-
Question – multinational investment bank connectivity – DC vs VPN
updated 2 years, 5 months ago
2 Members
·
3
Posts
-
Hi all,
Regarding the question I’ve copied below it asks about the “most cost effective” way to achieve redundant connectivity. The two possible answers are 1Gbps DirectConnect or 10xVPN
1Gbps DC = $0.30/hr – https://aws.amazon.com/directconnect/pricing/
VPN ($0.05 / hr) x 10 = $0.50/hr – https://aws.amazon.com/vpn/pricing/
DirectConnect would seem to be more cost effective, particularly when you consider bandwidth is slightly discounted over DC. The answer mentions the DC setup cost being high, but this will be different for each organisation and there’s no basis for this in the question. A single DC might be cheaper than 10X VPN depending on the on-premise hardware.
I answered the question correctly with VPN because I couldn’t remember which was cheaper, but I’m not sure it’s actually correct. Or am I missing something?
A multinational investment bank has a hybrid cloud architecture that uses a single 1 Gbps AWS Direct Connect connection to integrate their on-premises network to AWS Cloud. The bank has a total of 10 VPCs which are all connected to their on-premises data center via the same Direct Connect connection that you manage. Based on the recent IT audit, the existing network setup has a single point of failure which needs to be addressed immediately.
Review Mode Set 1 – AWS Certified Solutions Architect Professional
-
Hi Tomw,
Thanks for your feedback on this question.
Yes, a Direct Connect connection is more expensive than VPN. And pricing is the main factor for choosing VPN on this question because it asks for a cost-effective solution.
The answer mentions the DC setup cost being high, but this will be different for each organization and there’s no basis for this in the question.
>> Yes you are correct that pricing budgets may be different for each organization. However, generally speaking, a VPN is still cheaper compared to direct connect.
Also, pricing is not the only factor considered in this question. The question already states that the company has a 1Gbps direct connect connection, it is a single point of failure so it needs a backup connection in this the Direct Connect fails. Another detail is the keyword: “addressed immediately” which means can be setup relatively quickly. A direct connect connection may take a few days to a week to fully setup. But a VPN connection can be your backup connection setup in a matter of minutes.
There are several examples on AWS for this cost-effective scenario wherein AWS Direct Connect has a VPN backup connection. This VPN connection acts as a temporary connection until you the main Direct Connect connection is restored.
References from AWS documentation:
https://aws.amazon.com/premiumsupport/knowledge-center/configure-vpn-backup-dx/
Hope this helps.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo
-
Thanks for your reply. I work in AWS professionally and have for years, VPN is always the obvious and first choice for a DirectConnect backup unless VPN(s) isn’t suitable for some reason. In the real world I would look at creating a VPN to a Transit Gateway VPN attachment ( https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway-vpn.html ).
I did see “addressed immediately” in the question but I thought the “MOST cost effective” part of the question (with MOST in capitals) was the key to this question. The answer when copied in full says to establish tunnels to each of the ten VPCs. I interpreted that as 10 VPNs. Is that deliberate in that question? Or should it be tweaked?
Full text of answer “Establish VPN tunnels from your on-premises data center to each of the 10 VPCs. Terminate each VPN tunnel connection at the virtual private gateway (VGW) of the respective VPC. Configure BGP for route management.”
Log in to reply.