Which solution will meet these requirements MOST cost-effectively?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is designing an AWS environment for a manufacturing application.The application has been successful with customers, and the application’s user base has increased.The company has connected the AWS environment to the company’s on-premises data center through a 1 Gbps AWS Direct Connect connection.The company has configured BGP for the connection.The company must update the existing network connectivity solution to ensure that the solution is highly available, fault tolerant, and secure.

Which solution will meet these requirements MOST cost-effectively?

Add a dynamic private IP AWS Site-to-Site VPN as a secondary path to secure data in transit and provide resilience for the Direct Connect connection. Configure MACsec to encrypt traffic inside the Direct Connect connection.

Provision another Direct Connect connection between the company’s on-premises data center and AWS to increase the transfer speed and provide resilience. Configure MACsec to encrypt traffic inside the Direct Connect connection.

Configure multiple private VIFs. Load balance data across the VIFs between the on-premises data center and AWS to provide resilience.

Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

Explanations:

While adding a dynamic private IP AWS Site-to-Site VPN provides resilience and security, configuring MACsec is not feasible as MACsec is typically used for local network segments and does not apply to AWS Direct Connect connections directly. Additionally, this option may be more costly than necessary for achieving fault tolerance.

Provisioning another Direct Connect connection increases resilience but is not the most cost-effective solution since it involves higher costs associated with maintaining multiple Direct Connect circuits. Also, MACsec is not applicable here.

Configuring multiple private VIFs alone does not provide fault tolerance; if the Direct Connect itself fails, traffic will still be lost. Moreover, it may not be the most cost-effective way to achieve high availability compared to utilizing a VPN for redundancy.

Adding a static AWS Site-to-Site VPN as a secondary path provides a cost-effective way to ensure resilience and high availability while securing data in transit. This approach leverages existing resources without the high costs associated with multiple Direct Connect circuits.

2025-10-03

1 Comment

  1. Sarah
    Author

    I reckon the answer is:
    Add a static AWS Site-to-Site VPN as a secondary path to secure data in transit and to provide resilience for the Direct Connect connection.

Leave a Reply

Your email address will not be published. Required fields are marked *

19 + 15 =