Securing MySQL Database on AWS for Client's Data Center | Best Solution for MySQL Database Hosting

Secure MySQL Database Hosting on AWS for Client's Data Center

Prev Question Next Question

Question

You have been given a new brief from your supervisor for a client who needs a web application set up on AWS.

The most important requirement is that MySQL must be used as the database.

This database must not be hosted in the public cloud but rather at the client's data center due to security risks.

Which of the following solutions would be the best to assure that the client's requirements are met? Choose the correct answer from the options below.

Answers

A. Build the application server on a public subnet and the database at the client’s datacenter. Connect them with a VPN connection that uses IPsec.

B. Use the public subnet for the application server and use RDS with a storage gateway to securely access and synchronize the data from the local data center.

C. Build the application server on a public subnet and the database on a private subnet with a NAT instance between them.

D. Build the application server on a public subnet and build the database in a private subnet with a secure ssh connection to the private subnet from the client`s data center.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

Since the database should not be hosted on the cloud, all other options are invalid.

The best option is to create a VPN connection for securing traffic as shown below.

Option B is invalid because this is the incorrect use of the Storage gateway.

Option C is invalid since this is the incorrect use of the NAT instance.

Option D is invalid since this is an incorrect configuration.

For more information on VPN connections, please visit the below URL:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

The best solution to meet the client's requirements is to use option A - build the application server on a public subnet and the database at the client's datacenter. Connect them with a VPN connection that uses IPsec.

Here's why:

Option A:

This solution separates the application server from the database, with the application server in a public subnet and the database located at the client's data center.
The two are then connected through a VPN connection that uses IPsec, which provides secure communication between the two locations.
This solution meets the client's requirement of using MySQL as the database and ensuring that it is not hosted in the public cloud due to security risks.

Option B:

This solution involves using RDS with a storage gateway to securely access and synchronize the data from the local data center.
However, this does not meet the client's requirement of ensuring that the database is not hosted in the public cloud.

Option C:

This solution involves building the application server on a public subnet and the database on a private subnet with a NAT instance between them.
However, this does not meet the client's requirement of hosting the database at the client's data center.

Option D:

This solution involves building the application server on a public subnet and the database in a private subnet with a secure ssh connection to the private subnet from the client's data center.
However, this does not meet the client's requirement of hosting the database at the client's data center.

Overall, option A is the best solution as it meets all the client's requirements and provides secure communication between the application server and the database.

Prev Question Next Question