Redundancy only matters if you can reach it

Before joining Tailscale, I spent years building and operating infrastructure for large companies, back when “the cloud” mostly meant racks of hardware in datacenters.

At one job, a major power event took much of the datacenter offline. Systems recovered quickly, but many servers required manual power cycling through their out-of-band management interfaces.

The problem: the enterprise VPN we had installed to replace internally managed VPNs was also offline. Now the systems designed for recovery were unreachable because the recovery path depended on the same infrastructure experiencing the outage.

As we prepared to drive through Seattle traffic to multiple datacenters, one engineer realized they could still reach one of the older backup VPNs that had quietly reconnected when power partially recovered. Within minutes, we were restoring systems remotely instead of physically visiting racks.

That experience changed how I thought about redundancy. It is not just duplicate hardware or secondary power feeds. It is about dependency chains. If your recovery path depends on fragile, centralized infrastructure, your infrastructure may not be redundant when you need it most.

That lesson stuck with me. It’s also why HP’s newest integration for its Remote System Controller, rolling out now via firmware update, feels so useful.

Bringing mesh connectivity to out-of-band management

A few months ago, Peter Seiler from HP reached out to us with an idea.

HP had been exploring ways to integrate Tailscale directly into its Remote System Controller (RSC) platform—an out-of-band management controller designed to help administrators remotely recover, troubleshoot, and manage systems independently from the primary operating system.

The conversation started because one of HP’s customers was already using Tailscale extensively and wanted their fleet of RSC devices to become part of their existing private network.

Importantly, this was not about replacing HP’s management tooling or introducing another standalone remote access solution. The customer simply wanted secure, resilient connectivity to the management plane using the same private networking model they already trusted operationally.

My experience from my days managing HP hardware immediately made this feel exciting. We could provide connectivity to HP RSC devices through a native Tailscale interface without customers needing to build and maintain complex management network infrastructure. As long as the devices had internet connectivity, administrators could securely reach them through their tailnet.

From proof of concept to product integration

HP quickly built a proof of concept running Tailscale directly on the RSC platform, which is based on Ubuntu and NVIDIA Jetson hardware.

The result was straightforward but powerful: the management controller itself became a Tailscale node.

Administrators could securely connect devices into an existing tailnet and manage systems remotely without exposing management interfaces directly to the public internet or relying on additional VPN infrastructure.

Rather than building a separate management experience, HP integrated Tailscale directly into the RSC configuration interface itself. Administrators can enable connectivity directly from the embedded UI and enroll devices into their tailnet quickly and easily.

The integration supports both interactive authentication flows and auth-key-based enrollment depending on how customers manage their environments.

By default, the feature is disabled. Administrators can enable it as part of normal device configuration.

Why this matters

Out-of-band management systems exist for failure scenarios. They are the systems administrators depend on when production access paths fail, operating systems stop responding, or remote infrastructure becomes difficult to reach.

Historically, though, such systems rely on their own fragile dependency chains:

• Centralized VPN appliances
• Dedicated management networks
• Jump hosts
• Public IP exposure
• Complex firewall rules
• Vendor-hosted relay services

Each of these can seem reasonable until you do the math. If you have seven independent components each with 99.9% availability:

0.999^7

That works out to approximately 99.3% availability.

So even if each component has “three nines” (99.9%) availability, chaining seven of them together drops the overall reliability to:

• Approximately 99.3% uptime
• Around 0.7% downtime
• Roughly 61 hours of downtime per year

That is the hidden problem with dependency chains.

It’s not just the uptime math

The operational overhead adds up quickly too.

One of the key drivers behind HP’s initial customer request was simplifying firewall management for large RSC deployments. Traditionally, remotely managing fleets of devices through cloud-hosted management platforms often requires customers to maintain multiple outbound firewall rules across different services, gateways, regions, and protocols.

In HP’s existing Remote System Management (RSM) environment, customers may need to allow connectivity to multiple AWS IoT endpoints, TURN services, asset storage gateways, and HP service endpoints for devices to communicate successfully.

None of this is unusual for modern cloud-connected infrastructure management platforms, but it does create operational overhead for customers, especially in environments where firewall changes require formal review, change control, or coordination across multiple teams.

As deployments scale across retail locations, factories, warehouses, edge environments, or customer-owned networks, maintaining and troubleshooting those rules becomes increasingly difficult.

By integrating Tailscale directly into the RSC, connectivity can instead flow through the existing tailnet over a much simpler outbound connectivity model, reducing the need for customers, OEMs, and resellers to coordinate and maintain large collections of custom firewall exceptions.

Embedding secure mesh connectivity directly into the management controller changes the operational model significantly.

The out-of-band network stops being “another network” and instead becomes part of the same resilient connectivity fabric as everything else.

For operations teams, that has very real implications:

• Recovery paths remain available even during broader network failures
• Devices in remote or difficult-to-access environments remain manageable
• Management interfaces do not need to be publicly exposed
• Existing identity and access controls extend naturally to infrastructure management
• Operational complexity is reduced considerably

Most importantly, it removes entire categories of single points of failure that traditionally only become visible during outages.

That lesson felt familiar. Someone with Tailscale access to an RSC might see hundreds of offline servers in a datacenter outage, just like I did. But instead of planning a long day of site visits, they could start recovery right then, remotely.

Looking ahead

We’re excited to continue working with HP as they bring this integration to customers.

What makes this collaboration interesting is not simply that Tailscale can run on Linux-based management hardware. Plenty of software can do that. What matters is the broader shift in thinking around infrastructure management itself.

As organizations continue distributing infrastructure across branch offices, factories, retail environments, warehouses, ships, remote sites, and edge deployments, resilient connectivity to management systems becomes increasingly important. Out-of-band management only works if you can still reach it during failure conditions.

Sometimes the most important infrastructure decisions are not about adding more systems. They are about removing dependencies from the systems you already trust most.