What is the significance of July 14, 2015? It is the end of extended support date for Windows Server 2003. This date is approaching faster than many administrators care to acknowledge, and the reality is that Windows Server 2003 just won’t be a viable operating system for production environments after that date.
As we look at the recent security breaches in banking, health care, retail, and other industries, IT shops that are still running any iteration of Windows Server 2003 should be cringing. Or planning to upgrade. Because Microsoft won’t be providing security updates to this operating system after July 14. Hackers have put this date on their calendars and are planning exploits of this older operating system.
One of the downstream impacts of end of support for the Windows Server 2003 operating system will be on environments still running on XenApp 4.5/5.0 for Windows Server 2003. Let’s face it: it was a great release, but the key word here is was—it’s twelve years old at this point. Even though Citrix has delayed the End of Extended Support to July 14, 2016, maintaining an operating system that is subject to security vulnerabilities is ripe for trouble.
Those who have been working with Citrix technologies for more than a dozen years will remember this release as the one that brought us Application Isolation and Streaming, SpeedScreen Progressive Display, and many other features. Those features pale in comparison to XenDesktop, HDX, Director, Lync support, and so much more.
A large number of IT departments still offer XenApp 4.5/5.0–based applications to users at this late date. Many CIOs and security officers don’t fully understand the vulnerabilities associated with maintaining Windows Server 2003 environments. While Citrix and other vendors are pushing IT professionals to upgrade from XenApp 6.x to 7.6, the real need is to move enterprises from XenApp 4.5/5.0 to XenApp/XenDesktop 7.6 in short order.
Why have some been reluctant to let go of XenApp 4.5/5.0 for Windows Server 2003? Aside from other projects’ being rated as more important for the past few years, support for 16-bit apps is a key reason. Because 16-bit apps don’t function within a 64-bit operating system, some administrators have had no other option than to keep Windows Server 2003 running in order to offer these apps in a multi-user fashion. While it could be argued that XenDesktop offered as virtual desktops using a 32-bit operating system should suffice, the costs and complexity associated with a migration supporting only one or two applications may not have seemed important—until now.
Planning and implementing any type of major project certainly has complexities, but the criticality of transitioning from XenApp 4.5/5.0 is increasing on a daily basis. With all of the new options available, there are a tremendous number of decisions and purchases that must be made in parallel. As the July deadline approaches, will your Citrix environment be based on an unsupported and vulnerable operating system? If the planning hasn’t already started, sadly, it might be.
89… 88… 87… before we know it, July 14, 2015, will be here.
As we saw with the end-of-life of Windows XP a significant number of people are willing to go to write up to and even beyond the end of extended support before they make the transition to a supported platform. Some of those willing to take this risk were guilty only of bad planning, others had budgetary constraints that delayed the change and other still were tied to legacy apps which would not make the transition. While it’s easy to throw stones and say that’s being tied to legacy apps this way is just another form of bad planning, it has to be acknowledged that for some, being tied to legacy applications is an inescapable reality. At least here with XenApp on Windows Server 2003 it possible to take steps to minimize the risk by fire walling the XenApp farm(s) so that only essential ports are left open and blocking all Internet access.
I find it interesting that Citrix delayed end of extended support for a year after the end of support for Windows Server 2003. Just how many XenApp customers are running business-critical applications that justify the cost of paying for XenApp support when MS have dropped support for the base OS?