CAST - Modernizing your .NET apps to Windows containers on Azure Kubernetes Services
Published Jan 30 2024 06:37 AM 6,770 Views

This blog post has been co-authored by Microsoft and Damien Santé and Emmanuelle Castaings at CAST.


Windows Containers have reached a great level of maturity, allowing customers to run production grade workloads with limited code refactoring. Though, specific compatibility checks are highly recommended for .NET applications, for example, to avoid discovering blockers hidden in source code during the migration, triggering unplanned fixes in urgency, additional time and costs.


To ensure an effective migration, a rapid portfolio analysis using CAST Highlight can be performed. It will automatically provide insights from custom source code, including the list of containerization blockers and indicative effort estimates to remediate. CAST Highlight will also automatically show a path to modernization post containerization leveraging Azure PaaS services. CAST Highlight is an automated solution where hundreds of custom applications can be analyzed within a few days, with no source code disclosed and no intrusion on production systems. 


Since 2019, CAST has been working alongside Microsoft to automate the migration and modernization of custom applications for hundreds of clients worldwide, addressing a large variety of old and new languages such as C#, C++, VB.NET, Java, JavaScript, Python, Cobol and more, and various application types among Windows, mainframes, monoliths, databases and others.  


This blog will cover the following sections: 

  1. CAST Highlight overview 
  2. How to use CAST for Windows container apps on AKS 
  3. Common containerization blockers, and CAST recommendations 
  4. Optimize further and prepare the modernization, using CAST
  5. Illustrative case study on eShop applications & Customer Case Studies 



CAST Highlight Overview 

CAST Highlight provides a rapid analysis of the entire portfolio of custom applications, bringing data and facts to your modernization journey. CAST Highlight analysis is a rapid 3-steps process scanning hundreds of applications in a week.


CAST Highlight acts as a Control Tower for the tens or hundreds of applications in your portfolio helping you make informed decisions on governance, open-source risk control, greener software, and cloud modernization: 

  1. Cloud Maturity: 5Rs segmentation, roadmap to PaaS, containerization and cloud blockers, removal effort estimates 
  2. Software Health: resiliency, agility, complexity, technical debt 
  3. Open-source risks: security vulnerabilities, obsolescence, legal IP risks 
  4. Green Software: code deficiencies, recommendations with respect to industry good practices 





CAST + Windows on Azure Kubernetes Service 

Get actionable recommendations on containerization blockers

CAST Highlight shines a light on specific Cloud patterns that are blockers for containerization of applications, a subset of our 400+ existing patterns. Those patterns are agnostic to the target container, for instance, if an application is using DLLs, as part of the containerization tasks, the container definition (.dockerfile) should copy these required libraries and execute their registration if needed. 


Nota Bene: CAST Highlight will not generate the Dockerfile but recommend the best options to be utilized. See here more details on how to optimize the Dockerfile configuration. 


CAST Highlight lists in a dedicated tab all the containerization blockers and related details:  

  • Documentation pop-up for each blocker with rationale, level of criticality, impact on containerization tasks 
  • Technology/language triggering the blocker and number of occurrences in the code (roadblocks) 
  • Estimated remediation effort based on customizable abacus. 
  • At the portfolio level: list of applications where the blocker was found and at application level: list of files where the blocker occurred. 





Common containerization blockers, and CAST recommendations 

CAST Highlight provides the rationale for each containerization blocker categorized in three types of impact: 

  • Blockers impacting the container only. 
  • Blockers impacting the application code. 
  • Blockers impacting the application architecture. 


Blockers impacting the container only. 
  Registry Settings - Using Windows registry to store Application Settings  

The problem: Legacy applications often use Windows registry to store application settings. The good practice consists of avoiding OS-specific storage such as Windows Registry, as in the container the operating system is not guaranteed to be the same.  


The solution: CAST Highlight lists all your code files declaring registry dependencies so you can create a .reg file containing all the entries required by the application then edit the Dockerfile to copy it inside the container on creation and add the registry entries. 


CAST Highlight detects other blockers that impact the container configuration such as usage of a temporary local file or directory, applications using other configuration files than web configuration, applications using system DLLs or COM Components, etc. 


The figure below illustrates the description of the blocker in CAST Highlight with criticality, impact, rationale and references.




Blockers impacting the application code. 

Temporary Files - Access to environment variable 

The problem: applications accessing environment variables. This blocker impacts the application code, architecture, and the target container.  


The solution: CAST Highlight provides the list of files for which an environment variable needs to be set up, so you can ensure it will exist in your container. It also gives the effort estimate to remediate the issue in the code.  There are two ways this information can be passed down to the container. You can use the -e option in the run command of your docker container. It is adequate when the number of variables is low. However, as soon as we have more than a handful of variables, it can quickly become cumbersome and error prone. Another option is preferred where you can specify the file where to read values from, called an env_file. 


CAST Highlight detects other blockers requiring changes in the application code such as stateful sessions, hardcoded credentials, network IP address (IPV4, IPV6) or unsecure network protocols (HTTP, FTP). 





Blockers impacting the application architecture 

Security & User Authentication- Using Webform Authentication  

The problem: Applications using Webform Authentication which requires that user accounts and passwords be created and managed in a storage such as a database. This mechanism does not offer the flexibility of claims-based authentication and should not be used in Cloud applications. This is blocker which impacts the application architecture and code.  


The solution: Use the CAST Highlight output listing all your code files declaring Webform Authentication dependencies. Review the dependencies in each file. Refactor the app to be AD-integrated and leverage Active Directory domain identities to support your authentication scenario. To achieve this, you can configure a Windows container to run with a group Managed Service Account (gMSA), which is a special type of service account introduced in Windows Server 2012 designed to allow multiple computers to share an identity without needing to know its password. 


CAST Highlight also detects code performing file or directory manipulation, which creates files or folders on the local file system (C: or D: drives), or applications using a middleware application such as asynchronous messaging middleware. 





Illustrative case study on eShop applications 

This section describes the analysis performed on eShop applications, focusing on a legacy version of the code base (eShopLegacy) and a version that has been modernized (eShopModernized). We then review the results of analysis as it relates to containerization and identify key findings and recommendations.  


Repository overview 

The eShopModernizing repository contains 6 applications with a total of 91 000 lines of code in mainly C#, ASP.Net and JavaScript languages: 


The first group is composed of 3 applications called “eShopLegacy*” containing the code before the containerization. 

  • eShopLegacyMVC is a traditional Web app ASP.NET WebForms and MVC in .NET Framework. 
  • eShopLegacyNTier is an N-Tier app based on a WCF service. 
  • eShopLegacyWebforms is a client WinForms desktop app. 


The second group is composed of the modernized version of the above 3 applications after containerization to Windows Containers and Azure Cloud.  


Containerization insights 

In total, the 6 eShop applications show 5 containerization blockers.  






Three blockers impact the container configuration: 

  1. Access to environment variable 6 occurrences found in Ruby files. 
  2. Using other configuration files than Web configuration 6 occurrences in C# code. 
  3. Using connection strings for database connection: 4 occurrences in C# code of eShopModernized* apps. 


Two blockers impact the applications architecture found in C# code: 

  1. Using file system: 3 occurrences found 
  2. Perform File Manipulation: 15 occurrences found. 


The figure below illustrates the containerization insights collected by CAST Highlight: in which application, with estimated effort to remediate them, number of occurrences found for each blocker (roadblocks), technology involved and impact (Container only, Architecture, Code). 





Remediating those blockers would take roughly: 

  • 0.36 person-day effort on the eShopLegacy* applications 
  • 0.52 person-day effort on the eShopModernized* applications 

The estimated remediation effort only concerns the changes in the code, it must be added to surrounding tasks such as regression testing, project management, etc. 


Why addressing the blockers in the code prior to containerization 

In summary, we would spend less effort to fix the blockers before migrating the eShopLegacy* applications, compared to the effort spent on remediating the same applications after containerization. 


For the eShopCase, the analysis of both versions of the codebase indicates that the best approach would have been to first address the blockers found in the legacy version prior to containerization. This approach required less effort than addressing the blockers after containerization. In fact, additional files were created in the modernized version to accommodate the new platform which added new issues and blockers. 


Sample blockers details: “Using direct Database Access through Connection Strings” 

Database connection strings are very sensitive data in a Cloud application as they protect access to data storage or other application services. As a result, connection strings must be protected to prevent data theft. It is recommended to store this kind of sensitive data in a secured cloud-based storage such (e.g. Azure Key Vault). This blocker impacts the container configuration, a documentation and references with the patterns detected in the code are available for each of the blockers in CAST Highlight: 






This blocker has been found in 2 eShopModernized* applications: eShopModernizedMVCSolution  eShopModernizedWebFormsSolution. This blocker was not detected in any Legacy application. 





CAST Highlight detects 15 other blockers for containerization, find them all here: (refer to the ‘Containerization’ column). 

Third-Party compliance 

Third-party frameworks may not all be supported since Microsoft doesn't specifically certify or support the use of non-Microsoft frameworks on Windows Containers. For each framework, you need to check that the vendor or application supports the policy for Windows containers, a frequent example being dependencies to Crystal Reports. 


CAST Highlight makes an inventory of all third-party and open-sources components used by the application, either from dependencies declared in configuration files or directly in the code, or through physical libraries (JARs, DLLs) allowing you in one click to visualize all components used in your application portfolio. CAST Highlight also detects Common Vulnerabilities and Exposures (CVEs), obsolescence and licenses embedded in the 3rd-Party and Open-Sources Software components and generates a Software Bill of Materials. 


On eShop applications, a few 3rd-Party frameworks such as ANTLR, autofac, log4net, owin or Pipelines.Sockets may require to use a docker image, a pre-installed SDK or publish a self-contained app including all the dependencies. Additionally, 8 high level CVEs were detected which may require an update to ensure maximum security on the container. 


The figure below illustrates the CAST Highlight Software Composition insights including the Bill of Materials. 




Modernizing further 

Identify “noisy neighbors.”  

An additional value of CAST Highlight are insights on the portfolio Health indicating how your applications comply with programming good practices that impact resiliency, agility, complexity or technical debt. 




Insights from CAST Highlight can help act proactively to avoid potential “noisy neighbors” in a large application portfolio for which you may not have a precise knowledge of each application. 


Applications showing a very low resiliency score in CAST Highlight would need special attention. For example, they may cause memory overflow, which, when containerized, will impact the computing resources consumption on the node. Neighboring containers will suffer unless resource management is enabled thanks to Azure Kubernetes Services through the Set Limits and Set Namespace Quotas directives. Eventually, the orchestrator would terminate the container or the pod, rather than firing another one, resulting into irrelevant additional costs and resources! 


The figure below illustrates the application Resiliency by application in CAST Highlight, each application is represented by a bubble. 




Modernize towards PaaS. 

Once eShop applications are containerized on Windows AKS, it does not mean they are ready for PaaS. 

CAST Highlight Portfolio Advisor for Cloud indicates that opportunities for modernization could be considered on eShop applications for an estimated effort of less than 2 person-days, allowing to benefit from Azure Cloud Services such as Azure Storage or Azure Batch. Parallelly, other services could be leveraged immediately such as Azure Monitor.  


On eShop Applications, CAST Highlight detected 2 PaaS blockers. Firstly, hardcoded URLs using the HTTP protocol (HTTP/HTTPS) which would need to be replaced by the new resource's URL during the refactoring. Secondly, use of Log4Net for application logs management which should be replaced by Azure Application Insights. 


See live here in more details how CAST Highlight helps on the Migration to PaaS journey. 



Transform the Architecture Design.  

Going further in modernization, eShop applications could be ported to a more modern design on .NET 6 and the legacy UI components such as ASP.NET/MVC could be refactored to Blazor. CAST Imaging helps accelerate such modernization initiatives by providing architecture blueprints of applications and automatically creating a comprehensive knowledge repository.


Application teams are enabled to rapidly discover the as-is architecture design in detail and prepare the transformation project whether refactoring to PaaS, implementing technical improvements, or engaging in a deep re-architecture. See CAST Imaging live here. 


Customer Case Studies 

Below selected customer cases leveraging CAST for containerization: 

  1. Auto tech firm assesses cloud readiness of apps 5x faster with CAST Highlight : The client compared the time it took to manually assess a few well understood apps with CAST Highlight’s automated approach; the latter was five times faster with the same accuracy. CAST Highlight analyzed all 134 apps in under two days and produced insights including the cloud readiness of each app, specific blockers that needed to be remediated within the code par app, per move group, per business unit.  CAST Highlight results were crucial for the many apps that did not have dedicated teams. Within five weeks, the client containerized 40 of their apps and developed a plan to complete the process for the rest of the portfolio with recommendations on cloud services that each app could adopt once migrated. 
  2. Head of Engineering at Major Asian e-commerce company engaged in containerizing ~300 applications (core and web/micro-services) declared that CAST helped reduce the dependencies identification in code to 3-4 weeks instead of 3-4 months and to 1.5-2 months to execute the migration instead of 3-4 months. CAST helped accelerate the onboarding i.e. shifting-left Annual Recurring Revenue.  
  3. Global media firm cuts cloud migration planning time in half with CAST Highlight : Thanks to well-understood apps, average app assessment time was cut in half when using the CAST Highlight's automation versus manual code reviews. They progressed to less familiar apps and the time savings become even more significant: up to 5 times faster with CAST.  It also identified nearly 50% of the applications that were good refactoring candidates for PaaS, enabling adoption of a cloud-native approach sooner than expected, even further reducing cloud consumption costs. Ultimately, the architect team was able to focus their efforts on high-value infrastructure and integration initiatives instead of manual code and framework reviews. 



Migrating .NET applications on Windows Containers with Azure Kubernetes Service provides significant value but demands preliminary checks, especially for custom applications. CAST products help throughout the journey to Azure, from planning the containerization to the succeeding modernization once on Azure. CAST Highlight provides actionable insights at application and at portfolio level, 2 to 4 times faster than a manual approach, including blockers to be remediated. CAST Highlight acts as a control tower for the portfolio. CAST Imaging offers deep insights into application code, allowing you to confidently execute the modernization acting as a knowledge base of your software. 


With CAST and Microsoft Azure as partners on the cloud journey, IT Leaders have the right solutions and expertise to retrieve knowledge of their custom applications, unblock the typical “discovery paralysis” in cloud migrations, then reach the full potential of their applications on Azure with less U-turns, higher responsiveness to business requests and better team efficiency while executing the transformation. 


Next steps  

For more details on CAST for cloud migration & modernization, please visit and on CAST Highlight specifically. 


If you wish to have your application(s) analyzed on CAST Highlight or CAST Imaging for migration to Azure, you may be eligible to Microsoft-funded CAST analysis through the Microsoft Solution Assessment program. Please contact your Microsoft representative or reach out to CAST on 


Alternatively, you can purchase a CAST Highlight SaaS subscription on the Azure Marketplace to run the analysis by your own. 

For any questions, please contact 

1 Comment
Version history
Last update:
‎Feb 06 2024 06:23 AM
Updated by: