Executive Summary
No patches since Jan 2020
All unpatched
Keep last 5, no app-level DB backup
on this contract
MSSQL + app code
100% Linux, same cluster
Current State Audit
| Item | Finding | Risk |
|---|---|---|
| Operating System | Windows Server 2008 (EOL January 2020) | Critical |
| Web Stack | IIS 7.0 + ASP.NET 4.0 (.NET Framework — Windows only) | Critical |
| Application | SOAP Web Service — gateway.asmx — JM Field Fulfillment API | Info |
| Database | MSSQL Server — local named pipes (TCP disabled) | High |
| VM Host | JMFPMX05 (Proxmox cluster R7), ZFS storage | OK |
| OS Disk | 40 GB — 26.7 GB used (C: drive) | OK |
| Data Disk | 500 GB — 135 GB used (app code + database) | OK |
| Snapshots/Backups | Proxmox Backup Server (DS001) — nightly 02:00, keeps last 5, snapshot mode | OK |
| Port 21 (FTP) | FileZilla Server 0.9.41 beta — exposed, unpatched | Critical |
| Port 3389 (RDP) | Remote Desktop exposed — active sessions observed | Critical |
| Port 445 (SMB) | File sharing exposed — unpatched EternalBlue risk | Critical |
| QEMU Guest Agent | Not running — no visibility from Proxmox | Medium |
| Active Users | RDP sessions from 192.168.0.194 observed | Info |
Security Risk Assessment
EternalBlue / SMB Exploit (MS17-010)
SMB port 445 is open on an unpatched Server 2008. EternalBlue — the vulnerability behind WannaCry — still works on unpatched Server 2008. A single network-accessible attacker can achieve full system compromise.
RDP BlueKeep / DejaBlue
CVE-2019-0708 (BlueKeep) and CVE-2019-1181 (DejaBlue) are wormable RDP vulnerabilities targeting Server 2008. Port 3389 is open. No patches have been applied since 2020.
No Application-Level DB Backup
Proxmox Backup Server runs nightly at 02:00 (keeps last 5). However, there is no application-level MSSQL backup — a VM-level restore requires full downtime. A dedicated DB backup would allow point-in-time recovery without restoring the entire VM.
FTP Cleartext Credentials
FileZilla Server (2009-era beta) is running on port 21. FTP transmits credentials in cleartext. Any network observer can capture login credentials, including database connection strings in config files.
IIS 7.0 Unpatched
IIS 7.0 has received no security updates since 2020. Multiple known vulnerabilities (path traversal, HTTP.sys, request smuggling) affect this version and remain unpatched.
Supply Chain — Client API Exposure
The fulfillment gateway is used by clients to create orders and check inventory. A compromise of this server could expose client data, allow fraudulent order injection, or be used to pivot to client systems.
Proposed Solution: 100% Linux Stack
Current Stack (Decommission)
- ❌ Windows Server 2008 (EOL)
- ❌ IIS 7.0 (unpatched)
- ❌ ASP.NET 4.0 / .NET Framework (Windows-only)
- ❌ MSSQL Server (proprietary license)
- ❌ FileZilla FTP Server (cleartext)
- ❌ SOAP/ASMX (legacy protocol)
- ❌ No monitoring, no logging
- ⚠️ Proxmox PBS backups (nightly, but no app-level DB backup)
Target Stack (Ubuntu 24.04)
- ✅ Ubuntu 24.04 LTS (5yr support, free)
- ✅ Nginx (reverse proxy + SSL/TLS)
- ✅ Python FastAPI (async, typed, auto-docs)
- ✅ PostgreSQL 16 (open source, performant)
- ✅ SFTP only (no FTP cleartext)
- ✅ REST + legacy SOAP wrapper (zero client changes)
- ✅ Structured logging + systemd journald
- ✅ Automated ZFS snapshots daily
API Endpoint Mapping (15 Operations)
All 15 SOAP operations will be replicated exactly. Existing clients require zero changes — same SOAP contract, same XML schema, same endpoint URL.
| SOAP Operation | Category | FastAPI Route | Notes |
|---|---|---|---|
| CreateOrder | Orders | POST /api/orders | Core fulfillment operation |
| CreateOrderExtended | Orders | POST /api/orders/extended | Extended attributes variant |
| CreateOrderv2 | Orders | POST /api/v2/orders | v2 schema variant |
| CancelOrder | Orders | DELETE /api/orders/{id} | Cancellation flow |
| GetOrders | Orders | GET /api/orders | List/filter orders |
| GetOrderDetails | Orders | GET /api/orders/{id} | Single order detail |
| GetOrderDetailsv2 | Orders | GET /api/v2/orders/{id} | v2 schema response |
| CreateRMAOrder | Returns | POST /api/rma | Return merchandise authorization |
| GetRMAOrderStatus | Returns | GET /api/rma/{id} | RMA status check |
| GetInventory | Inventory | GET /api/inventory | Inventory levels |
| GetInventoryExtended | Inventory | GET /api/inventory/extended | Extended inventory data |
| GetShippedOrders | Shipping | GET /api/orders/shipped | Shipped order list |
| GetShippedOrders_Extended | Shipping | GET /api/orders/shipped/extended | Extended shipping data |
| GetShippingQuote | Shipping | POST /api/shipping/quote | Rate calculation |
| Help / showApiServer | Meta | GET /docs (auto) | FastAPI auto-generates OpenAPI docs |
Migration Phases
Protect the server while migration is prepared. No code changes.
- Create ZFS snapshots for both disks (instant, zero downtime)
- Restrict RDP access to admin IPs only via Proxmox firewall
- Disable FTP port 21 at network level
- Document current client IP addresses accessing the API
Provision a new Ubuntu 24.04 LTS VM on the same Proxmox cluster.
- Create VM (4 cores, 16GB RAM, 100GB ZFS) on JMFPMX05 or JMFPMX02
- Install Ubuntu 24.04 Server, SSH hardening, unattended-upgrades
- Install: Python 3.12, FastAPI, uvicorn, Nginx, PostgreSQL 16
- Configure SSL via Let's Encrypt (internal CA or self-signed for LAN)
Extract all application code and database schema from the Windows server.
- Connect via RDP to 192.168.3.2, pull all .cs / .asmx / web.config files
- Document MSSQL schema: all tables, stored procedures, indexes
- Capture web.config connection strings and app settings
- Export full MSSQL database to .bak backup file
Port all 15 SOAP operations to Python FastAPI. Maintain same XML/SOAP contract for clients.
- Port business logic from C# to Python (FastAPI + SQLAlchemy)
- Use
spynelibrary to expose SOAP/WSDL endpoint for backward compatibility - Add REST endpoints alongside SOAP (modern clients can use JSON)
- Migrate MSSQL stored procedures to PostgreSQL functions
Migrate MSSQL database to PostgreSQL with full data integrity verification.
- Convert schema using
pgloader(automated MSSQL → PostgreSQL migration) - Migrate all data rows with checksums for verification
- Test all 15 API endpoints against migrated database
- Set up daily automated PostgreSQL backups to ZFS snapshot
Both servers live simultaneously. All API calls tested for identical responses.
- Send test API calls to both servers, compare XML responses 1:1
- Validate all 15 operations with real fulfillment data
- Performance test: FastAPI target 10x throughput improvement over IIS
- Client notification: announce new server IP/URL (no contract changes)
Switch all traffic to Ubuntu server. Windows VM decommissioned permanently.
- Update DNS / internal routing to point to new Ubuntu server IP
- Monitor for 48 hours — zero client disruptions target
- Shutdown Windows VM (keep stopped, not deleted, for 30 days)
- After 30 days: delete VM 128, reclaim 540GB ZFS storage