A software company provides a SaaS accounting application hosted in AWS, requiring connectivity to its on-premises network. The company uses two redundant 10 Gbps AWS Direct Connect connections to handle increasing application demand. While encryption is already in place between the on-premises network and the colocation, the company needs to encrypt traffic between AWS and the colocation's edge routers within a few months without reducing current bandwidth. What solution should a network engineer implement to meet these requirements with minimal operational overhead?

Exam-Like

Deploy a new public VIF with encryption on the existing Direct Connect connections. Reroute traffic through the new public VIF.

Create a virtual private gateway Deploy new AWS Site-to-Site VPN connections from on premises to the virtual private gateway Reroute traffic from the Direct Connect private VIF to the new VPNs.

Deploy a new pair of 10 GB Direct Connect connections with MACsec. Configure MACsec on the edge routers. Reroute traffic to the new Direct Connect connections. Decommission the original Direct Connect connections

Deploy a new pair of 10 GB Direct Connect connections with MACsec. Deploy a new public VIF on the new Direct Connect connections. Deploy two AWS Site-to-Site VPN connections on top of the new public VIF. Reroute traffic from the existing private VIF to the new Site-to-Site connections. Decommission the original Direct Connect connections.

AWS Certified Advanced Networking - Specialty

Get started today

Comments