Author: Josh Achtemeier

Facing the Cybersecurity Challenge of Proactive VPN Replacement 

Whether in a high-profile breach in the news or our own environments, most of us have witnessed the vulnerabilities of virtual private networks (VPN), and we know it’s time to start evaluating more secure networking alternatives.  

This aged technology: 

• Was never designed for hybrid and multi-cloud cybersecurity 
• Is a single point-of-entry that can lead to holistic network compromise 
• Relies on physical router boxes, adding unnecessary potential points of failure 

We’ve had surveys professionally conducted by 3rd party organizations to get a pulse on the industry’s feelings towards the technology as well, and they’ve confirmed a growing trend of IT pros looking for cybersecurity alternatives to VPN. 

However, the reality for many organizations that haven’t experienced a catastrophic breach of their own (that they know of) is that VPN is “good enough” right now. “If it ain’t broke, don’t fix it” comes to mind as a common mantra. However unfortunate, this mentality is understandable, especially when talking about replacing something as fundamental as network security infrastructure. IT decision makers are programmed to greet any cybersecurity project with skepticism surrounding implementation complexity, and the associated price tag.  

There is a difference in attitude for a company forced to acknowledge the vulnerability of its VPN(s) due to a critical breach or other disastrous cybersecurity events. If your current networking technology has been exploited, adopting a new network security solution, regardless of the associated expense, is a no-brainer. For the organizations that have managed to get this far without experiencing a debilitating VPN breach, proactively selling the decision-making hierarchy on a new technology is close to impossible. For those forward-thinking IT pros attempting the feat anyway, we salute you.

DH2i equates these uncompromised VPNs to somewhat of a ticking time bomb in the cybersecurity solution stack. We empathize greatly with IT pros who are caught in the position of recognizing the critical threat that an outdated VPN poses to their organization, but who haven’t been introduced to a solution with the feature set and cost savings potential needed to get traction with organizational decision makers. 

Redefining the SDP Paradigm: From Mandatory Cybersecurity Upgrade to Immediate Cost-Savings 

We want to provide the IT pros working to inspire proactive cybersecurity investment at their organization with the value story they need to get it done. It’s hard to say anything else about the “invisible” threat of VPN vulnerability that we haven’t already. However, DH2i can also tackle the notion that a network security upgrade is inevitably going to be accompanied by high costs and a high degree of deployment complexity. In this new software-defined cybersecurity era, that is simply not true… 

Fast and Easy Implementation on Any Infrastructure

You won’t find a more easily implemented secure networking solution than DxOdyssey Software-Defined Perimeter (SDP). DH2i has maintained a 14-year commitment to creating infrastructure agnostic software solutions, and this SDP solution is no different—easily layering over ANY existing infrastructure. 

Implementation is as simple as distributing the lightweight (less than 6MB) install package to the members of your team who you’d like to utilize it, or personally installing on the server hosts you’d like to connect. Installation is completed with just a few clicks on Windows or Linux and takes less than a minute to complete in most cases. 

Once DxOdyssey (DxO) has been installed on the desired endpoints, setting up secure zero trust network access (ZTNA) tunnels is a straightforward process as well. Upon completion of this step, you have implemented a fully standalone, software-defined perimeter solution that can replace or enhance any existing networking solution you have in place (like VPN). No infrastructure modifications required, just a fast point-and-click implementation on top of your existing infrastructure—Windows or Linux, any OS, any server, and any cloud. 

Eliminate Labor-Intensive Maintenance and Reduce Operating Costs

Implementation of DxOdyssey as your standalone networking solution also leads to an instantaneous simplification in ongoing maintenance. As a software-defined solution, DxO allows you to immediately phase out any of your physical appliances associated with networking technologies like VPN. 

This means the always-welcome removal of a potential point of failure within your network infrastructure, but also the elimination of all ongoing maintenance of those physical boxes. This can culminate in a significant reimbursement of cost and labor resources that can be allocated elsewhere to help your organization innovate and optimize other facets of your cybersecurity strategy. In some cases, the cost reduction is even enough to cover the entirety of the cost of DxOdyssey deployment. 

Operationally, adopting an SDP approach like DxO helps your organization flex with the ebbs and flows of business more efficiently as well. Standing up new tunnels or decommissioning unneeded connections can be easily accomplished with a few clicks, and it allows your organization to adapt network capacity in real time. 

The Biggest Functionality Differentiators of DxOdyssey

Along with a nearly effortless installation and low-to-no additional cost implementation. DxOdyssey packs a punch of powerful differentiators from other SDP solutions on the market. Some of these proprietary features and characteristics include: 

• All tunnels leverage DH2i’s patented, hybrid TCP-UDP data transport technology which unlocks up to a 40% increase in network throughput performance 
• Maximum data privacy – All data paths are direct. No “middleman.” Your data is only ever seen by the servers and clients that you specify.  
• Discreet invisibility with no open ports and full DTLS encryption for uncrackable network data security 
• Highly available ZTNA tunnels with fully automatic failover in the case of outages 

Benefits like highly available network connections cannot go overstated, as this presents a massive advantage over the single point of failure represented by the router in VPN setups. 

The added ability of SDP solutions like DxOdyssey to drastically reduce attack surface is an invaluable capability as well. Whereas VPN’s grant access to an entire network (you have access to any listener on the entire target subnet), SDP limits the access to a single application-level connection in which you can access one IP address on a single port only. 

The Hurdles Have Been Removed to Proactive Cybersecurity Enhancements 

In this 2024 report released by Keeper Security, 73% of over 800 survey respondents report having experienced a cyber-attack that resulted in monetary loss for their organization.  

If you’re looking for a superior software-defined perimeter solution to protect you against modern cyber threats and lock down your infrastructure, DxOdyssey is as simple as it gets. Fast and easy implementation without making modifications to your infrastructure, and an immediate cost-savings kickback with the elimination of expensive-to-maintain technologies like VPN. 

The traditional hurdles to network security upgrades have been removed because software-defined solutions have ushered in an era of infrastructure-agnostic, deployment simplicity. Your organization can achieve a drastically higher level of security with SDP technology at a low or no net cost increase, so the decision to pursue proactive cybersecurity technology upgrades is an easier decision than it’s ever been. 

Reach out to DH2i for a DxOdyssey demo today and we can start working up your organization’s personal TCO and ROI story as we put your company on the path to a more secure future. 

DH2i has accrued a diverse portfolio of timely innovations over the years, promptly answering the call of our customers and the industry to support and enhance the latest and greatest technologies released within the SQL Server ecosystem. In this blog: 

• Discover how it all started for DH2i and some of the key technical capabilities added to our solution stack over time 
• Understand what innovations drove the evolution of the DH2i brand over the last 14 years 
• Learn how DH2i has sustained the ability to engineer solutions on a case-by-case basis for our customers, all while maintaining an ambitious pursuit of futureproof IT innovation that keeps your environment ‘Always-Secure and Always-On.’ 

The DH2i Origin Story

DH2i Company’s formal establishment in 2010 was partly the result of another software product, PolyServe, entering the end-of-life (EOL) path. Despite being acquired by Hewlett-Packard just a few years prior and having a satisfied customer base, the decision was made by HP to discontinue support for PolyServe. 

While HP’s acquisition did not bode well for PolyServe’s longevity as a technology, it did bring DH2i’s co-founders together to create something great. Don Boxley, a Senior Product Marketing Manager at the time, and OJ Ngo, Chief Software Architect of PolyServe SQL, saw a gaping opportunity in the market for this soon-to-be-removed technology. More importantly, they saw critical ways in which the solution could be improved upon, and created a brand-new software solution and IP stack that they coined, DxConsole (the 1st iteration of today’s DxEnterprise). The new solution introduced capabilities like automatic load-balancing, VSS/snapshot support, and many more. 

Keeping Our Footing at the Forefront of the Industry 

From the get-go, our management team has always plotted out a forward-thinking roadmap for our software products as far in advance as they can. By keeping close tabs on existing industry trends and an inquisitive attention to what might be “next,” DH2i has maintained an industry-leading product offering to fit the needs of SQL Server users around the globe with perpetuity. 

One of the beauties of the DH2i roadmap is that it is incredibly flexible and dynamic. Our co-founders’ commitment to keeping the company an entirely self-funded endeavor means they’ve maintained total flexibility to innovate in real time with the needs of the SQL Server industry. There are no outside investors to appease, no time-consuming board-approval processes, just a highly skilled and adaptive engineering team that has showed with regularity that it can deliver new product capabilities and support for SQL Server just as quickly as Microsoft can release it. 

Take SQL Server on Linux for example. This announcement caught the entire industry by surprise, but DH2i was able to adapt and launch DxEnterprise V17 with full support for Linux and Docker over a month before SQL Server 2017 went GA.  

March 7, 2016 – Microsoft announces SQL Server 2017 will support Linux and Docker  

August 29, 2017 – DH2i releases DxE v17 with full support for Linux and Docker containers 

October 2, 2017 – Microsoft officially releases SQL Server 2017 

It’s important to note that we didn’t just release a Linux-based DxEnterprise in this instance either. Staying committed to the pursuit of infrastructure agnostic and cross-platform technology, DxEnterprise V17 introduced unified smart high availability clustering for SQL Server on Windows and Linux, and for databases or stateful Docker containers. 

In a more recent example, DH2i was still able to achieve comprehensive SQL Server 2022 support prior to Microsoft’s GA announcement—integrating brand new features like Contained Availability Groups harmoniously with our unique mixed-platform cluster (Windows, Linux, and K8s) capabilities. 

November 2, 2021 – SQL Server 2022 announced at Microsoft Ignite 

November 14, 2022 – DH2i releases DxE v22 with full support for SQL Server 2022 

November 16, 2022 – SQL Server 2022 goes GA 

These are just a couple examples, but the following graphic shows many more of the technical capabilities that DH2i has added over the last several years to evolve with the needs of our customers and the industry. 

Adapting to the Needs of Our Customer Base 

DH2i customer experiences and insights using DxEnterprise are invaluable to the ongoing evolution of our products. That’s why we’ve often included the individual needs of our customers in our product roadmap, as well as the demands of the greater industry. Just recently we’ve introduced brand new functionality to our DxOperator tool to simultaneously deploy two SQL Server Kubernetes clusters in two isolated subnets, and automatically tie them together for HA/DR and unified management. 

Whether it be service packs, cumulative updates, or integrating a previously requested feature in a new software release, DH2i has kept our customers front-of-mind as we evolve our products to better meet the needs of the industry. 

Getting Ahead of the Industry with Exclusive SQL Server Kubernetes Capabilities 

Now, fast forward 14 years and you’ll see that DH2i has accomplished some incredible milestones:  

• A customer portfolio spanning 5 continents 
• A multitude of enterprise customers on the Fortune Global 500 list 
• Innovative collaborations with high-profile partners like Microsoft and SUSE 

However, the industry traction that DxEnterprise’s SQL Server Kubernetes-centric features are now getting suggests this might be our most impactful technology to-date. Some of the key features that have been added to DxEnterprise (DxE) to enable the industry’s easiest path to highly available SQL Server in Kubernetes are: 

Fully Automatic Failover for SQL Server Availability Groups in Kubernetes – This exclusive capability enables DH2i to unambiguously offer the lowest possible downtime for SQL Server Availability Groups (AGs) in Kubernetes. This makes failover possible in seconds, rather than having to tolerate the default 5-minute outage window of Kubernetes’ pod-level failover. 

SQL Server Sidecar Containers – This exclusive technology allows users to deploy SQL Server AGs in Kubernetes in a sidecar container configuration. This means a separate SQL Server container image and DxEnterprise clusterware container image are deployed in the same pod. This application isolation drastically simplifies ongoing support for containerized SQL Server and entirely mitigates the headaches associated with custom container images. 

DxOperator – This newly released feature of DxE is a software extension to Kubernetes that uses custom resource definitions to automate the deployment of DxEnterprise clusters, and it provides all instrumentation to create, configure, and manage SQL Server Availability Groups. DxOperator unlocks maximum deployment speed and customizability, including exclusive capabilities like the ability to set up pod replication however you like—synchronous or asynchronous. 

Don Boxley, our CEO, expressed his vision for our technology stack by saying, “Since the founding of our company, we’ve been steadily integrating components into our system to create the ultimate high availability solution for SQL Server. We identified containers as a groundbreaking technology for SQL Server, potentially even more transformative than virtual machines. Our goal has always been to lead the way into the future with a solution that exceeds customer expectations.” 

CTO, OJ Ngo, added, “One of the most substantial obstacles to adopting SQL Server containers is grappling with intricate orchestration tools like Kubernetes. Our engineering team has been diligently working on creating user-friendly solutions. Although Helm chart deployment was a step forward, the enhanced configuration and automation capabilities in DxOperator represent a major advancement in SQL Server containerization.” 

The SQL Server industry is catching up to the container-centric capabilities offered by DH2i, and they are eager to harness the scalability, flexibility, and cost savings benefits that containerization promises. So eager in fact, that DH2i is currently on track to achieve 10x growth in 2024—just from SQL Server container projects alone. 

If you’re intrigued by what you heard about DxEnterpise, get registered for a short demo with a member of our team or download your own free software license to take it for a test drive in your own environment. 

If you have any questions about the content of this blog, the timeline graphic, or anything else DH2i related, please reach out to us at [email protected].