Migrating legacy applications to AWS: End-of-Support Migration Program and App2Container

Sebastiaan Brozius Cloud Consultant
Publish date: 11 March 2024

Many organizations face challenges migrating their legacy applications to Amazon Web Services (AWS). Applications might depend on older, unsupported operating systems with limited in-house expertise, and/or missing access to installation media or source code.This leads to situations where the underlying operating system is no longer receiving (security) updates which result in a higher risk of application failure and security and compliancy issues. Getting extended application support is expensive and delays the actual migration and modernization. 

AWS offers tools to help migrate your application to the cloud, such as AWS App2Container (A2C) and AWS End-of-support Migration Program (EMP). In this blog, I delve deeper into these tools to help you on your migration journey to Amazon Web Services (AWS).  

AWS App2Container 

AWS App2Container (A2C) is a command line tool that helps lift and shift applications that run in on-premises data centers or on virtual machines, so that they run in containers that are managed by Amazon ECS, Amazon EKS, or AWS App Runner. 

Moving legacy applications to containers frequently marks the initial step towards modernizing applications. 

There are many benefits tocontainerization: 

  • Reduce operational overhead and infrastructure costs 
  • Increase development and deployment agility 
  • Standardize build and deployment processes across an organization

A2C generates containers that are compatible with the Open Container Initiative (OCI), and can optionally create a CI/CD pipeline with AWS CodePipeline and related services, to automate building and deploying the application containers. 

A diagram of a application process
Description automatically generated

The following application types are supported: 

  • Java applications (Linux) 
  • ASP.NET applications (Windows/Linux) 

Operating systems supported are Windows Server 2008 and later, Ubuntu 18.04 and later, CentOS 8 and later, RHEL 7 and later, Amazon Linux 2 and Amazon Linux 2023. 

Resources that are external to the application server such as databases are not supported by A2C. Tools like AWS Database Migration Service can support in the migration of Databases  to AWS. 

A2C has some limitations that you need to be aware of: 

  • A2C doesn't support ASP.NET applications with the following characteristics:  
  • When the application has an OS related dependency on Windows 2008 and/or 2012 
  • It is using files and registries outside of IIS web application directories 
  • It has a dependency on other Windows services or processes outside of IIS. 
  • Except for Tomcat and JBoss 7+ application, A2C’s containerization of generic Java applications (for example, ones using WebSphere or WebLogic) involves packaging entire file system without system and kernel files. This can result in a larger container image. You may have to manually exclude files to reduce the size of the images, if desired. 
  • For Tomcat and JBoss v7+ applications, A2C container image only includes files directly utilized by the application. The container image doesn’t include files related to package management and versioning. If you use A2C generated container image as base image and try to update the applications or its dependencies through a package manager, then such updates may fail. 
  • A2C doesn't currently support Cluster/HA mode for Java applications 


AWS End-of-support Migration Program 

The AWS End-of-Support Migration Program (EMP) for Windows Server provides tools to migrate your applications running on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the latest, supported versions of Windows Server running on AWS, without code changes. 

The EMP toolset creates packages for legacy Windows applications to run on any supported version of the operating system. It includes a set of packaging tools, which are used to address various packaging scenarios. When a package is created, application runtime analysis detects application file and registry activity, including additional configuration changes that occur when the application first runs. The EMP package is deployed with a command passed to its deployment program. Deployment can be automated with scripts or managed by enterprise tools, such as AWS Systems Manager. 

A diagram of a product
Description automatically generated

It can be used to repackage an existing installation, or fresh installations. 

The following application and component types cannot be migrated using EMP: 

  • Applications that do not run on the Windows operating system. 
  • 16-bit applications. If the target operating system is a 64-bit Windows operating system, the NT Virtual DOS Machine (NTVDM) required to run these applications is available on 32-bit Windows operating systems only. 
  • Kernel-mode drivers that are a different bitness than the target operating system. Device drivers are not virtualized with EMP and therefore must be compatible with the target operating system. Compatible drivers can be deployed with the package. For example, if you are moving to a 64-bit operating system, you must have a 64-bit driver that is compatible with the new operating system. 
  • Low-level applications. For example, antivirus, firewall, and VPN applications. 
  • Explorer Shell Extensions. 
  • Microsoft BizTalk and Microsoft Transaction Server (MTS)-based systems. 
  • Desktop applications. 

Migration to AWS

Using these tools can help you overcome the obstacle of unsupported operating systems when migrating to AWS, by abstracting the operating system away from the applications. 

Using A2C for those applications that are supported, helps you to reduce the administrative overhead of managing an instance, by containerising the application. And by using CI/CD you can also automate deploying updated versions of the applications. 

For those applications that can not be migrated using A2C, EMP can provide a solution by repackaging the application so it can be run on a supported version of Windows Server on AWS. 

Shifting away from unsupported operating systems helps you with reducing or even negating maintenance overhead, possible costs of security breaches and downtime of applications. 

The ability to easily re-deploy the applications in case of high load or failures, reduces downtime and shortens the time needed to perform a disaster recovery. 


Getting started with migration 

These are just a few of the tools that can be used to migrate your (Windows) workloads to AWS and improve on your security posture. 

To learn more about AWS App2Container or AWS End-of-support Migration Program, have a look at the following resources and/or contact us if you want more information: 



Meer weten over hoe CloudNation jouw bedrijf kan helpen?


Let's talk
Ruben van den H-2
Sebastiaan Brozius Cloud Consultant
Publish date: 11 March 2024

Meer kennis, how-to's en inzichten ter inspiratie