Exclusive One in every five public-sector health and emergency services organisations in the UK will still be running Windows Server 2003 after Microsoft ends extended support today.
A Reg investigation of 33 hospitals, ambulance trusts, police and fire and rescue services found that many are still running Windows Server 2003 on a lot of machines. A total of 21 per cent of those that The Reg obtained FOIA information from said Windows Server 2003 comprised between a fifth and a quarter of their total server estate.
More ReadingManchester fuzz 'truly sorry' for 'accidentally' hacking phone of whistleblower cop's girlfDesperate Microsoft PAYS Win Server 2003 laggards to jump shipMicrosoft sets end date on Windows 10 support. Hey, wait, WHAT?Metadata slurp warrant typo sends cops barging into the wrong houseSod the law! We'll crack on with our metadata witchhunts, growl cops
Some organisations refused to provide details, citing security or commercial sensitivity.
Two public bodies – London’s Metropolitan Police and London Ambulance service – admitted their percentage was even higher: 50 and 55 per cent, respectively.
And while almost all health trusts and blue-lighters claimed they had a plan in place to migrate to “something” newer, most won’t be completed for months. That means a significant proportion of the systems which power the NHS and Britain’s first responders will running without a Microsoft safety net.
Should fresh malware or viruses appear from today, organisations still running Windows Server 2003 must face them alone.
Twenty one per cent of the organisations we contacted said they didn’t know when they’d stop using WS 2003, or said the question wasn’t applicable. A huge chunk, 28 per cent of those migrating, gave dates for completion sometime during the fourth quarter of this year.
One, Norfolk Fire and Rescue, put their expected completion date as “2016.”
A number of major public-sector names with massive server estates haven’t even begun to migrate – and told us frankly they don’t know when they’ll finish. The Department of Health itself, the figurehead for Britain’s health service, claimed it does have “a plan” but the plan was still in the process of being formulated.
The Department, with 244 servers some 20 per cent of which remain on Windows Server 2003, hadn’t even started migrating ahead of July 14 and didn’t know when it might finish.
Neither could the Metropolitan Police give a date for completion, saying it hasn’t yet started either. However the Met - alone among the organisations we spoke to - is negotiating with Microsoft for a special extended customer support deal.
A CSA would see Microsoft provide the Met dedicated security fixes and updates – but at a cost. List price for a CSA is $600 per server for the first year.
Greater Manchester Fire and Rescue, with 25 per cent of its 145 servers running Windows Server 2003, told us flatly that it has no plan to move.
If Microsoft were rubbing its hands at the prospect of an influx of UK health and blue-light customers to its cloud thanks to migrations, it should think again.
Nobody is going purely cloud while just two – the Department of Health and Met Police – will combine a mix of newer server operating system and cloud.
The overwhelming majority of those migrating, 60 per cent, are going to a new server operating system.
Of those specifying which, half will go Windows Server 2008 or 2008 R/2 with the rest moving to Windows Server 2012.
Many are taking the opportunity to consolidate: 57 per cent will use the migration as an opportunity to consolidate physical servers.
Of those who aren’t consolidating, two had gone virtual already. ®