Which solution will meet these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company is migrating an on-premises application and a MySQL database to AWS.The application processes highly sensitive data, and new data is constantly updated in the database.The data must not be transferred over the internet.The company also must encrypt the data in transit and at rest.The database is 5 TB in size.The company already has created the database schema in an Amazon RDS for MySQL DB instance.The company has set up a 1 Gbps AWS Direct Connect connection to AWS.The company also has set up a public VIF and a private VIF.A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime.

Which solution will meet these requirements?

Perform a database backup. Copy the backup files to an AWS Snowball Edge Storage Optimized device. Import the backup to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.

Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS. Create a DMS replication instance in a private subnet. Create VPC endpoints for AWS DMS. Configure a DMS task to copy data from the on-premises database to the DB instance by using full load plus change data capture (CDC). Use the AWS Key Management Service (AWS KMS) default key for encryption at rest. Use TLS for encryption in transit.

Perform a database backup. Use AWS DataSync to transfer the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.

Use Amazon S3 File Gateway. Set up a private connection to Amazon S3 by using AWS PrivateLink. Perform a database backup. Copy the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.

Explanations:

While this option uses a physical device (Snowball) for transfer, it does not support continuous updates (CDC) and would likely result in longer downtime since the backup must be fully restored after the initial copy.

This option utilizes AWS DMS, which supports ongoing replication with CDC. It encrypts data at rest using AWS KMS and in transit with TLS, aligning with all requirements while minimizing downtime.

DataSync is typically used for file transfers rather than databases. Additionally, it does not support CDC, which would increase downtime for the migration since it would not accommodate real-time changes during the transfer.

Amazon S3 File Gateway is intended for file storage rather than database migrations. This approach does not provide continuous data updates (CDC) and may introduce unnecessary complexity and downtime for a database migration.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen + 12 =