As Windows XP comes to the end of its life, applications in enterprise desktop and virtualization environments everywhere will feel the effects.
Luckily, there are a couple things you can do if your applications depend on XP: You can use a very old Windows Server platform or jump on the virtualization bandwagon.
I've called April 9, 2014, the real red-letter day in the history of Windows XP. On that day, any zero-day exploit released into the wild will run rampant on Windows XP systems while Microsoft watches and says "I told you so." When companies beg for a fix, Microsoft will hold one document in each hand: the lifecycle information for Windows XP with a Post-it note that says "You had four years to move to Windows 7," and a contract for custom support.
You're running out of both time and options when it comes to removing Windows XP from your company.
Microsoft isn't the only company ditching XP
Not only can Microsoft wash its hands of Windows XP support, but so can all the companies that made software for XP.
Assuming those companies stopped actively developing for the OS years ago, they are likely still supporting the applications that run on it. After Windows XP end of life on April 8, 2014, they'll have no reason to continue. The implications of this reality run far and wide. Line-of-business software is surely affected, as are any of the random applications you are using.
What really is cause for concern for desktop and virtualization admins, though, is that security software vendors will likely stop patching, updating and supporting their software.
Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a product for an OS that is, for all intents and purposes, dead? Those applications might still run, and it could be that their definition files will be updated with the latest viruses for a time, but do you think those companies will pay attention to viruses targeted toward XP after it's gone? Probably not.
What about activation servers?
There is one other question that has yet to be answered, and that is in regards to Microsoft’s activation servers. What happens to the part of the system that activates Windows XP? Does it go offline? Is it somehow protected and only available to people that have paid for custom support? Existing machines will no doubt work just fine, but what about rebuilds or new machines?
Of course, Microsoft could simply validate all existing keys and let anyone that wants to use XP use it. There’s no precedent for this because XP was the first Microsoft OS that required activation. We may just have to wait and see.
The bottom line is that running Windows XP in your organization on anything other than a desktop with no network connection, floppy drive, USB ports, or CD drive is an outright liability, bordering on irresponsible. Yes, there are situations that will require it, but if you determine that your organization can't afford to get off Windows XP on the basis of cost alone, you are wrong.
Alternatives for application support
Don't get me wrong -- I love the OS; I distinctly remember running Windows Whistler on my Cyrix 300 MHz computer with an AT-style keyboard jack as a home theater PC in 2000. Still, it's time to put it out to pasture.
There is at least one thing you can do, though, to extend the life of systems that depend on Windows XP: Use Windows Server 2003 R2.
More on XP application support
OS migration checklist: Windows XP to 7
Shops put off Windows XP migration
Risks of Windows XP end of life
Windows Server 2003 R2 is essentially Windows XP Server, and while the Windows XP end of life date is April 8, 2014, the end of life for Server 2003 R2 comes 15 months after that: July 14, 2015. Since they are roughly the same OS, based on the same kernel, it's likely that anything you require XP for will work on Server 2003 R2 -- and that will buy you more than a year to figure things out.
There are two ways to keep apps running with this approach.
The first is to move those troublesome applications into the data center and use Remote Desktop Services (RDS) to deliver the application. This, of course, requires that the application is capable of running on a terminal server. In fact, this is also a viable means of preserving some of those oddball applications in your RDS environments.
If the application just won't work or has to run on its own system, you have the option of installing Server 2003 R2 on the physical computer. This solution is costly, because you need to purchase server licenses for each of these machines -- but it could cost significantly less than a Custom Support Agreement. Granted, it only buys you 15 months, but you can consider that to be additional motivation to switch platforms.
The bottom line is that you're running out of both time and options when it comes to removing Windows XP from your company. Even though I’m a desktop virtualization guy, if you feel more comfortable using physical desktops, go for it. Use VDI if you can (those extra management features will help in the long run); use application virtualization and user environment virtualization, too (it will make it easier to migrate OSes in the future). But, whatever you do, make sure the OS is gone by the time of Windows XP end of life next year.
This was first published in April 2013