Ericsson Enterprise Wireless

NetCloud SASE Terms and Conditions

These Service-Specific Terms describe your access and use of the Cradlepoint hosted SD-WAN and security services (“NetCloud SASE”). Customer’s subscription is governed by these Service-Specific Terms and the Cradlepoint End User Agreement located at https://cradlepoint.com/legal/ (the “Agreement”). Capitalized terms used in these Service-Specific Terms and not otherwise defined herein have the meaning given to them in the Agreement. Customers must follow the configuration guidance in the technical documents.

  1. Description of Services
    NetCloud SASE is a service delivery platform that enables the Customer to secure, connect, control, and observe any user or thing to any application traffic. Specific services include:

    • Secure Connect
    • SD-WAN
    • ZTNA
    • Hybrid Mesh Firewall (HMF)
    • AIOps
    • Virtual Edge
  2. NetCloud SASE
    NetCloud SASE provides the secure data plane and policy enforcement capabilities for Secure Connect to orchestrate agile networks from Cradlepoint routers in sites, vehicles, IoT, and remote workers to digital resources in the cloud, data center, and external sites. NetCloud SASE houses the common engines that power SD-WAN and subsequent security services at the network level. NetCloud SASE is only sold as an add-on to a NetCloud Manager subscription.NetCloud SASE provides connectivity for sites and users. Site connectivity includes an annual data capacity that can be applied to traffic flowing through a NetCloud SASE network. A site connected to a NetCloud SASE network will build a tunnel for each active WAN interface.

    User connectivity is licensed on a per-user basis and not based on data volume. Customer can monitor the actual usage of NetCloud SASE per-Network data capacity using NetCloud Manager. Customer will be alerted if the available capacity for one or more networks is low. IF CUSTOMER’S ACTUAL DATA USAGE CONSUMPTION EXCEEDS THE TOTAL PURCHASED VOLUME FOR ANY NETWORK BY 10% OR MORE, THEN CRADLEPOINT RESERVES THE RIGHT TO DISABLE CONNECTIVITY TO NETCLOUD SASE FOR THAT NETWORK.

  3. Secure Connect
    VPN infrastructures for securely connecting sites, vehicles, IoT, and remote workers. Secure Connect reduces the attack surface by building undiscoverable network resources.Secure Connect integrates with certain Cradlepoint NetCloud Edge routing and security endpoints to establish encrypted connections through NetCloud SASE, enabling secure access to applications and resources in the cloud or data center. Not all NetCloud Edge routers are compatible with Secure Connect. Secure Connect is included with every NetCloud SASE site license and user license. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use Secure Connect.
  4. SD-WAN
    SD-WAN delivers a software defined wide area network with a specific focus of optimizing traffic across redundant cellular providers and/or hybrid WANs. SD-WAN provides application, resource, and named resource traffic steering, traffic classification, and an application quality of experience (QoE) dashboard.Secure Connect, which requires NCX or NetCloud SASE, is a pre-requisite for the NCX SD-WAN service. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use SD-WAN. SD-WAN licenses are offered on a per-device basis for supported Cradlepoint endpoint devices.
  5. ZTNA
    1. ZTNA enables identification, assignment, and management of user-to-application access by leveraging policies, identity, and context information to grant users zero trust access to corporate resources. Instead of providing shared access to network segments, connections are defined to corporate resources and are only built upon authentication. ZTNA enables Customer to proactively maintain the security of Customer’s network with continuous verification. Customer defines all policies within the ZTNA service, and all policy decisions to accept or deny access occur within the NetCloud SASE service.
    2. ZTNA creates networks that apply zero-trust principles with no default network level access and secure data-plane and policy enforcement.
    3. Secure Connect service is a pre-requisite for the ZTNA service. If Customer does not maintain a NetCloud Manager subscription and either a Secure Connect site license or a Virtual Edge license, Customer will not be able to use ZTNA. ZTNA licenses are offered on a per-user basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.
    4. CUSTOMER ACKNOWLEDGES THAT SOME COUNTRIES REGULATE USE OF TECHNOLOGIES AND SERVICES THAT MONITOR INDIVIDUALS, WHICH MAY INCLUDE THE USE OF ZTNA. CUSTOMER IS SOLELY RESPONSIBLE FOR COMPLIANCE WITH ANY APPLICABLE LAWS AND REGULATIONS.
    5. ZTNA contains the Npcap OEM Windows packet capturing software (https://npcap.com) pursuant to a license agreement with Nmap Software LLC. Npcap OEM contains programming code from the Libpcap project (https://www.tcpdump.org) which is Copyright © by the TCPdump Group and its contributors. Npcap also incorporates code from the now-defunct Winpcap software (https://winpcap.org) which is Copyright © Netgroup, Politecnico di Torino, CACE Technologies, and the Regents of the University of California. In addition, Npcap contains an ieee80211_radiotap.h header file which is Copyright © David Young. Full license text and details for these 3rd party components are available in the Npcap-Third-Party-Open-Source.pdf file included with this program and/or available at https://npcap.com/src/docs/Npcap-Third-Party-Open-Source.pdf.
  6. Hybrid Mesh Firewall (HMF)
    HMF is a centralized security policy management, enforcement, and monitoring solution for distributed enterprises. It includes application-aware policy using deep packet inspection, web filtering, and reputation services (to block or allow certain applications and web domains based on acceptable use policies and web reputation score), and threat management that offers continuous inspection for zero-trust traffic flows. Secure Connect is a pre-requisite for the HMF service. If the Customer does not maintain a NetCloud Manager subscription and a Secure Connect license, the Customer will not be able to use HMF. HMF licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices. Customer defines all policies within the HMF service, and all policy decisions to accept or deny access occur within the NetCloud SASE service.
  7. AIOps
    AIOps, together with other Services, leverages machine learning to assist the Customer in managing its network by using machine learning models to analyze network usage in real time and provide insights and metrics to Customer. AIOps is designed to give Customer insights about its network, but not to make decisions for Customer. AIOps is not a substitute for competent, human-led network management, and is intended only as part of the decision-making process used by Customer to manage its network in light of Customer’s various network needs and goals. By agreeing to the Agreement and using Services including AIOps, Customer acknowledges that Cradlepoint may use Cradlepoint Data and/or Customer Data for the purpose of the provision of AIOps solutions to Customer, including processing in machine learning model instances specific to Customer for the improvement of Customer’s Services, and Customer instructs Cradlepoint to process its Customer Data for such purpose. Customer further agrees to the use of all such data (in anonymized form only) by Cradlepoint for purposes of improving the Services generally and training machine learning models (including large language models and similar models) for general use and provision by Cradlepoint. The features of AIOps are constantly evolving and may be changed by Cradlepoint at any time, even if such change results in reduced functionality. By using or accessing the Services, Customer hereby grants to Cradlepoint, its Affiliates, and applicable licensors and service providers a worldwide, royalty-free, non-exclusive, irrevocable, sublicensable, limited right and license as necessary to carry out the actions set forth in this Section 7.AIOps also includes the AI NetCloud Assistant (ANA). ANA leverages AI technology (some provided by third parties) to provide Customer with basic technical assistance in the configuration and administration of certain Cradlepoint networking products (the “Purpose”). Customer acknowledges that, even if interactions with ANA may be perceived to be human-like, ANA is a chatbot which may at various times use generative AI such as large language models or similar technologies to generate its Outputs (as defined below) to Customer. Customer acknowledges and agrees that ANA may give different responses based on different prompts from Customer, including based on the tone and mood of Customer’s inputs. Customer acknowledges and accepts that ANA is not an agent of Cradlepoint and has no authority to bind Cradlepoint legally or contractually, and Customer shall not construe this Agreement to provide otherwise under any legal theory. Customer shall not input any personally identifiable data or Customer confidential information into the ANA Services. Customer acknowledges that generative AI technologies such as large language models are known to produce incorrect or biased information (sometimes referred to as “hallucinations”) and that such hallucinations may be present in Outputs. Customer shall not use ANA for any purpose other than the Purpose. Customer shall not engage in “jailbreaking,” “prompt engineering,” non-natural language inputs, or any other activity that may be expected to cause ANA to provide Outputs outside the scope of the Purpose. Customer understands that, in addition to being a breach of these terms, such activities may result in Outputs that are incorrect or even harmful to Customer’s network, and Customer accepts full responsibility for all such Outputs and misuse of ANA. Customer hereby acknowledges and accepts the statements regarding ANA set forth in this paragraph for all ANA chat sessions and usage instances.

    All text and other outputs generated or outputted by ANA (the “Outputs”) shall, as between the parties hereto, be owned by Cradlepoint. Cradlepoint hereby grants Customer, under all copyrights owned and licensable by Cradlepoint, a non-sublicensable, non-transferrable, global (except to the extent this Agreement or another agreement between Customer and Cradlepoint limits Customer’s use of the Services to one or more territories, in which case this license shall be limited to such territories), non-exclusive, limited copyright license to use the Outputs only with regard to the Purpose. Cradlepoint makes no representation about the ownership of the Outputs. All inputs to ANA from Customer are considered Customer Content.

    NO WARRANTY FOR ANA SERVICES OR OUTPUTS. TO THE MAXIMUM EXTENT PERMITTED UNDER LAW (A) THE ANA SERVICES AND OUTPUTS ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND; AND (B) CRADLEPOINT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, RELATING TO THIRD-PARTY PRODUCTS OR SERVICES, INCLUDING THIRD-PARTY INTERFACES OR LARGE LANGUAGE MODELS, THAT MAY BE INCLUDED IN ANA. CRADLEPOINT EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE WITH REGARD TO THE OUPUTS AND ANA SERVICES, AS WELL AS ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING OR PERFORMANCE, OR TRADE USE. CRADLEPOINT DOES NOT WARRANT, AND DISCLAIMS THAT, THE ANA SERVICES OR OUTPUTS ARE ACCURATE, COMPLETE OR ERROR-FREE OR THAT THEIR USE WILL BE UNINTERRUPTED. REFERENCES TO A THIRD PARTY IN THE OUTPUTS MAY NOT MEAN THEY ENDORSE OR ARE OTHERWISE WORKING WITH CRADLEPOINT. CRADLEPOINT DOES NOT PROVIDE HUMAN REVIEW OR VALIDATION OF OUTPUTS, AND CUSTOMER IS RESPONSIBLE FOR REVIEWING AND VALIDATING ALL RECOMMENDATIONS FROM ANA PRIOR TO ACTING ON SUCH RECOMMENDATIONS.

  8. Virtual Edge
    Virtual Edge is a virtual appliance that enables Customer to extend the Secure Connect service to applications that reside in the public cloud. The Virtual Edge license includes a Secure Connect site license and in the case of NetCloud SASE, an annual data capacity that can be applied to traffic flowing through a NetCloud SASE network.
  9. Additional Disclaimer
    CUSTOMER IS RESPONSIBLE FOR SECURING ALL ENDPOINTS, CONFIGURING ENCRYPTION OF DATA IN TRANSIT TO CRADLEPOINT AND NETCLOUD SASE, AND DEFINING ALL RULES AND POLICIES WITHIN NETCLOUD SASE. CRADLEPOINT DOES NOT REPRESENT OR WARRANT THAT NETCLOUD SASE WILL GUARANTEE THE SECURITY OF CUSTOMER’S NETWORK AT ALL TIMES. NEW THREATS, MALWARE, AND TECHNIQUES FOR OBTAINING UNAUTHORIZED ACCESS TO A NETWORK, DEVICES, AND DATA MAY DEVELOP AT ANY TIME. IF CUSTOMER USES NETCLOUD SASE TO ACCESS ANY CRIMINAL JUSTICE INFORMATION SERVICES, CUSTOMER RETAINS ALL RESPONSIBILITY TO COMPLY WITH APPLICABLE LAWS, REGULATIONS, AND REQUIREMENTS.
  10. Geographic and Export Restrictions
    Some services and features are not available to certain customers in certain countries, depending upon legal and regulatory restrictions relating to the handling of data and customer’s proposed use.

Service Level Agreement

This document outlines the Service Level Agreement (“SLA”) for NetCloud SASE (the “Service”) as further described in Customer’s subscription governed by the Service-Specific Terms and the Cradlepoint End User Agreement https://cradlepoint.com/legal/. This SLA does not apply to evaluation of the Service or other products or services offered by Cradlepoint.

  1. Definitions
    “Agreement” means Cradlepoint’s Terms of Service and License Agreement, End User Agreement, or other agreement then in-effect between Customer and Cradlepoint.“Downtime” means the total number of minutes in a calendar month that the Service is unavailable due to a Service Disruption. The Service Disruption period begins when Cradlepoint validates a Service Disruption based on either Customer’s or Cradlepoint’s identification of a Service Disruption. The Service Disruption ends when the Service has been restored.“Excluded Disruptions” mean disruptions arising out of or related to any of the following:

    • planned outages, routine or urgent maintenance;
    • service issues arising from acts or omissions of Customer or Customer’s representatives or agents, such as misconfiguration of service features or settings under Customer’s control or integrations or use of third party software;
    • use of the Service not in accordance with the Agreement, guidelines or documentation, including failure to upload the most recent version of device operating system made available by Cradlepoint;
    • Customer’s failure to modify use of the Service as advised by Cradlepoint or to release the Service for testing or repair and continuing to use the Service on an impaired basis;
    • elements of the Service that are not within Cradlepoint’s direct and complete operational control such as the Internet connection, utility companies, or other services that connects devices to the Service;
    • any reasonably unforeseeable interruption or degradation in Service due to actions or inactions caused by third parties including, but not limited to, Force Majeure Events;
    • high availability events, scaling events, and delays caused by fail over; or
    • rightful suspension and/or termination of the Service by Cradlepoint in accordance with the Agreement.

    “Force Majeure Event” means an event beyond a party’s reasonable control, including acts of God, acts of government or war, flood, fire, earthquake, civil unrest, act of terror, strikes, riots, work stoppage, epidemics, pandemics, material shortages, restricting legislation, embargo, or Internet service provider failure, denial of service attack, or outage of a public communications carrier or infrastructure hosting provider.

    “Service Availability” is calculated as the total number of minutes in a calendar month less the number of minutes of Downtime, divided by the total number of minutes in a calendar month.

    “Service Disruption” means disruption in accessing private applications or the internet due to service outages, other than an Excluded Disruption.

  2. Service Availability Target
    The SLA target for Service Availability is 99.9% per each calendar month subject to Excluded Disruptions (“Service Availability Target”). The following table presents Service Availability translated into minutes of Downtime for the 99.9% Service Availability Target:

    Days Per Month Total Minutes/Month Downtime Minutes
    31 days 44,640 45
    30 days 43,200 43
    29 days 41,760 42
    28 days 40,320 40
  3. Network Maintenance
    Cradlepoint will perform planned maintenance to update and maintain the Service on a regular basis during routine maintenance windows based on the Service region. In some cases, Cradlepoint will need to perform urgent maintenance, which will usually be conducted within the routine maintenance windows. Cradlepoint will use reasonable efforts to provide advance notice of the approximate time, duration, and reason for any urgent maintenance outside of designated routine maintenance windows.
  4. Remedies
    If the Service Availability during any calendar month is less than the Service Availability Target and Customer is in compliance with the terms of this Agreement and this SLA, then Customer may request a credit equal to the corresponding percentage of a monthly prorated portion of the fees for the Service as set forth in the table below. Any credit to be applied will be off set against amounts due from Customer for the Service in the renewal cycle following the date Cradlepoint makes its credit determination. Credit requests must be submitted to Cradlepoint by Customer or an authorized channel partner: (i) in writing within ten (10) days after the end of the month in which the Service was unavailable; (ii) by reporting the incident via NetCloud Manager by opening a technical support case and with the subject “NetCloud SASE outage service credits”; and (iii) with details of the service interruption date, start time and end time during the calendar month for which the credit claim is being made, in the description field. A single request for service credits can be made for multiple interruptions during any one calendar month.

    Service Availability Service Credit
    99.9% No service credit
    <99.9% – 98.0% 2% service credit
    <98.0% – 96.0% 5% service credit
    <96.0% 10% service credit

    The maximum aggregate service credits for any calendar month is 10%. The service credits described in this SLA shall constitute Customer’s sole and exclusive remedy, and Cradlepoint’s and the authorized channel partners’ sole and exclusive liability, with respect to any missed Service Availability Target. Customer’s failure to properly submit a claim for a service credit as described above or to respond to or provide any other information necessary to validate the request will disqualify Customer from receiving a service credit. Customer cannot convert service credits to refunds and Customer cannot sell, transfer or assign such service credits. Cradlepoint will use commercially reasonable efforts to notify Customer or the authorized channel partner of the awarded service credits, as applicable.

Explore how Ericsson can help you unlock the power of 5G and LTE cellular for your network.

NetCloud How to buy