NetCloud Exchange (NCX) is a unified WAN networking and security architecture that brings cellular, SD-WAN, and security into a tightly integrated solution, uniquely designed for lean IT.
NetCloud Exchange Service Gateway is a scalable and reliable services delivery platform (or headend) that can reside standalone or in an active/standby configuration in a customer’s data center or hosted cloud. The NCX Service Gateway aggregates traffic from IoT, vehicle, site, and remote work environments, enforces policy, and provides visibility into every flow.
Cradlepoint WAN edge routers for providing persistent, reliable cellular or hybrid connectivity for IoT devices, vehicles, sites, or remote work. The NCX Service Gateway is compatible across Cradlepoint’s primary WAN solutions (excluding standalone adapters), augmenting them with advanced security and SD-WAN services.
NetCloud Manager to simplify the deployment, management, and ongoing troubleshooting of the NetCloud Exchange architecture. It enables scalable end-to-end WAN orchestration, the bulk provisioning of policies across multiple device types, and provides intuitive health dashboards, AI-driven insights into faults, and comprehensive reporting and alerts.
NetCloud Exchange Virtual Edge is a software-based solution that can be easily deployed in an AWS Virtual Private Cloud (VPC) to extend the NCX Secure Connect zero-trust network to resources in the AWS.
NetCloud Client for enabling secure remote access to an NCX Secure Connect network. The NetCloud Client supports Windows and macOS laptops, iOS and Android mobile devices, and Linux devices. The NetCloud Client is available with a Zero-Trust Network Access license.
Notice: All specifications subject to change without notice.
NetCloud Exchange Service Gateway is the foundation of the NetCloud Exchange architecture enabling organizations to take advantage of fully integrated zero-trust security and SD-WAN as part of their Cradlepoint wireless or hybrid WAN. The NetCloud Exchange Service Gateway aggregates traffic, enforces policy, and provides deep visibility into traffic flows.
NCX Service Gateway benefits:
PERFORMANCE |
||
Licensed Capacities: |
|
|
SYSTEM REQUIREMENTS (ALL CAPACITIES) |
||
Deployment: |
AWS |
Azure |
Software Version: |
Ubuntu 18.04 |
Ubuntu 18.04 |
Instance: |
c5.2xlarge |
Standard_D8S_v3 |
vCPUs: |
8 |
8 |
Memory: |
16 GB |
32 GB |
Minimum Disk Space: |
16 GB |
16 GB |
vNICs: |
3 |
3 |
Minimum NCX Service Gateway Release: |
7.22.70 |
7.22.70 |
Concurrent Tunnels: |
Up to 4,000 |
Up to 4,000 |
Performance testing was conducted based on requirements as defined in RFC2544 using fixed-frame 1518-byte packets. Throughput results reflect unidirectional. UDP traffic with less than 1% packet loss as tested with wired connections. At the time of release, the number of supported sites and tunnels is a 1:1 ratio. NCX-enabled routers support multiple WAN interfaces simultaneously in NCX SD-WAN mode.
PERFORMANCE |
||
Licensed Capacities: |
|
|
SYSTEM REQUIREMENTS (ALL CAPACITIES) |
||
Deployment: |
KVM |
VMware |
Software Version: |
Ubuntu 18.04 |
ESXi 6.7 or newer |
Instance: |
N/A |
N/A |
vCPUs: |
8 |
8 |
Memory: |
16 GB |
16 GB |
Minimum Disk Space: |
16 GB |
16 GB |
vNICs: |
3 |
3 |
Minimum NCX Service Gateway Release: |
7.22.70 |
7.22.70 |
Concurrent Tunnels: |
Up to 4,000 |
Up to 4,000 |
Performance testing was conducted based on requirements as defined in RFC2544 using fixed-frame 1518 byte packets. Throughput results reflect unidirectional. UDP traffic with less than 1% packet loss as tested with wired connections. At the time of release, the number of supported sites and tunnels is a 1:1 ratio. Each NetCloud Edge router will only support one tunnel on one active WAN interface at a time.
NCX Secure Connect offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting IoT devices, sites, vehicles, and remote workers. As the foundation for all other NCX services, NCX Secure Connect delivers a policy-governed, zero-trust network that can be easily orchestrated to enable highly secure communications from the WAN edge to the cloud.
NCX Secure Connect benefits:
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR650B, IBR600C/IBR650C, IBR900, S700/S750 |
5 |
10 Mbps |
10 |
R920 |
5 |
100 Mbps |
10 |
NOTE: NCX Secure Connect site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
E100, E102 |
5 |
40 Mbps |
20 |
IBR1700 |
30 |
40 Mbps |
20 |
NOTE: NCX Secure Connect site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
AER2200 |
100 |
40 Mbps |
20 |
E300 |
50 |
400 Mbps |
20 |
NOTE: NCX Secure Connect site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
E3000, R1900, R2105/R2155 |
100 |
400 Mbps |
20 |
NOTE: NCX Secure Connect site performance may vary based on latency conditions.
NCX SD-WAN is a cellular-optimized network service based on a zero-trust foundation that enhances WAN resilience and quality of experience (QoE) by optimizing traffic over multiple physical or logical connections including, wired, 5G/LTE, satellite, Wi-Fi as WAN, private APNs, and 5G standalone network slices.
NCX SD-WAN benefits:
† Available on select SD-WAN appliances. See the technical specifications for further details.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
R920 |
5 |
100 Mbps |
The R920 routers do not yet support the Forward Error Correction (FEC) or Intelligent Bonding features. Other NCX SD-WAN functionality is supported.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
E100, E102 |
5 |
40 Mbps |
IBR1700 |
30 |
40 Mbps |
The E100, E102, and IBR1700 routers do not yet support the Forward Error Correction (FEC) or Intelligent Bonding features. Other NCX SD-WAN functionality is supported.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
AER2200 |
100 |
40 Mbps |
E300 |
50 |
400 Mbps |
The AER200 router does not yet support the Forward Error Correction (FEC) or Intelligent Bonding features. Other NCX SD-WAN functionality is supported. All features are supported when using E300 routers.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
E3000, R1900, R2105/R2155 |
100 |
400 Mbps |
Zero Trust Network Access (ZTNA) is a security service that integrates with an organization’s existing identity provider to provide isolated user-to-resource access for authenticated users. It enables secure remote access for internal employees and third parties to resources (IoT devices and/or applications) on the Cradlepoint WAN through granular user-based access policies.
NCX ZTNA benefits:
SYSTEM REQUIREMENTS |
|
Operating System: |
Windows |
Version: |
Windows 10 and 11 |
Processor: |
Intel x86 |
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
macOS |
Version: |
Monterey 12.x or later |
Processor: |
Intel or Apple M1/M2 CPU |
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
iOS |
Version: |
iOS 16 or later |
Processor: |
ARM64 or Apple Silicon |
Memory: |
64 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
Linux Ubuntu |
Version: |
22.04 |
Processor: |
|
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
Hybrid Mesh Firewall (HMF) is a security service that can be added to a Secure Connect, SD-WAN or ZTNA network. With application and web filtering plus integrated IDS/IPS, HMF brings in modern firewall features, without the complexity.
NCX HMF benefits:
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR600C/IBR650C, R920, S700/S750 |
5 |
10 Mbps |
10 |
NOTE: NCX Hybrid Mesh Firewall site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
E100, E102 |
5 |
40 Mbps |
20 |
IBR1700 |
30 |
40 Mbps |
20 |
NOTE: NCX Hybrid Mesh Firewall site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
AER2200 |
100 |
40 Mbps |
20 |
E300 |
50 |
400 Mbps |
20 |
NOTE: NCX Hybrid Mesh Firewall site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
E3000, R1900, R2105/R2155 |
100 |
400 Mbps |
20 |
NOTE: NCX Hybrid Mesh Firewall site performance may vary based on latency conditions.
NetCloud Virtual Edge enables a simple extension of the NCX Secure Connect zero-trust network to applications that reside in an Amazon Virtual Private Cloud (Amazon VPC).
NetCloud Virtual Edge benefits:
PERFORMANCE |
|
Tunnel Throughput to/from NetCloud Exchange: |
300 Mbps |
DEPLOYMENT TARGETS — AWS |
|
Instance: |
m4.large |
vCPUs: |
2 |
Memory: |
8 GB |
vNICs: |
2 |
NetCloud Exchange is fully deployed and managed through Cradlepoint’s powerful cloud management and orchestration platform, NetCloud Manager. With features that include zero-touch deployment, bulk provisioning, multilayered dashboards, centralized flow-level visibility, and intuitive troubleshooting tools, NetCloud Manager is a valuable assist to lean IT organizations.
NetCloud Manager also offers valuable AI-driven insights:
The NetCloud Exchange Service Gateway is a required component to implementing NetCloud Exchange services (Secure Connect, SD-WAN and ZTNA). These services can be purchased as an add-on to any compatible router with a NetCloud Branch, Mobile or IoT service plan, while the NCX Service Gateway is purchased based on required network capacity.
For ordering details, see the following:
NETCLOUD SERVICE PLAN |
SITE LICENSE |
CAPACITY |
NetCloud Service for Branch NetCloud Service for Mobile NetCloud Service for IoT NetCloud Service for SOHO |
Micro Site Small Site Medium Site Large Site |
250 Mbps — up to 4,000 tunnels 500 Mbps — up to 4,000 tunnels 1 Gbps — up to 4,000 tunnels 2 Gbps — up to 4,000 tunnels 4 Gbps — up to 4,000 tunnels |
REGION |
NCX PACKAGE |
DESCRIPTION |
PART NUMBER |
All Regions: |
Service Gateway |
250 Mbps 500 Mbps 1 Gbps 2 Gbps 4 Gbps |
NCX-000x-SG250MBPS NCX-000x-SG500MBPS NCX-000x-SG1GBPS NCX-000x-SG2GBPS NCX-000x-SG4GBPS |
Service Gateway High Availability |
Active + Standby 250 Mbps Active + Standby 500 Mbps Active + Standby 1 Gbps Active + Standby 2 Gbps Active + Standby 4 Gbps |
NCX-002x-SGAS250MBPS NCX-002x-SGAS500MBPS NCX-002x-SGAS1GBPS NCX-002x-SGAS2GBPS NCX-002x-SGAS4GBPS |
|
Secure Connect |
Micro Site Small Site Medium Site Large Site |
NCX-000x-SCMICRO NCX-000x-SCS NCX-000x-SCM NCX-000x-SCL |
|
SD-WAN |
Micro Site Small Site Medium Site Large Site |
NCX-000x-SDWANMICRO NCX-000x-SDWANS NCX-000x-SDWANM NCX-000x-SDWANL |
|
ZTNA |
Per User |
NCX-00Ax-ZTNA
|
|
Hybrid Mesh Firewall |
Micro Site Small Site Medium Site Large Site |
NCX-000x-HMFMICRO NCX-000x-HMFS NCX-000x-HMFM NCX-000x-HMFL |
|
Virtual Edge |
NetCloud Essentials for Virtual Edge with Secure Connect |
NCX-000x-VESC |
|
IPS and Web Filter |
NetCloud Security IPS and Web Filter, requires corresponding NetCloud Essentials and supports E3XX, E3XXX, R19XX, R210X, and IBR17XX series routers |
SEC-000x-NCIWF |
|
All Regions — Renewal: |
Service Gateway |
Renewal — 250 Mbps Renewal — 500 Mbps Renewal Active + Standby — 250 Mbps Renewal Active + Standby — 500 Mbps |
NCX-000x-SG250MBPS-R NCX-000x-SG500MBPS-R NCX-002x-SGAS250MBPS-R NCX-002x-SGAS500MBPS-R |
Secure Connect |
Renewal — Micro Site Renewal — Small Site Renewal — Medium Site Renewal — Large Site |
NCX-000x-SCMICRO-R NCX-000x-SCS-R NCX-000x-SCM-R NCX-000x-SCL-R |
|
SD-WAN |
Renewal — Micro Site Renewal — Small Site Renewal — Medium Site Renewal — Large Site |
NCX-000x-SDWANMICRO-R NCX-000x-SDWANS-R NCX-000x-SDWANM-R NCX-000x-SDWANL-R |
|
ZTNA |
Renewal NCX ZTNA — Per User |
NCX-00Ax-ZTNA-R |
|
Hybrid Mesh Firewall |
Renewal — Micro Site Renewal — Small Site Renewal — Medium Site Renewal — Large Site |
NCX-000x-HMFMICRO-R NCX-000x-HMFS-R NCX-000x-HMFM-R NCX-000x-HMFL-R |
|
Virtual Edge |
Renewal NetCloud Essentials for Virtual Edge — Per Self-Hosted Virtual Appliance |
NCX-000x-VESC-R |
|
IPS and Web Filter |
Renewal NetCloud Security IPS and Web Filter, requires corresponding NetCloud Essentials and supports E3XX, E3XXX, R19XX, R210X, and IBR17XX series routers |
SEC-000x-NCIWF-R |
x= 1, 3, or 5 years