So, you’ve found yourself in a bit of a pickle. Picture this: you’re running a critical bit of infrastructure, maybe a wastewater treatment plant, a place where the smooth flow of data is almost as important as the smooth flow of… well, you know. You’ve got your remote sites all chatting happily with the main plant, sharing all that lovely SCADA goodness.
Once upon a time, you might have done this with a trusty 900-MHz radio system, a real workhorse. But then, the airwaves got as crowded as a Boxing Day sale, and the interference became a proper nuisance. You looked into upgrading to a 5.8GHz point-to-point link, but the cost of towers and steel made your wallet weep.
So, like many a sensible person, you turned to the internet. You set up a Virtual Private Network, and for a while, everything was tickety-boo. Your remote operations team could connect, your remote historian could slurp up all that juicy data, and it all funnelled neatly through your big, complicated firewall.
But then, the universe, in its infinite wisdom, decided to throw a spanner in the works. Maybe it was one too many ice storms, a backhoe with an unfortunate sense of direction, or just the internet deciding to take an unscheduled holiday. Whatever the cause, you had outages. Data went missing. People couldn’t get their jobs done. The grumbling started.
“Right,” you thought, with the determined air of a problem-solver. “I’ve got this. I’ll get a second internet connection!” A brilliant plan. You go out and get a shiny new 5G service, or maybe you join the space race with a Starlink dish. You get it all hooked up.
And that’s when you discover your brilliant plan has created a brilliant new problem.
How on earth do you actually use this thing? It has a completely different IP address. What’s the plan? Do you fiddle with your DNS records and then wait four hours for the Time To Live to expire while the world burns? That’s not going to cut it. The folks on the outside trying to connect in won’t have a clue how to find you.
Worse yet, that shiny new connection might not even support your VPN because it doesn’t allow for inbound connections. It doesn’t have a public-facing IP address. It’s like having a second front door that only opens from the inside. Not terribly useful.
Now, before you start tearing your hair out and pricing out a return to carrier pigeons, take a deep breath. I’ve got another, much simpler, solution.
My company, Agilicus, has built a rather clever zero-trust secure access platform. One of the neatest tricks up its sleeve is how it handles connectivity. It’s outbound-only, meaning you never have to worry about opening holes in your firewall.
More importantly for our current predicament, it provides active-active high availability. In plain English, it uses all of your internet links, all the time. It’s constantly sending probes down every connection. If one of them goes down – whether it’s your main fibre line or your fancy new satellite dish – nobody even notices. The traffic just seamlessly continues flowing over the working links. It just keeps working. No fuss, no muss.
You don’t need to get tangled up in an expensive and complex Software-Defined Wide Area Network solution to stitch everything together. Our system uses outbound-only connections over TLS (Transport Layer Security), which is the same technology that secures your online banking. It’s simple, secure, and it just works.
If this sounds like the answer to your dual-internet urges, I’d love to chat.