Direct Connect Flashcards
What is direct connect (DX)
Direct Connect is a service provided by AWS that allows customers to establish a dedicated network connection from their on-premises infrastructure to AWS. Here are some points about Direct Connect:
- It provides a private and dedicated connection between your on-premises infrastructure and AWS.
- It can be used to transfer large amounts of data, such as for backups or data migration.
- It can improve network performance and reduce network costs.
- Direct Connect can be used to establish a hybrid cloud environment where resources are shared between on-premises infrastructure and the cloud.
- It supports multiple virtual interfaces, which enables multiple connections to be established over a single physical connection.
- Direct Connect is a dedicated network connection between AWS and an on-premises data center, office, or colocation facility.
- Direct Connect provides higher security than a standard internet connection since data is not transferred over the public internet.
- It can be used with other AWS services, such as Amazon VPC, Amazon EC2, and Amazon S3.
Typical Direct Connect connectivity?
To connect an AWS region to a corporate data center, a Direct Connect location needs to be commissioned. These locations are physical and can be found on the AWS website. A Direct Connect Endpoint and a customer or partner router need to be rented from a customer or partner cage. A private virtual interface (VIF) needs to be set up to access private resources in a VPC, which is done by attaching a Virtual Private Gateway to the VPC and setting up the private VIF between all locations. This allows access to private subnets with EC2 Instances through a private connection. The process takes about a month to set up but all the connections are private and do not go over the public internet. Alternatively, public services like Amazon Glacier or Amazon S3 can be accessed through a Public Virtual Interface that connects directly into AWS.
if you want to connect to one or more VPCs in different regions?
To connect an on-premises data center to multiple VPCs in different regions, a Direct Connect connection must be established and a Direct Connect Gateway used. For instance, if there are two regions with two different VPCs and CIDRs, a private VIF is used to connect to the Direct Connect Gateway. The gateway has a private virtual interface that connects to a virtual private gateway in both regions. With this configuration, it is possible to connect to multiple VPCs in different regions using the same setup.
Direct Connect - Connection Types?
Dedicated Connections: A dedicated connection provides a physical Ethernet cable that is exclusively used for transferring data between the customer’s data center and AWS. It has 1Gbps,10 Gbps and 100 Gbps capacity
* Physical ethernet port dedicated to a customer
* Request made to AWS first, then completed by AWS Direct Connect Partners
Hosted Connections: A hosted connection uses a partner’s network to establish a connection between the customer’s data center and AWS. It has 50Mbps, 500 Mbps, to 10 Gbps capacity
* Connection requests are made via AWS Direct Connect Partners
* Capacity can be added or removed on demand
* 1, 2, 5, 10 Gbps available at select AWS Direct Connect Partners
Lead times are often longer than 1 month to establish a new connection.
If exam asks that the client needs to transfer the data within one month then direct connect cannot be the answer since it takes more than a month to set up the connection. If there is an existing direct probably that can be used or there could be another option
Direct Connect Encryption?
AWS Direct Connect does not provide encryption for data in transit over the Direct Connect connection. However, you can use encryption mechanisms, such as VPN connections, to encrypt the data transmitted over the Direct Connect connection.
AWS recommends using VPN connections over Direct Connect connections for encryption purposes, especially if the data transmitted over the Direct Connect connection contains sensitive information. VPN connections provide secure and encrypted communication between your on-premises data center and your Amazon VPC. You can configure VPN connections to encrypt all traffic transmitted between your on-premises data center and your Amazon VPC, including traffic transmitted over the Direct Connect connection.
important for the exam
Data Connect Resiliency for critical workload?
For critical workloads, we ensure high resiliency by setting up multiple Direct Connects. In this scenario, we have two corporate data centers with two different Direct Connect locations, which provide us with redundancy. We have a private VIF in each Direct Connect location, which gives us one connection at multiple locations. This means that if one of the Direct Connect locations goes down, we still have a backup Direct Connect location to rely on. This approach ensures high resiliency and is particularly useful for critical workloads.
important for the exam
Data Connect “Maximum” Resiliency for critical workload?
In this scenario, we have a setup of four Direct Connect locations, each having two independent connections. This means that we have a total of four connections going into AWS across two different locations. By using separate connections that terminate on separate devices in more than one location, we can achieve maximum resiliency.
