Windows Server 2012: Why it’s time to migrate now
Microsoft Windows Server 2012 Release 2 (R2) offers a variety of useful features that make upgrading an attractive idea for any organization. Microsoft has enhanced and added features in several areas, including server virtualization, storage, networking, server management and automation, web and application platform, access and information protection, and virtual desktop infrastructure.
The case for upgrading now is particularly compelling for organizations still running Windows Server 2003: Microsoft will end support for the OS on July 14, 2015. When the product reaches end of support, Microsoft no longer provides automatic fixes, updates or online technical assistance. For instance, after July 14, 2015, you will no longer receive security updates for Windows Server 2003 that help protect your systems from harmful viruses, spyware and other malicious software.
Moreover, if you call Microsoft for assistance regarding Windows Server 2003 after the end-of-support date, you must pay to get the problem resolved. Your organization also could incur capital expenses for tools to supplement servers that no longer receive security updates.
Of course, moving to Windows Server 2012 R2 from an earlier version or from another server platform requires careful planning. You’ll want to take a careful look at your existing infrastructure and consider your organization’s future needs so you can establish a Windows Server 2012 R2 environment that supports growth, delivers flexibility and strengthens security and compliance.
How can you improve security and compliance?
To help ensure a secure and compliant Windows Server 2012 R2 environment, organizations are wise to assess and clean up their current environment before the migration. In particular, as employees have moved from position to position over the years, your Microsoft® Active Directory® directory service may have become outdated. The Dynamic Access Control (DAC) feature of Windows Server 2012 R2 depends on accurate data to deliver proper access. Therefore, make sure that Active Directory reflects each employee’s current job function and that inactive identities are deleted.
Is server virtualization a good option?
Many organizations running Windows Server 2003 use only physical servers. Migrating to Windows Server 2012 R2 can be an opportunity to take advantage of server virtualization. The Microsoft® Hyper-V® hypervisor, which is part of Windows Server 2012 R2, lets you, for example, run a Windows print server as a virtual machine instead of as a physical one — providing added flexibility. Assess the performance and utilization of your current Windows Server systems and decide whether it makes sense to virtualize them in the Windows Server 2012 R2 environment.
Do you need a hardware refresh?
Microsoft has changed its hardware requirements over the years to dramatically enhance the performance of the OS. In fact, 12th-generation Dell PowerEdge servers were designed specifically to exploit the strengths of Windows Server 2012 R2. As you explore server virtualization, also determine whether your current physical servers meet the hardware requirements for Windows Server 2012 R2. In particular, Windows Server 2012 R2 runs only on x64 processors, so 32-bit x86 hardware will not suffice.
How can you ensure application compatibility?
Some organizations are holding off on migration until the third-party applications they run are certified to work on Windows Server 2012 R2. You should also test all critical in-house applications to make sure they will work properly in the updated environment.
Do you need to restructure Active Directory?
At many organizations, the Active Directory topology still looks pretty much the same as it did when the directory service was first deployed back in 1999 or 2000. More than likely, your organization’s business model and needs have changed quite a bit since then. Migration to Windows Server 2012 R2 is an opportunity to restructure Active Directory to better meet your current and future needs. Consider how many domains and forests you need now. You may find that you want to consolidate some forests or stand up parts of the infrastructure for remote offices that didn’t exist when you originally deployed Active Directory.
Dell Software solutions help you plan and execute an efficient move to Windows Server 2012 R2, as well as effectively secure and manage your updated environment.
To help assess your current environment, Enterprise Reporter provides a comprehensive pre-migration assessment of your current infrastructure, including Active Directory, Windows Server and also the Microsoft® SQL Server® database. For example, you can report on the number of accounts in Active Directory and see which ones are inactive or disabled. Similarly, you can easily learn how many groups you have, whether there are any duplicate groups and whether there are empty groups you may not need to migrate. Understanding your current environment and cleaning it up before migration heightens the security and manageability of Windows Server 2012 R2.
To determine application compatibility, ChangeBASE performs testing and reports on which applications will work with Windows Server 2012 R2. You can even remediate many problems within ChangeBASE. Change Auditor for Active Directory Queries allows for discovery of applications that are connecting to Windows Server 2003 domain controllers, enabling you to fix or redirect them to Windows Server 2012 R2 domain controllers.
Dell One Virtual Directory Server virtualizes identity data across operating systems, enabling applications communicating with a Windows Server 2003–based server to function after migrating to Windows Server 2012 R2. You can easily integrate new applications into your existing identity infrastructure without needing to alter directory information — your data remains in its original place and format.
Migration, consolidation and restructuring
Migration Manager for Active Directory facilitates the move from Windows Server 2003 to Windows Server 2012 R2 and can even restructure Active Directory as you migrate. Moreover, Migration Manager is designed to ensure the migration has no impact on users. Throughout the process, both migrated and not-yet-migrated users maintain proper access to network resources, such as printers, SQL Server database servers and Microsoft® SharePoint® sites. By helping ensure that users have the same access to resources after the migration, Migration Manager promotes security and compliance in the Windows Server 2012 R2 environment.
To quickly migrate Windows Server data, you can use Secure Copy, an automated tool that facilitates the movement of data from Windows Server 2003 file servers to Windows Server 2012 R2 file servers. The tool is designed to maintain all security and access points to the data as it is moved, and it can restructure the data if desired. Robust reporting tools make Secure Copy well suited for planning and verifying a successful Windows Server 2012 R2 data migration.
NDS Migrator helps you transition from Novell® Directory Services to Windows Server 2012 R2 and Active Directory. In addition to the directory, the tool also migrates data that resides within Novell Directory Services, and it updates permissions to users’ new Active Directory identities during the move.
Active Directory is critical to business operations, so organizations must be able to quickly recover individual items that have been accidentally or incorrectly changed or deleted. Recovery Manager for Active Directory enables this granular recovery. For example, if a user or a group was accidentally deleted or a Group Policy object (GPO) was changed incorrectly, Recovery Manager for Active Directory can quickly compare the current, live state of Active Directory to a backup, report the differences and restore the object that was changed.
In addition to granular recovery, organizations need Active Directory disaster recovery. If you lose a domain or an entire forest gets corrupted, Recovery Manager for Active Directory Forest Edition helps you recover it quickly and easily.
Security and compliance
Granular insight into changes made to Active Directory is invaluable for troubleshooting. Change Auditor for Active Directory gives you a comprehensive audit trail of Active Directory changes, including the five Ws: who made the change, what the change was, what the before-and-after values were, where the change occurred and what workstation the change came from. Moreover, Change Auditor can prevent changes from being made in the first place. For example, you can disallow deletion of important organizational units and modification of Group Policy settings.
You can help ensure security and compliance using ActiveRoles Server, which enables you to control access through delegation using a least-privilege model. You can generate and strictly enforce access rules based on defined administrative policies and permissions. For example, you can specify who can
modify group membership or change Group Policy. ActiveRoles Server also automates the creation of users, groups and mailboxes, and it automatically changes or removes access rights based on role changes.
Centralized permissions management helps streamline the compliance process. Security Explorer enhances DAC management by enabling you to add, remove, modify, back up, restore, copy and paste permissions that include conditional expressions — all from a single console. You can make targeted or bulk changes to server permissions and take advantage of enhanced DAC management features such as grant, revoke, modify and clone permissions; search for permissions; recover misapplied permissions; and report on permissions.
User activity monitoring is also critical to help ensure compliance with external regulations, internal policies and security best practices. InTrust is designed to securely collect, store, report and alert on event log data, delivering insight into user activity by auditing user access to critical systems from login to logoff. It also allows you to detect inappropriate or suspicious access-related events in real time. For example, InTrust can determine that a certain user typically logs on at a certain time from a certain location. It can then alert you if a login attempt is made from that account from a different location or at an unusual time — signs of a potential security threat.
GPOs can be essential for controlling and locking down your infrastructure, but they must be properly managed. For example, if you have an improperly configured GPO that defines proxy settings for accessing the internet, users could have problems accessing the resources they need. GPOADmin automates Group Policy management tasks and provides a workflow that helps ensure changes are checked in and approved before GPOs are put into production, streamlining management and bolstering security. You can also compare GPO versions over time to confirm the consistency of your GPO settings.
For performance monitoring and issue resolution, Spotlight on Active Directory Pack provides an intuitive, graphical representation of your environment so you can spot and resolve emerging issues quickly. You can see in real time how Active Directory is working and what resources it is consuming on the server. Spotlight is easy to use, enabling administrators of all skill levels to quickly diagnose the root cause of Active Directory problems.
If you need to manage applications on the go, Mobile IT is designed to provide secure access from a broad range of mobile devices. Mobile IT is integrated with several Dell solutions — including Change Auditor, Recovery Manager for Active Directory and GPOADmin — so you can effectively manage and secure Active Directory wherever you are.
Move toward efficiency
Organizations of all sizes can benefit from the enhanced security, performance and feature set that comes with an upgrade to Windows Server 2012 R2, which boosts enterprise scalability and streamlines IT management. Starting the migration planning process now is particularly important for organizations running Windows Server 2003. In fact, you may be able to recoup Windows Server 2012 R2 licensing costs by avoiding the capital expenses associated with continuing to operate Windows Server 2003 after its end of life.
By adopting solutions from Dell Software, you can start preparing for your migration today, whether you are running Windows Server 2003, a more recent version of Windows Server or Novell eDirectory™ directory service. Dell also has the tools you need to effectively manage your updated Windows Server 2012 R2 environment. The tight integration of Dell Software solutions and the Windows Server OS accelerates your migration while heightening the efficiency of your operations.
Michael Tweddle is the executive director of product management for Dell Software Windows Server management. He is responsible for product direction, strategy and go-to-market activities for these solutions.
Windows Server Migration:
Download a PDF version of this article here.
Dell, ActiveRoles, Change Auditor, GPOADmin, InTrust, PowerEdge and Spotlight are trademarks of Dell Inc.