The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has
decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for
authentication Your security policy requires minimal changes to the company’s existing application user
management processes.
What option would you implement to successfully launch this application1?
A.
Create a second, independent LOAP server in AWS for your application to use for authentication
B.
Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP
servers
C.
Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure
your application to use the LDAP replica for authentication
D.
Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between
your new and existing domains and use the new domain for authentication
Explanation:
http://msdn.microsoft.com/en-us/library/azure/jj156090.aspx
Seems like the answer should be C since it requires no changes to the authentication infrastructure as requested in the question. Answer D creates a new LDAP, trusts, etc.
Agree with Bryan. Problem to solve is low latency connectivity to LDAP with minimum effort. D is also a solution, bit requires much more effort than C.
I’m not sure C is an option. If you only use an LDAP replica then any changes on the replica will not carry over to the on-premise LDAP, plus the AWS and on-premise environments need to trust each other. I think the trust solution (C) is the best choice.
Sorry I meant D is my choice.
should be no changes to replicate toward the on premises, you need it just for auth.
For me the answer is C. Because they are talking about regular LDAP. The question doesn’t says nothing about Active Directory, so the LDAP could be an OpenLDAP server. In addition the services hosted in AWS will use the LDAP just for authentication so they shouldn’t be writing on the replica LDAP.
In order to replicate the LDAP some sort of change occurs to the infrastructure and the option D also states about creating another LDAP. What is the difference between the option C and D ?
Can anyone put final answer?
Its really confusing here..
The issue here is both are correct options, but the indicators are “low latency connectivity to LDAP for
authentication” and “Your security policy requires minimal changes to the company’s existing application user
management processes.”
there is no need for a new separate domain or trust. just a simple LDAP server for authentication with minimal security policy change.
Answer is C here. A replica would allow for the authentication as requested. For those also looking at Azure, Microsoft recommends this same thing for AD extension.
D. would require MORE administrative work for the sysadmins and opens a new level of security requirements as you establish trusts, password policies and new/additional domain users. m e s s y!!!
Thank Jason,
C is good choose for “low latency connectivity” & “requires minimal changes”
I would vote C
C would be the right answer in my opinion.
d
C still has latency for application.
I think the priority of this question is latency, therefore D will be the best solution.
It will eliminate latency comprehensively.
You not need to create a SECOND LDAP DOMAIN. Answer is C.
Agree.
2nd LDAP Domain, the term itself solving the problem in the question really raises suspicion.
If we are talking about LDAP in window, A trust relationship is needed but if we are using unix “LDAP” a replicais the best practice.
so Answer is D if Windows LDAP Env. and C if Unix LDAP Env.
Both c and d will work but we should not make changes to existing infra. creating Domains and Trust will cause changes in Main LDAP Servers configuration so best Answer is creating LDAP replica in Cloud.
Answer is C
Who writes these questions, LOAP and SOS, is this a new cloud platform, because its not AWS. If these typos are present + dubious answers, how relevant is this Q and A site? Losing confidence in its veracity.
B:- at first look B is OK, but the question is low latency. SO b is not the right answer.
D:- Because setting new domain is a tedious task.
So C is the right answer.
Not just a tedious task but also not matching the purpose in this context if D is the solution.
C
I would say C
C If you are replicating then there would be no latency issue. I don’t know why you need VPN – just for replication? VPN likely is just a secure replication solution.
D – would need more work