Cradlepoint NetCloud Perimeter
Creating a Software-Defined Perimeter
Enterprises use NetCloud Perimeter, a service that leverages Software-Defined Perimeter technology, to spin up virtual networks in the cloud that protect IoT devices.
These invitation-only overlay networks utilize a private address space, eliminating the need for routable IPs on the Internet and obscuring them from the reach of potential hackers. They also isolate IoT traffic from different devices and from trusted networks (example: keeping IoT devices off the corporate WAN). The “cloud” is how Cradlepoint orchestrates, deploys, and manages its perimeter-secured overlays, which can reach anywhere across the Internet.
In IoT use cases—especially utilizing sensors—data must be securely and directly connected to the cloud so it can be leveraged to inform business decisions and boost efficiencies. Device-to-cloud overlay networks are what communicate the connection between IoT devices and the cloud. This is the “why” behind perimeter-secured overlay networks.
NetCloud Perimeter is deployed directly on IoT devices, laptops, tablets, and smartphones that run Linux, OS-X, Windows, Android, or iOS with the NetCloud Client. A NetCloud Gateway is deployed into a NetCloud Perimeter when a Cradlepoint router (or other physical or virtual Linux server) runs the NetCloud Client in gateway mode. With a NetCloud Gateway, any IP-based device (e.g. printers, NAS, cameras, sensors, etc.) can be connected to the overlay network without the NetCloud Client installed.
Enterprises use NetCloud Perimeter to create one or more perimeter-secured overlay networks for IoT deployments.
- Micro-segmentation of users, groups, applications and resources with simple policies
- Invitation-only security/Private IP Addressing
- Fully encrypted transactions
Connect IP-Enabled Devices to a Secure Network
NetCloud Perimeter provides several layers of protection for devices connected over the Internet and other untrusted networks. To protect IoT devices, NetCloud Perimeter’s approach reduces the potential for attacks through isolation and obfuscation.
NetCloud Perimeter’s designed supports the unique security requirements of IoT and connected device applications. The natural Security Policy management built into NetCloud Perimeter makes it easy to enforce network-wide firewall and access controls and to micro-segment users, applications and devices to access only appropriate resources. Extending Active Directory additionally strengthens domain security.
- Secure Internet Access to send traffic to and from target IoT devices through private IP address space
- Micro-segmentation with device-level SSL encryption
- Machine-level authentication designed for embedded devices, kiosks, etc.
- Extend Active Directory domains to maintain security
- Private IP address space and outbound connections eliminate the need for expensive public IP addresses and on-premise firewall changes to keep devices from being reached across the Internet.
- Unsupported devices, such as IoT sensors or security cameras, connect into the perimeter network behind a Cradlepoint router acting as a NetCloud Gateway, adding a layer of security, reducing the attack surface, and implementing policies.
NetCloud Perimeter’s security foundation is a multi-layer, network-based approach to security that protects users, devices, and workloads wherever they are deployed. NetCloud Perimeter uses invitations to add users, ensuring only pre-authorized users or devices are added to the network. . And, all transactions are fully encrypted using the AES 256-bit standard encryption algorithm. Because the virtual overlay network is effectively cloaked from underlaying untrusted networks, it is impervious to traditional address-borne attacks. Further, machine-level authentication is designed for embedded devices like kiosks.
- Multi-layer Authentication: device, virtual network, domain and certificate level
- Micro-segmentation enables zero-trust WANs
- End-to-end 256-bit encryption with device and X.509 certificate (PKI) authentication
- Secure overlay through the abstraction of logical network and address space from the Internet
- Private IP address space
- Protect the edge from network-based attacks
- Virtual overlay (cloud-based) network with micro-segmentation to isolate threats
- No data stored in the cloud
- Encrypted data-in-transit (256-bit AES)
- No data stored in cloud
- Private IP address space
- Enables micro-segmentation for zero-trust WANs
- Certificate-based Auto-PKI (X.509 CA)
- Runs on top-tier cloud providers around the world
- Fully redundant architecture
- Self-healing, self-optimizing
- Seamless failover
- Windows 7, 8
- Windows Server 2008r2, 2012r2, 2016
- Mac OS X 10.7 - 10.14
- Apple iOS 10.3 - 12.1.1
- Android 4.3 to 7.0
- Linux Ubuntu 14.04
- Linux CentOS 6
|Functionality included in all NetCloud Solution Packages - Essentials|
|OS Client or Whitelist Devices||✓|
|Secure Overlay Connection||✓|
|Secure Internet Access||✓|
Knowledge Base Articles
How to Buy
How to Buy
If you are a new customer, please contact your Approved Cradlepoint Partner.
Cradlepoint’s NetCloud Perimeter Gateway is included in all NetCloud Solution Packages. Additional NetCloud Perimeter Client licenses can be purchased separately. For a NetCloud Perimeter Gateway, the following routers are supported and firmware version 6.2.0 or higher is required.
Supported Cradlepoint Routers
- AER3100 Series
- AER1600 Series
- COR IBR1100 Series
- COR IBR900 Series
- COR IBR600B Series
- COR IBR600C Series
- COR IBR350
Supported Operating Systems for NetCloud Perimeter Client
Android, iOS, Windows, MAC, Linux, Docker
NetCloud Perimeter Client for Customer Devices
Supports Gateway for Cradlepoint Routers
|Product Name||Part No.||Description|
|NetCloud Client 1-yr||NCE-CLNPRM-CCNCE-1YR||1-yr NetCloud Perimeter Client, SaaS License with Support|
|NetCloud Client 3-yr||NCE-CLNPRM-CCNCE-3YR||3-yr NetCloud Perimeter Client, SaaS License with Support|
|NetCloud Client 5-yr||NCE-CLNPRM-CCNCE-5YR||5-yr NetCloud Perimeter Client, SaaS License with Support|