Home › Forums › AWS › AWS Certified Solutions Architect Professional › In exam, for VPN, if Question say need a quick solution, Is it not u avoid "Dire › Reply To: In exam, for VPN, if Question say need a quick solution, Is it not u avoid "Dire
-
Hi Joseph,
Thank you for your feedback.
Yes, the word “quickly” appears on the question, but there are also other requirements regarding “secure, highly available, durable” and “private network that is dedicated to each region, and predictable data transfer performance”. So we have to choose among the choices, the closest we can get to those requirements as quickly as possible.
With regards to choosing the correct answer, we can use the process of elimination:
“Create a link aggregation group (LAG) in the central office network to aggregate multiple connections at a single AWS Direct Connect endpoint in order to treat them as a single, managed connection. Use AWS Direct Connect Gateway to achieve inter-region VPC access to all of your AWS resources. Create a virtual private gateway in each VPC and then create a public virtual interface for each AWS Direct Connect connection to the Direct Connect Gateway.”
>> incorrect because you can only create a private virtual interface to a Direct Connect gateway and not a public virtual interface.
“Implement a hub-and-spoke network topology in each region that routes all traffic through a network transit center using AWS Transit Gateway. Route traffic between VPCs and the on-premise network over AWS Site-to-Site VPN.”
>> incorrect because of the requirement “private network that is dedicated to each region” is not fulfilled.
“Enable inter-region VPC peering which allows peering relationships to be established between VPCs across different AWS regions. This will ensure that the traffic will always stay on the global AWS backbone and will never traverse the public Internet.”
>> incorrect because this would require a lot of manual setup and management overhead to successfully build a functional, error-free inter-region VPC network compared with just using a Direct Connect Gateway.
So the only option left is the “Utilize AWS Direct Connect Gateway for inter-region VPC access. Create a virtual private gateway in each VPC, then create a private virtual interface for each AWS Direct Connect connection to the Direct Connect gateway.”
Direct connect is not as provisioned as fast as VPN but it is the closest one to tick all the requirements.
https://aws.amazon.com/directconnect/faqs/
Hope this helps.
Regards,
Kenneth Samonte @ Tutorials Dojo