NetCloud Exchange Terms and Conditions

These Service-Specific Terms describe the Cradlepoint NetCloud Exchange Services. Customer’s subscription is governed by these Service-Specific Terms and the Cradlepoint End User Agreement located at https://cradlepoint.com/legal/ (the “Agreement”). Capitalized terms used in these Service-Specific Terms and not otherwise defined herein have the meaning given to them in the Agreement.

  1. Description of Services
    NetCloud Exchange (NCX) is a service delivery platform, an extension to the Cradlepoint NetCloud platform that enables the Customer to secure, connect, control and observe any user or thing to any application traffic. NCX Services are delivered using Service Gateway, which is a virtual machine (VM) that can be deployed in the Customer network, either in an on-premise data center or in Customer’s virtual public cloud (VPC). NCX currently offers the following services:

    • Secure Connect
    • SD-WAN
    • ZTNA
    • HMF
    • AIOps
  2. NCX Service Gateway
    The Service Gateway is the service delivery foundation for NCX and provides the secure data-plane and policy enforcement capabilities for Secure Connect to orchestrate agile networks from Cradlepoint routers in sites, vehicles, IoT, and remote workers to digital resources in the cloud, data center, and external sites. The gateway houses the common engines that power SD-WAN and subsequent security services at the network level. Delivered for a virtual infrastructure, cloud environment, or downloaded onto a physical server, the Service Gateway can be deployed on-premise in Customer’s data center or in Customer’s VPC. Currently, Azure, AWS, KVM and VMware are supported.

    NCX Service Gateway is only sold as an add-on to a NetCloud Manager subscription. Service Gateway is sold based on capacity for the entire NCX solution. Pricing is calculated based on Service Gateway throughput and high availability for failover to provide resiliency. Each NetCloud Edge router will only support one tunnel on one active WAN interface at a time. Consult the applicable Service Gateway Deployment Guide for minimum hardware (physical or virtual), software, network, and service requirements.

    Customer may purchase an optional high availability add-on license for a Service Gateway to enable failover if the primary gateway fails. Use of high availability add-on licenses requires: (a) one active Service Gateway on a primary virtual machine and a standby Service Gateway on a secondary virtual machine in the same data center, and (b) the number of primary Service Gateway licenses equals or exceeds the number of add-on licenses.

    IF CUSTOMER’S ACTUAL THROUGHPUT EXCEEDS THE PURCHASED THROUGHPUT BY MORE THAN OR EQUAL TO 10%, THEN ALL EXCESS TRAFFIC WILL NOT BE TRANSMITTED THROUGH THE SERVICE GATEWAY. Customer can monitor actual throughput and available capacity using NetCloud Manager and may purchase additional throughput as needed.

  3. NCX Secure Connect
    Secure Connect is a network security solution that offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting sites, vehicles, IoT, and remote workers. NCX Secure Connect provides any-to-any connectivity and reduces the attack surface by building undiscoverable network resources.

    Depending on the site license selected, Secure Connect integrates with certain Cradlepoint NetCloud Edge routing and security endpoints to establish encrypted connections through the NCX Service Gateway, enabling secure access to applications and resources in the cloud or data center. Not all NetCloud Edge routers are compatible with Secure Connect. Secure Connect is only sold as an add-on to a NetCloud Manager subscription and may only be added into NetCloud root accounts. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use Secure Connect.

  4. NCX SD-WAN
    NCX SD-WAN service delivers a software defined wide area network with a specific focus of optimizing traffic across redundant cellular providers and hybrid WANs. NCX SD-WAN provides application, resource, and named resource traffic steering, traffic classification, and an application quality of experience (QoE) dashboard.

    Secure Connect service, including a Service Gateway, is a pre-requisite for the NCX SD-WAN service. If Customer does not maintain a NetCloud Manager subscription and Secure Connect site license, Customer will not be able to use SD-WAN. SD-WAN licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.

  5. NCX ZTNA
    1. NCX ZTNA enables identification, assignment, and management of user-to-application access by leveraging policies, identity, and context information to grant users zero trust access to corporate resources. Instead of providing shared access to network segments, connections are defined to corporate resources and are only built upon authentication. NCX ZTNA enables Customer to proactively maintain the security of Customer’s network with continuous verification. Customer defines all policies within the ZTNA service, and all policy decisions to accept or deny access occur within the Customer’s network environment.
    2. Creates networks that apply zero-trust principles with no default network level access and secure data-plane and policy enforcement.
    3. Secure Connect service, including a Service Gateway, is a pre-requisite for the NCX ZTNA service. If Customer does not maintain a NetCloud Manager subscription and Secure Connect site license, Customer will not be able to use NCX ZTNA. NCX ZTNA licenses are offered on a per-user basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.
    4. CUSTOMER ACKNOWLEDGES THAT SOME COUNTRIES REGULATE USE OF TECHNOLOGIES AND SERVICES THAT MONITOR INDIVIDUALS, WHICH MAY INCLUDE THE USE OF NCX ZTNA. CUSTOMER IS SOLELY RESPONSIBLE FOR COMPLIANCE WITH ANY APPLICABLE LOCAL LAWS AND REGULATIONS.
    5. NCX ZTNA contains the Npcap OEM Windows packet capturing software (https://npcap.com) pursuant to a license agreement with Nmap Software LLC. Npcap OEM contains programming code from the Libpcap project (https://www.tcpdump.org) which is Copyright © by the TCPdump Group and its contributors. Npcap also incorporates code from the now-defunct Winpcap software (https://winpcap.org) which is Copyright © Netgroup, Politecnico di Torino, CACE Technologies, and the Regents of the University of California. In addition, Npcap contains an ieee80211_radiotap.h header file which is Copyright © David Young. Full license text and details for these 3rd party components are available in the Npcap-Third-Party-Open-Source.pdf file included with this program and/or available at https://npcap.com/src/docs/Npcap-Third-Party-Open-Source.pdf.
  6. Hybrid Mesh Firewall (HMF)

    NCX HMF is a centralized security policy management, enforcement, and monitoring solution for distributed enterprises. It includes application aware policy using deep packet inspection, web filtering, and reputation service (to clear certain domains based on reputation score), and threat management that offers continuous inspection for zero-trust traffic flows. Secure Connect and Service Gateway are a pre-requisite for the NCX HMF service. If the Customer does not maintain a NetCloud Manager subscription, Secure Connect and Service Gateway licenses, the Customer will not be able to use HMF. HMF licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.

  7. NCX AIOps

    NCX AIOps, together with other Services, leverages machine learning to assist the Customer in managing its network by using machine learning models to analyze network usage in real time and provide insights and metrics to Customer. AIOps is designed to give Customer insights about its network, but not to make decisions for Customer. AIOps is not a substitute for competent, human-led network management, and is intended only as part of the decision-making process used by Customer to manage its network in light of Customer’s various network needs and goals. By agreeing to the Agreement and using Services including AIOps, Customer acknowledges that Cradlepoint may use Cradlepoint Data and/or Customer Data for the purpose of the provision of AIOps solutions to Customer, including processing in machine learning model instances specific to Customer for the improvement of Customer’s Services, and Customer instructs Cradlepoint to process its Customer Data for such purpose. Customer further agrees to the use of all such data (in anonymized form only) by Cradlepoint for purposes of improving the Services generally and training machine learning models (including large language models and similar models) for general use and provision by Cradlepoint. The features of NCX AIOps are constantly evolving and may be changed by Cradlepoint at any time, even if such change results in reduced functionality. By using or accessing the Services, Customer hereby grants to Cradlepoint, its Affiliates, and applicable licensors and service providers a worldwide, royalty-free, non-exclusive, irrevocable, sublicensable, limited right and license as necessary to carry out the actions set forth in this Section 7.

  8. Additional Disclaimer
    CUSTOMER IS RESPONSIBLE FOR SECURING ALL ENDPOINTS, CONFIGURING ENCRYPTION OF DATA IN TRANSIT TO CRADLEPOINT AND THE NCX SERVICES, AND DEFINING ALL RULES AND POLICIES WITHIN THE NCX SERVICES. CRADLEPOINT DOES NOT REPRESENT OR WARRANT THAT (I) THE NCX SERVICES WILL GUARANTEE THE SECURITY OF CUSTOMER’S NETWORK AT ALL TIMES, OR (II) THAT NETWORK CONFIGURATION RECOMMENDATIONS OFFERED BY THE NCX SERVICES (INCLUDING AIOPS) WILL BE COMPLETE, ACCURATE, SECURE, OR OPTIMAL. CUSTOMER TAKES FULL RESPONSIBILITY FOR ANY NETWORK MANAGEMENT DECISIONS MADE BY CUSTOMER. NEW THREATS, MALWARE, AND TECHNIQUES FOR OBTAINING UNAUTHORIZED ACCESS TO A NETWORK, DEVICES, AND DATA MAY DEVELOP AT ANY TIME.
  9. Geographic and Export Restrictions
    Some services and features are not available to certain customers in certain countries, depending upon legal and regulatory restrictions relating to the handling of data and customer’s proposed use. In addition to the export restrictions set forth in the Agreement, Customer hereby certifies that its Service Gateway or data centers used to host the Service Gateway will not be located in any Embargoed Country.
  10. Maintenance and Support
    Cradlepoint will provide Maintenance and Support services based on the purchased tier of service.

Explore how Cradlepoint can help you unlock the power of LTE and 5G cellular for your network.

NETCLOUD HOW TO BUY