Server OS upgrades are a pain. They’re necessary, and there is a very real reason to do them…but that doesn’t make them any less painful.
How are yours going? Not great? Still trying to smash that last 2003 server into oblivion? Still have some 2008 R2s hanging around that you just aren’t that worried about? Well, it’s time for a bit of perspective. You should already be upgrading off of 2016!
First, what even are our targets on support? If you’ve read our other blogs on the topic, you can skip the following paragraph.
Microsoft has for many years done a 5+5 support cycle. Essentially this means that when they release a new product, they give it mainstream support for five years. This means any bugs/issues/problems found in the product will be dealt with to their best efforts. Following mainstream support is extended support which essentially just gives you security updates. Any other updates, like say, the US Government moving daylight savings time, you will not get unless you are paying for a special extended support. There is technically support after that if you’re paying for Extended Security Updates, but 1. you probably aren’t, and 2. it’s still just security updates.
This means, in short, we have (at best) 10 years of support on an OS, but full support is five years. To put that into perspective….
That Windows Server 2003/R2 machine actually got extra extended support, but it’s still six years past extended support. And let’s think about this — it’s an 18-YEAR-OLD OPERATING SYSTEM. We are now as far away from 2003 coming out as 2003 was from Windows 1.0’s release. Windows 2003 is old enough to serve in the military (I’d put money on the probability that it actually IS still serving in the military).
Windows Server 2008/R2 is not so bad; the end of its extended support was 15 months ago. Even still, that’s a 13-year-old operating system.
Here’s the part that’s going to start hurting. Windows Server 2012/R2 is already in extended support, and only has two years left in extended. That’s right. You’ve only got two years to get off of 2012 before you lose all security updates. And it’s not like there are many security issues in IT lately….
Now it’s time for the buried lede. Windows Server 2016 goes end of mainstream support January of 2022. We’re going to be getting security updates only for 2016 in less than a year (of this writing). And let’s be clear what security means: it means the only worst, most exploitable problems get patched because they make the news. We aren’t talking security in terms of adding new encryption methodologies, etc. The end of extended support for 2016 is not until 2027, but think about how long it’s taken to get off those 2003/2008 boxes. You might want to start planning now.
Oh, and your Exchange 2013 server? That’s only got two years of support left, and your 2016 is already in extended support. Not that Exchange security patches have been a huge issue, right? You can upgrade to Exchange Server 2019 or look into Exchange Online (Microsoft would MUCH prefer that, and there have been rumors of Microsoft eliminating easy ways to get on-premises Exchange in future releases.)