by Mary Branscombe
Mary Branscombe looks at the tools available that can help you migrate from Windows Server 2003.
HardCopy Issue: 65 | Published: February 27, 2015
You have until July 2015 to upgrade your servers, and the software that’s running on them, before Windows Server 2003 stops being supported.
If you’re still running a version of Windows Server that’s a decade old, then you’ve either forgotten you have it, or you’re using it because of the software that you’ve got running on it. So when it comes to migrating off Windows Server 2003 to something that’s still supported and still gets its security vulnerabilities patched, it’s not the OS migration itself that’s your big problem – although you do have decisions to take about how to do it, because there’s no easy upgrade path to a modern version of Windows Server. Your big problems are going to be with the applications that are the reason you run a server in the first place.
That’s where the real work lies, but thankfully there are tools to help. And just as important, it does give you an opportunity to evaluate what server software you have, how much of it you want to keep, and what you can replace with new tools or cloud services.
Tim Loake of Dell UK estimates that between 10 and 20 million servers worldwide are still running Windows Server 2003.
“Many businesses have Windows Server 2003 and they don’t know what they have,” warns Scott Woodgate of Microsoft’s Cloud and Enterprise division. “Server projects get put in a data centre or under a desk and nobody spends a lot of time looking at the server as long as it’s running properly. Discovering what you have is key. You need to inventory all your servers and discover what the workloads are that you need to migrate. Am I using it for a file server, for remote desktop, for a database server, for Active Directory? With that information, you can then take action.”
The free Microsoft Assessment and Planning Toolkit, MAP, is a good place to start. It doesn’t need you to install agents on the servers it inventories, and as well as delivering a detailed report showing you what systems you have and how ready they are for migration, it can also create canned reports to show to managers and executives, explaining what needs to be done.
MAP has tools for discovering a range of systems. It can create a detailed report showing how many Windows Server 2003 instances you are running, what applications are running on them and how many databases are attached. This last bit matters because SQL Server 2005 comes out of extended support in April 2016, and it makes little sense to migrate to a new version of Windows Server and then carry out a separate database migration.
Microsoft System Center can do the same discovery and inventory for you, as can third party tools which may provide more details. Dell’s ChangeAuditor can tell you which of your applications rely on a connection to Active Directory, so you know what’s going to be affected if you’re migrating a Windows Server 2003 domain controller. It will also help you find which administrators are logging into each server instance, in case you need to track down who is responsible for servers you didn’t previously know about.
And when it comes to server applications, Dell boasts that its Asset Manager Discovery Edition can identify and categorise over 85 per cent of software you have running (based on the 300,000 different software packages in the Asset Manager database). It can also track usage of applications so you can isolate installations that you might not need to migrate because no-one is actually using them. You can run Asset Manager directly from System Center Configuration Manager or from Symantec Altiris. You can even run it from a Windows Server 2003 SP1 system with SQL Server 2005, if that’s all you have in your environment.
That kind of categorisation is crucial, because once you have the list of Windows Server systems and the details of what’s running on them you have to decide what you’re actually going to do with them. Discovery is as far as many customers that Microsofts’ Woodgate has talked to have got, but time is running out and you need to start making decisions and setting priorities.
It’s rarely as simple as running Microsoft’s free Windows Server Migration Tools. That’s better than exporting and importing your DHCP database and moving the domain controller IP address manually, but it will only take you from Windows Server 2003 SP2 to Server 2008 R2, which you have to have running before you can even install the Migration Tools.
At this stage it makes far more sense to go to at least Windows Server 2012, but the choices you need to make involve a lot more than new server hardware and a new version of Windows Server – and unless you’re running Windows Server 2003 on server hardware that you bought recently, you’re going to need new hardware. You might choose to move some roles to the cloud as virtual machines, use PaaS (Platform as a service) for others and replace some applications with cloud SaaS (Software as a Service) subscriptions. It all depends on what you’ve got and what you need to do with it, and where you move your workloads determines which tools can help with the move.
Microsoft has a handy online guide in the Windows Server 2003 Migration Planning Assistant which shows you the options for specific server roles, off-the-shelf applications from Microsoft and third parties, and custom built applications.
File servers are relatively easy to migrate. Although it’s easy enough to use XCOPY, or just transfer drives to new server hardware running a more recent version of Windows Server, a tool like Dell SecureCopy can be useful. This makes sure files retain the correct securities, permissions, shared folder rules and local group configurations when you copy them, and it can override warnings concerning locked files. If your file servers are managed through Active Directory for group permissions and access then Dell Migration Manager for Active Directory and File Servers can help you manage the migration.
But it’s increasingly likely that employees will need to be able to share files, so you may want to consider OneDrive for Business, either through Office 365 or an on-premises installation of SharePoint, instead of just a newer file server. If you’re going to the trouble of migrating, you might as well switch to something that gives you new features and more opportunities, rather than just getting away from the security and compliance problems involved in sticking with Windows Server 2003.
When it comes to SQL Server you can upgrade to a supported version, and if your databases are straightforward you can back those up from your current version and restore them onto a new version of SQL Server using the built-in tools. But custom applications written in SQL Server are going to need a different plan.
If you have an old, custom database application built internally by someone who is no longer with the company then you may no longer have access to the source code, or even the installer. You also have to consider how much technology and business needs have moved on in the last decade. Not only were smartphones rare a decade ago, they were also far less capable. If you want a reminder of how technology has moved on, the hardware specification for Windows Server 2003 isn’t far off the hardware specification for a high-end smartphone today. Instead of just porting an existing custom application to a newer version of SQL Server, look at how you can rewrite it to offer additional functionality that will be useful to the business, like remote access and support for mobile devices.
Into the cloud
If you’re rewriting an application anyway, you also have an opportunity to remove some of your in-house infrastructure. Look at PaaS services such as SQL Azure which offers ever more compatibility with SQL Server 2014, without you having to run a database server of your own.
Similarly, there are workloads such as Exchange that you could migrate to a new server with a new version of Windows Server and Exchange – either using the built-in migration options or a tool like Dell’s Exchange Migration Manager. However there are other options that may be more worthwhile. This is especially true if you’re running Small Business Server 2003 with its built-in Exchange as the upgrade path is to Windows Server Essentials and Exchange Server, which is quite a jump.
But if you’re running a ten-year old version of Exchange on a ten-year old server, then hosting even an upgraded mail server on premise is unlikely to be the best solution. It probably makes more sense to switch to Office 365 and let someone else worry about running the installation while you use those resources to tackle other applications.
Office 365 comes with a range of tools to help you carry out a simple migration by synchronising your Active Directory and copying mailboxes, ranging from graphical tools to PowerShell commandlets, but there are plenty of third-party alternatives. Microsoft partners can offer services such as SkyKick, which can collect mailboxes from PST files and even from ISP mail systems using POP and IMAP, as well as transferring files to SharePoint. Alternatively Dell offers Migration Manager Tools for Office 365 which allows you to move from SharePoint and Notes as well as Exchange, and can help you move some older applications into their cloud equivalents, converting inboxes and files to new formats while retaining user accounts, permissions and status.
For Active Directory, the migration is likely to be far more complex because there have been so many changes since 2003. Yes, tools like Dell Migration Manager for Active Directory can move you off a Windows Server 2003 domain controller, though you’ll need at least Windows Server 2008 SP1 to run it on, and it can keep resources like printers and file servers available to users during the migration, as well as restructuring your AD along the way. But if you’ve skipped four or five versions of Windows Server, your AD configuration may not be suitable for the setup you’re migrating to.
That’s especially true if you’re replacing some of your server workloads with cloud services, or you’re using new Windows Server 2012 R2 features like Dynamic Access Control which lets you assign access based not just on group membership but on any attribute in AD, so as soon as someone’s job title changes they get access to the folders they need to use – and not to those they’re no longer supposed to see.
Even if you’re not wanting to use more sophisticated features, if your Active Directory setup is a decade old it’s likely that it no longer matches the way the business is organised. This is a good opportunity to update, extend or consolidate it, instead of just moving it onto a new server. At the very least, run a tool like Dell Enterprise Reporter that tells you how many accounts and groups are in your AD, which accounts are inactive and which groups are duplicates or have no members. If you clean up your AD by hand, make sure you have access to a tombstone recovery tool like Dell Recovery Manager for Active Directory in case you need to restore users or groups that turn out to be more important than you realised.
AD migration can become complicated so be prepared to invest time and resources, or to pay for someone with the relevant expertise, because this is far from the automated or incremental upgrade it would have been if you’d stayed current with Windows Server.
If you’re migrating from SBS 2003 then you may not want to get into the complexities of running your own Active Directory domain controller. Office 365 may give you enough user management features to avoid on premise AD, especially if you also use Azure Active Directory Professional, which includes everything from self-service password reset to single sign-on for cloud services like Salesforce.
Larger businesses will need to keep AD on-premise, but you can replicate that to Azure AD and do more of your management there. This becomes increasingly relevant for when Windows 10 arrives, as this will allow client PCs to authenticate directly against not only on-premise AD but also Azure Active Directory. Microsoft offers free tools like DirSync and the Active Directory Migration Tool. The Azure Active Directory Connect wizard can guide you through the steps involved in connecting a single AD to Azure AD, but it doesn’t yet support multiple forests and directories. So again, if your Active Directory is complex, you’ll need to make sorting out your migration strategy a priority.
Rewriting and replacing
Some third-party applications will run happily on a newer version of Windows Server, or you may be able to upgrade to a version that runs on a newer release of Windows Server. The same might be true of any custom applications you’ve written, but you’re probably going to have to revise or completely rebuild them. Again, this is an opportunity. For example, it’s an opportunity to create mobile versions so that employees can be productive on more devices and in more places. Or, given how much software has moved on in the last decade, you might find there’s a third-party application or a cloud service that can do a better job. Do you really need a custom contact management system when you could switch to Salesforce?
The hardest part of your migration may be deciding what to do about third-party apps from ISVs who haven’t released a new version in a decade and may no longer be in business. You can’t simply take a virtual machine of your Windows Server 2003 system with your third party app and run that on a newer version of Windows Server as it still won’t get patches and security fixes, so it will become increasingly vulnerable as security flaws are unearthed in other versions of Windows Server that affect 2003 as well. Cloud won’t help you here: you can put your virtual machines in a cloud hosted environment once you’ve migrated to a new OS and new applications, but it doesn’t do away with the need to migrate.
But you also can’t rip out a tool that you rely on for key business processes without having something to replace it with. In a few rare cases, where the app is irreplaceable because it’s controlling hardware you can’t replace, especially for embedded systems, you may be able to air gap the server (physically isolate it from the rest of the network), but you need to know the risks you’re running by doing this. “Denial is not the solution,” warns Woodgate. “It’s not possible for a customer or a third party to fix inherent flaws in Windows once we stop patching it.”
If you haven’t looked at your servers in a while, you may be surprised to discover what they’re running. You may have experimental systems that have ended up running critical business services and badly need upgrading, expanding and supporting, or systems once specified as mission critical business tools that aren’t getting used much anymore, but are still taking up dedicated resources.
Dell ChangeBASE includes a copy of Asset Manager Discovery Edition which can find applications or import a list from System Center. Once found it tests them for compatibility with Windows Server 2008 R2 and 2012 and for their ability to run virtualised. It can also remediate some compatibility issues using manifests, runtimes and shims.
Because every business is different, automated tools can only help you identify what software you’re running, whether you can migrate it, and what it’ll run on. You also need to identify who owns the workloads and applications that you find, what type of application they are (server roles like RDS, software from Microsoft and third parties, or custom applications), who uses them and how important they are. Are the applications business critical, widely used or required for compliance, or are they rarely used and duplicating something you could do in a standard application or a cloud service? How complex will the migration be and what are the risk and dependencies? If you find important applications with migrations that don’t have much risk or complexity, then prioritise them. Conversely, applications that would be complex to migrate but are barely used can be replaced or retired.
At this late stage, you may also need to put some effort into getting buy-in from the business. “You can’t just say we need to upgrade to the latest versions of Windows Server,” cautions Woodgate. “No-one will care. But if you say ‘I can enable a mobile application that will be an interface that gives us reach across North America as well as our European customers, do you want to invest in helping with this opportunity?’ it’s far easier to justify that you need to do this work.”
Which means that tools like MAP and Dell’s Asset Manager Discovery Edition and Enterprise Reporter are useful long before you start your migration. Use them to find out what you need to deal with and how long it will take, then build a plan that concentrates on the opportunities for innovation during your migration. Even if you have a simple set-up, check out the migration tools available because they’ll still save time and money.