NetCloud Exchange

NCX Secure Connect offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting IoT devices, sites, vehicles, and remote workers. As the foundation for all other NCX services, NCX Secure Connect delivers a policy-governed, zero-trust network that can be easily orchestrated to enable highly secure communications from the WAN edge to the cloud.

NCX Secure Connect benefits:

• Dynamic orchestration of zero-trust tunnels at scale.
• Simplified WAN deployments with support for overlapping IP addresses through name-based routing.
• Reduces the network attack surface by hiding network resources, encrypting traffic, and obscuring all public IP addresses.
• Delivers enhanced security by being deny-all by default, with access only enabled through policy.
• Provides containment of breaches and malware by restricting all east/west traffic by default.

NCX SD-WAN is a cellular-optimized network service based on a zero-trust foundation that enhances WAN resilience and quality of experience (QoE) by optimizing traffic over multiple physical or logical connections including, wired, 5G/LTE, satellite, Wi-Fi as WAN, private APNs, and 5G standalone network slices.

NCX SD-WAN benefits:

• Designed on a simple, modern zero-trust foundation that obscures IP addresses, is deny all by default, and where resources must be defined before they are accessible.
• Supports traffic optimization over physical and logical connections, including being the first SD-WAN solution to support 5G network slicing.
• Implementation of application-based policies network-wide in a few simple steps.
• Efficient and cost-effective operation over cellular by considering cellular-specific attributes when steering traffic (for example, signal strength) in addition to latency, loss, and jitter.
• Preserves bandwidth by using inline traffic rather than artificial traffic to measure WAN performance.
• Offers enhanced QoE over lossy links through Forward Error Correction (FEC).†
• Ability to intelligently bond multiple WAN interfaces together to increase resiliency and provide more granular control over traffic.†
• Deep visibility into latency, loss, and available bandwidth from the edge to the cloud.

† Available on select SD-WAN appliances. See the technical specifications for further details.

 Zero Trust Network Access (ZTNA) is a security service that integrates with an organization’s existing identity provider to provide isolated user-to-resource access for authenticated users. It enables secure remote access for internal employees and third parties to resources (IoT devices and/or applications) on the Cradlepoint WAN through granular user-based access policies.

NCX ZTNA benefits:

• Simple and safe remote access to required resources on the WAN for internal employees and third parties.
• Flexible authentication to the network through a client (Windows or macOS) or through a Cradlepoint router.
• Enhanced security with granular user-based access policies leveraging SAML-based attributes and context.
• Integration with any SAML 2.0 compliant identity provider.
• Continuous monitoring for changes in context that could revoke or reduce access privileges.
• Device posture visibility for users that are leveraging the NetCloud client for remote connectivity.

Hybrid Mesh Firewall (HMF) is a security service that can be added to a Secure Connect, SD-WAN or ZTNA network.  With application and web filtering plus integrated IDS/IPS, HMF brings in modern firewall features, without the complexity.

NCX HMF benefits:

• Uses policies and deep packet inspection to determine whether to block or allow traffic, including communications to or from an application.
• Provides continuous monitoring of all north/south and east/west traffic flows to detect and prevent malicious activity.
• Blocks access to inappropriate web content including high-risk domains that may contain malware.

NetCloud Virtual Edge enables a simple extension of the NCX Secure Connect zero-trust network to applications that reside in an Amazon Virtual Private Cloud (Amazon VPC).

NetCloud Virtual Edge benefits:

• Push button deployment to an Amazon VPC from NetCloud Manager.
• Cost-effective and simple solution for organizations that need to connect to one or more Amazon VPCs.
• Extension of NCX Secure Connect zero-trust network to the cloud to control access to and from cloud-based applications.

NetCloud Exchange is fully deployed and managed through Cradlepoint’s powerful cloud management and orchestration platform, NetCloud Manager.  With features that include zero-touch deployment, bulk provisioning, multilayered dashboards, centralized flow-level visibility, and intuitive troubleshooting tools, NetCloud Manager is a valuable assist to lean IT organizations.

NetCloud Manager also offers valuable AI-driven insights:

• Simplified fault management, isolation, and root cause analysis through AIOps-driven dashboard.
• Improved productivity with virtual expert capabilities to assist with everyday queries through Natural Language Processing.

The NetCloud Exchange Service Gateway is a required component to implementing NetCloud Exchange services (Secure Connect, SD-WAN and ZTNA). These services can be purchased as an add-on to any compatible router with a NetCloud Branch, Mobile or IoT service plan, while the NCX Service Gateway is purchased based on required network capacity.

For ordering details, see the following:

• Step 1 (required): Select NetCloud Service plan(s) 
• Step 2 (required): Select NCX Service Gateway capacity for entire solution (separate part number for high availability)
• Step 3 (required): Select NCX Secure Connect site license(s) for supported routers 
• Step 4 (optional): Select NCX SD-WAN site license(s) for supported routers (selection must match Step 3)
• Step 5 (optional): Select NCX ZTNA Client per user license(s)
• Step 6 (optional): Select Hybrid Mesh Firewall site license(s) for supported routers
• Step 7 (optional): Select NetCloud Virtual Edge per each Amazon VPC