73. Direct Connect

Direct connect is a cloud service solution that makes it easy to establish a dedicated n/w connection from your premises to AWS. Using Direct Connect, we can establish private connectivity between AWS and your datacenter, office or colocation environment, which in many cases can reduce your n/w costs, increase bandwidth throughput, and provide a more consistent n/w experience than internet-based connections. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations.

Tips:
i. Direct Connect directly connects your data center to AWS
ii. Useful for high throughput workloads (i.e lots of n/w traffic)
iii. Or if you need a stable and reliable secure connection

Questions:
i. The engineering team at an e-commerce company wants to establish a dedicated, encrypted, low latency, and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection. As a solutions architect, which of the following solutions would you recommend to the company?
Answer: Use AWS Direct Connect plus VPN to establish a connection between the data center and AWS cloud
Explanation: With AWS Direct Connect plus VPN, you can combine one or more AWS Direct Connect dedicated network connections with the Amazon VPC VPN. This combination provides an IPsec-encrypted private connection that also reduces network costs, increases bandwidth throughput, and provides a more consistent network experience than internet-based VPN connections.

Question 1:
As a Solutions Architect, you are considering migrating from your on-premises environment to AWS. The company currently holds large amounts of data in its data centers, and this on-premises environment will continue to be used. Therefore, a high performance, leased line connection of 50 Mbps is required to connect this data center to AWS.
Choose the best connection method to meet this requirement.
Options:
A. Make a connection to your on-premises environment through VPC peering
B. Connect to on-premises environment via VPN
C. Make a connection to on-premises environment with AWS Direct Connect
D. Make a connection to on-premises environment through an internet gateway
Answer: C
Explanation
AWS Direct Connect makes it easy to establish a dedicated network connection to AWS from an on-premises environment such as a data center. This can often reduce network costs, increase bandwidth throughput, and provide a stable network experience. Therefore, option 3 is the correct answer.
Other options are inappropriate as they are not high performance, leased line connectivity services.
Option 1 is incorrect. VPC peering is a function used to connect between two VPCs. It does not provide a connection function with an on-premises environment using a dedicated line.
Option 2 is incorrect. VPN is not a dedicated line connection, but a network connection using the Internet.
Option 4 is incorrect. The Internet gateway is a gateway used for communication between the VPC and the Internet.

Question 2:
The engineering team at an e-commerce company wants to establish a dedicated, encrypted, low latency, and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection.
As a solutions architect, which of the following solutions would you recommend to the company?
Options:
A. Use AWS Direct Connect plus VPN to establish a connection between the data center and AWS Cloud
B. Use site-to-site VPN to establish a connection between the data center and AWS Cloud
C. Use VPC transit gateway to establish a connection between the data center and AWS Cloud
D. Use AWS Direct Connect to establish a connection between the data center and AWS Cloud
Answer: A
Explanation
Correct option:
Use AWS Direct Connect plus VPN to establish a connection between the data center and AWS Cloud
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations.
With AWS Direct Connect plus VPN, you can combine one or more AWS Direct Connect dedicated network connections with the Amazon VPC VPN. This combination provides an IPsec-encrypted private connection that also reduces network costs, increases bandwidth throughput, and provides a more consistent network experience than internet-based VPN connections.
This solution combines the AWS managed benefits of the VPN solution with low latency, increased bandwidth, more consistent benefits of the AWS Direct Connect solution, and an end-to-end, secure IPsec connection. Therefore, AWS Direct Connect plus VPN is the correct solution for this use-case.

Incorrect options:

Use site-to-site VPN to establish a connection between the data center and AWS Cloud – AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). A VPC VPN Connection utilizes IPSec to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet. VPN Connections are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity. However, Site-to-site VPN cannot provide low latency and high throughput connection, therefore this option is ruled out.

Use VPC transit gateway to establish a connection between the data center and AWS Cloud – A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPC) and on-premises networks. A transit gateway by itself cannot establish a low latency and high throughput connection between a data center and AWS Cloud. Hence this option is incorrect.

Use AWS Direct Connect to establish a connection between the data center and AWS Cloud – AWS Direct Connect by itself cannot provide an encrypted connection between a data center and AWS Cloud, so this option is ruled out.