NetCloud Exchange

Secure Connect offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting IoT devices, sites, vehicles, and remote workers. As the foundation for all other services, Secure Connect delivers a policy-governed, zero-trust network that can be easily orchestrated to enable highly secure communications from the WAN edge to the cloud.

Secure Connect benefits:

• Dynamic orchestration of zero-trust tunnels at scale.
• Simplified WAN deployments with support for overlapping IP addresses through name-based routing.
• Reduces the network attack surface by hiding network resources, encrypting traffic, and obscuring all public IP addresses.
• Delivers enhanced security by being deny-all by default, with access only enabled through policy.
• Provides containment of breaches and malware by restricting all east/west traffic by default.

SD-WAN is a cellular-optimized network service based on a zero-trust foundation that enhances WAN resilience and quality of experience (QoE) by optimizing traffic over multiple physical or logical connections including, wired, 5G/LTE, satellite, Wi-Fi as WAN, private APNs, and 5G standalone network slices.

SD-WAN benefits:

• Designed on a simple, modern zero-trust foundation that obscures IP addresses, is deny all by default, and where resources must be defined before they are accessible.
• Supports traffic optimization over physical and logical connections, including being the first SD-WAN solution to support 5G network slicing.
• Implementation of application-based policies network-wide in a few simple steps.
• Efficient and cost-effective operation over cellular by considering cellular-specific attributes when steering traffic (for example, signal strength) in addition to latency, loss, and jitter.
• Preserves bandwidth by using inline traffic rather than artificial traffic to measure WAN performance.
• Offers enhanced QoE over lossy links through Forward Error Correction (FEC).†
• Ability to intelligently bond multiple WAN interfaces together to increase resiliency and provide more granular control over traffic.†
• Deep visibility into latency, loss, and available bandwidth from the edge to the cloud.

† Available on select SD-WAN appliances. See the technical specifications for further details.

 Zero Trust Network Access (ZTNA) is a security service that integrates with an organization’s existing identity provider to provide isolated user-to-resource access for authenticated users. It enables secure remote access for internal employees and third parties to resources (IoT devices and/or applications) on the Ericsson WAN through granular user-based access policies.

ZTNA benefits:

• Simple and safe remote access to required resources on the WAN for internal employees and third parties.
• Flexible authentication to the network through a client or through an Ericsson Cradlepoint router.
• Enhanced security with granular user-based access policies leveraging SAML-based attributes and context.
• Integration with any SAML 2.0 compliant identity provider.
• Continuous monitoring for changes in context that could revoke or reduce access privileges.
• Device posture visibility for users that are leveraging the NetCloud Client for remote connectivity.

Hybrid Mesh Firewall (HMF) is a security service that can be added to a Secure Connect, SD-WAN or ZTNA network.  With application and web filtering plus integrated IDS/IPS, HMF brings in modern firewall features, without the complexity.

HMF benefits:

• Uses policies and deep packet inspection to determine whether to block or allow traffic, including communications to or from an application.
• Provides continuous monitoring of all north/south and east/west traffic flows to detect and prevent malicious activity.
• Blocks access to inappropriate web content including high-risk domains that may contain malware.

NetCloud Virtual Edge enables a simple extension of the Secure Connect zero-trust network to applications that reside in a corporate data center or private cloud environment.

NetCloud Virtual Edge benefits:

• Push button deployment NetCloud Manager.
• Cost-effective and simple solution for organizations that need to connect to one or more data center or private cloud environments.
• Extension of Secure Connect zero-trust network to the data center and cloud to control access to and from cloud-based applications.

NetCloud Exchange is fully deployed and managed through Ericsson’s powerful cloud management and orchestration platform, NetCloud Manager.  With features that include zero-touch deployment, bulk provisioning, multilayered dashboards, centralized flow-level visibility, and intuitive troubleshooting tools, NetCloud Manager is a valuable assist to lean IT organizations.

NetCloud Manager also offers valuable AI-driven insights:

• Simplified fault management, isolation, and root cause analysis through AIOps-driven dashboard.
• Improved productivity with virtual expert capabilities to assist with everyday queries through Natural Language Processing.

The NetCloud Exchange Service Gateway is a required component to implementing NetCloud Exchange services (Secure Connect, SD-WAN and ZTNA). These services can be purchased as an add-on to any compatible router with a NetCloud Branch, Mobile or IoT service plan, while the NCX Service Gateway is purchased based on required network capacity.

For ordering details, see the following:

• Step 1 (required): Select NetCloud Service plan(s) for the compatible router(s)
• Step 2 (required): Select the Secure Connect or SD-WAN site (router-based) license(s) in either standard or premium for each router 
• Step 3 (optional): Select the ZTNA in either standard or premium per user license(s) (selection of standard or premium must match Step 2)
• Step 4 (optional): Select the NetCloud Virtual Edge in either standard or premium per each additional data center or private cloud environment beyond where the NCX Service Gateway is located (selection of standard or premium must match Step 2)
• Step 5 (required): Select NCX Service Gateway capacity for entire solution (separate part number for high availability)