Your company is planning to host an Active Directory Domain server in a VPC.
Resources in other VPCs will need to access the domain server for authentication and DNS routing.
What are the core implementation steps you would consider in such a design? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and B.
A mention of such a design is given in the AWS Documentation.
This is best suited when you have a shared service that needs to be shared across multiple other VPCs.
Option C is invalid because transitive peering between the VPCs is not supported.
Option D is invalid because you need to make use of VPC Peering.
For more information on Multi-VPC connectivity, please visit the below URL:
https://aws.amazon.com/answers/networking/aws-single-region-multi-vpc-connectivity/When hosting an Active Directory Domain server in a VPC, resources in other VPCs may need to access the domain server for authentication and DNS routing. The two core implementation steps to consider in such a design are:
A. Consider a Hub and Spoke Model VPC Design. B. Make use of VPC peering.
Explanation:
A. Hub and Spoke Model VPC Design: The hub-and-spoke model is a common network topology that allows multiple VPCs to communicate with a central VPC, acting as the hub. In this model, the domain server is deployed in the central VPC, which can act as a hub for other VPCs. Resources in other VPCs can access the domain server in the central VPC via VPC peering or VPN connection. This model provides a centralized management approach that simplifies network security and reduces costs.
B. VPC Peering: VPC peering is a connection between two VPCs that enables traffic to flow between them privately. In this case, the domain server can be deployed in one VPC and other VPCs can be peered with it. Once peered, resources in the other VPCs can access the domain server using its private IP address. VPC peering is a secure and low-latency option that enables communication between VPCs within the same region.
C. Transitive peering VPC Design: Transitive peering is a method of connecting multiple VPCs through a central VPC. However, transitive peering is not recommended for implementing a domain server in a VPC as it introduces security risks and can cause network complexity.
D. VPN Connection: A VPN connection can also be used to connect to a domain server in a VPC. This option is suitable for scenarios where the domain server needs to be accessed from on-premises resources or other locations outside of AWS. However, VPN connections can introduce latency and require additional management and maintenance.
In summary, the recommended implementation steps for hosting an Active Directory Domain server in a VPC are to consider a hub-and-spoke model VPC design and make use of VPC peering for communication between VPCs.