Amazon EVS Adds Windows Server Licensing Entitlements for VMware Migrations

Amazon’s latest Amazon Elastic VMware Service (Amazon EVS) update is more than a routine feature add. By extending Windows Server licensing entitlements into EVS, AWS is making its VMware migration story materially more complete for enterprises that still run a large estate of Windows-based workloads. The change lowers one of the last practical barriers to moving traditional vSphere environments into AWS: licensing friction around Windows Server VMs.
It also signals a broader strategic pattern. AWS has spent the last several years turning VMware migration from a “lift and shift” exercise into a managed landing zone story, and the addition of Windows licensing puts EVS closer to a full operational replacement for on-premises infrastructure than a simple hosting platform. For customers under pressure to complete a data center exit, that distinction matters.

Background​

Amazon EVS is AWS’s native service for running VMware Cloud Foundation (VCF) directly inside an Amazon VPC on EC2 bare-metal infrastructure. AWS positions it as a way to preserve existing VMware tooling, operational models, and investment while accelerating migration to cloud infrastructure. The service moved from private preview to public preview in 2025 and is now being expanded in practical ways that make it more usable for real enterprise migration programs.
That matters because VMware environments are rarely homogeneous. Many enterprise workloads rely on Windows Server for line-of-business apps, file services, middleware, management tools, and internal platforms that are too deeply embedded to rewrite quickly. Historically, licensing complexity has been one of the reasons these environments stayed put longer than the infrastructure team wanted. AWS is now trying to remove that last mile of resistance.
The new EVS licensing model gives customers two paths. If they already have eligible Windows Server licenses with portability rights, they can continue to bring those licenses to AWS. If they do not, AWS can provide Windows Server license entitlements directly for EVS-hosted VMs, with billing based on per vCPU-hour usage. That hybrid approach is important because it addresses both legacy estates and newer Windows releases that may not have portable licenses.
The timing is also notable. AWS has recently expanded Microsoft-focused offerings in other areas, including Windows Server 2025 support in WorkSpaces and AWS-provided Remote Desktop Services licensing. The pattern suggests AWS is trying to make Microsoft platform dependencies feel less like an obstacle and more like a managed, consumable service layer across multiple product families.

---

Why This Launch Matters​

This launch matters because licensing is often the invisible blocker in migration projects. Infrastructure teams can provision capacity, networking, and storage, but if the licensing story is unclear, the project stalls. By integrating Windows Server licensing directly into EVS, AWS removes a layer of manual compliance handling that often consumes time, legal review, and architecture cycles.
The practical effect is that customers can now treat Windows VMs in EVS much more like any other workload with a defined consumption model. For workloads without portability rights, AWS-provided entitlements make the migration calculus cleaner. For workloads that can use BYOL, customers retain the option to maximize prior investment. That either-or flexibility is one of the strongest aspects of the announcement.

A migration blocker turned into a service feature​

For years, enterprises have had to map licensing rules against hardware placement, usage rights, virtualization boundaries, and activation behavior. That is tedious even in a stable data center, and it becomes more complicated during a cloud migration when workloads move in waves. EVS now wraps some of that complexity into a service workflow, which should shorten the distance between planning and execution.
A second effect is psychological. AWS is telling customers that VMware modernization does not require a simultaneous Windows modernization program. That is a meaningful message for organizations whose operating systems are not the problem they are trying to solve. The goal is to move infrastructure first, then decide later whether to refactor applications. That sequencing is often the only realistic path.

• Less licensing ambiguity
• Faster migration planning
• Reduced dependence on separate compliance processes
• Cleaner support for mixed Windows estates
• Better fit for phased data center exits

How the Licensing Model Works​

AWS is offering two licensing paths inside EVS. The first is BYOL for eligible Windows Server licenses that carry portability rights. The example AWS gives is Windows Server 2016 or 2019 licenses purchased before October 1, 2019. The second is AWS-provided Windows Server license entitlements, which are intended for VMs without portability rights, including Windows Server 2022 and 2025 scenarios.
The pricing model is straightforward on paper: customers pay per vCPU-hour for VMs they choose to entitle through AWS. AWS says it only charges for running VMs that are actively using the entitlement, and customers can add or remove entitlements as their environment changes. That creates a usage-linked model that should be easier to forecast than traditional perpetual-license gymnastics, though it still requires careful governance.

Why per-vCPU-hour matters​

Per-vCPU-hour billing aligns licensing cost with actual compute shape rather than with a static fleet count. That can be useful for seasonal workloads, bursty application tiers, or environments where VMs are frequently powered on and off. It also gives organizations a lever to constrain spend without having to redesign the application stack.
At the same time, it introduces a familiar cloud-management challenge: cost visibility. If VM power status changes and entitlement state changes are not tracked closely, teams can end up with surprises during chargeback or showback. Licensing flexibility is valuable, but only if the operations team treats it like a metered resource.

• BYOL remains important for older licensed estates
• AWS entitlements help with newer Windows versions
• Billing is consumption-based, not static
• Operational discipline still matters
• Automation becomes more important as VM count rises

The EVS Connector and Why It Exists​

One of the more interesting pieces of this launch is the introduction of EVS connectors. AWS says connectors let the EVS service communicate with the VCF management appliances in the environment, such as vCenter Server. The connector maps to a single management appliance and uses the appliance’s FQDN plus credentials stored in AWS Secrets Manager for authentication.
The connector is not just a plumbing detail. It is the mechanism that lets AWS observe VM lifecycle events and track Windows licensing usage accurately. In other words, AWS is relying on a managed connection to reconcile what exists in VMware with what is being entitled through the service. That is a sensible architecture, but it also makes operational hygiene more important than ever.

Security and control implications​

The blog’s workflow instructs customers to create a read-only user in vCenter and store the credential in Secrets Manager with a specific tag so EVS can retrieve it. That is a classic cloud pattern: limit privileges, centralize secret storage, and establish an auditable path for service access. It is also a reminder that licensing automation and security design are now tightly linked.
The upside is obvious. You reduce the need for human operators to manually reconcile every licensing event. The downside is that a misconfigured connector, a stale secret, or an incorrect role assignment could interrupt entitlement flow or create compliance confusion. The control plane is only as reliable as the credentials behind it.

• One connector maps to one management appliance
• Credentials are stored in Secrets Manager
• Read-only access limits risk
• Connector health becomes operationally important
• Lifecycle visibility supports licensing compliance

Step-by-Step Configuration Flow​

AWS’s walkthrough breaks the process into a sequence that will feel familiar to anyone who has ever wired cloud automation into a virtualization stack. First, create the vCenter account and store its credentials in Secrets Manager. Second, create the EVS connector. Third, add Windows Server entitlements using VMware VM IDs. Fourth, create the VPC endpoint and configure the VMs to point at the AWS-provided KMS activation service.
The fact that AWS documents the flow as a guided sequence is itself meaningful. It suggests the company wants EVS to be adopted by infrastructure teams that need repeatable, supportable procedures, not just by early adopters willing to improvise. That makes the feature more enterprise-friendly, even if it also reveals that the process is not yet fully invisible.

The four operational steps​

• Create a vCenter user with ReadOnly permissions and store the credential in Secrets Manager.
• Create an EVS connector using the vCenter FQDN and secret.
• Add Windows Server license entitlements by VM ID, either manually or via CSV.
• Configure a VPC endpoint for Windows Server activation and point the VMs to the provided KMS server.

There is also a scaling nuance here. AWS notes that each entitlement can include up to 100 VMs, which means larger environments will need to batch requests. That is not a deal-breaker, but it does reinforce that this feature is designed for structured operations, not one-off tinkering.

• Use a dedicated vCenter account
• Store secrets centrally
• Wait for connector health to pass before entitling VMs
• Batch VM IDs in groups of 100
• Validate activation before scaling deployment

Windows Activation and the KMS Endpoint​

The final leg of the process is Windows activation through AWS’s provided KMS service endpoint. AWS instructs customers to create a VPC endpoint for the Windows Server activation service and then configure each entitled VM to use that private DNS name on port 1688. In practical terms, this is how the entitlement and the OS activation pieces come together.
For administrators, the command-line flow will look familiar: set the KMS server with slmgr /skms, activate with slmgr /ato, and verify with slmgr /dli. The novelty is not the Windows activation mechanism itself, but the fact that AWS is now operating the activation path as part of the EVS service experience.

What this means in practice​

This design keeps activation traffic inside the cloud network boundary rather than forcing customers to improvise with external routing or brittle network exceptions. It also makes the entitlement workflow closer to a standard cloud service behavior, where the platform provides the activation substrate and the customer focuses on the VM estate. That is a cleaner model for migration teams.
Still, activation adds another component that can fail. Security groups must allow inbound TCP 1688 from the Windows Server VMs, the endpoint must be available, and the private DNS name must be copied correctly. Those are manageable tasks, but they are not trivial in large environments with multiple subnets and segmented policy zones. Small configuration mistakes can become big deployment delays.

• KMS activation stays within the EVS environment
• Port 1688 must be open
• Private DNS accuracy matters
• Manual and automated configuration are both supported
• Activation success can be verified from inside the VM

Enterprise Impact Versus Consumer Impact​

For enterprises, this is the real story: the feature helps large organizations preserve Windows licensing continuity while moving VMware workloads to AWS. That is especially useful when the migration strategy is not “replace everything,” but “move the platform first, rationalize later.” In that world, licensing compatibility can determine whether a migration wave goes out in months or stalls for quarters.
Consumers and small teams will see far less immediate value. EVS is an enterprise service with VCF, vCenter, bare metal instances, and migration-oriented tooling. The licensing convenience is real, but it is aimed at organizations with existing VMware estates and formal operational governance, not at individuals spinning up a lone Windows VM for a side project.

Where enterprise users benefit most​

The strongest fit is in organizations with a mix of older and newer Windows Server versions, especially where some licenses are portable and others are not. AWS’s dual-path licensing structure lets IT teams treat the estate as a portfolio rather than forcing a uniform policy on heterogeneous workloads. That makes planning more realistic.
The feature should also appeal to regulated industries where auditability matters. A connector, a tagged secret, a constrained entitlement record, and a documented activation path create a paper trail that compliance teams can understand. That is not glamorous, but it is exactly the sort of detail that makes platform changes survivable.

• Best fit: large VMware estates
• Best fit: phased migrations
• Best fit: mixed Windows versions
• Best fit: teams with compliance requirements
• Least relevant: small one-off deployments

Competitive Implications for AWS, VMware, and Microsoft​

This move strengthens AWS’s position in the post-VMware reshuffling era. As enterprises reassess virtualization strategy, the most persuasive cloud platform is the one that minimizes rework, lowers risk, and preserves licensing value. EVS with Windows Server entitlements gives AWS another answer when customers ask how much of their current environment can be carried forward intact.
It also puts subtle pressure on competitors. Broadly speaking, VMware alternatives must prove not only that they can host workloads, but that they can absorb the organizational and licensing complexity surrounding those workloads. AWS is trying to turn that complexity into a managed service advantage. That is a shrewd competitive move.

Microsoft’s role in the story​

Microsoft is not a passive bystander here. The company’s Windows licensing rules and activation frameworks shape what cloud providers can do, and AWS’s new entitlements are only useful because they fit within that broader ecosystem. The result is a commercially useful compromise: AWS can streamline delivery while still respecting the underlying license structure.
That said, the market implication is not that AWS is “solving” Windows licensing once and for all. Rather, it is narrowing the operational gap between on-prem and cloud in a way that helps the migration case. That matters because migration momentum often depends less on grand strategy than on whether the hard parts can be operationalized cleanly.

• AWS gains a stronger VMware migration pitch
• VMware alternatives face higher expectations
• Microsoft licensing remains central to cloud feasibility
• Operational simplicity becomes a competitive weapon
• Migration teams gain more options, not fewer

Strengths and Opportunities​

The headline strength of this launch is that it makes Amazon EVS more usable for the exact customers it is targeting: enterprises with entrenched VMware and Windows dependencies. By combining BYOL support with AWS-provided entitlements, AWS gives customers a sensible bridge between legacy investments and cloud operations. That blend is likely to resonate with CIOs and infrastructure leaders who need flexibility more than ideological purity.
The opportunity is bigger than licensing alone. If AWS can make EVS the place where VMware workloads land smoothly, it can keep those customers inside the AWS ecosystem for adjacent modernization, backup, networking, security, and app transformation work. That is the classic cloud land-and-expand motion, but applied to a stubborn infrastructure category.

• Dual licensing paths
• Consumption-based pricing
• Cleaner migration workflows
• Better fit for phased exits
• More predictable operational controls
• Reduced manual compliance burden
• Stronger enterprise credibility

Risks and Concerns​

The biggest concern is complexity disguised as simplification. EVS licensing is easier than inventing your own VMware-to-AWS compliance process, but it still requires connectors, secret management, entitlement tracking, endpoint configuration, and activation validation. That is a lot of moving parts for teams already under migration pressure.
There is also a governance risk. Because entitlements are tied to VM IDs and lifecycle states, stale records or incomplete automation could create mismatches between what is actually running and what is being billed. That is manageable, but only with disciplined change control and monitoring.

• Operational complexity remains non-trivial
• Connector failures could disrupt licensing flow
• Billing oversight is still necessary
• Large estates require batching and automation
• Security group and DNS mistakes can break activation
• Teams may underestimate the governance overhead
• License eligibility still needs careful review

Looking Ahead​

What happens next will depend on how quickly AWS turns this workflow into something that can be automated at scale. The current step-by-step model is good for documentation and pilot projects, but enterprises will want stronger orchestration through CLI, scripts, and eventually policy-driven controls. If AWS delivers that, EVS could become a far more serious default option for VMware migration programs.
The other thing to watch is whether AWS broadens the licensing and management story further. If Windows Server entitlements are only the beginning, the next logical step would be more integration around monitoring, automation, compliance reporting, or adjacent Microsoft workload support. The more AWS can compress operational overhead, the more compelling EVS becomes as a destination for legacy modernization.

• CLI and automation enhancements
• Deeper compliance reporting
• More Microsoft workload integrations
• Greater support for large-scale entitlement management
• Customer feedback on operational friction

In the end, Amazon’s EVS Windows Server licensing launch is best understood as a migration enabler rather than a standalone feature. It helps AWS reduce the number of reasons an enterprise might delay moving VMware workloads, and it does so in a way that respects both existing licensing investments and newer Windows release realities. If AWS continues to remove these practical barriers, EVS could become one of the more strategically important pieces of its enterprise portfolio.

---

Source: Amazon Web Services Amazon EVS now offers Windows Server Licensing: A step-by-step guide | Amazon Web Services