Our company has two, soon to be three, offices with around 50 employees total, all abiut 50 miles apart. I am struggling on how to deal with updates and patching on our two ER-Pro's, especially in the remote locations.
The remote location has an ERP, ES-48, CloudKey and UAPs; the main office has a Cisco ASA5505 (which I am trying to get rid of, but can't until I solve this issue...), ERP, and several other brand managed switches. Remote access and primary gateway are currently via the ASA for the main office. We run Windows DFS-R between the offices, and use the ERPs for an IPSEC site-to-site VPN. Each office has 100Mb fiber currently.
Having a history in the department of redundancy department, my first and current thinking is the simplest approach is to use one of our "lab" ERX's in each site to provide a redundant site-to-site link (albeit over the same WAN link) to keep myself from being locked out, and to be able to update/reboot the primary router with minimal performance degradation. Unfortunately, this gets way too complex and unmaintainable quickly; there are too many places for things to go wrong.
What do people do for a backup remote access strategy for remote sites where full redundancy isn't really justified?