reports that MAP can generate. There are many others, some of which we’ll talk about later when we discuss the migration path to a cloud-based infrastructure utilizing Microsoft Azure.

You can find full instructions on using the MAP tool in the Wiki and the MAP Toolkit Getting Started Guide.

Summary

In this, Part 2 of our series on saying goodbye to Windows Server 2003, we talked about the four steps Microsoft recommends for migrating to Windows Server 2012 R2 and got into details about step one, using the Microsoft Assessment and Planning (MAP) tool to prepare your environment and inventory your hardware and software to provide you with the foundation information necessary to planning/re-architecting your server infrastructure.

Next time, in Part 3, we’ll continue with the process of migrating from WS2003 to WS2012 R2 within the traditional datacenter model.

If you would like to be notified when Deb Shinder releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

If you would like to read the first part in this article series please go to Time to Say Goodbye to Windows Server 2003: Preparing for Migration (Part 1).

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top