Author: Josh Achtemeier

The Virtual Private Network (VPN). What a marvelously impenetrable fortress of IT security brilliance! VPNs were virtually—pun intended—uncrackable at the time of their creation in… 1996. Yes, you read that year right. VPN technology is in its late 20s, and unfortunately, its best days are undoubtedly behind it.

Though the tide had already turned in favor of newer approaches, COVID-19 was a significant breaking point for VPN technologies. The pandemic demanded a massive shift to remote work for countless organizations around the world. Unfortunately, this shift also represented a proverbial gold mine to hackers, and 44% of organizations surveyed by the 2022 Cybersecurity Insiders VPN Risk Report said they observed a tangible increase in exploits targeting their VPNs.

So, why is the thought of thousands of organizations leveraging VPN technology a mouth-watering prospect to cybercriminals, and why have many organizations already phased (or are working on it) this technology out? To start, you have to think about the world that VPN was conceptualized and created within. VPN technology was never designed to protect organizations existing in the hybrid and multi-cloud world we know today, and it certainly was not designed to support the infinitely expanding Internet of Things. Thereby, the continued use of VPNs in these complex, heterogenous environments has culminated in some acute vulnerabilities to network security and uptime.

Every Single VPN Connection is a Key to the Network

Perhaps the single most critical vulnerability of VPN is how network access is regulated (or the lack thereof) for its users. Any single VPN connection represents access to a full slice of an organization’s network. In other words, a single entry point can be exploited to the tune of limitless lateral attack surface.

Physical Infrastructure is An Expense and Point of Failure

Hardware VPNs require a physical processor to support VPN tunnel creation, and as the need for additional VPN tunnels grows, so does the hardware footprint. Setting up and configuring this physical infrastructure is a complex and costly process to begin with. Not to mention, these physical appliances also must be diligently maintained, because ultimately, they represent a potential point of failure within any IT environment. This leads to VPN appliances being accompanied by significant recurring expense in order to remain reliable.

VPN Security Can Be at the Mercy of Password Strength

Best practices for password security have certainly evolved over the years. There are mandated bi-annual or quarterly updates, prohibited repeating of passwords, and growing minimum character limits. However, many organizations don’t have the resources to enforce policies like this, and humans are, well… Human. Convenience often outweighs optimal security for those who haven’t experienced a data breach personally, and in the context of VPN, one set of compromised credentials can unlock an entire network to bad actors.

External AND Internal Bad Actors

When people consider the cybersecurity threats facing today’s corporations, it’s natural to think about external bad actors hacking into your network for the first time and compromising your organization’s data immediately. However, there are thousands of recorded instances where bad actors have quietly and covertly breached a network perimeter, and then remained dormant for an amount of time before actually executing an attack.

SDP: The Answer to VPN Vulnerabilities

Software-Defined Perimeter (SDP) and Zero Trust technology is where the information technology industry must continue heading to have the best chance of defending against today’s cyber threats. Not only do these solutions avoid the significant expense and vulnerability accompanied by physical VPN appliances, they also include critical functionality such as the following.

Application-Level Access – SDP solutions regulate access much more granularly—limiting user access to specific authorized applications. This is a huge distinction from the excessive permissions and full slice-of-the-network access enabled by VPN. If a user were to be compromised, this capability eliminates lateral attack vectors and isolates the adverse effects of a breach to the authorized application(s).

Cloud-Ready – Software-defined perimeter technology was purpose-built for today’s heterogenous multi-cloud and hybrid cloud deployments. It gives you the power to interconnect disparate infrastructure safely with Zero Trust Network Access (ZTNA) connections.

Trust Nothing, Verify Everything – This has become the mantra of Zero Trust Security, and a call-to-action that software-defined perimeter technology delivers on. Whether internal or external to the network, users are asked to complete continuous verification and authorization throughout their interactions with a network.

With more VPNs being exploited every day, the future of information technology security is relying on organizations to get proactive when securing their network perimeter. VPN technology is over 25 years old, and a changing of the guard to SDP technology is critical to protect organizations in our hybrid and multi-cloud world.

DH2i’s Take on Software-Defined Perimeter

 DH2i’s DxOdyssey SDP software integrates all the standard functionality of other Zero Trust solutions in the industry, but it also contains some powerful differentiations such as:

• No “middleman” data path intrusions (we never see your data ourselves)
• Up to a 40% increase in network throughput with patented hybrid TCP/UDP technology
• Ensuring uninterrupted access with highly available tunnel groups

Let us know if you’d like to check out a free personalized demo.

Introducing new information technology into your organization is a massive endeavor—especially when it will have a direct impact on business-critical SQL Server workloads. Somehow you need to find time to undertake a labor-intensive solution identification process, complete a thorough proof of concept (POC), and write a formal proposal—all while simultaneously maintaining the standard day-to-day requirements of your job as an IT professional.

No IT team wants to be in a position where they just spent months testing and advocating for a software solution they are excited about, only to be shut down by executive decision-makers who are not willing to prioritize the project. A successful POC that doesn’t end in technology adoption is draining and discouraging. Unsurprisingly, it can ultimately result in an IT team that is reluctant to pursue business-enhancing innovation at all. And if there’s anything that organizations can’t afford in the age of digital transformation, it’s complacency within their IT department.

So, if you’ve identified an impactful solution that could benefit your organization, what are some best practices you can employ to have the best shot at getting the support of the decision-making hierarchy?

Capitalize on the Power of the POC

Depending on the size of your organization—and especially within the scope of SQL Server high availability—new software acquisitions will typically impact the day-to-day lives of multiple people on your IT team. Invite as many users as possible to share in the POC process and let them take the new solution on a test drive with you. Truly powerful software solutions will speak for themselves when new users get in the driver’s seat for the first time, and the more advocates you have for technology adoption, the stronger and more compelling your proposal becomes.

At the very least, inviting multiple users to join the POC process opens a forum for a greater diversity of perspectives and opinions of the solution being evaluated. This helps avoid fixation or tunnel vision, and can help you more accurately gauge the total impact of technology adoption.

The POC process also needs to be accompanied by strategic, measurable goals, because this is how you are going to show your decision-makers how this solution quantitatively and objectively can make a difference at your organization. When evaluating SQL Server high availability solutions, this might look like measuring:

• Relative failover speeds
• The impact on total licensing expense
• The number of workloads that can be safely stacked on a single server

New solutions are not adopted on a positive gut feeling after reading marketing materials. POCs give you the power to show the potential benefits in black and white, so approach them intentionally with specific demonstrations of value in mind. 

The Solution Provider is Eager to Help – Use Them as a Resource

You are in the driver seat when it comes to evaluating new software. The solution provider is generally ready to assist in whatever way they can to help facilitate your understanding of the software solution, because they want to make a sale. So, don’t be afraid to ask for help along the way. Learning your way around new software can be a time-consuming task, and it’s worth taking advantage of the resources at hand to help make it as efficient a process as possible.

Obviously, technology vendors have strong technical knowledge and competency to help you along the way through product evaluations. However, their usefulness does not stop there…

Most technology companies have experienced their fair share of deals that got away. Sometimes these disappointments are just due to budget constraints, champion turnover, or other logistical shortcomings. The failed adoptions that sting the most though are the ones where organizational decision-makers failed to see the value in our solution. These are nothing if not learning experiences though, and they have equipped solution providers with a multitude of valuable insights that they would love the opportunity to share with you.

As the technology evaluator/product champion(s) for an organization, it can be an invaluable exercise to tap into these insights prior to your final proposal. While your perceived value of a solution can be fixated around a particular benefit or feature, these conversations can unlock a more holistic value story to help sway your organization’s key stakeholders and decision-makers.

Integrate Technology Proposal with Existing Goals

It’s not rocket science. Technology proposals have a much higher chance of being successful if they help achieve existing goals at your organization. Whether continuous improvement or other business initiatives, these goals are crafted with the needs and priorities of all business units and stakeholders in mind. In-turn, methodically introducing new solutions in the scope of these objectives is a critical advantage in enticing key stakeholders.

Even if a new solution is identified that could have an unambiguously positive impact on your organization, it can be a tough sell if the impact falls outside the scope of these existing goals. Because previously established goals and initiatives are accompanied by previously determined budget allocations. Re-allocating resources is usually only a realistic expectation when reacting to a serious negative event like a security breach or extended downtime incident.

Making the Final Technology Adoption Proposal

Your POC is complete, your team of evaluators have become enthusiastic advocates, and you’ve formulated an amazing proposal that fits like a glove in the scope of your organizational budget and goals. This is by no means a secret formula for 100% success, but based on our interactions with customers and prospects these tips will give you the greatest probability of having your proposal approved, and your hard work rewarded.

Just don’t forget to talk to decision-makers as humans too. Call us a “glass-half-full” company at DH2i, but we believe appealing to emotions and the human experience can be impactful even within the corporate machine. Modern software solutions don’t always just bring new technical capability to organizations. New technology can also simplify management and genuinely improve the quality of life for the IT pros who use it. In other words, certain technology can be accompanied by sensational ROI, and also positively impact the people at your organization. Reducing turnover and improving quality of life can contribute to overall success in the very same manner that technical capability can.

At DH2i, we make ourselves available to help every step of the way through the evaluation process. We typically start with a personalized demo to help you determine how our solutions could benefit your organization’s SQL Server environment. Then we offer free, fully-featured trial licenses for a flexible duration to allow your organization to complete a thorough evaluation. We provide free email-based support with on-boarding and throughout the duration of your POC of DxEnterprise Smart HA Clustering, or DxOdyssey SDP technology. Our dedicated support team has even been known to provide after-hours assistance to ensure success for prospective customers.

Customers have chosen our solutions after being able to clearly demonstrate industry-leading failover speeds, as well as other capabilities in the POC stage that unlock the following benefits in their SQL Server environments:

• An 8-15x reduction in OSes under management by safely stacking instances
• A 30-60% reduction in overall cost licensing costs
• Up to a 40% increase in replication throughput when using the highly performant network transmission technology of DxOdyssey

Lastly, with lightning-fast failover speed and advanced modernization capability, DH2i can enable patching and updating during regular business hours. This is a truly powerful value proposition for DBAs and other frontline IT pros—getting their nights and weekends back while simultaneously reducing total downtime.

Mission-critical SQL Server workloads never sleep, and high availability (HA) clustering technology is an imperative tool in the pursuit of maximum uptime. Organizations require the ability to quickly identify single points of failure in their IT environments, and failover workloads to a host where uptime can be maintained. Not to mention, literally every second counts—as hourly revenue losses can easily approach 7-figure sums for the largest corporations.

There are numerous solutions in the IT universe that pledge to help your organization achieve high availability, but not all HA clustering is created equal. DH2i has worked with SMBs and enterprises all over the world—representing almost every industry imaginable. These organizations have broken down their selection of HA clustering solutions into three competencies that need to be heavily weighed through the technology selection process.

This article will be focusing on 4 of the most popular SQL Server HA clustering technologies out there today:

• Windows Server Failover Clustering (WSFC) – A leading solution for Windows Server
• Pacemaker – A leading solution for Linux
• SIOS – A leading solution for Windows and Linux
• DxEnterprise – DH2i’s Smart HA Clustering software for Windows, Linux, and containers

Deployment Flexibility

 It’s no secret that there are some ancient (relatively speaking) SQL Server environments out there. One of the big reasons why: traditional SQL Server clustering technology is very predisposed to complexity and lock-in due to stringent infrastructure and like-for-like requirements. Not to mention, licensing costs can really add up when you are forced to leverage Enterprise Edition SQL Server to meet your HA requirements. Some companies can get away with maintaining outdated legacy SQL Server systems for years, but for the most critical workloads, it is essential to leverage solutions that can grow organically with your SQL Server environment and not bottleneck evolution.

For our customers and other IT pros we’ve talked to, ease of adoption and deployment is a huge factor in selecting their ideal HA clustering technology. This process can be a massive undertaking, so learning how the new technology integrates with your existing environment is a big piece of the puzzle.

Below is a small chart detailing some of the critical feature differences among the four solutions being evaluated today.

Feature	WSFC	Pacemaker	SIOS	DxEnterprise
Create clusters containing any mix of physical, virtual, and cloud servers	No	No	Yes	Yes
Works with Windows or Linux	No	No	Yes	Yes
Create mixed OS clusters	No	No	No	Yes
Helm chart for easy deployment and support for HA SQL Server AGs in Kubernetes	No	No	No	Yes
Require 3rd party shared or replicated storage	Yes	Yes	No	Yes

It’s not an all-out win for DxEnterprise relative to SIOS though. SIOS does include the convenience of having the replication piece built-in, whereas DxEnterprise requires an additional solution to facilitate shared or replicated storage. Most IT pros we’ve talked to consider this a small price to pay for the additional flexibility and enhancements that DH2i provides, but it’s an additional requirement nonetheless.

Management Experience

In a perfect world, your SQL Server HA clusters are not a blackhole of management complexity. An easy-to-administrate environment inherently contributes to the fight against downtime, because less complexity means a lower chance for human error. So, how do our four solutions stack up in several key management feature categories?

Feature	WSFC	Pacemaker	SIOS	DxEnterprise
Unified management for Linux and Windows SQL Server	No	No	No	Yes
Manage with GUI and CLI	Yes	No	Yes	Yes
Sidecar deployment for HA SQL Server AGs in Kubernetes	No	No	No	Yes

While both SIOS and DxEnterprise can be used to provide HA for SQL Server on Windows and Linux, only DxEnterprise can truly manage the two platforms from a unified management console. This enables mixed Windows and Linux clusters, and even unlocks cross-platform failover.

A GUI and CLI are offered by most of the solutions, so that’s not a huge point of differentiation. However, DxEnterprise again pulls ahead in the realm of SQL Server containers.

A huge reservation IT teams have in pursuing stateful SQL Server containers in production is the headache of support. DH2i mitigates this with the only sidecar container technology in the industry. To further clarify, DH2i can deploy its clusterware, DxEnterprise, and SQL Server as separate, isolated container images in the same Kubernetes pod. Isolating these two entities in this way removes all custom image support headaches and makes trouble-shooting much easier with the ability to easily remove DxEnterprise from the cluster equation.

Level of Protection and High Availability Provided

Enabling an easy initial deployment and simplified ongoing management are significant factors in the selection of a SQL Server HA solution, but perhaps most important is the technical capability and security measures built-in to your SQL Server high availability solution. In other words, how does the technology in question allow your organization to achieve the nearest-to-zero downtime possible? Answering this question comes down to automation capability, failover speed, granularity of protection, and the ability to ensure total HA for today’s realistic diversity of instances, Availability Groups, and containers.

All the solutions here provide instance-level failover and unlock Always on Availability Groups. However, there are some notable differences when drilling down into security and other technical capabilities.

Feature	WSFC	Pacemaker	SIOS	DxEnterprise
Automatic secure tunnels for data mirroring	No	No	Yes, but not automatic	Yes
Requires VPN for cross-site mirroring	Yes	Yes	Yes, optional additional protection	No
Fully automatic failover for SQL Server AGs in Kubernetes	No	No	No	Yes
Easily stretch clusters for disaster recovery	No	No	Yes	Yes

DxEnterprise offers the most bang for your buck as the only “Smart” High Availability solution on our list. Smart HA is effectively the convergence of software-defined perimeter and HA technology. So, DxE enables a clustering framework that links all nodes with encrypted application-level tunnels for maximum cluster security. SIOS also offers secure tunneling technology, but the use of a virtual private network (VPN) is a notable distinction here. Leveraging VPNs runs the risk of unlocking the entirety of your environment to attack, whereas SDP application-level connections keep access much more granular and secure. Ultimately, VPN is becoming a more and more deficient technology as we transition to a cloud-based world.

In this feature breakdown, DxEnterprise also maintains its monopoly on SQL Server container capability. DxE offers the only clustering solution in the industry that unlocks automatic failover for SQL Server AGs in Kubernetes—significantly reducing overall downtime in containerized deployments. For mission-critical SQL Server, pod-level failover is simply not an option, but only DxE can mitigate this deficiency.

The Summary

The initial deployment, management experience, and overall capability of high availability clustering technology all play an important role in determining the direction your organization should go in solution adoption.

SIOS and DxEnterprise led the way in our side-by-side comparisons, and a big reason for that was the versatility of these two solutions. They remove barriers such as like-for-like requirements for infrastructure, and they also offer fully featured solutions for Windows and Linux.

So, what solution is the best? It’s still hard to answer this question with anything but, “It depends.” Not all organizations need the versatility to handle an incredibly diverse SQL Server environment, and there are plenty of instances where IT teams have no need for certain bells and whistles.

However, a completely objective statement can be made in saying DxEnterprise provides the most future-proof HA clustering solution in the industry. DxE comes out of the box with:

• Built-in Zero Trust Network Access tunnels to connect your cluster without the vulnerabilities of VPN
• Unified platform management and the flexibility to easily layer on top of any infrastructure
• Full support for highly available SQL Server containers in Kubernetes

Even if it’s not on your company’s radar now, a containerized future for SQL Server appears increasingly inevitable, and DxEnterprise gives you the power to manage SQL Server containers side-by-side with your native instances on Windows and Linux.

Let us know if you’d like to see DxEnterprise in action.