Are you ready for Windows Server 2012 End of Life?
Looking ahead to the end of Windows Server 2012 and beyond
End of Life planning
In just over 18 months’ time, on 10 October 2023, Windows Server 2012 will reach the end of its 10-year product lifespan. Reaching End of Life (EOL) doesn’t mean a product will simply stop working on that date – organisations using Server 2012 could continue to use it for years to come. However, using products beyond their EOL date can create serious risks.
The Windows Server line of operating systems[i] has long been invaluable for many businesses. But Server 2012 represented an historic advance for internet-based infrastructure: it was the first server operating system to integrate extensive cloud functionality. Most enterprises using Server 2012 are computer software and IT-oriented businesses, but the OS sees significant use across all areas. Small- and medium-sized enterprises (SMEs) are the primary users of Server 2012, with approximately 70% of its customer-base being SMEs.[ii]
Server 2012 is by no means the first operating system to go EOL, but with tens of thousands of organisations throughout the world still using Server 2012, and the paradigm-shift it represented ten years ago, the end of Microsoft’s Extended Support period will send ripples throughout the IT ecosphere. Even businesses that don’t use a Windows Server product need to account for the upcoming EOL date ‒ it’s likely that a partner, client or service provider does use Server 2012. Poor EOL planning at any point could cause severe supply chain disruption.
Effective EOL planning requires organisations to have an active knowledge of all operation-critical products and their EOL dates. Each business must evaluate its options for replacing the EOL product. The supply chain should also be examined as thoroughly as possible, to prepare for any disruption to partner organisations caused by EOL transitions. Perhaps most importantly, robust failsafe planning and disaster mitigation should be put in place to account for loss of functionality during the EOL period.
Mapping the road ahead
One of the most effective planning strategies for any IT manager is the IT roadmap. The consumer sphere has been gaining awareness of roadmaps in recent years with the growth of service-based software lifecycles, but the roadmap has long been an under-appreciated part of internal business planning. Roadmaps provide a flexible and accessible means of long-term planning and allow management to coordinate the different arms of the organisation with minimal disruption.
This requires commitment, work and cooperation to be effective. Creating an effective IT roadmap is like solving an intricate puzzle, and it needs every division of the business to be prepared to coordinate around significant events. EOL dates, changes in regulation, new technology and marketplace fluctuations will all affect the roadmap, and it must account for the whole process of every internal response to external changes. When a roadmap works and is well-maintained by the business, it improves day-to-day productivity and allows the enterprise to meet EOL dates and any other obstacles well-prepared.[iii]
The benefits of IT roadmaps are extensive, but so are the challenges. OGL has experience maximising the benefits and overcoming the challenges. By using a long-term roadmap strategy, OGL was able to assist Motivair [should this be a link to the case study?] to modernise and future-proof its IT infrastructure for years to come. Creating this roadmap required the depth of expertise and dedicated work that could only come from third-party industry experts like OGL, who were able to ask questions about the business’ future that less dedicated service providers weren’t asking.[iv]
After the end
Updating or replacing any business-critical product that hits EOL is daunting and usually costly. If the transition is made haphazardly or without thorough planning, it can severely disrupt business operations in the short-term and lead to serious problems further down the road. Any IT manager or executive could be forgiven for taking a ‘don’t fix what isn’t broken’ attitude at first glance.
However, simply letting things drift is guaranteed to cause critical problems sooner or later. With Server 2012, these would likely revolve around:
No further security updates for WS2012 at all. After EOL, Microsoft will no longer be offering patches or updates, even if new critical security vulnerabilities are found. Any newly discovered vulnerability is, and will remain, a zero-day vulnerability. Hackers will specifically target organisations running vulnerable EOL products, which will have become easy targets.[v] This often involves making automated scripts to scan for such outdated server operating systems, and we know that no business is too small to be a target or to be affected by supply-chain disruptions.[vi]
No technical support for critical errors. During the first five years of a Windows Server product’s lifecycle – the Mainstream Support phase - Microsoft continually release updates that include new features, service packs, fixes and patches.
During Extended Support, up to ten years after the initial release, the product is no longer the focus of the Microsoft team and new products are likely to have launched which supersede it. Only critical security updates and patches will be developed by Microsoft. So, if an EOL product encounters a critical flaw, the business cannot count on Microsoft to fix it.[vii]
Incompatible software. Even though an EOL product may still be technically functional, new products and services will no longer be developed to be compatible with it. This can severely limit an enterprise’s options and ability to respond to market changes going forward.
Compliance issues. The PCI DSS requires businesses to “Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed.” GDPR, and other privacy regulations, require businesses to take reasonable efforts to secure personal data. It’s also a key criterion of the Government-backed Cyber Essentials certification to have operating systems (and also software, devices and apps) that have their vulnerabilities patched. As EOL products are known to be significant security risks, a business that fails to find an adequate replacement and then suffers a security breach is likely to be deemed negligent and penalised heavily by privacy regulations.
Windows 2012 and moving forward
This leaves no doubt that an impending End of Life date is not something an enterprise can afford to ignore, but it’s easy to feel completely lost at sea – especially if the business’ server solution is something that has ‘just worked’ for years. Moving on from Server 2012 or any other EOL product leaves IT management with a much more complex task than just updating to the next server iteration.
One option in the short-term is to update to Windows Server 2016, but this option has already ended Mainstream Support as of January 2022. Windows Server 2019 is another option which still has a few years of Mainstream Support remaining, but Microsoft has now released Server 2022. This could be the best long-term, on-premise investment, but as the newest offering it’s likely to have the steepest up-front cost and the biggest learning curve for a business accustomed to Server 2012. Of course, due consideration should also be given to replacing Windows 2012 Server with cloud-based technologies such as Microsoft Azure and Microsoft 365.
An IT leader faced with an upcoming EOL must consider what the business response should be – how to implement that response, mitigate risks, choose which product or service to go with, how it’s going to affect the running of the business and the staff, and how to limit damage in any worst-case scenario, all while juggling the usual IT tasks, advising other departments and dealing with technology issues.
An IT roadmap is the best solution but creating and maintaining a comprehensive and well-planned roadmap while trying to keep a handle on so many other aspects of running the IT department is a tall order. An outsourced IT consultancy service offers a way for a business of any size to streamline the process of preparing for, and traversing, an EOL date. But not just any IT contractor will do. Effective EOL planning requires an in-depth knowledge of a business’ work culture and unique needs, as well as extensive industry experience. Only the close working relationship that OGL builds with all its partner companies, combined with world-class IT experience and knowledge can offer the kind of bespoke, detailed planning and road mapping that will keep an enterprise ahead of the curve for years to come.[viii]
Download our Windows Server 2021 End of Life Guide
Want a PDF version of this article?
This downloadable PDF contains everything you need to know regarding the soon to be EOL product as well as what to expect and how to prepare.
If you need to consider your options in preparation for Server 2012 going end-of-life in October 2023, we'd love to hear from you: