The Challenge: Understand, Manage, Plan
14th July 2015, has become a very significant date for IT organisations as it marks the end of Microsoft Extended Support of Windows 2003 Server. With an estimated ten million instances of Windows 2003 still in operation globally the risks are many. Clearly this end date of Extended Support will not cause Windows 2003 servers to fail overnight. It is unlikely to represent a decline in productivity in the immediate
term and the data residing on the discs of those systems is not simply going to disappear. However, this does mean no further access to Microsoft technical support, no security patches and no product hotfixes. We know, as an industry, from past experience that systems running unsupported and unpatched operating systems are more likely to become a target for attack; a vulnerable part of the infrastructure.
The adjacent risk when considering the age of Windows 2003 Server, mainstream support for which ended in 2010, is the likelihood that the server hardware on which those systems reside is now considerably more than five years old. In most instances hardware maintenance contracts expire, become unrenwable or extremely expensive to extend beyond that five year period. Thus the risk of failure and therefore of significant data loss is increased significantly. Part of the thought process around migration from Windows 2003 has to consider the underlying hardware, both primary and secondary storage as well as the means for moving between the two. Throughout the transition from Windows 2003 in which we run upgrade projects specifically to update the infrastructure, data and application availability should be a core concern, prior to, during and following the transition.
The intention of this document is three-fold:
What Are The Options?
Option One. Firstly you could do nothing; change nothing. Windows 2003, for the likely present risk, remains a viable and reliable operating system and remains one of the most widely adopted Microsoft platforms. Whilst they might be considered as edge cases, there will doubtless be applications which, either due to their custom nature, or due to a need to run a particular version of an application, will require the server operating system to progress no higher than Windows 2003. In those instances it is likely that the operating system is well known and although technical support may be inaccessible from a Microsoft perspective, help will be on hand from the user and partner communities. The significant risk in this instance is likely to be the lack of security patches. Symantec's perspective on the approach to this challenge would be multi-faceted ensuring not only that all endpoints and gateways are secured appropriately but also that the opportunity to install additional code on those systems is totally limited - locking down the operating system to prevent unrestricted installations.
This is a time of opportunity. For the majority of organisations still using Windows 2003 Server, it is a time of disruption, yet since the heyday of Windows 2003 the IT industry has moved on a great deal. The change that is forced upon so many organisations will become a transition point, an opportunity to embrace new technologies, to drive down cost, increase productivity and for IT to contribute to driving the core competency of the business, rather than being simply a 'have-to-have.'
Option Two. For many this involves what looks like a straight upgrade. Hardware replacement with the intention of running one server operating system per physical server. Whilst the increased performance and scalability of Windows 2012 is likely to enable some consolidation of systems, particularly in orgnisations with multiple small remote offices, and in small businesses with limited hardware need, a like-for-like upgrade will make most sense. Consideration of hardware replacement is also going to be driven by the OEM nature of many Windows licenses; intrinsically tied to the hardware, the end of the hardware meaning the end of the license entitlement. In the case of hardware replacement the ability to protect data and applications on the existing system as well as the new system is important. A short period running systems in parallel is likely and realistic. With industry analysts agreeing that in excess of 60% of data within organisations is 'unstructured' the ability to protect quickly, frequently and reliably as well as the ability to restore to the new chosen platform from a single management platform will save time, money and effort as well as limiting the chances of data loss.
Option Three. Virtual consolidation will be the favoured option for many. The cost and management benefits of server virtualisation itself are well documented and understandably attractive. (The abstraction layer of virtualisation does incur some additional complexity as well though, not least a new skill-set.) In the past year it has been recognised that demand for infrastructure skills is out-stripping supply which poses IT departments with a further challenge. It is also more than likely that in the transformation to virtual replacement hardware will also be a sizable consideration with many Windows 2003 servers running on 32-bit hardware. Changes to server hardware, virtualisation and operating system considerations all in one hit. As noted earlier, however, a time of opportunity. Whether the ultimate aim is to migrate some of the majority of existing physical systems into a new virtual infrastructure, management of data and recoverability of the same will be paramount. The flexibility to protect not only across virtual and physical but also across old and new operating systems will prove invaluable.
Option Four. Lastly is the migration of production servers to the cloud. Whilst, like server virtualisation this has the potential to lower cost and complexity is also raises new risks. Risks, which in many cases are nothing more than perceived, but risks none-the-less. Whilst recent media stories have concentrated on national security organisations, political demands and wider undisclosed security threats to data, and therefore to servers in the cloud, perhaps the more pertinent concern for the longer term strategy is to consider the viability and long-term profitability of cloud storage hosting. Hosting a secondary copy of data in the cloud avoids some of the latter risks that might be of concern when considering the longevity of a cloud storage provider. Moving primary production systems and primary data to the cloud requires additional means to mitigate that risk. Servers in the cloud need not be entirely self-contained and perhaps the concept of recoverability from a physical location becomes the answer. Primary servers and storage in the cloud, with a recoverable, secondary copy of data – the backup - located on company premises.
Whichever of the above options is the right choice for your organisation, there is one constant throughout: data is priority one. Risk in a static Windows 2003 infrastructure is largely understood in the immediate term, likewise in a post-migration infrastructure. However the migration process itself brings intrinsic risk; potential migration failure, system outage an so on. When we consider data as priority one, the key is to ensure that data is captured as frequently as possible and available for restore as quickly as possible. In both scenarios this should be across virtual, physical, old platforms and new. Breadth of platform and application support is critical. The important question to ask throughout is: "do your backup and recovery product and process support what you have today and what you will move to tomorrow?"
Data Is Priority One
In considering data as the first priority, particularly during a time of transformation or migration there are four key recoverability considerations to take into account when planning for backup and recovery product and process:
Meet Recovery Point and Time Objectives
Look for ease of use. Is the experience for backup and recovery the same across all platforms and applications whether operating in a physical or virtual infrastructure - or both concurrently? Unified platform support enables centralised monitoring and management to reduce the amount of time spent "doing backup" especially moving through a migration process.
Minimising storage cost and maximizing network utilisation helps to lower the over all cost of storing and managing data. Integrated deduplication is key. The benefit derived will be magnified by an ability to deduplicate across platforms and hypervisors, across all servers rather than reducing data per server. File system archiving has the potential to limit the amount of data to be migrated and makes whole server recovery much more efficient.
Deduplication and archiving reduce the 'weight' of data to be protected and therefore recovered. Performance enhancements to take advantage of newer operating systems are equally important. Backup Exec has seen restore testing improvements of as much as 184%1 relative to previous versions of the product. Thinking about migration risk as well as migration between physical and virtual, this performance will pay benefits.
Recover Confidently and Consistently Today and Tomorrow.
During a time of change as discussed here, frequency of data protection will directly impact recoverability and avoidance of data loss. Just as in the case of recovery, backup performance in Backup Exec has been greatly increased both in physical architectures and even more so in virtual infrastructures. When combined with data reduction technologies discussed above this combination becomes an enabler for more frequent backups to be taken reducing the risk of data loss as business continues through migration.
Should an issue arise, particularly when moving to new hardware the last line of defence tends to be the disaster recovery (DR) plan. It is imperative that it includes product, process and people. The first is easily dealt with by understanding in-built DR capabilities within the backup product. Simplified Disaster Recovery (SDR) is included in Backup Exec and enables the data required for bare metal DR to be collected whenever a backup runs. The ability to test restore on new platforms is enabled. DR testing throughout is highly recommended but all too often, forgotten about.
It should come as no surprise that backup is only performed to achieve successful restore of systems, applications and primarily, data. Recoverability as discussed above should be possible across platforms, between hyper-visor technologies to enable future change, and at a granular level. Is the experience of restoring a text file from a physical server the same as that of recovering an email hosted in Exchange inside a virtual machine? It should be. The same is true of target devices: tape, disc, network-based, public and private cloud. The recoverability should be direct, the process familiar.
Mitigate Transformation Risk Whatever Your Choice
Rapidly clone test and pre-production environments as they change to maintain development work in case of failure. Strong planning and timely execution is critical to a successful transformation. Capturing changes not only protects progress but also mitigates the risk around needing to roll-back against incompatibility or performance issues.
Particularly as a consequence of increasing virtual server deployments the opportunity to test application upgrades and migrated systems makes the validation part of the migration process a great deal simpler and quicker. This is, again, another part of the transformation that can be performed through existing backup and recovery capabilities when using Backup Exec.
With frequently captured changes throughout the build process and validation testing in a virtual preproduction environment, deployment of approved systems is further simplified. Backup Exec delivers the ability to dynamically restore virtual test environments to production virtual or physical servers all the time minimizing time and complexity.
Guarantee Visibility into Data Across New and Existing Platforms
Visibility into data delivers clarity and potential process savings prior to migration; greater productivity and lower data loss once are gained once migration is complete. The likelihood of data loss as a result of 'recovering too much data' is preventable with Granular Recovery Technology across hyper-visors, applications and unstructured data. Time to recover is reduced allowing the recovery of exactly what is needed, when it is needed.
Tight integration with platforms, both physical and virtual drives reliability and greater levels of integration. In the case of VMware specifically Backup Exec can be viewed within the hyper-visor console for an integrated monitoring experience. Migration away from Windows 2003 is one step in an on-going journey. The benefits of partnerships that Symantec holds with other parts of the infrastructure deliver clear implementation benefit.
With greater visibility comes the ability to better manage the risks prior to, during and following migration. Manage successfully with complete data protection across physical, virtual and cloud. Manage storage resource costs and utilisation with deduplication and archiving. Manage licensing costs with an all-inclusive licensing meter to take account of the whole infrastructure - different platforms, applications and multiple sites.
Got It. So What Do I Do Now?
Three aims of this paper:
Details correct at time of original writing, December 2014
1 Symantec Internal Testing, January 2014