Cradlepoint Enterprise Cloud Manager
Network Management & Application Platform
Sorry, this product is no longer available, Please contact us for a replacement.
Overview:
Enterprises around the world are embracing cloud, mobile, and Internet of Things (IoT) technologies to decrease complexity while increasing business agility, empowering their distributed workforces, and gaining operational insights. A growing amount of critical enterprise network traffic is moving off private IP networks and on to the public Internet via wired and wireless broadband. At the same time, workforces are becoming more and more geographically distributed.
The effect is that the LAN is being replaced by the WAN—people, places, and things require secure, fast and reliable connectivity no matter their location. And businesses face challenges meeting these increasingly complex demands using legacy solutions.
Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, Cradlepoint’s network management service within the Cradlepoint NetCloud platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.
- Zero-touch Deployment: Configure devices by groups or individually, and update firmware easily with a few clicks.
- Simplified Management: Monitor device statuses in real-time and set proactive alerts for optimized 3G/4G data usage and network uptime.
- Instant Insights: Always connected, real-time network analytics to manage data usage, performance, and costs.
Key Features
- Tier 4 datacenter, SSAE Type II (SAS 70) compliance compliance
- Centralized management
- WAN access over 3G/4G and wired Ethernet connections
- Configure groups and individual devices
- Remotely update firmware
- Manage user access
- Create alerts (downtime, security, & data usage)
- Group & device reporting
- Secure device registration and authentication
- Efficient, bi-directional management protocols
- Open API
Benefits:
Instant Insight & Intelligent Management
Proactive alerts and reporting enable you to better manage devices across your organization.
- Robust analytics to manage performance, data usage, and costs
- Application aware policies for intelligent WAN selection and optimization
- Manage networks intelligently with real-time QoE analytics
- Set alerts for 3G/4G modem connectivity issues, data usage, failed login attempts, modem removal, unauthorized users or configuration changes
Modem Usage Dashboard
Lower The Total Cost of Ownership
Protect mission-critical applications – improve network uptime and performance while reducing costs:
- Using cloud secure access, extend management capability to any primary router out-of-band without a static IP (ECM PRIME only)
- Perform remote diagnostics — status reports and error logs
- Troubleshoot without onsite IT support
- Monitor 3G/4G data usage, avoid overages
- Reduce truck rolls, saving time and money
- Prevent poor customer experiences and lost revenue caused by Internet downtime
Alerts & Logs Activity
Protect Your Network
- Secure data transactions with advanced VPN options
- Integrate Zscaler Internet Security to inspect and filter “direct to internet” traffic with near-zero latency
- Unified Threat Management (IPS/IDS) security options
- Enterprise class Tier 4 datacenter, SSAE Type II (SAS 70) compliance
- Upgrade firmware remotely — ensure up-to-date security and PCI compliance
Groups Firmware Update
Scale Faster
- Zero-touch configuration at installation for rapid deployment
- Deliver services and applications for increased security and capabilities
- Integrate easily with enterprise applications using Cradlepoint's Open API
- Cloud-managed instant scalability with no capital infrastructure costs
GeoView Dashboard
Specifications:
Functionality | Standard | PRIME |
---|---|---|
Cloud-based network management for distributed enterprises | Advanced, location-based all device network management | |
Dashboard | ||
Account (Aggregate) Dashboard | ||
Analytics | ||
|
||
|
||
GeoView Location Services Map | ||
Location Services Map (Entire Network) | ||
Modem (Carrier/Operator) Data Usage | ||
Client Usage | ||
Real-time Configuration & Monitoring | ||
Troubleshooting (Ping & Traceroute) | ||
Speed Test | ||
Device | ||
Device Dashboard / Analytics | ||
Edit Configuration | ||
Net Interface Status | ||
Export Device/Net Interface Config | ||
Rogue AP Detection | ||
Copy Config to Group | ||
Clear Config | ||
Troubleshooting | ||
|
||
|
||
Reboot | ||
Restore to Defaults | ||
Device Logs | ||
WiFi Site Survery | ||
Location Services — GeoView | ||
|
||
|
||
Linked Router Management (LLDP) | ||
Advanced Enterprise Routing | ||
|
||
|
||
|
||
|
||
Advanced VPN & Tunneling Protocols | ||
|
||
|
||
NEMO/DMNR Primary | ||
NEMO/DMNR Failover | ||
Console | ||
|
||
|
||
Historical Data | 30 days | 90 days |
Modems | ||
Multi-Carrier Software Defined Radio | ||
Modem Firmware Management | ||
Groups | ||
Group Dashboard | ||
Client Dashboard | ||
Create / Manage Groups | ||
Configuration & Monitoring | ||
Edit Configuration | ||
Router Firmware Updates | ||
Location Services | ||
|
||
Alerts & Logs | ||
Alerts Management | ||
Activity Log | ||
Accounts and Users | ||
Manage Users | ||
Permission Levels | ||
Reports | ||
Reporting | ||
Scheduler | ||
Scheduler | ||
Tools | ||
Router SDK | ||
API | ||
API |
Supported Routers
- AER3100 Series
- AER2100 Series
- AER1600 Series
- COR IBR1100 Series
- COR IBR900 Series
- COR IBR600B Series
- COR IBR600C Series
- COR IBR600 Series
- COR IBR350
- ARC CBA850
- MBR1200B
Frequently Asked Questions:
What is Cradlepoint Enterprise Cloud Manager?
Enterprise Cloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.
How do I access Cradlepoint Enterprise Cloud Manager?
You can access Cradlepoint Enterprise Cloud Manager (ECM) by going to cradlepointecm.com.
Do new users receive a unique password?
When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to create a new password for their account.
When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to create a new password for their account.
How strong are ECM passwords and how long do they last?
The following are the password requirements:
- Password minimum length (default = 8)
- Require one or more CAPITALIZED letters in the password (default = yes)
- Require one or more numbers in the password (default = yes)
The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.
When an ECM account password is lost, how is it reset?
The user navigates to the “Request New Password” page via the "Forgot Password" link on the ECM central login page where an email address is entered. If the email address entered matches an email address associated with an ECM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.
Cradlepoint support personnel do not have access to ECM user passwords and thus cannot provide any passwords over the phone.
How are passwords stored within the ECM Servers?
All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses the PBKDF2 algorithm with a SHA-256 hash.
Is User Data stored within the Cradlepoint devices?
No user data is stored on the Cradlepoint devices.
As a System Integrator, can I have multiple primary accounts that I can use to see and manage my customers' devices?
Yes, with ECM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).
How many levels of user account privileges does ECM support?
ECM supports three levels of user access privileges for a customer.
- User - Users have full access to the account they are in.
- User Administrator - Same access as users except they can create/edit other users.
- Administrator – has full access to all accounts and sub-accounts and can create accounts and user permissions at any level within the account hierarchy. Only the Administrator can create accounts or user permissions.
- Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
- Read-Only User – has read-only access for their account and any sub-account(s) below their account.
- Diagnostics User – Same access as read only user, but with additional ability to reboot the router.
How does a router register and communicate with ECM?
An embedded ECM management agent exists on the device to communicate with ECM. A device-initiated protocol, designed for the variable characteristics of 3G/4G network connections, is used for support of devices with dynamic IP addresses located behind a firewall.
There are two ways a router registers with ECM:
- Local at the Cradlepoint Router: At the time of the initial registration using the routers local management UI, a user provides ECM username and password and the device securely attaches to ECM and shows up in the ECM Devices list.
- Cradlepoint Operations Registration for Customer: Using a list of router serial numbers or MAC addresses, an authorized Cradlepoint ECM admin creates a registration in a user’s account. The device checks in to see if it is managed by ECM. If it is, the device provides status and remains connected to ECM. If it is not, it checks in on a regular basis in case it is added later.
The device connection and communication uses secure, signed key technologies: SSL over TCP.
How do you support Private Networks (cellular or wired)?
ECM can support a customer’s Private Network (3G/4G or wired networks). For device management, ECM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).
Support for Private Networks can be achieve by either of the following:
- Customers create a firewall rule to allow ECM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).
- Extend the customer’s private network over VPN or private circuit to the Cradlepoint cloud datacenter firewall.
Why does ECM require devices to sync with a time server?
ECM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century – but the routers boot up at Unix epoch 0 (January 1, 1970). The TLS client thinks the certificate is invalid without a time sync.
Why is ECM saying that my device is offline when it's passing data?
If ECM reports that a device is offline, either 1) the device doesn't have an active WAN connection, or 2) it has lost connection to ECM.
If the device has an active WAN connection but ECM is reporting that it is offline, then it has (temporarily?) lost its connection to ECM. This could happen for one of the following reasons:
- A user has suspended the connection via the router administration pages.
- The router has not yet checked in after an ECM maintenance window. This will be for a maximum of 45 minutes: it is dependent on the state of the router's Session Retry Timer when the ECM maintenance window ended.
How much data does being connected to Enterprise Cloud Manager consume?
Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in "typical" scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.
Do you have an API (application program interface) for ECM?
Yes, an open RESTful XML/JSON API is available for ECM (see our API documentation). The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. The ECM API is much more powerful and extensible than the previous WiPipe Central API, so any development done using the WiPipe Central system API will have to be modified to work with the new ECM API.
How do you integrate with Network Management Systems?
Enterprise Cloud Manager can be integrated with any Network Management System via the Enterprise Cloud Manager API. The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.
What level of redundancy and reliability features do the Enterprise Cloud Manager Servers have?
Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:
Datacenter Redundancy and Reliability:
- 24x7x365 onsite staff
- Servers located in multiple availability zones
- Each availability zone is designed as an independent failure zone. This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by region)
- In addition to utilizing discrete uninterruptable power supply (UPS) and onsite backup generators, they are each fed via different grids from independent utilities to further reduce single points of failure
- Availability zones are all redundantly connected to multiple tier-1 transit providers
Server and Software Redundancy:
- Redundant load balanced architecture
- Redundant load balanced application servers
- Redundant database servers located in isolated private networks
- Full nightly backups
- AWS SLA for services provided
Does Cradlepoint perform vulnerability assessment of the ECM servers?
Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the ECM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.
What are the security measures for the Enterprise Cloud Manager Servers?
Enterprise Cloud Manager servers are located within the AWS global infrastructure which is designed and managed according to security best practices as well as a variety of security compliance standards, including: Datacenter Security Best Practices:
- SOC 1/SSAE 16/ISAE 3402 ( formerl y SAS 70)
- SOC 2
- SOC 3
- FISMA, DIACAP, and FedRAMP
- DOD CSM Levels 1-5
- PCI DSS Level 1
- ISO 27001
- ITAR
- FIPS 140-2
- MTCS Level 3
Datacenter Access Control:
Enterprise Cloud Manager servers are housed in AWS's highly secure data centers, which utilize state-of-the art electronic surveillance and multi-factor access control systems.
- Data centers are staffed 24x7x365 by trained security guards and physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
- All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff
- All personnel must be screened when leaving areas that contain customer data
Hardware and Software Security:
- Use of AWS Virtual Private Cloud (VPC) for increased security Network traffic between AWS Regions, Availability Zones and individual datacenters travels over private network segments by default. These private network segments are fully isolated from the public Internet and not routable externally
- Automated security scanning for potential vulnerabilities
- Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited
- Event and Log Management:
- All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management
- Automated logs track and log changes, including backups of this data
Differences Between Series 2 and Series 3 Support in Enterprise Cloud Manager?
Cradlepoint is adding Enterprise Cloud Manager (ECM) support for Series 2 devices. The functionality available to Series 2 devices in ECM is on par with the functionality available in WiPipe Central (WPC). The stream protocol that connects Enterprise Cloud Manager to the router works exclusively with the technology available in Series 3 devices. Together, Series 3 devices connected to ECM represent breakthrough technology in real-time router information with the lightest possible cellular data usage. We recommend customers upgrade to Series 3 devices whenever possible to experience the real-time nature of this breakthrough technology.
For customers unable to upgrade at this time, Series 2 devices will be supported in Enterprise Cloud Manager, but with a similar latency to that experienced in WiPipe Central.
Series 2 devices need to have firmware version 2.0 or higher to work with Enterprise Cloud Manager.
Key Differences
- Interval settings (e.g., heartbeat, logs) have an assigned time that is not configurable in ECM.
- A device status that has recently changed will experience a delay before being updated in ECM.
- When editing a device configuration, users will see configuration pages that look like those from WiPipe Central.
- Some of the column selection options are different.
Interval Settings
Setting | Description / Usage | ECM Configuration | System-Wide Interval Setting |
---|---|---|---|
Heartbeat | How frequently a device sends its ‘heartbeat’ to ECM to indicate whether it's still online | Not configurable via ECM | 5 minutes |
Heartbeat Timeout | Based on the number of allowed missed heartbeats before a device's status switches from online to offline | Not configurable via ECM | ~15 minutes |
Logs | Setting that indicates whether a device sends logs to ECM, and how frequently | Can enable/disable through ECM, but interval is fixed | 1 hour or 200 messages |
Usage Reports | Setting that indicates whether a device sends usage reports to ECM, and how frequently | Can enable/disable through ECM, but interval is fixed | 1 hour |
Sync Interval | How often a device should check with ECM to verify its managed status, session configuration values, and firmware and configuration versions | Not configurable via ECM | 15 minutes |
CradleCare Support:
From initial device deployment to long-term operations, Cradlepoint Global Support offers world-class resources and expertise to keep your network secure, simple and efficient. Cradlepoint offers multiple tiers of support to provide you exactly what you need.
With Cradlepoint Global Support and CradleCare, you can:
- Maximize revenue through always-on uptime and response times
- Save time with our web-based Connect Portal and Knowledge Base
- Collaborate with our multi-certified technical team
- Maintain PCI Compliance with up-to-date router and modem firmware
The following chart provides an overview of Cradlepoint’s support and maintenance offerings:
Included with every Cradlepoint purchase | CradleCare Basic | CradleCare |
---|---|---|
Web-based Cradlepoint Connect Portal:
|
Included +
|
CradleCare Basic +
|
Extended Warranties
Extended Warranties can be purchased in subsequent years, and as a follow-on warranty at the conclusion of the standard warranty period. No gap in coverage is allowed: the new warranty must be in place before the existing warranty expires.
Standard One-Year Warranty (With Extended Warranty Option) Includes:
- Access to Cradlepoint Connect portal and Knowledge Base
- Hardware repair/replacement with 3-5 day shipping
- Software bug fixes
- An option to extend your warranty to 2, 3, or 5 years at the conclusion of the standard warranty period*
*Hardware warranties cannot be extended beyond 5 years from the date of purchase.
Support Bundle
Cradlepoint CradleCare Support combined with Enterprise Cloud Manager improves speed to deployment, network uptime, troubleshooting, remediation, and peace of mind. Now available with two service options to provide the right amount of support for your organization’s networking needs. Integrate cloud-based network management with your Cradlepoint devices to improve productivity, increase reliability, and enhance the intelligence of your network.
Enterprise Cloud Manager + CradleCare Basic | Enterprise Cloud Manager + CradleCare |
---|---|
Enterprise Cloud Manager combined with basic support. Ideal for organizations that require supported network management during 9 to 5 business hours. Includes:
|
Best-in-class cloud-based management combined with world-class support to improve productivity and ensure constant uptime for your network operations. Includes Basic Support features, plus
|
Documentation:
Download the Cradlepoint Enterprise Cloud Manager Datasheet (.PDF)