-
In exam, for VPN, if Question say need a quick solution, Is it not u avoid "Dire
updated 3 years, 10 months ago
2 Members
·
2
Posts
-
HI , In exam it is advised to avoid “DirectConnect” if the question have works which has meaning “Quickly”. I am pasting the question answer here
A government agency has multiple VPCs in various AWS regions across the United States that need to be linked up to an on-premises central office network in Washington, D.C. The central office requires inter-region VPC access over a private network that is dedicated to each region for enhanced security and more predictable data transfer performance. Your team is tasked to quickly build this network mesh and to minimize the management overhead to maintain these connections.
Which of the following options is the most secure, highly available, and durable solution that you should use to set up this kind of interconnectivity?
Answer given is
Utilize AWS Direct Connect Gateway for inter-region VPC access. Create a virtual private gateway in each VPC, then create a private virtual interface for each AWS Direct Connect connection to the Direct Connect gateway.
Is it not going for the option DirectConnection not a quick solution
Comments Requested
-
Hi Joseph,
Thank you for your feedback.
Yes, the word “quickly” appears on the question, but there are also other requirements regarding “secure, highly available, durable” and “private network that is dedicated to each region, and predictable data transfer performance”. So we have to choose among the choices, the closest we can get to those requirements as quickly as possible.
With regards to choosing the correct answer, we can use the process of elimination:
“Create a link aggregation group (LAG) in the central office network to aggregate multiple connections at a single AWS Direct Connect endpoint in order to treat them as a single, managed connection. Use AWS Direct Connect Gateway to achieve inter-region VPC access to all of your AWS resources. Create a virtual private gateway in each VPC and then create a public virtual interface for each AWS Direct Connect connection to the Direct Connect Gateway.”
>> incorrect because you can only create a private virtual interface to a Direct Connect gateway and not a public virtual interface.
“Implement a hub-and-spoke network topology in each region that routes all traffic through a network transit center using AWS Transit Gateway. Route traffic between VPCs and the on-premise network over AWS Site-to-Site VPN.”
>> incorrect because of the requirement “private network that is dedicated to each region” is not fulfilled.
“Enable inter-region VPC peering which allows peering relationships to be established between VPCs across different AWS regions. This will ensure that the traffic will always stay on the global AWS backbone and will never traverse the public Internet.”
>> incorrect because this would require a lot of manual setup and management overhead to successfully build a functional, error-free inter-region VPC network compared with just using a Direct Connect Gateway.
So the only option left is the “Utilize AWS Direct Connect Gateway for inter-region VPC access. Create a virtual private gateway in each VPC, then create a private virtual interface for each AWS Direct Connect connection to the Direct Connect gateway.”
Direct connect is not as provisioned as fast as VPN but it is the closest one to tick all the requirements.
https://aws.amazon.com/directconnect/faqs/
Hope this helps.
Regards,
Kenneth Samonte @ Tutorials Dojo
Log in to reply.