blog

Replacing Legacy VPN with Tosi: Fast, Secure SCADA for Remote Oilfield Operations

Written by Alvaro Caceres | Oct 9, 2025 5:54:18 PM

1. Company & SCADA Project Overview

Background

Pacific Coast Energy Company (PCEC) acquired a dozen mature oil leases, each connected through a distributed SCADA system. The system relied on a cloud-based Ignition Gateway that pulled data from multiple PLCs linked over a network of cellular radios. Operators could securely log in from the field, monitor conditions, adjust setpoints, and respond to alarms.

Although minimal in scope, this system was critical for monitoring remote assets cost-effectively, keeping costs down, and ensuring projects stayed on schedule.

Project Motivation

The SCADA system was critical for monitoring remote assets cost-effectively, but depended on a managed VPN service. When that VPN service was retired, PCEC faced the risk of higher costs, operational disruption, and reduced system viability.

2. Problem Definition

Key Challenges

  • Subscription service retirement threatened secure connectivity
  • Potential downtime for remote monitoring and alarming
  • Increased operating costs if staying with Cradlepoint
  • Limited internal IT/network resources for a large-scale redesign

Interim Work-Arounds

Operators continued using the existing VPN platform while evaluating alternatives, but this was not sustainable long-term.

3. Decision-Making & Solution Selection

Selection Criteria

Priority

Requirement

Reliable transition

Cutover with minimal downtime

Secure communications

Encrypted Isolations of SCADA traffic

Cost-effective

Avoid rising subscription costs

Scalable

Support for multiple sites and expansion

Easy deployment

Minimal IT/network engineering overhead

Process

Avadine presented several replacement options. After review, PCEC selected Tosibox for its affordability, simple deployment, and secure architecture.

4. Implementation Process

Execution Strategy

  1. Procured Tosibox units to replace VPN dependency.
  2. Worked with electricians to install Tosibox Locks in panels between PLCs and cellular modems.
  3. Deployed 15 Tosibox units across 10+ sites in a single day.
  4. Verified Ignition Gateway connectivity and alarm delivery.

Challenges & Solutions

Challenge

Solution

Retiring VPN service created risk of disruption

Tosibox Locks provided immediate secure replacement

Multi-site coordination

Standardized deployment across panels

Limited time for cutover

Transition completed in less than a day


5. Technical Architecture & Components

Layer

Component

Purpose

Edge

Tosibox Locks

Secure VPN tunnels between PLCs and cloud gateway

Data

Cellular radios

Maintain existing connectivity path

Core

Tosibox Hub Cloud

Hosting Ignition Gateway application server

UI

Ignition Vision

Operator dashboards, alarming, data monitoring

Security

Tosibox encryption & isolation

Ensures SCADA traffic is encrypted and isolated from Internet traffic

6. Results & Impact (First 6 Months)

Metric

Before (Legacy VPN)

After (Tosibox)

Cutover downtime

Risk of weeks

< 1 day

Gateway uptime

Limited by VPN reliability

Improved stability

Maintenance costs

Rising

Reduced

SCADA traffic security

Dependent on subscription VPN

Encrypted isolations from internet traffic

7. Customer & Stakeholder Feedback

“Data disruption during cutover was measured in hours rather than weeks. Uptime has improved, maintenance costs have dropped, and Tosibox enables SCADA communications to be encrypted and isolated traffic from other internet-bound traffic.”
— PCEC Operations Team

8. Future Prospects

  • Expand Tosibox deployment to additional sites.
  • Test and adopt Tosibox mobile client capabilities.
  • Continue refining cybersecurity strategy with Tosibox as the secure access layer.

9. Lessons Learned & Recommendations

  • Simplicity matters: hardware VPNs accelerated deployment and reduced engineering overhead.
  • Standardized rollout across sites ensured consistent results.
  • Encrypted isolations of SCADA traffic strengthened security posture.

10. Operational & Business Metrics Impact

  • Seamless migration preserved SCADA visibility during a critical transition.
  • Improved uptime reduced operational risk and response delays.
  • Lower recurring costs ensured long-term sustainability of the SCADA system.

Conclusion

By replacing the retiring VPN service with Tosi, Avadine and PCEC executed a fast, secure, and scalable transition for remote SCADA connectivity. What could have been a disruptive, costly redesign was instead completed in less than a day — strengthening both operations and security.
View full post