5G can enrich SD-WAN infrastructures (Source: Cradlepoint)

Until now, the industry has focused on 5G primarily in the context of private networks. With the increasing roll-out of public 5G mobile networks, the expansion of the network infrastructure by means of fast data radio is now coming into focus. Cradlepoint has developed NetCloud Exchange, a management solution that integrates comprehensive security services.

The use of 5G in industry is growing, as the latest figures from the IT industry association Bitkom show. For IT administration, this means integrating a new wireless technology into the IT network infrastructure. Use in production or for autonomous vehicles in intralogistics, for example, requires high reliability and availability of the 5G networks, as well as precise quality management that optimizes data throughput and response speed of the network.

Exactly the same requirements also apply to the company’s entire network infrastructure, including the connection to the outside world. Here, the establishment of a software-defined wide area network (SD-WAN) has proven its worth.

Hybrid SD-WAN using 5G

Solutions already exist that allow 5G campus networks to be integrated into the management of the SD-WAN. Cradlepoint is now going one step further, bringing 5G into play on the WAN connectivity side. Wired structures reach their limits when it comes to providing flexible connectivity to distributed and remote sites, but especially when it comes to networking vehicles and mobile workers. In contrast, 5G can extend and evolve wide-area networks to give them this flexibility. It should not be ignored that the larger the number of connected endpoints, the larger the attack surface. Such an infrastructure therefore requires an adapted security concept.

Quelle: Cradlepoint

Source: Cradlepoint

“Most network solutions today are designed for wired-only deployments. With the new NetCloud Exchange extension, NetCloud now offers new 5G- and security-first services to support enterprise WAN transformation, while specifically focusing on the security aspect.”

Todd Krautkremer, Chief Marketing Officer at Cradlepoint

 

Zero Trust as a fundamental principle

NetCloud Exchange (NCX) relies on Secure Connect to secure network connections. The flexible VPN-like service enables both 4G (LTE) and 5G connections to establish secure end-to-end connections for thousands of sites in three configuration steps. It also eliminates operational complexity familiar from traditional VPNs through automated tunnel orchestration, efficient encryption, name-based routing and simplified IP address management, according to the vendor.

The cradlepoint solution leverages IP address masking (cloaking) and avoids upfront settings to configure network access. While traditional VPN connections first create a connection, which they then secure, Secure Connect first secures the accesses over which a connection is possible – changing the traditional VPN paradigm from “first connect and then secure” to “first secure and then connect”, taking into account the least privilege principle.
This is in line with the principles of Zero Trust. The zero trust concept is based on the premise that fundamentally neither users nor applications, both internal and external, can be trusted. Every network participant, whether human or device, must therefore authenticate itself, and all network traffic is encrypted.

To support this, Zero Trust Network Access is implemented. This service uses flexible, fine-grained policies based on the categories of “user,” “location,” “application,” and “resource.” These policies use identity, context and 5G attributes to control network access.

Integrated solution

These services are provided via the “NetCloud Exchange Service Gateway”. This is a scalable, software-based solution for private and cloud-based data centers. It aggregates remote connections and enforces policies for the services it supports. It also creates visibility at the traffic level, Cradlepoint said, because NCX brings together the configuration of 5G, SD-WAN and security into one WAN architecture so that common components, policies and simplified processes can be used across all supported services.