Research and Recommendations
Windows Server 2003
Custom Support Agreements
Paul DeGroot
Senior Consultant
Who Are Software Licensing Advisors?
•
Mission: “The Customer’s Advocate”
•
Too many customers rely only on Microsoft or a reseller, who
focuses on what they want to sell
•
Leaves most customers with software they don't deploy or don't need
• While projects or investments with demonstrable ROI beg for funds
•
SLA focuses on value and fit
•
What you need to buy and the best way to buy it
•
Align IT spending and strategies with corporate objectives and constraints
•
Personnel
•
Steve Kelley
•
Microsoft sales for 5 years, insider knowledge of Microsoft’s negotiating process
•
Paul DeGroot
•
World-renowned expert on Microsoft licensing, previously with
Directions on Microsoft
•
Steve O'Halloran
•
SAM technical expert, creator of AssetMetrix (now built into SCCM)
“"I've learned far more from this engagement than I expected. You really
made a difference.."
--High-tech manufacturing firm that reduced EA spend by 50% “"I've learned far more from this engagement than I expected. You really
made a difference.."
--High-tech manufacturing firm that reduced EA spend by 50%
“"Your team has been absolutely fabulous..." --Fortune 500 consumer products firm that
reduced EA spend by 60%
“"Your team has been absolutely fabulous..." --Fortune 500 consumer products firm that
reduced EA spend by 60%
“We exceeded our expectations for these negotiations. Because we had your intelligence, we knew what to hang on for.
You really showed us the art of the possible.” --Global 25 resource company “We exceeded our expectations for these
negotiations. Because we had your intelligence, we knew what to hang on for.
You really showed us the art of the possible.” --Global 25 resource company
“Your financial models, worksheets, and strategies were invaluable. Outstanding work.” --Global 100 pharmaceutical firm that reduced 3-year EA spend by more
than $60 million
“Your financial models, worksheets, and strategies were invaluable. Outstanding work.” --Global 100 pharmaceutical firm that reduced 3-year EA spend by more
The Issue: End of Support for Windows Server 2003
•
Availability of service packs, updates, hotfixes, and patches depends on a product's life-cycle
phase
•
Guidelines, not guarantees
Phase
Duration
Updates
Costs
Mainstream
5 years after release, or 2 years
after release of successor,
whichever is greater
All: Service packs, program
patches, updates, hotfixes,
security patches
$0
Extended
5 years after the end of
Mainstream
Security patches, custom
hotfixes
Security patches: $0
custom hotfixes require Extended
Hotfix Service Agreement
Web
2+ years after the end of
Extended
Web access to previously
released updates,
knowledge base articles
$0
Custom
2 years after the end of Extended
Same as Extended
Custom Support Agreement, with
per device pricing
Why Not Upgrade Windows Server 2003?
•
The vast majority of our customers who will not upgrade from Windows Server 2003 by July have
a significant barrier to doing so. No one takes the issue casually
•
A custom application still hasn't been/can't be rewritten
•
Application vendor's product specifies this version
•
Will require a costly upgrade to a newer version of a vendor's application
•
Will void warranty/support on associated application, equipment
•
Upgrade drivers
•
Regulatory compliance requirements
•HIPAA, PCI, etc.
•
Need to replace hardware but new hardware is not well supported by Server 2003
•Drivers, storage subsystems, faster networks
•
Want to avoid purchasing a Custom Support Agreement (CSA)
•
What's your situation? What are other people doing? Fill out our survey (Google logon required)
at
https://docs.google.com/forms/d/176GG1UILgff3Pd3J2pIAUe11gu9WIdi2PkNcGRMUPfE/viewfor
m?usp=send_form
The Hitch
•
A Custom Support Agreement is very expensive
•
First year: ~ the cost of the original license
•
For Windows Server 2003 Standard that is about $700 per license
•
We have seen quotes for $600
•
Second year: double year 1--$1,200 per device
•
Third year: double year 2 – $2,400 per device
•
Not clear what, if anything you will get out of it
•
Patches may apply to only a few, or even none of your systems
•
You don't run .NET applications
•
Administrators do not browse the Web or run user applications (e-mail, Word, Media Player) from the server console
•Your device is not accessible over the network, or to the Internet
•
You are not running vulnerable services on your servers
•
No significant patches may appear in the next year or two
What kind of risks without a CSA
•
Microsoft has multiple definitions of update severity
•
Critical non-security updates
•System may become unavailable
•
Critical security updates
•
Remote Code Execution
•Escalation of Privilege
•Denial of Service (DOS)
•Without user prompts
•
Important security updates
•
Could compromise confidentiality of user data
•Some may prompt the user for action, others not
•
Many Windows XP critical updates are also applied to Server 2003
•
Share much of their code
•
But XP user activities (Web browing, media playing) and common practice of users with admin rights
create more opportunities for compromised systems than servers
•