The key to this secondary network connection is that the onsite CDI devices reach out to the cloud or WAN based CDI SQUINT Certificate Based Server which creates a secure "always on" UDP connection. They do not accept inbound connections. When a user needs to access any of the remote sites for 0OB purposes they will reach out to the SQUINT server using the CDI OBM Manger or a desktop Browser. This connection is authenticated by a digital certificate. The SQUINT Server will then allow them to make a TCP connection to a remote site using the QUIK protocol which is TCP over the existing inbound UDP connection. This method completely eliminates any rogue inbound connections to the CDI 00B device. The CDI 0OB device only makes the outbound UDP connection and the TCP connection from the SQUINT server rides on that UDP connection. There is ZERO exposure for a rogue inbound connection.