Welcome to WebmasterWorld Guest from 18.212.92.235

Forum Moderators: open

Message Too Old, No Replies

Rant - Let's remove symantec antivirus and keep our XP machines indefi

     
4:37 am on Jan 30, 2015 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:May 6, 2004
posts: 650
votes: 0


Gotta rant somewhere..

I had a meeting today with a client. They are running their enterprise systems on 16 bit dos apps. (For those who are unfamiliar, 16 bit dos apps will not run on 64 bit OS's.) We purchased a server with Server 2008 32 bit right before the deadline and are able to run the dos apps under terminal server.

XP machines make up about 20 percent of the machines. The firewall is a standard comcast business router. All but one of about 15 machines are 32 bit.

We have RDP set up for most of the machines and servers so we can access remotely. The principles of the company and myself are all on DHCP from home plus I am sometimes at the shore home, at my girlfriends or elsewhere on the road. A couple of times a month I have to

The guy who designed and maintained the enterprise systems wants to/is considering

1. Remove Symantec Endpoint protection from all clients to improve performance

2. "Protect" the network by setting the router to only accept RDP from whitelisted addresses. (Which I see as a support nightmare when I get a system is down and I'm 75 miles away on a newly issued IP). I'm not even sure the router could support this.

3. Keep the XP machines on the network indefinitely

4. Not rewrite the code any time in the foreseeable future notwithstanding the EOL for server 2008 being imminent.


I tend to see this as "Hey Captain Smith, Shouldn't we be slowing down as there are lots of them there icebergy thingies in the water?"

Whitelisting on the router will only solve the RDP issue, if it even does that. However, users hitting the internet with IE 8 are leaving us pretty well open.


I've been walking around my house talking to myself all night (And getting answers and arguments) Am I overreacting thinking this course of action is a sure fired recipe for disaster?



Thanks

chris
6:18 am on Jan 30, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 30, 2002
posts: 2648
votes: 97


Could the 16 bit applications be run in a virtual machine running a copy of WinXP? The remote access part sounds a bit complex.

Regards...jmcc
6:49 am on Jan 30, 2015 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:May 6, 2004
posts: 650
votes: 0


jmmcormac -

We tried that a couple of ways - hyper vm, vdos. We didn't seem to get the performance we needed. The author of vdos replied to a previous post and I don't think the issue was with vdos but rather with the nature of the databases.

As far as running XP in a vm, we ran into a couple of issues.

1. Licensing
2. Connection to printers
3. Performance

We weren't able to find a solution to either.

In addition, running XP in vms still creates some issues with security given that XP is EOL.

The terminal services option at least allows us to get 64 bit systems on the floor. The performance difference with office 365/outlook between a new 64 bit machine with 16 GB of ram and a 7 year old xp machine wheezing with 2 GB is night and day.

I stress tested the RDP solution and it is giving acceptable performance under load.
5:17 pm on Jan 30, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 30, 2002
posts: 2648
votes: 97


I'm more a Linux head than Microsoft head but have to maintain a few XP boxes. It might be worth looking at the databases to see if they can be upgraded. There's also a possibility that the HDs on the XP boxes might be a bottleneck. It might be possible to ghost a HD to a newer disk (possibly SSD but at least a more modern HD) to see, as an experiement, if it would result in a performance increase. From what I remember, XP had a rather screwed up licencing issue that required a phonecall to MSFT if there was a major hardware upgrade. However sooner or later, there will have to be an upgrade/rewrite.

Regards...jmcc
7:06 pm on Jan 30, 2015 (gmt 0)

New User

joined:Jan 18, 2015
posts: 25
votes: 4


Sounds to me like the wrong thing is being secured. It very much sounds like IE8 is the weakest link in this chain, not RDP. 1, 3, and 4 seem ok to me. I agree that 2 may cause problems.

Could you go 100% RDP? Do not use any of the XP machines as user local machines. If users want internet access, they get it from their local mahine, not the remote XP machines. Block use of IE8. Does this work?
8:02 pm on Jan 30, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1968
votes: 68


Shouldn't we be slowing down as there are lots of them..

I've been walking around my house..

I would put a big X on it and Run.