Call a Specialist Today! 855-958-0754

Cradlepoint NetCloud Engine
Next-Generation WAN: Software-Defined, Security-Driven, Cloud-Delivered

Cradlepoint NetCloud Engine

Sorry, this product is no longer available, please contact us for a replacement.

Click here to jump to more pricing!


NetCloud Engine provides distributed, cloud-driven enterprises with a nextgeneration WAN—secure, software-defined, and delivered as a cloud-based service. The NetCloud Engine platform is fueled by SDN and virtualization software to eliminate the hardware, complexity, and operational costs of traditional WANs. This extends the simplicity, security, and utility of Layer-3 LANs anywhere across the Internet.

Now IT teams can build and deploy virtual overlay networks in minutes to connect people, places, and things—like remote or distributed workforces, IoT devices, pop-up stores or kiosks, and digital signage—across any private or public cloud, plus provide secure access for remote users using Windows, iOS, Android, or Linux devices.

NetCloud Engine works with existing network and security infrastructures. It requires no hardware or configuration, scales instantly, and is subscription-based—so you pay as you grow.

  • Reduce WAN-related OPEX
  • Eliminate hardware costs and complexity
  • Rapidly connect people, places and things
  • Enhance security & compliance
  • Enable BYOD

Fueled by Software

Introducing your next WAN—software-defined, delivered as a service, and designed with security in mind for today’s connected enterprise.

NetCloud Engine enables IT and network teams to deploy cloud-based networks in minutes to connect distributed peopleplaces and things anywhere. Our NetCloud Engine platform is fueled by network and service virtualization software and powered by cloud infrastructure—providing Internet reach with private network security and control, and LAN simplicity and mesh connectivity. Now you can make the public Internet your private network without giving up visibility, security and control.

Delivered as a service, everywhere.

Connect & Protect People, Places & Things Anywhere

Connect & Protect People, Places & Things Anywhere

Multi-Layer Security: Protects End-to-End, Everywhere

As enterprises continue to embrace workforce mobility, BYOD, and public cloud, protecting network borders and endpoints are no longer sufficient. NetCloud Engine’s security foundation is a multi-layer, network-based approach to security that protects users, devices, and workloads wherever they’re deployed. Key elements include:

  • Secure Overlay: Abstraction of logical network and address space from the Internet
  • Encryption: Protects data in-transit end-to-end with the strength of 256-bit encryption
  • Network Virtualization: Enables zero-trust WANs through microsegmentation
  • Multi-layer Authentication: Device, virtual network, domain, and certificate level

These security building blocks help protect against a myriad of networkbased attacks:

  • IP address-related attacks (port scans, spoofing, DNS poisoning, and DDoS)
  • Packet sniffing exploits (Firesheep and other nefarious sniffing programs)
  • Authentication hacks (unchanged passwords, brute force, and single factor)

Zero-Trust WANs: Contain Threats When & Where They Happen

As more subnets connect over the WAN, the “attack surface” of a breach or malware infection grows both inside or outside the firewall. To significantly limit the impact of such events, NetCloud Engine’s virtual networks can be micro-segmented on a site, departmental, or even user and device level. The result is a zero-trust WAN that automatically isolates threats and quarantines them when and where they happen.

Rapid Deployment: Define in Minutes, Deploy With Your Tools

Define and deploy virtual networks, connect local and remote users, small offices, IoT devices and sensors, kiosks, digital signage, and even VMs, containers, and servers in minutes rather than days. NetCloud Engine works with popular automation, orchestration, and client software distribution tools, including Puppet, Chef, and Microsoft SCCM.

Network Service Virtualization: Add Services without Appliances

Extend the visibility, security and control of cloud networks with NetCloud Engine Services and Network Service Virtualization. In a few clicks you can add services such as Active Directory integration, security policy deployment for micro-segmentation, and network bandwidth monitoring.

Power of the Cloud: Global Reach, Enterprise Scale, Full Resiliency

The NetCloud Engine platform overlays top-tier cloud data centers around the world, including Amazon AWS, Rackspace and Digital Ocean. This enables massive scale to accommodate large networks and traffic loads, and local points of presence to 80 percent of the world’s computing population. When a disruption occurs, the platform’s SDN and multi-cloud architecture enables affected networks to be automatically migrated to another data center—often within the TCP protocol connection timeout—so users’ sessions are maintained and users themselves are often unaware of any issue.

Power of the Cloud: Global Reach, Enterprise Scale, Full Resiliency

12:00: Administrator names network. NetCloud Engine spins up L3 switch in cloud.
12:01: NetCloud Engine’s ServicePoint securely calls ControlPoint to allocate network.
12:02: NetCloud Engine secures network with PKI & 256-bit AES encryption. Network is allocated.
12:03: Administrator adds devices to network, invites users, adds devices, servers, VMs, and even containers.
12:05: Users download on preferred OS enabling them to communicate securely, be located anywhere and be more productive!
12:07: Administrator layers on services—ADConnect, GeoView, Application Monitor, Firewall, IDS, etc.



  • Deploys in minutes
  • No configuration
  • No changes to existing network infrastructure


  • Encrypted data-in-transit (256-bit AES)
  • No data stored in cloud
  • Private IP address space
  • Enables micro-segmentation for zero-trust WANs
  • Certificate-based Auto-PKI (X.509 CA)

High Availability

  • Runs on top-tier cloud providers around the world
  • Fully redundant architecture
  • Self-healing, self-optimizing
  • Seamless failover

OS Support

  • Windows 7/8, Mac 10.7+
  • Windows, Android, & iOS phones & tablets
  • Windows 2008R2 / 2012 & Linux servers
  • Docker containers

Business Benefits

  • Reduce WAN-related OPEX
  • Eliminate hardware costs & complexity
  • Pay as you grow
  • Rapidly connect people, places, and things securely no matter their location
  • Enhance security & compliance
  • Enable BYOD

Use Cases:

IoT Devices, Sensors

  • Connect IP-enabled devices to secure network
  • Enable remote control & management
  • Leverage LTE & WiFi connections to eliminate costly cabling
  • Reduce time to deploy from days or hours to minutes

Enable Access to Resources Anywhere

  • Micro-segment networks with policy engine to enable appropriate access
  • Connects any private & public cloud
  • Provide application access across providers
  • Extend existing networks without additional infrastructure
  • Scales up/down instantly

Remote/Mobile Access

  • Global availability
  • Windows, Android & iOS mobile device support
  • Persistent, always-on
  • LAN experience
  • Zero-trust—isolate access to select servers

Extend Active Directory Domains

  • Maintain domain security
  • Keep remote users always connected to AD domain from anywhere
  • No user action required
  • Eliminate cached passwords
  • Instantly push policy & security patches
  • Enforce AD DNS use


NetCloud Engine Deployment


Remote Access From Anywhere

Cradlepoint helps IT organizations maintain their sanity and budgets while addressing the growing need for remote access from anywhere. Whether keeping up with the demands of your remote and mobile workforce, connecting new remote offices, providing isolated access for contractors, or deploying a temporary network for a construction site or sales meeting, Cradlepoint NetCloud Engine makes it easy.

With Cradlepoint NetCloud Engine, you can build a virtual overlay network to give groups of remote users segmented access to files and applications—whether in the data center or public cloud. Provide users with a seamless LAN experience while eliminating the hardware and headaches of a traditional VPN. Through the admin web console, you can provision users and devices in just a few clicks, and delete them just as fast.

From a security perspective, NetCloud Engine combines strong end-to-end encryption, auto-PKI and machine authentication with a fully cloaked private address space and micro-segmentation capabilities to offer the security of a private network over the public Internet.


  • Support for all modern devices: Windows, Mac, Linux, iOS and Android
  • Automatic user and device level ACLs
  • Multi-factor authentication: user (ID), device (token) and certificate (PKI)
  • Encryption: AES 256-bit encryption, no configuration


  • Network virtualization enables new security model for cloud and mobile
  • Scale connectivity when and where you need it
  • Virtual overlay network, works with existing infrastructure
  • No hardware upgrades, scalable and always up-to-date

Remote Access From Anywhere

Enterprise Mobility, Extend MDM

NetCloud Engine is designed to address the unique challenges associated with providing secure access to critical files and applications from mobile devices, including Windows, Android and Apple iOS phones and tablets.

Unlike traditional VPNs, you can deploy a virtual overlay network and segregate mobile users and the specific servers they need access to—whether in the data center or public cloud—from everything else. This “quarantine” approach ensures that mobile devices are contained and mobile users cannot access unauthorized resources on data center or office LANs.

Enterprise mobility requires enterprise security. NetCloud Engine extends MDM by providing micro-segmentation capabilities and a fully cloaked private address space with outbound-only connections to eliminate the risk of exposing public IP addresses or inbound firewall ports.


  • Supports Windows, Android and iOS tablets and phones
  • Network virtualization and micro-segmentation enables quarantining of mobile devices
  • End-to-end encryption with device and X.509 certificate (PKI) authentication
  • Works with MDM and popular mobile apps for file and desktop access


  • Superior mobile security without the complexity of traditional VPNs
  • Scale mobile access when and where you need it
  • Virtual overlay network, works with existing infrastructure
  • No head-end hardware, scale without forklift upgrades

Enterprise Mobility, Extend MDM

M2M & Connected Devices

A machine-to-machine network with NetCloud Engine can securely connect, monitor and manage devices deployed in the field, or anywhere in the world. You can create a virtual overlay network to connect devices using any form of public or private Internet access and segment them by customer, site or function.

Because NetCloud Engine provides persistent, always-on connections—just like a LAN, they're ideal for supporting real-time applications like remote monitoring, data analysis and complex event processing (CEP).

NetCloud Engine is designed to support the unique security requirements of M2M and connected device applications, including: strong end-to-end encryption, auto-PKI and machine authentication, a fully cloaked private address space, outbound-only connections, virtual network isolation and micro-segmentation.


  • Support for all modern devices: Windows, Mac, Linux, Android, and iOS
  • Persistent, always-on connections
  • Micro-segmentation with device-level SSL encryption
  • Machine-level authentication designed for embedded devices, kiosks, etc.


  • Massively scalable cloud platform with global footprint
  • Supports real-time applications like remote monitoring, analysis and CEP
  • Managed service with automatable deployments reduces operating costs
  • Self-healing cloud service ensures maximum uptime
  • Private IP address space and outbound connections eliminate the need for expensive public IP addresses and on-premise firewall changes

M2M & Connected Devices

Extend your AD Domain Everywhere

Today, Active Directory (AD) is the foundation of enterprise security. It provides essential domain services such as authentication and single sign-on (SSO), password compliance, security and configuration policy (Group Policy), desktop software updates, and DNS. This all works great when everyone's in the office and on the AD domain, but what happens when remote users are off domain for extended periods of time?

NetCloud Engine with ADConnect allows IT admins to extend AD domain services seamlessly to remote users everywhere. Unlike traditional VPNs, NetCloud Engine emulates a persistent LAN connection that enables native AD authentication and keeps remote machines always on domains without end user interaction. Now you can reduce security risks and improve compliance by extending essential AD capabilities to everyone everywhere.


  • Instant connection enables native AD logins, no cached passwords
  • Extends AD domain security and policy to remote users anywhere
  • Persistent, LAN-like experience requires no user interaction
  • Connect secondary and tertiary AD servers anywhere for redundancy


  • Improve security and compliance of remote and mobile workforce
  • Reduce support desk calls for password updates, etc.
  • Improve user experience with Kerberos SSO for remote users
  • Ensure availability of AD infrastructure

Extend your AD Domain Everywhere

Hybrid & Multi-Cloud Networking

There are a lot of public cloud options today. Whether your workloads are mainstream applications, disaster recovery, development or cloud bursting, there's a public cloud suited to your needs and workflow. The challenge becomes how to securely network them all together without losing automation and flexibility.

NetCloud Engine lets IT, development and DevOps teams build virtual private cloud (VPC) networks in minutes that connect cloud instances, containers and remote users across any private or public cloud. NetCloud Engine is software-defined and cloud-based, so there's no hardware or configuration and automation is a snap using machine authentication.

Each VPC is a secure, virtual overlay network with its own private address space, eliminating the need for public IP addresses or open inbound firewall ports.


  • Connect distributed VMs, containers and remote users on a single subnet
  • Isolate multiple cloud environments, easily migrate workloads
  • Virtual overlay network works with any private or public cloud
  • Superior security over traditional VPNs
  • Automatable using popular cloud orchestration and deployment tools


  • Connect distributed VMs, containers and remote users on a single subnet
  • Isolate multiple cloud environments, easily migrate workloads
  • Virtual overlay network works with any private or public cloud
  • Superior security over traditional VPNs
  • Automatable using popular cloud orchestration and deployment tools

Hybrid & Multi-Cloud Networking

SD-WAN for Cloud BC/DR

Many IT organizations have embraced public cloud storage or private Disaster Recovery as a Service (DRaaS) solutions as a cost effective way to ensure business continuity (BC) in the event of a disaster. While these services simplify the process of continual data backup and server replication, one challenge remains—static and inelastic network connectivity.

NetCloud Engine SD-WAN allows IT organization to deploy a virtual overlay network for BC/DR to connect remote and displaced workforce to backup servers and data from anywhere and any device. Since Cradlepoint networks are cloud-based and software-defined, you can seamlessly scale from a few to hundreds of connections—eliminating racks of idle hardware. With NetCloud Engine SmartZones, you can even deploy DR-based WAN parallel to your traditional WAN and control how traffic is routed between them.


  • Supports any server, VMs, containers on any private or public cloud
  • Secure DR access for Windows, Mac, Android and Apple devices
  • LAN over WAN connection for primary and backup server replication
  • Deploy in minutes or run parallel to your primary WAN
  • Scales instantly—without hardware—to support hundreds of connections
  • Integrated DNS service eliminates remapping of drives and FQDNs
  • Multi-layer security ensures compliance without additional overhead
  • Automatable using popular cloud orchestration and deployment tools


  • Provide business continuity in the event of a disaster displaces your workforce
  • Single solution that can support a breath of DR/BC requirements
  • Multi-cloud SDN platform routes around disasters to ensure high availability
  • Application-level network ensures DR workload mobility across private and public clouds
  • Save thousands by eliminating racks of standby network hardware
  • Accelerate DR fail-over by using SmartZones to run parallel WANs

SD-WAN for Cloud BC/DR


Functionality Standard PRIME
OS Client
Cloud-Based VPN
Secure Overlay Connection
Remote Access
MPKI-as-a-Service included
GeoView Pro
Port/Protocol ACLs
Application Firewall
Access Control
Secure Internet Access
Usage Monitor
Virtual Gateways

Supported Routers

  • AER3100 Series
  • AER2100 Series
  • AER1600 Series
  • COR IBR1100 Series
  • COR IBR900 Series
  • COR IBR600B Series
  • COR IBR600C Series
  • COR IBR600 Series
  • COR IBR350
  • ARC CBA850


Security Policy

Define and enforce network-wide firewall and access controls and restrict user access-from anywhere-by apps, devices and more


Connect one or more Active Directory servers to your cloud network and extend domain services to remote users and devices, anywhere


Provide customized fully qualified domain names (FQDNs) and alternative names for all devices


Provide iPhone and iPad devices with secure access to files and applications on any desktop or server using the native iOS VPN client


Get near-real-time visibility into cloud network utilization and see top talkers by user or device


Get an accurate street-level view of all connected users and devices on your cloud network



Download the Cradlepoint NetCloud Engine Datasheet (.PDF)

Pricing Note: