Manage Learn to apply best practices and optimize your operations.

Windows Server 2008 migration: Is it essential?

While many experts say the Windows Server 2008 operating system is Microsoft's most secure OS yet, expert Michael Cobb explains why a migration may not be essential for all companies.

Our IT organization is facing increasing pressure from upper-level leadership to begin pursuing a migration from our iSeries (AS/400), which has been a solid performer for many years with virtually no security problems, to a Windows Server 2008 implementation with a heavy emphasis on virtualization (hypervisors from VMware), which to me seems like it could be rife with security problems. Am I wrong in thinking that, and how can I enlighten management to them?
I'm always surprised by the number of times senior management wants to change aspects of a business that work perfectly well. "If it ain't broke, don't fix it" is obviously a key lesson that isn't taught at business schools these days. I have nothing against the Windows Server 2008 operating system. It is probably Microsoft's most secure server release yet, but I would need to see compelling reasons from management as to why they thought a major change of any OS and system environment was necessary or justifiable.

I think the best way to tackle this situation is to build your case for keeping your iSeries-based infrastructure and put them across in an open and frank debate about the organization's IT direction. The debate would certainly benefit from an independent -- and I mean independent -- risk assessment and return-of-investment report. These would provide a baseline from which arguments both for and against could be judged. Here are some reasons why you may want to consider championing for the iSeries.

The AS/400 has powerful security features built in to it; its security architecture is time tested and has been the backbone of subsequent IBM midrange product lines, including the iSeries. User authorization is mapped to the objects through a well-proven system of user rights, object types, group authorities and special authorities. Every resource is considered an object and authentication and authorization exists at the user and object levels. Users are defined by a user profile, made up of dozens of parameters defining the authorities and environments available to the user.

Your organization obviously has skilled in-house expertise to manage your current infrastructure. There would be extensive retraining requirements if the IT department had to learn how to maintain and secure a Windows-based server infrastructure. Certainly, one process that would need revamping is patch management, to ensure the new system maintained current performance levels. Virtualization is certainly all the rage, but little is understood about the security implications, both long and short term, of running virtual systems. I think virtualization is great for running test and development systems, but I would want to wait until the technology has matured a little further before I bet my business on it.

Counter arguments that you need to consider are the availability of iSeries experts. Finding admin staff to run a Windows environment is going to be easier and cheaper than for the iSeries. In five years time, how easy will it be to recruit iSeries specialists? You certainly need to be aware of IBM's road map for the iSeries so you can counter any arguments based on future compatibility issues with technologies such as smart phones and mobile devices.

Certainly, any migration would need to be rolled out slowly, with less-critical processes migrated first. A virtual environment would actually be a good way to test how any new system handles both business and security requirements. This won't be a short exercise though, and in the end, budget constraints and the overall business environment may well distract your bosses' attentions elsewhere.

This was last published in July 2010

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.