A global Finance company has set up a Hybrid network architecture for its database servers deployed in VPC private subnets.
Warm Standby DR architecture is deployed with data synchronization between multiple on-premises locations & these servers.
Internet users upload a high amount of data to servers based at multiple locations & the same is continuously replicated to backup servers in VPC.
For data replication, encrypted DMVPN dynamic tunnels will be used to meet security compliance as per company security guidelines.
Security Head wants no traffic should be exposed to the Internet in any circumstances.
As an AWS consultant, which of the following can be designed to meet this high bandwidth secure data transfer requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
For high bandwidth requirements, AWS Direct Connect links can be used.
Since the client is looking for DMVPN tunnels, it needs to use the software VPN option terminated on the Amazon EC2 instance.
All data can be encrypted using Software VPN which will be implemented over Private VIF direct connect links.
Option A is incorrect as AWS Managed VPN can terminate on VGW & not on EC2 instances.
Options C & D are incorrect as DMVPN is not supported by VGW, it supports only IPsec VPN tunnels.
For more information on encrypting traffic between on-premises & AWS, refer to the following URL.
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/network-to-amazon-vpc-connectivity-options.htmlThe scenario described in the question requires secure and high-bandwidth data transfer between multiple on-premises locations and VPC private subnets. The Security Head has a strict requirement that no traffic should be exposed to the internet in any circumstances. To meet these requirements, the AWS consultant needs to design a solution that provides secure and high-bandwidth data transfer while ensuring that no traffic is exposed to the internet.
Option A: Use AWS managed VPN over Public VIF terminating on Amazon EC2 instance with VPN software.
This option suggests using an AWS-managed VPN over a public virtual interface (VIF) terminating on an Amazon EC2 instance with VPN software. However, this option does not meet the Security Head's requirement of not exposing any traffic to the internet. Since this option uses a public VIF, it is not a viable solution.
Option B: Use VPN Tunnel over Private VIF to terminate on Amazon EC2 instance with VPN software.
This option suggests using a VPN tunnel over a private VIF to terminate on an Amazon EC2 instance with VPN software. While this option uses a private VIF, it still terminates on an Amazon EC2 instance, which may not be the most secure solution. Additionally, the use of an EC2 instance as a VPN endpoint may not provide the required bandwidth for high-volume data transfer.
Option C: Use VPN Tunnel over Private VIF to terminate on VGW.
This option suggests using a VPN tunnel over a private VIF to terminate on a Virtual Private Gateway (VGW). This option meets the Security Head's requirement of not exposing any traffic to the internet since the VPN tunnel terminates on the VGW. Additionally, the VGW is a highly available and scalable solution that can handle high-volume data transfer. This option is a good solution for the scenario described in the question.
Option D: Use AWS managed VPN over Public VIF terminating on VGW.
This option suggests using an AWS-managed VPN over a public VIF terminating on a VGW. However, as with Option A, this option does not meet the Security Head's requirement of not exposing any traffic to the internet. Therefore, this option is not a viable solution.
In conclusion, Option C, Use VPN Tunnel over Private VIF to terminate on VGW, is the best solution to meet the requirements of secure and high-bandwidth data transfer while ensuring that no traffic is exposed to the internet.