These Service-Specific Terms describe the Cradlepoint NetCloud Exchange Services. Customer’s subscription is governed by these Service-Specific Terms and the Cradlepoint End User Agreement located at https://cradlepoint.com/legal/ (the “Agreement”). Capitalized terms used in these Service-Specific Terms and not otherwise defined herein have the meaning given to them in the Agreement.
- Description of Services
NetCloud Exchange (NCX) is a service delivery platform, an extension to the Cradlepoint NetCloud platform that enables the Customer to secure, connect, control and observe any user or thing to any application traffic. NCX Services are delivered using Service Gateway, which is a virtual machine (VM) that can be deployed in the Customer network, either in an on-premise data center or in Customer’s virtual public cloud (VPC). NCX currently offers the following services:
- Secure Connect
- NCX Service Gateway
The Service Gateway is the service delivery foundation for NCX and provides the secure data-plane and policy enforcement capabilities for Secure Connect to orchestrate agile networks from Cradlepoint routers in sites, vehicles, IoT, and remote workers to digital resources in the cloud, data center, and external sites. The gateway houses the common engines that power SD-WAN and subsequent security services at the network level. Delivered for a virtual infrastructure, cloud environment, or downloaded onto a physical server, the Service Gateway can be deployed on-premise in Customer’s data center or in Customer’s VPC. Currently, Azure, AWS, KVM and VMware are supported.
NCX Service Gateway is only sold as an add-on to a NetCloud Manager subscription. Service Gateway is sold based on capacity for the entire NCX solution. Pricing is calculated based on Service Gateway throughput and high availability for failover to provide resiliency. Each NetCloud Edge router will only support one tunnel on one active WAN interface at a time. Consult the applicable Service Gateway Deployment Guide for minimum hardware (physical or virtual), software, network, and service requirements.
Customer may purchase an optional high availability add-on license for a Service Gateway to enable failover if the primary gateway fails. Use of high availability add-on licenses requires: (a) one active Service Gateway on a primary virtual machine and a standby Service Gateway on a secondary virtual machine in the same data center, and (b) the number of primary Service Gateway licenses equals or exceeds the number of add-on licenses.
IF CUSTOMER’S ACTUAL THROUGHPUT EXCEEDS THE PURCHASED THROUGHPUT BY MORE THAN OR EQUAL TO 10%, THEN ALL EXCESS TRAFFIC WILL NOT BE TRANSMITTED THROUGH THE SERVICE GATEWAY. Customer can monitor actual throughput and available capacity using NetCloud Manager and may purchase additional throughput as needed.
- NCX Secure Connect
Secure Connect is a network security solution that offers a simple-to-manage alternative to complex VPN infrastructures for securely connecting sites, vehicles, IoT, and remote workers. NCX Secure Connect provides any-to-any connectivity and reduces the attack surface by building undiscoverable network resources.
Depending on the site license selected, Secure Connect integrates with certain Cradlepoint NetCloud Edge routing and security endpoints to establish encrypted connections through the NCX Service Gateway, enabling secure access to applications and resources in the cloud or data center. Not all NetCloud Edge routers are compatible with Secure Connect. Secure Connect is only sold as an add-on to a NetCloud Manager subscription and may only be added into NetCloud root accounts. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use Secure Connect.
- NCX SD-WAN
NCX SD-WAN service delivers a software defined wide area network with a specific focus of optimizing traffic across redundant cellular providers and hybrid WANs. NCX SD-WAN provides application, resource, and named resource traffic steering, traffic classification, and an application quality of experience (QoE) dashboard.
Secure Connect service, including a Service Gateway, is a pre-requisite for the NCX SD-WAN service. If Customer does not maintain a NetCloud Manager subscription and Secure Connect site license, Customer will not be able to use SD-WAN. SD-WAN licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.
- NCX ZTNA
- NCX ZTNA enables identification, assignment, and management of user-to-application access by leveraging policies, identity, and context information to grant users zero trust access to corporate resources. Instead of providing shared access to network segments, connections are defined to corporate resources and are only built upon authentication. NCX ZTNA enables Customer to proactively maintain the security of Customer’s network with continuous verification. Customer defines all policies within the ZTNA service, and all policy decisions to accept or deny access occur within the Customer’s network environment.
- Creates networks that apply zero-trust principles with no default network level access and secure data-plane and policy enforcement.
- Secure Connect service, including a Service Gateway, is a pre-requisite for the NCX ZTNA service. If Customer does not maintain a NetCloud Manager subscription and Secure Connect site license, Customer will not be able to use NCX ZTNA. NCX ZTNA licenses are offered on a per-user basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.
- CUSTOMER ACKNOWLEDGES THAT SOME COUNTRIES REGULATE USE OF TECHNOLOGIES AND SERVICES THAT MONITOR INDIVIDUALS, WHICH MAY INCLUDE THE USE OF NCX ZTNA. CUSTOMER IS SOLELY RESPONSIBLE FOR COMPLIANCE WITH ANY APPLICABLE LOCAL LAWS AND REGULATIONS.
- NCX ZTNA contains the Npcap OEM Windows packet capturing software (https://npcap.com) pursuant to a license agreement with Nmap Software LLC. Npcap OEM contains programming code from the Libpcap project (https://www.tcpdump.org) which is Copyright © by the TCPdump Group and its contributors. Npcap also incorporates code from the now-defunct Winpcap software (https://winpcap.org) which is Copyright © Netgroup, Politecnico di Torino, CACE Technologies, and the Regents of the University of California. In addition, Npcap contains an ieee80211_radiotap.h header file which is Copyright © David Young. Full license text and details for these 3rd party components are available in the Npcap-Third-Party-Open-Source.pdf file included with this program and/or available at https://npcap.com/src/docs/Npcap-Third-Party-Open-Source.pdf.
- Additional Disclaimer
CUSTOMER IS RESPONSIBLE FOR SECURING ALL ENDPOINTS, CONFIGURING ENCRYPTION OF DATA IN TRANSIT TO CRADLEPOINT AND THE NCX SERVICES, AND DEFINING ALL RULES AND POLICIES WITHIN THE NCX SERVICES. CRADLEPOINT DOES NOT REPRESENT OR WARRANT THAT THE NCX SERVICES WILL GUARANTEE THE SECURITY OF CUSTOMER’S NETWORK AT ALL TIMES. NEW THREATS, MALWARE, AND TECHNIQUES FOR OBTAINING UNAUTHORIZED ACCESS TO A NETWORK, DEVICES, AND DATA MAY DEVELOP AT ANY TIME.
- Geographic and Export Restrictions
Some services and features are not available to certain customers in certain countries, depending upon legal and regulatory restrictions relating to the handling of data and customer’s proposed use. In addition to the export restrictions set forth in the Agreement, Customer hereby certifies that its Service Gateway or data centers used to host the Service Gateway will not be located in any Embargoed Country.
- Additional Disclaimer
Cradlepoint will provide Maintenance and Support services based on the purchased tier of service.