When Jonathon Addington began introducing Microsoft Corp.s Windows Server 2003 Service Pack 1 into his companys server environment a few weeks ago, he had none of the uneasiness associated with last years deployment of Windows XP Service Pack 2.
While both service packs include significant enhancements and security updates, deployment of the server service pack was a breeze, whereas deployment of the desktop service pack was just the opposite, Addington said. Application compatibility? No problem. Testing? Completed without a hitch.
“We had the [SP1] beta a month or so before it came out, but we didnt jump on board because we were in the middle of a huge phone upgrade and didnt have the time to try it out,” said Addington, network administrator at performance sporting equipment manufacturer K2 Corp., in Vashon, Wash. “When I had a few moments, I threw it on two test systems, and the service pack did great, which was a good sign.”
Its not as easy as it sounds, though. The key to success, Addington said, lies in thorough preproduction testing. And the deployments experienced by organizations such as K2, the S.C. Johnson Graduate School of Management at Cornell University and Fulton County, Ga., prove the old adage “Measure twice, cut once.”
Despite the massive number of security-oriented changes it includes, SP1 has proved to be a noninvasive upgrade for most businesses. However, because many of the security changes can cause application incompatibilities and other problems, IT managers should note that only comprehensive testing of this release will ensure that their upgrades will go smoothly.
Released last month, Windows Server 2003 SP1 is the server counterpart to Windows XP SP2, which was released last year. Both are primarily security updates but include some brand-new features, as well. Windows Server 2003 SP1 is also the foundation for Microsofts forthcoming 64-bit Windows Server 2003 releases.
While acknowledging that the update to Windows Server 2003 was long overdue, IT managers such as Addington are applauding Microsoft for doing more than just rolling up existing security fixes for the release. Rather, SP1 includes changes to some root behaviors in the operating system—changes that will potentially eliminate certain classes of exploits.
Securing the operating system, however, doesnt come without headaches for IT managers. Some managers that eWEEK Labs spoke with said they ran into compatibility issues when testing Windows Server 2003 SP1. In many cases, these issues were a result of the service pack securing previously insecure computing methods. With those vulnerabilities now taken care of, they told eWEEK Labs, they expect deployment of gold code to go smoothly, and they anticipate few issues to come up as they continue to roll out the service pack.
Kevin Baradet, an eWEEK Corporate Partner and chief technology officer at Johnson Graduate School of Management at Cornell University, in Ithaca, N.Y., said he rolled out Windows Server 2003 SP1 on a test system being set up as a Windows Software Update Services Server the day the update came out.
Baradet said that this week he will put the service pack on test SQL Server and Exchange 2003 systems to ensure that no application regressions show up before deploying the service pack to production. Following the advice of his organizations hardware vendor, Dell, Baradet said he will also make certain that all firmware is upgraded before moving SP1 into production.
Testing has already paid off for Baradet, who said he ran into a Microsoft Operations Management 2005 agent issue on his testbed when he tried to install the agent onto a test server running the service pack.
Provided he sees no further compatibility issues, Baradet said he will begin to deploy the service pack onto about 30 servers when the current school year ends.
For many organizations, the release of SP1 is also a reason to make the jump from the Windows 2000 Server operating system to Windows Server 2003. Fulton County, which has the largest county government in Georgia, for example, seized the service pack as an opportunity to upgrade almost 70 servers.
As a member of Microsofts Technology Adoption Program, the county began participating in the beta program for SP1 in October 2003 and started testing the operating system with the service pack to support Active Directory, Microsoft Exchange, a Research In Motion Ltd. BlackBerry Enterprise Server and a number of Microsoft Office servers.
Russell Mobley, Fulton County governments assistant director of IT, said that there were compatibility issues early on, but the issues were fixed by the time the county deployed Windows Server 2003 SP1 into production this year.
Mobley said the main advantage to deploying the operating system with the service pack was the ability to block peer-to-peer services.
Fulton County provides governmental services to Atlanta and its surrounding communities. The county, which covers more than 529 square miles and provides services to more than 866,000 constituents, was hit in 2003 by the Blaster computer virus, which caused a 48-hour network outage.
Smarting from the Blaster incident, county IT managers wanted to ensure that the network was safe from security breaches. In fact, Mobley said he was able to save a great deal in help desk calls and manpower with the deployment.
“SP1 allows us to do with the servers what XP did at the desktop for preserving applications and securing them at the server level,” Mobley said. “We were yearning for additional security because wed had a number of compromises during the last couple of years. Because those had hit us pretty badly, we felt that this was really something that was overdue.”
K2s Addington agrees that the security features in Windows Server 2003 SP1 reduce servers vulnerability to viruses and worms.
K2 has 14 Dell Inc. PowerEdge 650 and 2650 servers running Windows Server 2003 with the update. Addington also installed SP1 with no problems on an older Compaq ProLiant server that had operated as the primary file server and is now running older legacy applications.
K2 uses Windows Server 2003 with Active Directory to centrally manage and support desktops, Exchange Server 2003 and Office Outlook Web Access. While an application incompatibility associated with Exchange Server 2003 and Office Outlook Web Access has been reported by Microsoft, Addington said he hasnt run into that problem.
“Security is more than just a buzzword around K2—its a huge issue that we take very seriously. Beyond the additional features provided by Service Pack 1, the knowledge that were keeping as current as possible and closing as many holes as possible is absolutely invaluable for us,” said Addington.
Senior Writer Anne Chen can be reached at [email protected]
Check out eWEEK.coms for Microsoft and Windows news, views and analysis.