A Global bank has a hybrid network architecture for its banking applications.
The client gets authenticated with servers deployed in Bank Data Centre & once authenticated, access banking application servers based in AWS VPC.
As per security norms, Client Credit Card transaction traffic should be over an encrypted link.
All other traffic between servers in Data Centre & AWS need to have high bandwidth for quick response to client queries.
In AWS VPC, a single server processes the minimal Credit card transaction traffic & multiple application servers handling a huge amount of client transactions.
There is a separate CIDR range configured for both these servers.
As a Solution Architect which of the following solution can be deployed to meet this requirement in the most cost-effective way?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
Since the client requires an encrypted link, a VPN link can be used while for high bandwidth traffic requirements, an AWS Direct Connect link will meet the requirement.
In the case of both AWS Direct Connect link & VPN Link, all traffic will prefer the AWS Direct Connect link.
To route-specific traffic over VPN links, we need to advertise specific prefixes over VPN links & summarised prefixes over AWS Direct Link.
Option A is incorrect as this will prefer AWS Direct Connect link for both traffic & this will send credit card traffic unencrypted over this link.
Option C is incorrect as since low bandwidth is required for a Credit card transaction, creating a VPN over a Direct Connect Link will incur additional cost.
Option D is incorrect as sending application traffic over a VPN link will impact application performance as it requires high bandwidth.
For more information on using VPN links along with AWS Direct Connect links, refer to the following URL.
https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/The most cost-effective solution for the given scenario would be option B: Create an AWS Direct Connect link & VPN link. Route traffic with VPC CIDR range over AWS Direct Connect for all other traffic & specific route of Credit Card servers over VPN for credit card transaction traffic.
Here's a detailed explanation of why this option is the most suitable for the given scenario:
In summary, option B provides a cost-effective solution that meets the security requirements and ensures high bandwidth for all other traffic.