Explore the optimal AWS connectivity strategy for SaaS migration. Seamlessly integrate AWS and on-premises access while ensuring direct VPC access for AWS customers.
Table of Contents
Question
A software-as-a-service (SaaS) company is migrating its private SaaS application to AWS. The company has hundreds of customers that connect to multiple data centers by using VPN tunnels. As the number of customers has grown, the company has experienced more difficulty in its effort to manage routing and segmentation of customers with complex NAT rules.
After the migration to AWS is complete, the company’s AWS customers must be able to access the SaaS application directly from their VPCs. Meanwhile, the company’s on-premises customers still must be able to connect through IPsec encrypted tunnels.
Which solution will meet these requirements?
A. Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers
B. Use AWS PrivateLink to connect the AWS customers. Use a third-party routing appliance in the SaaS application VPC to terminate onpremises Site-to-Site VPN connections.
C. Peer each AWS customer’s VPCs to the VPC that hosts the SaaS application. Create AWS Site-to-Site VPN connections on the SaaS VPC virtual private gateway.
D. Use Site-to-Site VPN tunnels to connect each AWS customer’s VPCs to the VPC that hosts the SaaS application. Use AWS Site-to-Site VPN to connect the on-premises customers.
Answer
A. Connect the AWS customer VPCs to a shared transit gateway. Use AWS Site-to-Site VPN connections to the transit gateway for the on-premises customers
Explanation
The solution that best meets the requirements for the SaaS company migrating its application to AWS while ensuring direct access for AWS customers and maintaining IPsec encrypted tunnels for on-premises customers is Option A.
Option A:
- Connect AWS customer VPCs to a shared transit gateway.
- Use AWS Site-to-Site VPN connections to the transit gateway for on-premises customers.
This approach provides a centralized and scalable solution by leveraging a shared transit gateway to connect AWS customer VPCs. It allows direct access for AWS customers to the SaaS application within their VPCs while maintaining the necessary IPsec encrypted tunnels for on-premises customers via Site-to-Site VPN connections to the transit gateway.
This design simplifies routing and segmentation by consolidating connections through the transit gateway, easing the management of network connectivity for both AWS and on-premises customers.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.