NetCloud Exchange (NCX) is a unified WAN networking and security architecture that brings cellular, SD-WAN, and security into a tightly integrated solution, uniquely designed for lean IT.
NetCloud Exchange Service Gateway is a scalable and reliable services delivery platform (or headend) that can reside standalone or in an active/standby configuration in a customer’s data center or hosted cloud. The NCX Service Gateway aggregates traffic from IoT, vehicle, site, and remote work environments, enforces policy, and provides visibility into every flow.
Cradlepoint WAN edge routers for providing persistent, reliable cellular or hybrid connectivity for IoT devices, vehicles, sites, or remote work. The NCX Service Gateway is compatible across Cradlepoint’s primary WAN solutions (excluding standalone adapters), augmenting them with advanced security and SD-WAN services.
NetCloud Manager to simplify the deployment, management, and ongoing troubleshooting of the NetCloud Exchange architecture. It enables scalable end-to-end WAN orchestration, the bulk provisioning of policies across multiple device types, and provides intuitive health dashboards, AI-driven insights into faults, and comprehensive reporting and alerts.
NetCloud Virtual Edge is a software-based solution that can be easily deployed in a data center or private cloud environment to extend the Secure Connect zero-trust network to corporate managed applications.
NetCloud Client for enabling secure remote access to an NCX Secure Connect network. The NetCloud Client supports Windows and macOS laptops, iOS and Android mobile devices, and Linux devices. The NetCloud Client is available with a Zero-Trust Network Access license.
Notice: All specifications subject to change without notice.
NetCloud Exchange Service Gateway is the foundation of the NetCloud Exchange architecture enabling organizations to take advantage of fully integrated zero-trust security and SD-WAN as part of their Ericsson wireless or hybrid WAN. The NetCloud Exchange Service Gateway aggregates traffic, enforces policy, and provides deep visibility into traffic flows.
NCX Service Gateway benefits:
PERFORMANCE |
||
Licensed Capacities: |
|
|
SYSTEM REQUIREMENTS (ALL CAPACITIES) |
||
Deployment: |
AWS |
Azure |
Software Version: |
Up to 7.24.60: Ubuntu 18.04 For 7.24.80 and later: Ubuntu 20.04 |
Up to 7.24.60: Ubuntu 18.04 For 7.24.80 and later: Ubuntu 20.04 |
Instance: |
c5.2xlarge |
Standard_D8S_v3 |
vCPUs: |
8 |
8 |
Memory: |
16 GB |
32 GB |
Minimum Disk Space: |
16 GB |
16 GB |
vNICs: |
3 |
3 |
Minimum NCX Service Gateway Release: |
7.22.70 |
7.22.70 |
Concurrent Tunnels: |
Up to 4,000 |
Up to 4,000 |
Performance testing was conducted based on requirements as defined in RFC2544 using fixed-frame 1518-byte packets. Throughput results reflect unidirectional. UDP traffic with less than 1% packet loss as tested with wired connections. At the time of release, the number of supported sites and tunnels is a 1:1 ratio. Ericsson Cradlepoint routers support multiple WAN interfaces simultaneously in SD-WAN mode.
PERFORMANCE |
||
Licensed Capacities: |
|
|
SYSTEM REQUIREMENTS (ALL CAPACITIES) |
||
Deployment: |
KVM |
VMware |
Software Version: |
Ubuntu 18.04 |
ESXi 6.7 or newer |
Instance: |
N/A |
N/A |
vCPUs: |
8 |
8 |
Memory: |
16 GB |
16 GB |
Minimum Disk Space: |
16 GB |
16 GB |
vNICs: |
3 |
3 |
Minimum NCX Service Gateway Release: |
7.22.70 |
7.22.70 |
Concurrent Tunnels: |
Up to 4,000 |
Up to 4,000 |
Performance testing was conducted based on requirements as defined in RFC2544 using fixed-frame 1518-byte packets. Throughput results reflect unidirectional. UDP traffic with less than 1% packet loss as tested with wired connections. At the time of release, the number of supported sites and tunnels is a 1:1 ratio. Each Ericsson Cradelpoint router only supports one tunnel on one active WAN interface at a time.
Secure Connect offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting IoT devices, sites, vehicles, and remote workers. As the foundation for all other services, Secure Connect delivers a policy-governed, zero-trust network that can be easily orchestrated to enable highly secure communications from the WAN edge to the cloud.
Secure Connect benefits:
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR650B, IBR600C/IBR650C, IBR900, S400/S450, S700/S750, S700-FIPS/S750-FIPS |
5 |
10 Mbps |
10 |
NOTE: Secure Connect site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR1700, IBR1700-FIPS |
30 |
40 Mbps |
20 |
R920, R920-FIPS |
5 |
100 Mbps |
10 |
R1900, R1900-FIPS, R2105/R2155, R2105-FIPS/R2155-FIPS |
100 |
400 Mbps |
20 |
NOTE: Secure Connect site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
E100, E102 |
5 |
40 Mbps |
20 |
AER2200 |
100 |
40 Mbps |
20 |
E300, E300-FIPS |
50 |
400 Mbps |
20 |
E3000, E3000-FIPS |
100 |
400 Mbps |
20 |
NOTE: Secure Connect site performance may vary based on latency conditions.
SD-WAN is a cellular-optimized network service based on a zero-trust foundation that enhances WAN resilience and quality of experience (QoE) by optimizing traffic over multiple physical or logical connections including, wired, 5G/LTE, satellite, Wi-Fi as WAN, private APNs, and 5G standalone network slices.
SD-WAN benefits:
† Available on select SD-WAN appliances. See the technical specifications for further details.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
IBR1700 |
30 |
40 Mbps |
R920 |
5 |
100 Mbps |
R1900, R2105/R2155 |
100 |
400 Mbps |
The IBR1700 and R920 routers do not yet support the Forward Error Correction (FEC), Intelligent Bonding, or Fast Link Monitoring features. R2105 routers do not yet support the Intelligent Bonding feature. R2155 routers do not yet support FEC or Intelligent Bonding features. Other SD-WAN functionality is supported.
PERFORMANCE |
||
Site Routers |
Typical Client Count |
Throughput |
AER2200 |
100 |
40 Mbps |
E100, E102 |
5 |
400 Mbps |
E300 |
50 |
400 Mbps |
E3000 |
100 |
400 Mbps |
The AER200 and E102 routers do not yet support the Forward Error Correction (FEC), Intelligent Bonding, or Fast Link Monitoring features. Other SD-WAN functionality is supported. All features are supported when using E100, E300, and E3000 routers.
Zero Trust Network Access (ZTNA) is a security service that integrates with an organization’s existing identity provider to provide isolated user-to-resource access for authenticated users. It enables secure remote access for internal employees and third parties to resources (IoT devices and/or applications) on the Ericsson WAN through granular user-based access policies.
ZTNA benefits:
SYSTEM REQUIREMENTS |
|
Operating System: |
Windows |
Version: |
Windows 10 and 11 |
Processor: |
Intel x86 |
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
macOS |
Version: |
Monterey 12.x or later |
Processor: |
Intel or Apple M1/M2 CPU |
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
iOS |
Version: |
iOS 16 or later |
Processor: |
ARM64 or Apple Silicon |
Memory: |
64 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
SYSTEM REQUIREMENTS |
|
Operating System: |
Linux Ubuntu |
Version: |
22.04 |
Processor: |
|
Memory: |
16 GB |
Maximum NetCloud Client Count: |
Unlimited (limited by NCX Service Gateway licensed throughput capacity per network) |
Hybrid Mesh Firewall (HMF) is a security service that can be added to a Secure Connect, SD-WAN or ZTNA network. With application and web filtering plus integrated IDS/IPS, HMF brings in modern firewall features, without the complexity.
HMF benefits:
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR600C/IBR650C, S700/S750 |
5 |
10 Mbps |
10 |
NOTE: Hybrid Mesh Firewall site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
IBR1700 |
30 |
40 Mbps |
20 |
R920 |
5 |
10 Mbps |
10 |
R1900, R2105/R2155 |
100 |
400 Mbps |
20 |
NOTE: Hybrid Mesh Firewall site performance may vary based on latency conditions.
PERFORMANCE |
|||
Site Routers |
Typical Client Count |
Throughput |
Concurrent Tunnels |
AER2200 |
100 |
40 Mbps |
20 |
E100, E102 |
5 |
40 Mbps |
20 |
E300 |
50 |
400 Mbps |
20 |
E3000 |
100 |
400 Mbps |
20 |
NOTE: Hybrid Mesh Firewall site performance may vary based on latency conditions.
NetCloud Virtual Edge enables a simple extension of the Secure Connect zero-trust network to applications that reside in a corporate data center or private cloud environment.
NetCloud Virtual Edge benefits:
PERFORMANCE |
|
Tunnel Throughput to/from NetCloud Exchange: |
300 Mbps |
DEPLOYMENT TARGETS — AWS |
|
Instance: |
m4.large |
vCPUs: |
2 |
Memory: |
8 GB |
vNICs: |
2 |
NetCloud Exchange is fully deployed and managed through Ericsson’s powerful cloud management and orchestration platform, NetCloud Manager. With features that include zero-touch deployment, bulk provisioning, multilayered dashboards, centralized flow-level visibility, and intuitive troubleshooting tools, NetCloud Manager is a valuable assist to lean IT organizations.
NetCloud Manager also offers valuable AI-driven insights:
The NetCloud Exchange Service Gateway is a required component to implementing NetCloud Exchange services (Secure Connect, SD-WAN and ZTNA). These services can be purchased as an add-on to any compatible router with a NetCloud Branch, Mobile or IoT service plan, while the NCX Service Gateway is purchased based on required network capacity.
For ordering details, see the following:
REGION |
NCX PACKAGE |
DESCRIPTION |
PART NUMBER |
All Regions: |
Service Gateway |
250 Mbps 500 Mbps 1 Gbps 2 Gbps 4 Gbps |
NCX-000x-SG250MBPS NCX-000x-SG500MBPS NCX-000x-SG1GBPS NCX-000x-SG2GBPS NCX-000x-SG4GBPS |
Service Gateway High Availability |
Active + Standby 250 Mbps Active + Standby 500 Mbps Active + Standby 1 Gbps Active + Standby 2 Gbps Active + Standby 4 Gbps |
NCX-002x-SGAS250MBPS NCX-002x-SGAS500MBPS NCX-002x-SGAS1GBPS NCX-002x-SGAS2GBPS NCX-002x-SGAS4GBPS |
|
Secure Connect |
Basic Premium |
NCX-0K0x-SC NCX-0KPx-SC |
|
SD-WAN |
Basic Premium |
NCX-0L0x-SCSD NCX-0LPx-SCSD |
|
ZTNA |
Per User |
NCX-0E0x-ZTNA
|
|
Virtual Edge |
NetCloud Essentials for Virtual Edge with Secure Connect NetCloud Premium for Virtual Edge with Secure Connect |
NCX-0M0x-VESC
NCX-0MPx-VESC |
|
All Regions — Renewal: |
Service Gateway |
Renewal — 250 Mbps Renewal — 500 Mbps Renewal Active + Standby — 250 Mbps Renewal Active + Standby — 500 Mbps |
NCX-000x-SG250MBPS-R NCX-000x-SG500MBPS-R NCX-002x-SGAS250MBPS-R NCX-002x-SGAS500MBPS-R |
Secure Connect |
Renewal — Basic Renewal — Premium |
NCX-0K0x-SC-R NCX-0KPx-SC-R |
|
SD-WAN |
Renewal — Basic Renewal — Premium |
NCX-0L0x-SCSD-R NCX-0LPx-SCSD-R |
|
ZTNA |
Renewal NCX ZTNA — Per User |
NCX-0E0x-ZTNA-R |
|
NetCloud Exchange Site Premium |
Renewal — Premium |
NCX-0NPx-HMFAI-R |
|
Virtual Edge |
Renewal NetCloud Essentials for Virtual Edge — Per Self-Hosted Virtual Appliance Renewal NetCloud Premium for Virtual Edge — Per Self-Hosted Virtual Appliance |
NCX-0M0x-VESC-R
NCX-0MPx-VESC-R |
x= 1, 3, or 5 years