NetCloud Manager FAQ
Related Links / Additional Information
This article provides a list of commonly-asked questions and answers regarding NetCloud Manager (NCM).The Configuration Examples sections includes links to articles that demonstrate the function of the NCM service.
NetCloud Manager is Cradlepoint's next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with NetCloud Manager, Cradlepoint's next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.
A detailed explanation of the NetCloud Manager service can be found on the NCM product page.
To establish a successful connection to NetCloud Manager, a Cradlepoint router must meet the following requirements:
1. Supported Product: All newer Enterprise-grade Cradlepoint routers manufactured after 2014 are manageable on NetCloud Manager (NCM). Additionally, router models CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250 are supported on legacy firmware.
2. Minimum Firmware: 4.4.3. Using most recent available firmware version is recommended.
Note: Legacy support for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Minimum firmware requirement for Series 2 products is 2.0.0.
Click here to identify your router. For information on upgrading NCOS, click here.
3. NTP Server Connection: Routers must sync with a time server before they can communicate with NetCloud Manager. NCM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions - devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.
4. DNS Server Connection: Routers must be able to resolve the host name stream.cradlepointecm.com to communicate with NetCloud Manager.
5. Internet Connection for NCM Traffic: Traffic destined for NetCloud Manager crosses the public internet. The router must be connected to an internet source and policies need to be in place to allow the NCM services of the router to communicate with the NCM Servers on the internet. For private network considerations, please see NetCloud Manager: Access via a Private Network.
Frequently Asked Questions
What level of redundancy and reliability features do the NetCloud Manager Servers have?
NetCloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only authorized personnel have access to the secured area. Redundancy of the system includes the following:
Datacenter Redundancy and Reliability:
- 24x7x365 onsite staff
- Dual power circuits tied to N+1 redundant datacenter UPS systems
- Onsite diesel backup power generators
- Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
- Fiber carriers enter datacenters at disparate points to guard against service failure
- N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering
Server and Software Redundancy:
- Redundant load balanced application servers
- Master database in isolated private network with one-hour replacement
- Full nightly backups
- SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.
What are the security measures for the NetCloud Manager Servers?
NetCloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:
- Cradlepoint servers are located in a secured area within a Tier IV datacenter.
- Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
- 24x7x365 onsite staff
- Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.
Hardware and Software Security:
- Only authorized operations personnel are allowed physical access to production NCM servers.
- Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.
Event and Log Management:
- All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
- Automated logs track and log changes, including backups of this data.
Does Cradlepoint perform vulnerability assessment of the NCM servers?
Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the NCM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.
How many devices can your system support and how many do you have on the system now?
Cradlepoint manages more than 1 million devices on NetCloud Manager today. NCM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.
As a System Integrator, can I have multiple primary accounts that I can use to manage my customers' devices, and can I see all of my customers' devices?
Yes, with NCM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).
When an NCM account password is lost, how is it reset?
The user navigates to the Request Password Reset page, using the Forgot Password link on the NCM central login page, where an email address is entered. If the email address entered matches an email address associated with an NCM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn't recognized.
Cradlepoint support personnel do not have access to NCM user passwords and thus cannot provide any passwords over the phone.
How strong are NCM passwords and how long do they last?
The following are password requirements:
- Password minimum length (default = 8)
- Require one or more CAPITALIZED letters in the password (default = yes)
- Require one or more numbers in the password (default = yes)
The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.
How are passwords stored within the NCM Servers?
All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses the PBKDF2 algorithm with a SHA-256 hash.
Is User Data stored within the Cradlepoint devices?
No user data is stored on the Cradlepoint devices.
Do new users receive a unique password?
When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.
When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.
How do you integrate with Network Management Systems?
NetCloud Manager can be integrated with any Network Management System via the NetCloud Manager API. The NCM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the NCM APIv2.
How many levels of user account privileges does NCM support?
NCM supports four levels of user access privileges for a customer.
- Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
- Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
- Read-Only User – has read-only access for their account and any sub-account(s) below their account.
- Diagnostics User – same access as read only user, but with additional ability to reboot the router.
How much data does being connected to NetCloud Manager consume?
Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in "typical" scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.
How do you support Private Networks (cellular or wired)?
NCM can support a customer’s Private Network (3G/4G or wired networks). For device management, NCM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).
Support for Private Networks can be achieved by the following:
- Customers create a firewall rule to allow NCM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at email@example.com
Published Date: 07/16/2018