A company is planning to move its on-premises workloads to AWS.
They are working on setting up their own Active Directory servers on a set of EC2 Instances.
You need to ensure that the network connections between the newly created AWS EC2 servers and the existing on-premises data servers are stable and private.
How can you achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
Remote desktop gateway servers do require internet access.
If we would like our EC2 servers not to have internet access, they can be accessed and managed using a remote desktop gateway that has internet access, and that would be the only server that requires internet access.
In case of the remote desktop gateway, EC2 servers will remain in a private subnet that can only communicate with the remote desktop gateway server to be segregated from the internet completely and have no internet access.
Remote desktop gateway is usually configured with full internet access and any IP address on the internet can access it.
This can be restricted using security groups.
VPN is a point-to-point (site-to-site) connection that cannot be accessed unless you are on the private network of either end of the VPN connection/tunnel.
Direct Connect is the only service that doesn't require internet and would be faster and more secure than VPN/remote gateway.
https://aws.amazon.com/directconnect/To ensure that network connections between the newly created AWS EC2 servers and the existing on-premises data servers are stable and private, you should provision a VPN connection.
A Virtual Private Network ( VPN) connection provides a secure, encrypted connection between the on-premises data center and the AWS VPC. It allows the company to securely access resources in the VPC, including the EC2 instances running Active Directory servers.
Option A, Direct Connect, provides a dedicated network connection between the on-premises data center and AWS. However, it is a more expensive solution and is typically used for large data transfers rather than connecting to individual EC2 instances.
Option B, provisioning a NAT gateway in the public subnet, provides internet access to resources in the private subnet but does not provide a secure connection between the on-premises data center and the AWS VPC.
Option C, using Remote Desktop gateway, is a Microsoft-specific solution that allows remote users to connect to Windows computers on a corporate network via the internet. However, it does not provide a secure connection between the on-premises data center and the AWS VPC.
Therefore, the most appropriate option is D, provisioning a VPN connection.