Windows 7 and Windows Server 2008 support ends. What to do?

A great event awaits us early next year (January 14, 2020), at least for me. Microsoft will officially discontinue supporting part of their products. Then updates (bug fixes) will no longer be available (see next chapters). This concerns:

• Windows 7
• Windows Server 2008
• Windows Server 2008 R2
• Windows Small Business Server 2011
• Windows Home Server 2011
• Exchange 2010
• Office 2010

These are products that came out shortly before I started my business. And they are still commonly used. I have a somewhat emotional relationship with them. 😊 For example, Windows 7 was a super desktop operating system, fast and stable. Until then, I had to reinstall my Win XP/Vista PC every few months. Windows SBS 2011, which allowed small businesses to legally (I subjectively perceive a huge shift in SW piracy since then) have their own MS Exchange. They had a low purchase price and everything could fit into a single server (although it was not always ideal).

However, their large representation with our customers is something that has made busy since the beginning of the year. We’ve cleared quite a lot of them, but the biggest hustle is probably waiting by the end of the year. Overall, we managed 15x Windows Server 2008R2, 6x Windows SBS 2011, 507x Windows 7 at the start of this year.

Does ending support mean a problem?

That’s the question. End of support means that Microsoft will no longer provide free or paid technical support for the products and will no longer issue updates.

Paid technical support is available as a Microsoft partner. We’ve used it three times over the years and I would consider it a waste of time. Either we were unlucky or we´ve had too specific problems – I don’t know. I, therefore, think we can spare the technical support.

Updates are a more serious issue. Microsoft fixes dozens of security vulnerabilities in its products each month. Some are critical, others less. It, certainly, will not be an apocalypse the day after. 😊 However, the longer and the more computers you run an unsupported system, the more likely something will happen. I would compare it to driving without a seat belt. For haters – yes, there are situations where not updating (fastening your belt) can save your computer (life), but the probability is so low that I´d rather bet. 😊

Example from the past. In April 2014, Windows XP support ended. At that time a very popular system was still in use by many companies (mainly because of some older applications). In March/April 2017, a vulnerability was published in the SMB protocol (also known as EternalBlue) that allowed controlling computers running any version of Windows. Microsoft then released updates for all supported systems (Windows 7+, Windows Server 2008). However, as vulnerability began to worry people all around the world (WannaCry and NotPetya took advantage of it „THE UNTOLD STORY OF NOTPETYA, THE MOST DEVASTATING CYBER ATTACK IN HISTORY“), so updates for Windows XP were released. Unfortunately, they had to be installed manually and came out with a two-month delay. Whoever did not use a system for mass patching/PC management, they certainly had some fun (we have made use of „our monitoring system“).

Not IF, but WHEN

So the big question is not “IF, but WHEN” will some serious vulnerability that will be massively exploitable found. We can then just hope that Microsoft publicly releases a patch for an unsupported system.

We are trying to keep updating and replace these products by January 2020 with newer versions. At the same time, we are working on updating our service packages, where we want to guarantee customers the functionality and security of their environment.

If you cant make the upgrades, or decide to take the risk, I recommend to at least use a good antivirus, enabled firewall and a supported Internet browser (a frequent source of initial infection). This will help reduce the risk.

How to replace Windows 7

Microsoft promises to offer Windows 7 support for the paying customers. However, it will not be cheap and will only apply to updates, not technical support („Want to keep using Windows 7 after 2020? It’ll cost you“). I will not go for this option – considering the IT standardization (We are trying to create similar IT environments for customers and reduce the amount of technology) and our patch management tool would most like not be able to support it either.

So we are left with Windows 8.1 for upgrades (which I didn’t “click” with and will stay with us “only” until January 2023), or Windows 10.

We started experimenting with Windows 10 at the time of the first release (July 2015). We wanted to know the system as soon and as well as possible. I don’t know a worse feeling than a customer knowing the system better than you do. 🙂 And to be honest, I wouldn’t call the beginning of Windows 10 a “great user experience”. A half-sized system with a question mark whether this is the “last” operating system, as MS claimed.

Windows 10 has improved a lot in the four years of its existence. I got used to many features: fast booting, “zooming” for high DPI, Bitlocker in Pro version, Windows Hello (finally a unified framework for biometric verification), and improved HW support (more drivers that Windows Update finds), safer kernel/system architecture and system appearance.

We currently have about 800 PCs with Windows 10 spread over the last 3 thresholds (1803, 1809 and 1903). We encountered minimal problems when updating to Windows 10 – mostly only non-existent drivers for specific HW, or inability to run old 16b applications (MS-Dos) applications on 64b OS.

Windows 10 may be the path to follow

So if you don’t plan to upgrade to MacOS or GNU/Linux, then Windows 10 may be the path to follow. When upgrading from Windows 7/8.1, I recommend doing clean installations (this will save you a lot of trouble).

Although Microsoft officially discontinued support for free upgrades to Windows 10, it still works anyway. So you can install pure Windows 10 on your PC and activate it with the Windows 7 serial number. However, I do not know about the stance MS holds.

How to replace Windows Server 2008 (R2)

As with Windows 7, Microsoft also promises updates after January 2020. If you want 3 more years of updates, you need to migrate your server to MS Azure („Prepare for Windows Server 2008 end of support“). MS Azure isn’t exactly cheap, but it may make sense, depending on your situation.

We are upgrading to Windows Server 2016 (66 in total). This is mostly due to the CAL versions that customers have. We plan to start with Windows Server 2019, but early tests starting this year did not go well (HW compatibility and undocumented functionality).

Windows Server 2016 works nicely with a few reservations – higher HW demands (especially for terminal servers with about 50% increase) and slow updates. It takes more than an hour to install the update (you often ask yourself whether it didn’t freeze). On the other hand, I like fast booting (VMs boot in a couple of seconds) and Hyper-V ability to change RAM on the fly (add and remove)).

How to replace Windows SBS 2011

This system allowed small businesses to benefit from the functionality of the MS Exchange mail server. Entry-level server with Microsoft Windows SBS 2011 and 10 user licenses could be purchased for about 25 thousand CZK without VAT – what a great period. 😊

Newer versions of SBS have not been released – Microsoft has decided not to release them. It was probably in part due to the pricing strategy and in part because the SBS server was such a Frankenstein monster (products/functions that normally should not run on a single server).

If we wanted to assemble similar functionality now, we would need a DC server, an MS Exchange server, an RDP GW + Sharepoint + shared folders server. So we would need 3 virtual servers and 1 physical. We could get up to 250 thousand CZK (branded server with Microsoft warranty and license). A decent amount, isn’t it?

An alternative is Office 365

There is an alternative in the form of a cloud – Office 365. In particular, the Office 365 Business Essentials plan is great. For the price of 4.2 EUR/user/month, it includes Exchange, Sharepoint, OneDrive, Teams, Planner, and Flow. If you don’t mind the cloud (your data is not so much “private” as on-prem), then you get more functionality than on-prem (productivity and security are at a different level – MFA, different authentication mechanisms than NTLM/Kerberos, extended logging, conditional access). A small company of 15 people would pay (approx. Lifetime of the on-prem solution is 5 years) 96.768 CZK (4.2 EUR * 15 users * 12 months * 5 years * 25.6 CZK per Euro)).

We recommend Office 365 as a replacement for Windows SBS 2011. As soon as they are in the cloud, we teach customers how to use other tools (OneDrive, Sharepoint, Teams, Planner) because we see how simplified their work gets, as we use these tools in our company as well). We help with the deployment of Office 365 with non-contract customers as well. If you would like to get 00help with the deployment, supply licenses, or just need someone to cover your back, let me know (the price of the work is 1.200 CZK/hour).

Of course, some customers need an on-prem server even if they have mail and documents in the cloud. For example, they need to run an information system, a DNS/DHCP server, or a domain controller. In this case, I would choose an entry-level server (HPE, Dell) with Windows Server 2019 Essentials (up to 25 users without the need for user licenses)).

Conclusion

How are you dealing with the upgrades? Are you holding up or are you going to accept the risk? And what do you think of Office 365? I currently see Office 365 as a technology that can help improve IT (even if it takes away some of our IT livelihoods). I would like to dedicate the following articles to Office 365 (how it helps us to improve our productivity).