AWS Legacy Application Access

Unblock AWS Migration with Browser Access to Legacy Windows Applications

WebStream helps AWS customers move legacy application access onto AWS while modernisation continues in parallel.

AWS Marketplace / Core Edition

Start on AWS with WebStream Core

Deploy WebStream Core on your own AWS account, publish one blocking application, and validate browser access end to end — before you commit to a wider rollout.

Common AWS Blockers

What stalls the migration

Most AWS programs stall on the same handful of access problems.

Legacy Windows apps

One irreplaceable Windows application holds an entire datacentre exit or migration wave hostage.

Datacentre exit

Lease and hardware deadlines force a move before the application is ready to modernise.

VPN / RDP dependency

Direct remote access creates audit gaps and fails cloud security review.

Endpoint install burden

Rolling out and supporting clients across every device slows the project and the help desk.

Public sector / compliance

Regulatory and procurement constraints rule out exposing a full desktop or uncontrolled access.

No repeatable pattern

One-off workarounds do not scale across a portfolio of remaining Windows blockers.

POC Workflow

From blocker to browser access in five steps

1. Identify one app

Pick the single workload blocking the AWS conversation — one app, one team, one outcome.

2. Deploy Core

Stand up WebStream Core on an EC2 instance in your own AWS account.

3. Publish first app

Publish the Windows application and open it in the browser — no rewrite, no client.

4. Validate flows

Confirm file, print, and session workflows behave the way users expect.

5. Expand to pilot

Reuse the same pattern across the next blocker app and scale toward production.

Architecture Overview

How it fits on AWS

A simple, documentable pattern your security team can sign off.

AWS-hosted Windows environment

The Windows application runs on EC2 in your VPC, lifted as-is from the datacentre — no RDP port 3389 exposed to users or the internet.

WebStream ACP

The control plane streams the application UI to the browser over TLS (HTML5/WebSocket) and enforces file, print, clipboard, and session policy with full audit.

Browser users

Users connect over HTTPS from any modern browser — no VPN, no RDP client, no endpoint agent to deploy or patch.

Identity & entitlement

Access is identity-gated per application, so users reach only the workload they are entitled to — not a full desktop.

Success Criteria

What a good POC proves

No endpoint install

Users reach the application in a browser with nothing installed locally.

File and print flows work

Upload, download, and print-to-PDF behave correctly under policy.

Session isolation holds

Sessions are isolated and audited to satisfy the security review.

Repeatable on AWS

The deployment is documented as a template you can reuse for the next app.

From First App Access to AWS Evaluation Start

See the full demo

Browser login, launching Windows applications, file workflows, and starting a WebStream Core evaluation on AWS.

Full WebStream demo — legacy Windows apps delivered through the browser on AWS.

Get Started

Review your AWS migration blocker

Tell us about the app that’s blocking your move to AWS. Prefer to give us full detail? Use the full assessment form.

FAQ

Common questions

Is this a full VDI replacement?

No. WebStream delivers specific Windows applications through the browser rather than full desktops. It is best when you need governed app access, not a complete desktop estate.

Does it require an application rewrite?

No. You lift the Windows application to an AWS EC2 instance unchanged and WebStream handles browser rendering and session control.

How does a Core evaluation work?

WebStream Core is the scale-limited evaluation edition. It runs on your own AWS account, you publish one application, and validate the workflows end to end — all accessed through the browser.

What about certificates and HTTPS?

For a production-like setup, place an Application Load Balancer with an ACM certificate in front of the instance; it handles HTTPS and WebSocket upgrades reliably.

What about RDS / CAL licensing?

WebStream does not deliver a Windows desktop session, so the model differs from RDS desktop access. Confirm Microsoft licensing for your specific applications with your licensing advisor.

What is session-hour pricing?

Paid tiers bill SessionHours — active streaming time only — with compute kept separate as your own EC2. You pay for use, not for seats or idle time.

Get Started

Unblock your AWS migration

Start an evaluation with WebStream Core — hosted in your cloud or ours, accessed entirely through the browser — and prove browser access to your blocking app within hours. For the setup walkthrough, see browser access to Windows apps on AWS.