Modernize legacy .NET apps to Amazon EKS using Windows containers and CloudHedge CHAI

In today’s fast-paced cloud transformation landscape, organizations face the critical challenge of modernizing their legacy Microsoft .NET applications efficiently while minimizing risk and maximizing return on investment. Many customers are turning to containerization, often starting with Linux containers to modernize applications built on .NET Core or other cross-platform frameworks. However, legacy .NET Framework applications often depend on Microsoft Windows-specific APIs like Microsoft Messaging Queue (MSMQ), Windows Authentication, or third-party libraries and integrations that are not compatible with Linux. Because of these limitations, refactoring the applications to run on Linux is not always feasible in the near term.

In this blog, we will show you that in these cases, Windows containers provide a practical modernization path by extending the life of existing investments while accelerating the cloud journey. We will also include customer case studies.

Benefits for Windows containers

Modernizing legacy .NET applications using Windows containers offer several key technical advantages that align with Amazon Web Services (AWS) best practices for application modernization:

1. Simplified License Management: Windows containers share the host’s Windows Server license through Microsoft’s Server Core licensing model, potentially reducing per-instance licensing costs compared to full VMs.
2. Legacy Application Compatibility: Retain access to Windows-specific APIs and COM (Component Object Model) components that aren’t available in Linux containers, enabling containerization of applications with Windows dependencies.
3. Gradual Modernization Path: Enables a phased approach where applications can be containerized first while maintaining Windows dependencies, then optionally modernized to .NET Core/Linux containers later.
4. Cost Benefits: The following infographic illustrates how modernizing ASP.NET applications with Windows containers can significantly reduce infrastructure costs. In the traditional model, each application typically runs on a dedicated Amazon Elastic Compute Cloud (EC2) instance or on a shared EC2-based windows server running Internet Information Services (IIS), leading to underutilized resources and higher expenses. By contrast, containerization enables multiple applications to be consolidated on a single EC2 instance. As shown, a 1:many ratio can be achieved by running multiple containerized applications on the same footprint that previously supported just one—delivering substantial savings in compute costs while improving resource efficiency. Even though it’s dependent on resource requirements and instance sizing, following diagram shown the benefits of running containerized applications.

Fig 1: Benefits of running Containerized applications

Modernization options for customers

For customers modernizing .NET applications without changing source code, there are several options to run workloads in AWS using Windows containers.

• AWS Transform for .NET accelerates large-scale modernization from .NET Framework to cross-platform .NET by up to 4x. With the .NET modernization agent, modernization teams can collaboratively execute larger and more complex projects with consistency, remove Windows license dependencies to reduce operating costs by up to 40%, and enhance code quality, performance, and security.
• Leverage AWS funded Independent Software Vendors (ISV) solutions and tooling which offer enterprise-grade packaging and operational support for more complex or legacy .NET scenarios, helping organizations reduce the engineering overhead of containerization.

In this blog article, the CloudHedge team, one of our ISV partners, takes you inside the architecture of their modernization tool, showcasing its standout features and practical capabilities that enable customers to rapidly modernize their .NET Framework applications on AWS.

CloudHedge introduction

CloudHedge was founded in 2017 with the goal to help customers innovate faster by addressing the bottleneck of incompatibility of legacy applications with modern cloud. Their flagship product, CloudHedge AI (CHAI), helps enterprises accelerate their modernization journey through intelligent automation and containerization capabilities. CHAI focuses on dynamic runtime analysis, observing the application as it runs to map dependencies and behavior without necessarily requiring access to the source code. This positions CloudHedge to uniquely address scenarios where source code is missing or unreliable, a common challenge with deep legacy systems. CloudHedge has achieved the AWS Migration and Modernization Competency status, a designation that validates its technical proficiency and proven customer success. Prerequisites

You should have the following resources or configurations before implementing this solution.

• AWS Account
• Amazon Virtual Private Cloud (Amazon VPC) with private and public subnets
• Network routing is properly setup with Internet Gateway and NAT Gateway
• Amazon EKS cluster with Windows nodes
• AWS Identity and Access Management (IAM) role with permission to Amazon EKS cluster
• CloudHedge license

CHAI Architecture

CloudHedge’s CHAI provides customers the ability to modernize their applications with minimum investment while taking maximum advantage of the tool’s patented automated migration and modernization solutions. The following diagram delineates the high-level architecture of CHAI platform and its components.

Fig 2: CHAI Architecture

• CloudHedge AI Server (CHAI Enterprise): This is a server/VM where CHAI Enterprise Software is installed within the customer’s environment; it responsible for storing all discovered data within the organization’s control.
• Docker Build Box (Linux): This is a Linux server/VM with docker installed on it. It is responsible for creating and testing Linux-based application containers.
• Docker Build Box (Windows): This server is for creating and testing Windows-based application containers.

Discovery with CHAI

CloudHedge’s CHAI platform begins the modernization journey by automatically discovering applications running in customer environments. The discovery process is agentless and leverages Windows Remote Management (WinRM) to securely connect to target Windows servers. Once connected, CHAI collects detailed metadata about the applications, including services, configuration files, dependencies, and runtime characteristics. This lightweight, non-intrusive approach ensures that customers do not need to install additional agents on their servers, reducing operational overhead and simplifying adoption. As shown in following screenshot, by providing a comprehensive view of application components and their dependencies, CHAI enables customers to quickly identify which .NET Framework applications are suitable for containerization and plan modernization steps with confidence.

Fig 3: CloudHedge DART discover host inventory

As part of the discovery process, CHAI also provides rich topology visualization features that map out the relationships between applications, services, and underlying infrastructure. By leveraging data gathered through WinRM, CHAI constructs an application topology that highlights interdependencies such as communication patterns, service bindings, and port usage. This end-to-end visibility allows teams to understand how .NET Framework applications interact with their environment, identify potential migration risks, and plan containerization strategies more effectively. The topology view helps eliminate blind spots by showing not only the application itself but also how it connects to external components, which is crucial when designing resilient deployments.

Fig 4: CloudHedge DART application dependency graph

Rationalization with CHAI

After discovery, CHAI helps organizations move from raw inventory to actionable insights through application rationalization. One of the key capabilities is the grouping of applications based on dependencies, usage patterns, and business criticality. By clustering related services and applications together, CHAI enables teams to act on the modernization recommendations of the CHAI platform, focusing on which workloads should be modernized, rehosted, or retired as a group rather than in isolation. This approach reduces migration risks by ensuring that tightly coupled applications are containerized and deployed in a coordinated manner. Grouping also allows enterprises to prioritize modernization efforts based on organizational goals, such as focusing first on clusters of applications that deliver the greatest business value while deferring less critical workloads. The result is a clear, structured modernization roadmap that aligns technical execution with business priorities.

Fig 5: Generating blueprint for modernization in CloudHedge Flow

Transformation with CHAI

Once applications are discovered and rationalized, CHAI moves into the transformation phase to containerize and deploy workloads onto Amazon Elastic Kubernetes Service (Amazon EKS). This process requires the BuildBox, a dedicated environment required to package applications into Windows container images and push them to Amazon Elastic Container Registry (Amazon ECR).

With the container images ready, CHAI supports a “bring your own cluster” model, where customers can connect to their existing Amazon EKS environments by simply providing the kubeconfig file.

This integration allows CHAI to work seamlessly with customer-managed Amazon EKS clusters without requiring new infrastructure. CHAI then automatically generates a blueprint, which defines the Kubernetes resources—including Deployments, Services, and Ingress rules—needed to run the application.

Fig 6: CloudHedge Flow migration report

During deployment, CHAI provisions the workloads onto Amazon EKS, configures the necessary Elastic Load Balancer (ELB), and exposes an external URL so that users can immediately access the modernized .NET application. This end-to-end automation accelerates transformation by eliminating manual YAML authoring and simplifying the path from legacy servers to production-ready Kubernetes workloads.

Fig 7: New deployment in AWS environment

Sovereign intelligence with CHAI

In addition to automated discovery and modernization workflows, CloudHedge enhances usability of collected application data through natural language interaction within the CHAI Universe offering. CHAI Universe acts as an MCP (Model Context Protocol) server/host that enables composable, harmonious, scalable modernization with minimal disruption. Through its connection to enterprise systems, APIs, and tools via MCP servers, CHAI Universe dynamically discovers and invokes modernization workflows from multiple environments. (On-premises, Cloud etc.) while maintaining the sovereignty, auditability, and composability of the collected data in a hybrid/on-prem/cloud context.

CHAI Universe serves as the orchestrator and decision layer for the CHAI appliance, ensuring seamless transitions from Day 1 to Day 2 of the Migration and Modernization process. CHAI Universe’s agents are designed for standardized interoperability, eliminating the need for custom connectivity enablers when accessing enterprise tools via MCP. This connectivity and interoperability support dynamic modernization workflows and multi-tenant deployments while reducing integration timelines for third-party or customer-specific tools. CHAI Flow’s integration with CHAI Universe’s MCP-provided tools supports accelerated modernization timelines based on application intelligence collected by CHAI DART.

CHAI Universe allows you to transform collected application intelligence and modernization recommendations into a secure Sovereign Intelligence interface. With CHAI Universe, you can retain full control of the information located within your modernization knowledge base. CHAI Universe is not trained on client provided data, as it only has access to the metadata originating from a customer’s target environment. For customers working in highly regulated industries, the CHAI Universe knowledge layer is designed to operate in an air-gapped configuration and strictly resides within the organizations security enclave, helping reduce the risk of data exfiltration and data poisoning.

Fig 8: CHAI Universe

Leveraging LLMs like Amazon Bedrock, CHAI Universe allows you to query insights generated by CHAI DART using plain English prompts rather than manual navigation of detailed inventories and reports. This approach transforms discovery outputs into Sovereign Intelligence, an easily accessible knowledge layer, allowing architects, analysts, and operators to quickly surface answers to complex questions such as application dependencies, migration readiness, or resource optimization opportunities.

This comprehensive journey – from gathering sovereign application intelligence to containerized deployment in a target AWS environment – demonstrates the power of CloudHedge’s CHAI platform in modernizing .NET applications for Amazon EKS. By leveraging automated discovery, intelligent rationalization, and streamlined containerization, you can significantly accelerate your cloud transformation initiatives. This approach not only reduces the time and complexity associated with application modernization but also minimizes risk and maximizes the benefits of running containerized workloads on Amazon EKS.

Customer success story: U.S government technology services provider: A leading U.S. government technology services provider partnered with CloudHedge to modernize a highly complex, mission-critical Windows application originally developed more than 20 years ago for a customer. The application faced both technical inertia and modernization urgency—prompting a shift to a containerized architecture on Kubernetes.

Results:

• 900% faster modernization
• 2.5 months to complete modernization (vs. 24+ months typically seen)
• 25,000+ human hours saved

These figures highlight a leap in efficiency and workforce productivity, giving the customer a compelling modernization trajectory.

Fig 9: Customer 1 Success Metrics

By leveraging CloudHedge’s CHAI platform and AWS Transform our customer transformed a complex, monolithic Windows application into a modern containerized architecture in a fraction of expected time and cost. This modernization effort maintained mission continuity, reduced manual labor, and significantly accelerated time-to-value, demonstrating how automated, intelligent modernization platforms can deliver exponential business outcomes in demanding enterprise settings.

Customer success story: Japanese mobile network provider: A leading Japanese mobile network provider, renowned for pioneering W-CDMA technology, operates an international mobile commerce platform serving telecom carriers, merchants, and global brands. Facing data center lease expiration and scalability constraints, the organization sought a faster, cost-efficient path to modernize more than 1,300 mission-critical applications running across 2,500 virtual machines, without rewriting source code or disrupting business operations.

Results

• 65% faster modernization (completed in 6 months vs. 18 months expected)
• 55% reduction in operational costs (OpEx)
• Zero source-code changes required
• Automated deployment with continuous delivery pipelines

These outcomes demonstrated how automation and AI-driven modernization on AWS drastically accelerated time-to-cloud while improving agility and scalability.

Fig 10: Customer 2 Success Metrics

By leveraging CloudHedge’s CHAI platform in collaboration with AWS modernization services, the customer achieved a full transformation from on-premises data centers to a cloud-native, container-ready architecture. This effort eliminated technical debt, cut modernization timelines by more than half, and unlocked a future-ready foundation for continuous delivery and innovation in mobile commerce payments.

This automated approach ensures that businesses can quickly realize the benefits of containerization, including improved scalability, portability, and resource utilization. By adopting CloudHedge’s CHAI platform in conjunction with Amazon EKS, organizations can confidently embark on their modernization journey, knowing they have a powerful toolset to support their transformation goals.

Cleaning up

To avoid incurring future charges, delete the resources that were created. If you manually added the EC2 instance as described in this blog post, then you can simply delete the EC2 instance.

Conclusion:

Application modernization is no longer just about moving workloads to the cloud—it’s about transforming how organizations operate. By leveraging containerization on Amazon EKS and adopting AWS modernization services, enterprises can re-architect legacy Windows and .NET applications into agile, scalable, and cloud-optimized systems without costly code rewrites.

Modernization through containers also provides measurable financial impact. By eliminating Microsoft Windows Server and SQL Server licensing dependencies, customers can reduce operating expenses by up to 40%, consolidate workloads more efficiently, and improve resource utilization.

Through AWS-provided and AWS-funded ISV tooling, customers gain multiple modernization pathways—whether rehosting, refactoring, or replatforming—to meet diverse business and technical requirements. This ecosystem of automation and intelligence enables faster, safer, and more cost-effective modernization journeys, helping organizations unlock innovation while maintaining operational continuity.

Next Steps

If you are interested in learning more about CloudHedge’s solution and other AWS migration and modernization topics, you can refer to the following links.

CloudHedge in AWS Marketplace

Getting started with CloudHedge CHAI Assessment

Learn more about AWS Migration ISV Tooling program

Have questions or want to share your own modernization experience? Let us know in the comments below.

Disclaimer: The content and opinions in this blog are those of the third-party author and AWS is not responsible for the content or accuracy of this blog.