Virtualization is presented by different publishers and analysts as an option of choice for migration projects since Windows Server 2003. This version of Windows appeared at a time when hypervisors and VMs were not yet democratized. As a result, it is now possible to consolidate the hardware by migrating several servers under 2003 (which run a single workflow) on a single server in 2012 or 2012 R2 by virtualizing them.
The option is attractive. And the consolidation is real. But she asks a question. What to virtualize?
A VM does not secure a guest OS
The question arises because it is tempting to believe (or want to understand) that virtualizing Windows Server 2003 (guest OS) on a newer Windows Server (host OS) will solve all the problems. In fact it is not so. On the contrary. This solution keeps intact the problems of obsolescence and safety that the stopping of the support poses .
“It’s backwards to better jump,” confirms Stanislas Quastana, Architect Infrastructure at Microsoft France, MagIT. Virtualizing in these conditions certainly allows to take the existing and keep it, but “it only solves the problem of hardware.”
The flaws in the OS that will now be discovered will make the application running on the system just as vulnerable as on a physical machine. Virtualization makes it possible, from a pure security point of view, to isolate the VMs between them and to isolate the host OS of the guest OS. Not to protect the guest OS from itself. “It’s a transitional solution, which does not improve security,” summarizes Stanislas Quastana.
Virtualization has an additional cost
Worse, the option may represent an additional cost that may discredit it.
For the record, Windows Server 2012 R2 exists in two editions: Standard and Datacenter. Both have strict functional parity, but the standard version only deploys two guest VMs (on Windows). In other words, consolidating more than two servers amounts to paying several Standard licenses.
It may be tempting to go directly to the Datacenter, but again, depending on the hardware, it may be necessary to take several licenses. In both editions, a license indeed covers a single pair of CPUs. But we find more than regularly more than two CPUs on a modern server.
“It is often estimated that the Datacenter is profitable from 8 VMs,” says the Architect Infrastructure.
There remains the possibility of virtualizing on something other than Hyper-V. Except that the possibility must be analyzed with great care by the legal department since a Windows Server 2003 license is theoretically attached to the motherboard. Migrating to Hyper-V is a tolerance. Switching to another hypervisor can be really risky.
“It’s not enough to put a server in the cloud for the cloudifier.”
Another option, which stems technically from virtualization, is “Cloudification”. The public IaaS has many assets that appeal more and more to companies (scalability, flexibility, pay-per-use, etc.). Yet Microsoft has not planned a simple path from Windows Server 2003 to Azure. A choice assumed if one believes the publisher.
“Microsoft Azure only supports 64-bit OS,” assumes Stanislas Quastana. The argument here is the same as for virtualization. It is not by putting an image of an old production server into a modern cloud that the security and compliance issues of Windows Server 2003 will be fixed. “It’s not enough to put a server or application in the cloud for the Cloudifier.”
Yet, the competition offers this path. Notably AWS, which released pre-configured instances of Windows Server 2003 and migration automation tools.
“It’s opportunism on the part of Amazon. Frankly it’s well played on their part … Except that it does not change anything, “replies the Architect Infrastructure of Microsoft France. “That does not change anything, because what AWS does not repeat in this offer is that its responsibility as a hosting provider stops contractually at VM level.” Everything that happens in the VM does not look at it.
Virtualization and Cloud finalize the modernization of the existing, but do not replace it
There would be no other choice, at the basis of any migration project, than to modernize the existing. “If it’s home-grown, you have to analyze dependencies and see if it’s possible to simply do refactoring. If the developer or developers are no longer there, or the code is hard to maintain, the risk is important, and we must certainly consider changing completely, “Stanislas Quastana analysis.
“If the application is that of an editor, and it is a critical solution, there is no excuse not to migrate to a newer version of this editor.” And if the publisher does not exist, again, it may be time to use the end of Windows Server 2003 to cover and change the solution.
In short, these attractive options – consolidation by virtualization and Cloud – can finalize a migration, but they do not replace an unavoidable strategy of modernization of the existing . With one exception, that of moving from on-premise publisher applications to SaaS versions of these same solutions – typically a switch from an Exchange 2003 to an Office 365 by exporting and importing the AD. But in all other cases, VM and Cloud do (almost) nothing.