Your company needs to establish a VPN between AWS and its on-premises infrastructure.
They have the following requirements. Support for RSA 4096-bit encryptions. RADIUS / NT Domain user authentication function. Deep-inspect packet logging function. What can be done to achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
Since the requirements are very specific, you will need to use a custom VPN from the AWS Marketplace.
Hence all other options become invalid because of the very specific requirements.
An example of a VPN server from the AWS Marketplace is given below.
https://aws.amazon.com/marketplace/pp/B00MI40CAE/ref=mkt_wir_openvpn_byolTo establish a VPN connection between AWS and an on-premises infrastructure, the following solutions are possible:
A. Use an AWS Managed VPN: AWS Managed VPN is a fully-managed service that enables you to establish encrypted connections between your on-premises data centers and Amazon Virtual Private Clouds (VPCs). AWS Managed VPN uses industry-standard Internet Protocol Security (IPsec) VPN connections, which are secure tunnels that encrypt and authenticate traffic between your VPCs and on-premises network.
For the given requirements, AWS Managed VPN is a viable solution as it supports RSA 4096-bit encryption. However, AWS Managed VPN does not support RADIUS or NT Domain user authentication function, and it also does not provide deep-inspect packet logging function. Therefore, AWS Managed VPN is not a complete solution for the given requirements.
B. Use a VPN from the AWS marketplace: AWS Marketplace offers a range of third-party VPN solutions that can be deployed on Amazon EC2 instances. These solutions can provide additional features that are not available with AWS Managed VPN.
However, it is important to carefully evaluate each solution to ensure that it meets the requirements. The selected VPN solution should support RSA 4096-bit encryption, RADIUS / NT Domain user authentication function, and deep-inspect packet logging function.
C. Use AWS Direct Connect with a Private VI: AWS Direct Connect is a network service that enables you to establish a dedicated network connection between your on-premises data center and one of the AWS Direct Connect locations. With Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
A private virtual interface (VI) is a dedicated network connection that provides a private and isolated connection between your on-premises infrastructure and AWS. Private VIs can be used to establish a VPN connection between AWS and your on-premises network.
For the given requirements, AWS Direct Connect with a Private VI can be a viable solution as it supports RSA 4096-bit encryption and RADIUS / NT Domain user authentication function. However, AWS Direct Connect does not provide deep-inspect packet logging function.
D. Use AWS Direct Connect with a Public VI: A public virtual interface (VI) is a dedicated network connection that provides a public and isolated connection between your on-premises infrastructure and AWS. Public VIs can be used to establish a VPN connection between AWS and your on-premises network.
However, it is not recommended to use a public VI to establish a VPN connection between AWS and your on-premises network, as it would expose your on-premises infrastructure to the public Internet.
In summary, based on the given requirements, the best solution would be to use a VPN from the AWS Marketplace or to use AWS Direct Connect with a Private VI, depending on the specific needs of the organization.