You are deploying an application to Google Cloud. The application is part of a system. The application in Google Cloud must communicate over a private network with applications in a non-Google Cloud environment. The expected average throughput is 200 kbps. The business requires:
– as close to 100% system availability as possible
– cost optimization
You need to design the connectivity between the locations to meet the business requirements. What should you provision?
A. An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway.
B. Two Classic Cloud VPN gateways connected to two on-premises VPN gateways Configure each Classic Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways.
C. Two HA Cloud VPN gateways connected to two on-premises VPN gateways Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways.
D. A single Cloud VPN gateway connected to an on-premises VPN gateway.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
A
Explanation
A. An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway.
(It is true only if the on-prem (peer) gateway has two separate external P addresses. The HA VPN gateway uses two tunnels, one tunnel to each external IP address on the peer device as described in https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#configurations_that_support_9999_availability.)
B. Two Classic Cloud VPN gateways connected to two on-premises VPN gateways Configure each Classic Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways.
(Classic Cloud VPNs are being phased out and might be less cost-effective than HA Cloud VPNs. Additionally, managing multiple Classic Cloud VPN gateways can be more complex.)
C. Two HA Cloud VPN gateways connected to two on-premises VPN gateways Configure each HA Cloud VPN gateway to have two tunnels, each connected to different on-premises VPN gateways.
(It is a complete solution that provides full redundancy of the on-prem gateway. This is probably more expensive and having two HA VPN Gateways is an unusual configuration as the online documentation only describes using one HA VPN Gateway.)
D. A single Cloud VPN gateway connected to an on-premises VPN gateway.
(This offers a single point of failure and wouldn’t achieve the desired level of high availability.)