Enhancing Remote User Experience for AWS Application Access

Performance Improvement for Remote Users in AWS VPC

Prev Question Next Question

Question

An IT company is using AWS Infrastructure in the us-west-1 region for deploying application servers across multiple VPC.

Recently this company has expanded its geographical presence & acquired two startup firms in the Singapore & Sydney region.

Since there is no dedicated bandwidth requirement, a secure VPN connection is established from these offices to VPC in the us-west-1 region to allow users in remote offices to access applications.

Users are complaining of slow access to applications which is impacting their work &, in turn, affecting business.

The CTO of this company is looking for performance improvement which should enhance remote user experience while accessing these applications. Which of the following solutions can be deployed quickly if cost is not a constraint?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - B.

VPN connections with acceleration enabled use AWS Global Accelerator to improve performance of VPN tunnels.

With acceleration enabled, VPN tunnels are formed with static IP address of nearest edge location & from edge location traffic is moved over AWS global backbone infrastructure to reach VPC in the destination region.

A transit gateway is required to be created as Accelerated VPN connections only support termination on transit gateway & not on Virtual private gateway.

Options A & C are incorrect as there is no dedicated bandwidth requirement.

Using AWS Direct Connect links is not the best option.

Option D is incorrect as VPN Connection with acceleration is not supported with virtual private gateway & is supported only as an attachment with transit gateway.

For more information on Accelerated VPN connection with AWS Global Accelerator, refer to the following URL.

https://aws.amazon.com/blogs/architecture/improve-vpn-network-performance-of-aws-hybrid-cloud-with-global-accelerator/

The scenario described in the question is of a company using AWS infrastructure in the us-west-1 region to deploy application servers across multiple VPCs. Recently, the company expanded its presence to Singapore and Sydney regions and established a VPN connection from those offices to the VPC in the us-west-1 region to allow remote users to access the applications. However, the remote users are facing performance issues and slow access to applications, impacting their work and business.

To enhance the remote user experience while accessing these applications, the CTO is looking for a solution that can be deployed quickly, and cost is not a constraint. There are four options provided as answers to this question, and we will evaluate each one in detail to determine the best solution.

A. Create an AWS Direct Connect connection in each Singapore and Sydney region. Create a VPN connection over this link to VPC in the us-west-1 region.

AWS Direct Connect is a dedicated network connection between the company's network and AWS. It can provide consistent network performance, lower network costs, and increase bandwidth throughput. In this solution, AWS Direct Connect will be established in the Singapore and Sydney regions, and a VPN connection will be created over this link to the VPC in the us-west-1 region.

While this solution can improve network performance and provide consistent connectivity, it may take some time to set up the AWS Direct Connect connection in the Singapore and Sydney regions. Also, this solution may not provide the best performance, as traffic from remote users will have to traverse through the VPN connection to reach the VPC in the us-west-1 region.

B. Create an attachment from each VPC in the us-west-1 region to AWS Transit Gateway. Delete existing VPN connection from Singapore and Sydney office and create a new VPN Connection with attachments to the transit gateway with acceleration enabled.

AWS Transit Gateway is a network transit hub that can simplify network connectivity between VPCs, remote offices, and on-premises networks. In this solution, attachments will be created from each VPC in the us-west-1 region to the AWS Transit Gateway. The existing VPN connection from Singapore and Sydney offices will be deleted, and a new VPN connection will be created with attachments to the transit gateway with acceleration enabled.

This solution can simplify network connectivity, provide a scalable solution, and enhance network performance by enabling traffic to traverse through the transit gateway, which can optimize the network path. Additionally, acceleration enabled VPN connections can provide better network performance. This solution can be quickly deployed, and cost may not be a constraint.

C. Create AWS Direct Connect connection in each Singapore and Sydney region with Private VIF associating with AWS Direct Connect gateway. Associate this AWS Direct Connect gateway with VPC in the us-west-1 region.

This solution is similar to the first option, where an AWS Direct Connect connection will be established in the Singapore and Sydney regions. However, in this solution, Private VIF (Virtual Interface) will be associated with the AWS Direct Connect Gateway, and the Gateway will be associated with the VPC in the us-west-1 region.

This solution can provide better network performance and consistent connectivity. However, it may take some time to set up the AWS Direct Connect connection in the Singapore and Sydney regions. Also, this solution may not provide the best performance, as traffic from remote users will have to traverse through the VPN connection to reach the VPC in the us-west-1 region.

D. Create a new VGW in each VPC in the us-west-1 region. Delete existing VPN connection from Singapore and Sydney office and create a new VPN Connection to VGW in each VPC at us-west-1 with acceleration enabled.

VGW (Virtual Private Gateway) is a VPN concentrator on the AWS side of the VPN connection. In this solution, a new VG