Exam4Training

Which design decisions should be made to meet these network connectivity requirements?

A cloud administrator is asked to validate a proposed internetworking design that will provide connectivity to a VMware Cloud on AWS environment from multiple company locations.

The following requirements must be met:

• Connectivity to the VMware Cloud on AWS environment must support high-throughput data transfer.

• Connectivity to the VMware Cloud on AWS environment must NOT have a single point of failure.

• Any network traffic between on-premises company locations must be sent over a private IP address space.

Which design decisions should be made to meet these network connectivity requirements?
A . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a secondary, standby Direct Connect from headquarters using a public VIF.
• Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS.
B . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a public VIF for this connection.
• Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS.
• Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS.
C . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option.
• Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

D . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a policy-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option.
• Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

Answer: C

Explanation:

Option C is the best design decision that meets the network connectivity requirements. Configuring a Direct Connect from headquarters to VMware Cloud on AWS with a private VIF will ensure high-throughput data transfer and eliminate the single point of failure. To ensure that all network traffic between on-premises company locations is sent over a private IP address space, a route-based IPsec VPN tunnel should be configured as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option. Finally, dual, redundant, route-based IPsec VPN connections should be configured from each regional office to VMware Cloud on AWS.

A route-based VPN creates an IPsec tunnel interface and routes traffic through it as dictated by the SDDC routing table. A route-based VPN provides resilient, secure access to multiple subnets. When you use a route-based VPN, new routes are added automatically when new networks are created. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9.html

Exit mobile version