Move Legacy Application to Amazon VPC

Answer: A, D, E and F.

The scenario requires you to connect your on-premise server/instance with Amazon VPC.

When such scenarios are presented, always think about Direct Connect, VPN, and VM Import and Export as they help either connect the instances from a different location or import them from one location to another.

Option A is CORRECT because Direct Connect sets up a dedicated connection between on-premises data-center and Amazon VPC and provides you with the ability to connect your on-premise servers with the instances in your VPC.Option B is incorrect as you normally create a VPN connection based on a customer gateway and a virtual private gateway (VPG) in AWS.

Option C is incorrect as EIPs are not needed as the instances in the VPC can communicate with on-premise servers via their private IP address.

Option D is CORRECT because there should not be a conflict between the IP address of on-premise servers and the instances in VPC for them to communicate.

Option E is CORRECT because we need to configure Route-53 resolver to forward queries via Direct Connect to the On-Prem DNS server.

Route 53 alone will not be able to move the application from on-premises to VPC.Option F is CORRECT because the VM Import Export service helps you import the virtual machine images from the data center to the AWS platform as EC2 instances and export them back to your on-premises environment.

This offering allows you to leverage your existing investments in the virtual machines that you have built to meet your IT security, configuration management, and compliance requirements by bringing those virtual machines into Amazon EC2 as ready-to-use instances.

Once the VM import is done.

Then the application running inside the VPC can reach out to on-premises services.

Note:

VMWare import can help us moving machines from on-premise to ec2 instances inside VPC.Recently there is an announcement from AWS regarding Route53 Support for resolving on-premise dependency:

https://aws.amazon.com/about-aws/whats-new/2018/11/amazon-route-53-announces-resolver-with-support-for-dns-resolution-over-direct-connect-and-vpn/

As you know, the latest features/announcements take around 6 months to get reflected in the actual exam.

The situation described in the question is that there is a legacy application running on a virtual machine in an on-premises datacenter, which needs access to several on-premises services. There is no documentation available on how the app is configured, and nobody who configured the app works at the company anymore. The task is to move this legacy application to an Amazon VPC (Virtual Private Cloud) environment.

There are several ways to move the application from on-premises to VPC, but we need to choose the option that would allow the application to access the required on-premises services. Let's examine each of the given options:

A. An AWS Direct Connect link between the VPC and the datacenter network: This option can establish a dedicated network connection between the VPC and the on-premises datacenter. It can provide a private and high-bandwidth connection, which can be used to transfer large amounts of data securely between the VPC and the datacenter. However, it doesn't address the issue of the legacy application's requirement to access on-premises services.

B. An Internet Gateway to allow a VPN connection: This option can create a virtual private network ( VPN) connection between the VPC and the datacenter, which can allow secure access to on-premises services. However, this option requires that the on-premises network is configured to allow VPN connections, and the legacy application might not be compatible with this configuration.

C. An Elastic IP address on the VPC instance: Elastic IP addresses are static, public IP addresses that can be assigned to AWS resources. This option can provide a fixed public IP address to the VPC instance, which can allow on-premises services to access the VPC instance. However, it doesn't solve the issue of the legacy application's requirement to access on-premises services.

D. An IP address space that does not conflict with the one on-premises: This option can ensure that the IP address space used in the VPC doesn't conflict with the one used in the on-premises network. However, it doesn't help in accessing the on-premises services.

E. Configure Route-53 resolver and make entries in Amazon Route 53 that allow the Instances to resolve its dependencies' IP addresses: This option can allow the VPC instances to resolve the IP addresses of the on-premises services using Amazon Route 53 resolver. However, this option assumes that the on-premises services are accessible via DNS, and the legacy application might not be compatible with this configuration.

F. A VM Import of the current virtual machine: This option can import the current virtual machine to the AWS environment, which can be launched as an EC2 instance. However, it doesn't address the issue of the legacy application's requirement to access on-premises services.

Based on the above analysis, none of the given options can fully address the requirement of the legacy application to access on-premises services. However, the option that can provide the most flexibility is option B, which can create a VPN connection between the VPC and the datacenter. With this option, the legacy application can access the on-premises services securely. However, this option requires that the on-premises network is configured to allow VPN connections. If this is not possible, then other options might need to be explored, such as refactoring the legacy application to remove the requirement for on-premises services.