A pharma company is using hybrid network connectivity for its three-tier web application.
Database servers are deployed at on-premise locations.
Front end Web servers are based in AWS VPC which access these database servers.
External vendors securely login to the front-end servers & access large amount of data from database servers on a regular basis.
Since all the data in database servers are critical pharma formulation data, the data must be encrypted and securely sent to front end servers.
As a Solution Architect which of the following connectivity options, without any administrative or cost overhead, would be a recommended option to meet this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A
To meet high bandwidth & encrypted traffic, a user can use the public VIF on AWS Direct Connect with VPN.
The user can establish the encrypted connectivity between AWS and your data center, office, or colocation environment.
Option B is incorrect as AWS Direct Connect itself does not encrypt data.
So it cannot achieve the requirements.
Option C is incorrect as the Transit VIF is a network transit hub to interconnect VPCs in the same region, consolidating Amazon VPC routing configuration in one place.
There is no reference in the question to use multiple VPCs in place and therefore this option is incorrect.
Option D is incorrect as a large amount of data needs to be transfered regularly.
VPN connection has a performance issue.
For more information on AWS Direct Connect, refer to the following URL.
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-vpc-connectivity-options.pdf#welcomeIn this scenario, the Pharma company is using a hybrid network connectivity model for their web application, with their database servers deployed on-premise and front-end web servers deployed in an AWS VPC. External vendors access the front-end servers securely and access a large amount of data from the database servers regularly. All the data stored in the database servers are critical pharma formulation data, which needs to be encrypted and securely sent to the front-end servers.
The recommended connectivity option, without any administrative or cost overhead, to meet this requirement is a VPN connection (option D).
A VPN (Virtual Private Network) is a secure and encrypted tunnel that allows for secure communication between two endpoints over the internet. In this scenario, a VPN connection can be established between the on-premise network and the AWS VPC. This will allow for secure transmission of data between the database servers and the front-end servers.
Option A, AWS Direct Connect + VPN, provides a dedicated network connection between the on-premise network and the AWS VPC. However, this option involves additional administrative and cost overhead compared to a VPN connection, which is not required in this scenario.
Option B, AWS Direct Connect only, provides a dedicated network connection between the on-premise network and the AWS VPC. However, this option does not provide any encryption for the data transmitted between the database servers and the front-end servers, which is a requirement in this scenario.
Option C, Transit VIF on AWS Direct Connect, is used to establish connectivity between multiple VPCs and on-premise networks through a transit gateway. This option is not required in this scenario as there is only one VPC involved.
In conclusion, a VPN connection is the recommended option without any additional administrative or cost overhead to meet the requirement of encrypting and securely transmitting data between the on-premise database servers and AWS VPC-based front-end servers.