Windows Server 2003: A Worthy Upgrade? - Page 2
Unfortunately, this backward-compatibility comes with a price. You can either run Web applications with the new application pool/worker process mode or the old Inetinfo services mode, but not both.
The real worry with http.sys, and thus IIS 6, is that by operating at the kernel level, if a cracker does manage to break into the Web server, the entire operating system is open for their manipulation. Microsoft tried to make IIS 6 more secure, but Blaster has shown everyone that Microsoft is still a long, long way from living up to its security promises.
Security and Other Issues
In fact, how many server operating systems have received a security warning from the Department of Homeland Security? Well, OK, the rest of Microsoft's server family, but Server 2003 was supposed to be the most secure Windows operating system ever. It simply isn't living up to its hype in this area.
If security is your major concern, you're better off with Linux or one of the BSD operating systems. No, they're not perfect either, but practically speaking, you're much less likely to have your servers compromised using these OSes than you are with Server 2003.
Another problem with Server 2003 is that almost none of your older server applications will run on Server. For example, if you want to run Exchange Server, you must first wait for a version that will run on it to come out, namely Exchange Server 2003, and then pay for the upgrade.
Do you begin to see a common theme here? To get the most from AD, all your machines must be upgraded to Server 2003. And to run your normal, work-a-day server applications, you must upgrade your applications.
Frankly, upgrading to Server 2003 isn't just a matter of upgrading one machine here, a department there, and so on. To really get the goods, Microsoft wants you to shift your entire enterprise to Server 2003 and Server 2003-compatible applications.
That's not news. All software companies want you to do that. But Microsoft seems to be forcing the issue with their failure to adequately support not just their older server programs, but their current generation as well. Honestly, given the costs of such upgrades, it's hard to see any company making such a move anytime soon.
Yes, there's a lot to like about Server 2003, but the bad news is that with its high price tag, when you look at the costs of a complete deployment, as well as ongoing security concerns, a wise CIO or server administrator is going to continue running existing server operating systems for a long time to come.
This feature originally appeared on EITPlanet.