Scalable Solution for Connectivity
Question
A global pharma firm has deployed multiple application servers on AWS EC2 instances in the us-west-1 region.
Corporate Office based in California has a Direct Connect Link to VGW in the us-west-1 region to access these application servers.
The firm is expanding its presence in the Asia regions with new offices in Mumbai & Tokyo.
The team plans to deploy new application servers on Amazon EC2 instances launched in ap-south-1 & ap-northeast-1 regions for this developer.
All these servers will be working independently & will be catering to users in specific regions where it's hosted.
Corporate users will be accessing servers in all three VPC from the corporate office.
The firm is looking for a cost-effective scalable solution that is easy to manage to provide this connectivity. Which of the following can be created to meet this requirement?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
A Direct Connect Gateway can be used to connect to VGW globally.
A private VIF is created over AWS Direct Connect connection in this setup, which will have a single BGP peering with AWS Direct Connect gateway.
Further, this AWS Direct Connect gateway is associated with VGW attached to VPC created in different regions.
In the above case, the customer can use the existing AWS Direct Connect link to connect to the AWS Direct Connect gateway & then create associations with VGW ap-south-1 & ap-northeast-1 regions.
Option A is incorrect as Although this will work, creating VPC for connecting to each VPC will incur additional cost & admin work.
Option B is incorrect as Private VIF can be connected to VGW in the local region where AWS Direct Connect is connected & cannot be used to connect to VGW in other regions.
Option D is incorrect as For the AWS Direct Connect link, private VIF & not public VIF needs to be created to connect to the AWS Direct Connect gateway which in turn associate with multiple VGW attached to VPC.For more information on the Direct Connect gateway, refer to the following URL.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.htmlThe global pharma firm needs to provide connectivity to its corporate users to access multiple application servers hosted on Amazon EC2 instances in different regions. The new application servers will be deployed in the ap-south-1 and ap-northeast-1 regions, while the corporate office has a Direct Connect Link to the VGW in the us-west-1 region. The solution should be cost-effective, easy to manage, and scalable.
Option A: Create a new Public VIF on AWS Direct Connect link in the us-west-1 region. Create a VPN Connection over this Public VIF to a VGW attached to ap-south-1 & ap-northeast-1 to access application servers.
This option suggests creating a new Public VIF on the AWS Direct Connect link in the us-west-1 region and creating a VPN connection over this Public VIF to connect to the VGW in ap-south-1 and ap-northeast-1 regions. This solution might work, but it is not the best option because it involves additional configuration, cost, and management overhead of VPN connections.
Option B: Create a new private VIF on the AWS Direct Connect link in the us-west-1 region. Connect to VGW created in ap-south-1 & ap-northeast-1 regions using this private VIF to access application servers.
This option suggests creating a new private VIF on the AWS Direct Connect link in the us-west-1 region and using it to connect to VGWs in ap-south-1 and ap-northeast-1 regions to access the application servers. This solution is more secure because it uses a private VIF instead of a public VIF, and it is easier to manage because it involves only one Direct Connect connection. This option is a good choice, and it meets the requirements of the global pharma firm.
Option C: Create a new private VIF on the AWS Direct Connect link in the us-west-1 region. Associate this private VIF with Direct Connect Gateway to connect to VGW attached to ap-south-1 & ap-northeast-1 regions.
This option suggests creating a new private VIF on the AWS Direct Connect link in the us-west-1 region and associating it with a Direct Connect Gateway to connect to VGWs in ap-south-1 and ap-northeast-1 regions. This option might work, but it is not the best choice because it involves additional configuration and management overhead of a Direct Connect Gateway.
Option D: Create a new public VIF on the AWS Direct Connect link in the us-west-1 region. Associate this public VIF with Direct Connect Gateway to connect to VGW attached to ap-south-1 & ap-northeast-1 regions.
This option suggests creating a new public VIF on the AWS Direct Connect link in the us-west-1 region and associating it with a Direct Connect Gateway to connect to VGWs in ap-south-1 and ap-northeast-1 regions. This solution is not a good choice because it uses a public VIF, which is less secure than a private VIF. It also involves additional configuration and management overhead of a Direct Connect Gateway.
In conclusion, Option B is the best solution to meet the requirements of the global pharma firm as it is cost-effective, secure, easy to manage, and scalable.
