Windows XP/2003 retirement

Wednesday 8 Jun 2011, 10:00 → 11:00 Europe/Zurich

513 1-023 (CERN)

Tim Bell (CERN)

Present

  Etienne Carlier (TE)
  Niko Neufield (LHCb)
  Peter Chochula (Alice)
  Renaud Barillere (EN)
  Fernando Lucas Rodriguez (TOTEM)
  Tim Bell (IT)

Aim

To prepare a new plan for Windows XP/2003 retirement before the next ITSRM meeting at the end of June.The initial roadmap was agreed at the meeting in October 2010 (https://indico.cern.ch/conferenceDisplay.py?confId=73735). The proposal from Renaud Barillere was presented at the last ITSRM meeting in April (https://indico.cern.ch/conferenceDisplay.py?confId=121511).

 

Discussion

The round table review of Windows XP/2003 usage highlighted several common themes around key applications such as PVSS, OPC servers and other SCADA system (PCVue, WizCon, ...) which are currently running mainly on XP/2003 in production. Oscilloscopes also present a special issue due to their high price, minimal hardware configuration and limited migration options.

While many of these systems are on the technical network, there are also some development machines on the GPN which have the same configuration as the production systems.

Retirement of all XP/2003 services by the end of 2012 was agreed as impractical for the online servers in view of the change of LHC schedule.

The option to migrate XP/2003 servers to Windows/2008 during 2013 Long Shut Down (LSD1) was agreed as a target.  If the LSD1 is significantly delayed, this will cause an issue for the migration.

While some testing can be done in a lab environment, the work during 2013 to perform hardware refresh, validate new software and deployment risks to overrun for a limited number of cases.  Given that IT cannot support XP/2003 once Microsoft stops security patches in March 2014, it may be necessary to review with the security team how to protect these servers until their migration is completed.

Given the workplan to enable certain Active Directory features in 2014 to improve privacy and security, some parts of the central IT infrastructure will stop supporting XP/2003 at that time.  Thus, the residual servers may also require local authentication and storage if they cannot be migrated.  Spare hardware should also be reserved as the latest Sandy Bridge chipsets from Intel have limited functionality under Windows XP/2003.

The tendency for the experiments was to plan for a migration to Windows Server/2008 rather than Windows 7 since this supports multiple concurrent users. For EN, a mixture of Windows 7 and Windows Server 2008 is expected.

During the meeting, it was requested to obtain information regarding retirement of future Windows versions.

• Windows Server/2008 support will be stopped by Microsoft in July 2018
• Windows CE stops in October 2014.

The conclusions of the meeting were the following:

• IT should plan on supporting Windows XP/2003 for the online community until the end of 2013.  Desktop support can end on the original plan at the end of 2012.
• The online community should aim to migrate away before the end of 2013.  Application availability, testing and deployment effort may cause delays in this migration.  Support from IT will stop in all cases when Microsoft stops releasing security patches in March 2014.
• Any XP/2003 equipment still in use by March 2014 will be reviewed with the security team to take appropriate measures to protect the service and CERN infrastructure.  Central IT infrastructure will no longer be tested with XP/2003 from the end of 2013 and therefore functions such as Active Directory and DFS access to shared folders may be at risk.

10:00 → 10:40 Options

Speaker: Tim Bell (CERN)

Slides 20110608_-_Windows_Roadmap.pdf 20110608_-_Windows_Roadmap.pptx