Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS SA Certification - Associate > VPN and Direct Connect > Flashcards

VPN and Direct Connect Flashcards

1
Q

How does VPN work?

A

o VPC Virtual Private Networks (VPNs) provide a software based secure connection between a VPC and on premises networks. They have the following components:
 Virtual Private Cloud (VPC)
 Virtual Private Gateway (VGW) attached to the VPC
 Customer Gateway (CGW) – configuration of on-premise router
 Site-to-Site VPN Connection (using 1 or 2 IPsec tunnels)
o Best Practice & High Availability:
 Use dynamic VPNs (uses BGP – Border Gateway Protocol) where possible, rather than static
 Connect both Tunnels to your CGW – VPC VPN is HA by design
 Where possible, use 2 VPN connections and 2 CGWs, for full HA
o Faster to setup than Direct Connect (minutes, vs weeks/months), cheap for sporadic usage (per-hour cost plus data charge for outgoing data, higher than DC), performance is less predictable than DC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does Direct Connect work?

A

o Direct Connect (DX) is a physical connection between your network and AWS, either directly via a cross-connect and customer router at a DX location, or via a DX partner
o Dedicated Connections are direct via AWS and use single-mode fiber, running either 1 Gbps using 1000Base-LX or 10 Gbps using 10GBase-LR
o Virtual Interfaces (VIFs) run on top of a DX. Public VIFs can access AWS public services such as S3 only. Private VIFs are used to connect into VPCs. DX is not highly available or encrypted
o Preferred over VPNs if speed, consistency and low latency are key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When to choose VPN, Direct Connect, or both?

A

o VPN
 Urgent need – can be deployed in minutes
 Cost constrained – cheap and economical to setup
 Low end or consumer hardware – DX requires BGP
 Encryption required
 Flexibility to change locations
 Highly available options available
 Short-term connectivity – not applicable if you are in a DX location, because then it is almost on demand
o Direct Connect
 Higher throughput
 Consistent performance (throughout)
 Consistent low latency
 Large amounts of data – cheaper than VPN for higher volume
 No contention with existing internet connection
o Both (VPN on top of a Direct Connection)
 VPN as a cheaper HA option for DX
 VPN as an additional later of HA (in addition to 2 DX)
 If some form of connectivity is needed immediately, provides it before the DX connection is live
 Can be used to add encryption over the top of a DX (public VIF VPN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS SA Certification - Associate (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions