In Part 2, we created a plan that maps out the migration from Windows Server 2003. Now we are at the point where we need to build what we designed. Notice how in all the blogs concerning decommissioning 2003 that I use the words ‘migrate’ and ‘migration’ and not upgrade? I probably should have discussed this sooner, but there is no upgrade. You cannot upgrade 32-bit Windows 2003 to 64-bit 2008 R2 or 2012 R2. No matter your plan and budget, you will need to perform a fresh install on at least one server to start the process. Also, it would be wisest to go to 2012 R2 for many reasons (particularly not having to repeat this process when 2008 reaches end-of-life). For some migration paths, you may need to install at least one 2008 server to go from 2003 to 2008 and then to 2012.
The best place to start would be a test/development environment. We know from experience that there are many smaller shops out there that do not have the budget to create a development environment. Most of them are going to rely on the expertise of their staff or outside services to get their environment from where it is now directly to an updated infrastructure without performing a lot of tests. For those environments, remember to at least do extensive planning and research beforehand to mitigate issues. For those that can build a development environment, the best way to do it is virtualization (there I go again using that word). Remember that you can make a virtual server host out of various hardware platforms. You can even install a robust hypervisor for free. To give you an example, my laptop has an extra drive that I swap instead of the DVD drive. I then manually boot to the extra hard drive where I have XenServer hosting over a dozen VMs. Is it powerful? Not really, but I can run my demo environment from it. The point is we don’t need to break the budget to make a development environment. We may not even need to touch any of the budget. If you did budget for a new virtual environment or to extend an existing one, here is where you can start utilizing that new investment. P2V (physical to Virtual) machine images of your existing infrastructure servers. From there, you can fire up a new virtual machines (VMs) housing 2012 R2 and/or 2008 R2. Once you have the test environment, take snapshots of all the VMs before making any changes. Now you can begin the process of converting your virtual infrastructure in a development environment. If you run into issues, you can utilize the snapshots to reset the environment and try again. Take detailed notes of all the steps and pay attention to any potential problems. Once you have a clear plan with detailed notes, you are less likely to run into the unexpected when updating your production environment.
So, what exactly are we testing in our development environment? There are basic services that almost every shop is going to be utilizing. Active Directory, DNS, and DHCP are the three most common services we will need to migrate to another server. The good news is that detailed directions from Microsoft and other experts can easily be found on the web. Some organizations are going to have the basics and some are going to have more services in use. For instance, some organizations may utilize Terminal Services. Migrating that to Remote Desktop Services (RDS) will be a project in itself (though a worthwhile one).
Here is an example list of services you may/will need to test:
- Basic services:
- Active Directory (AD)
- Group Policy
- Domain Naming Systems (DNS)
- Dynamic Host Configuration Protocol (DHCP)
- Extended services:
- Certificate Services and Public Key Infrastructure (PKI)
- Terminal Services
- Distributed File Services (DFS)
- Internet Information Services (IIS)
- Network Load Balancing (NLB)
Each organization is different, so they may have some or all of the items from the above list. A lot of organizations will have more to add to the list. Aside from these services that come in a Windows server, we will need to test hosted applications. This set of blogs has been pretty much focused on the Active directory side of the migration, but what about applications? If you have Exchange, SQL, or another enterprise application hosted on a 2003 server, you are going to need a separate project just to migrate those applications. This may be the opportunity to move from in-house mail services to a cloud-hosted solution like Office 365. It is possible to focus on upgrading our Active Directory infrastructure first and saving the applications hosted on 2003 servers for a later project. However, research the applications to make sure they will still function in an updated AD infrastructure. If not, that is one of those symmetrical projects you will need to have in your plan.
The next step will be implementation into production. At this point, we are ready. We have performed tests in our development environment, gained experience in the tasks, created detailed instruction sets, and realized modifications needed in our plan.
As always, I welcome your comments or questions. Please feel free to leave them below or email me directly. Also, be sure to bookmark our site for more information from Microsoft. Also, please be sure to register for our live, Microsoft event – Windows Server 2003: Security Risk and Remediation on February 18.
Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
©2015 Custom Systems Corporation