Cisco WAN :: 2801 / Managing 6 WAN Connections

The application here is a wind power project, built in two phases, without any effort to coordinate or integrate the two sites during the design phase. All operations activities for both phases are performed by one staff out of a common location. This is a rural area and Internet connectivity is mission critical due to contractual obligation with Electrical Utilities.
 
The client has a need to reconfigure a network which has grown over time in a layer by layer approach, whereas at every point in time that an additional T-1 or other changes occurred to address a specific need, no thought was ever put into integrating the entire site as a whole. It is at best a dysfunctional solution which somewhat accomplishes thier needs, and at worst, a kludgy, grossly security compromised, and difficult to use infrastructure. There is every kind of equipment one can imagine, each installed by some entity providing needed services on the site, but forced to make uninformed decisions because the client really has no IT department to coordinate with. Over time, every vendor just provided their own switch, router, or maybe figured out how to reconfigure another existing device to also provide the routing or access needed, To say the least, it's a mess.
 
The client requests a solution which provides a means to accomodate 6 internet connections (4 T-1 lines, and 2 satellite) in a manner which aggregates available bandwith and provides redundancy. The T-1 lines will be the main internet access, with the satellite connections only used if available bandwidth falls below some threshold, say 3Mb. There are many internal networks which need to be routed to and between, in total, about 20 subnets. There are 2 SCADA (Control) networks which have a mandatory requirement of 1Mb each, a VoIP system which does not use any internet connetivity as there are 6 POTS lines dedicated to it, an internal office LAN and a turbine manufacturers site LAN.
 
The T-1 lines, at 1.5Mb x 4 = 6Mb.
 
The 2 SCADA networks require a guaranteed 1Mb each, the remaining 4Mb is to be allocated between the office LAN and the turbine manufacturer site LAN. The satellite connection are only to be active in the event bandwidth falls below 3Mb.
 
There are 2 Cisco 2801 routers on site which could be reutilized if appropriate. Each T-1 has it's own Adtran CSU with Ethernet out. All T-1 lines are /29 IP Blocks. 2 of the T-1 lines are adjacent IP Blocks, for what its worth.
 
Everything here is open to reconfiguration. The client wants this finally integrated correctly with the ability to address emerging Electrical Utility cybersecurity requirements in the immediate future.
 
An ideal solution would be fully redundant to eliminate the single point of failure at the edge router. As to whether there needs to be separate edge and interior routers, I just don't know that. I would guess everything could be done with just a pair of redundant routers at the edge, but perhaps it is better to do the interior routing between subnets on a different router(s).
 
Again, the goal is a well integrated, redundant, and secure solution. My part is mostly complete, with the OSP part of the network finally at 100% after 5 years of stupid and careless misconfigurations and bad fiber splicing (by others).
 
I'm absolutely covered up in business at Layer 1 & 2 on these sites, as the physical plant and associated network elements are typically very poorly designed, specified, and implemented. The complexity of this job leads me to seek outside advice and ultimately a more qualified Cisco professional than me. I'm experienced enough with Cisco to know when I'm in over my head. I know a diagram would be nice, but at this point I've only got a very detailed diagram which reveals too much site identity information to make public. I'll wait to see a few comments and in the meantime work on removing site identity info so I can post a good diagram for everyone to see.