You are preparing to launch Amazon WorkSpaces and need to configure the appropriate networking resources. What must be configured to meet this requirement?
A.
At least two subnets in different Availability Zones.
B.
A dedicated VPC with Active Directory Services.
C.
An IPsec VPN to on-premises Active Directory.
D.
Network address translation for outbound traffic.
Answer is A. You can deploy workspaces in Public Subnet and thus NAT is not a requirement. NAT Is only needed when Workspaces are in private subnets. 2 Subnets are required
A & B - while WorkSpaces do not directly require a NAT Gateway for their core functionality (which mainly revolves around providing virtual desktops), the NAT Gateway is an important component in a VPC for managing and securing internet access for WorkSpaces instances, especially those in private subnets.
Answer : A & D
Why A - "You can create a VPC with two private subnets for your WorkSpaces...."
refer
https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-vpc.html
Why B - "Your WorkSpaces must have access to the internet...."
refer
https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-internet-access.html
"You will need a minimum of two subnets for an Amazon WorkSpaces deployment because each AWS Directory Service construct requires two subnets in a Multi-AZ deployment. " A is the answer
The answer is A.
NAT is not required
You can create a VPC with two private subnets for your WorkSpaces and a NAT gateway in a public subnet. Alternatively, you can create a VPC with two public subnets for your WorkSpaces and associate an Elastic IP address with each WorkSpace
And when you say "you can create a VPC with 2 private subnets and a NAT gateway in a public subnet", you are right
The NAT gateway you are talking about is answer D
The answer is A, B, and D. The question does not specify how many options to select but rather to select all that is requires and A,B&D are all required.
I think the only answer is A. The question isn;t actually a multi-response questions as there's only 4 options anyway, nor is it asked for in the question.
A) Yes, because you have to have at least 2 subnets in different AZ's
B) No, the VPC doesn't need to be dedicated
C) No, because you don't have to do this with IPSec, nor does it have to be an on Prem AD services
D) No, because you don't need NAT for WorkSpaces internet access.
The problem is - all AWS resources with public IP go through NAT. Your instance do not have any public IP assigned. It went through a S-NAT process at edge router.
Agree with most that first part is A. However I would rather for for Active Directory services. What confuse is reguirement for dedicated VPC for AD service?
A is a correct answer. From Official Study Guide:
"Amazon WorkSpaces has the following network requirements:
...
A VPC in which to run your WorkSpace You will need a minimum of two subnets for an
Amazon WorkSpaces deployment because each AWS Directory Service construct requires
two subnets in a Multi-AZ deployment. Each subnet should have suff cient capacity for
future growth. Each WorkSpace will have a network interface in one of the VPC subnets"
You'll need a minimum of two subnets for a WorkSpaces deployment because each AWS Directory Service construct requires two subnets in a Multi-AZ deployment. Each WorkSpace is associated with a specific Amazon VPC and AWS Directory Service construct you used to create it.
additionally A directory service to authenticate users and provide access to
their WorkSpace. Amazon WorkSpaces currently works with AWS
Directory Service and Active Directory. You can use your on-premises
Active Directory server with AWS Directory Service to support your
existing enterprise user credentials with WorkSpaces.
https://d1.awsstatic.com/whitepapers/workspaces/Best_Practices_for_Deploying_Amazon_WorkSpaces.pdf
also Given that all WorkSpaces will be granted some form of Internet access, and
given that they will be hosted in a private subnet, you also need to create public
subnets that can access the Internet through an Internet gateway. You will need a
NAT gateway for the full-time employees allowing them to access the Internet,
and a Proxy-NAT server for the consultants and contractors to limit their access
to specific internal websites. To plan for failure, design for high availability, and
limit cross-AZ traffic charges, you should have two NAT gateways and NAT or
proxy servers in two different subnets in a Multi-AZ deployment. T
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
2cool2touch
Highly Voted 3 years, 2 months agoarhelp
Most Recent 11 months agoshaji123
2 years, 5 months agoasdf99
3 years, 1 month agoPeppaPig
3 years, 1 month agoeeghai7thioyaiR4
3 years, 1 month agoMalicaide
3 years, 1 month agoStec1980
3 years, 2 months agojason2009
3 years, 1 month agoDanyelBlood
3 years, 2 months agoMaikM
3 years, 1 month agoMaikM
3 years, 1 month agosensor
3 years, 2 months agoluckymuki
3 years, 2 months agoRonanh
3 years, 2 months agoRonanh
3 years, 2 months agoRonanh
3 years, 2 months agopiemar
3 years, 2 months agopiemar
3 years, 2 months agohugo1111
2 years, 11 months agoMeetra
3 years, 2 months agoohcan
3 years, 2 months agoclark
3 years, 2 months ago