Zyxel Nebula: an overview of the key capabilities of the cloud network ecosystem
For small and medium businesses, building a network can be difficult due to high costs. Zyxel to solve this problem offers a cloud system Nebula - a solution for creating and managing a network that focuses not only on hardware, but also on software components. On its features, key features and devices, we describe below.
Introduction
All products under the brand Nebula, including wireless access points, switches and routers, have the ability to manage from the cloud. Unlike traditional solutions, they can be centrally managed, configured, diagnosed and monitored in real time using an application or through a web portal. Thus, it is possible to control both specific devices and the network as a whole. The high level of scalability also makes it easy to deploy new parts of the network simply by connecting new devices. This does not require any special knowledge and can be done even without the participation of IT professionals - you just need to connect the devices and they will start working. Nebula also makes it easy to establish a secure, secure VPN connection over the Internet between multiple network segments.
')
Key features of the system:
- built-in management tools for the rapid deployment of large networks;
- an intuitive, automated network management interface, as well as constant updating of functions that greatly facilitate network management and - allow you to quickly learn the professionals who work with it for the first time;
- centralized visibility of all components, which reduces the cost of software and equipment by optimizing the network;
- A complete portfolio of solutions from a single vendor, which ensures good compatibility of network components;
- a licensing model on credit and on demand provides the flexibility of using the system depending on the current needs of the business;
- devices and the network itself continue to operate, even if the license has expired.
Network architecture
Nebula provides an architecture for creating and managing networks over the Internet using the Software as a Service (SaaS) model. That is, it eliminates the need for the physical construction of local systems to manage the network. All Nebula devices are managed from the cloud via a secure TLS connection. In this way, you can manage hundreds of devices from anywhere in the world and make changes to policies and network settings through a central control panel.
Nebula uses infrastructure and services built on the basis of Amazon Web Service (AWS), so data and traffic are protected by AWS Cloud Security. The data coming from the devices is divided in two — service information (for example, configuration, monitoring data, statistics, etc.) is transmitted to the cloud using a secure connection using the specialized protocol NETCONF (about it later), and user traffic (for example, during surfing the web or using apps) is sent immediately to the target server without going through the cloud.
NETCONF Standard
Nebula is the industry's first solution that uses the NETCONF protocol to secure network configuration changes via the cloud. When transferring data using this protocol, TLS is used, which guarantees data security. Before the introduction of NETCONF, command line interface scripts and the SNMP protocol were used. These solutions have some drawbacks, for example, there is no transaction management and reliable security mechanisms. The NETCONF protocol was designed to eliminate these shortcomings. It supports TCP to overcome the NAT barrier and is considered more reliable than the above protocols. It also uses less traffic, which is important when managing a network through the cloud. So, this is now the optimal solution for the Nebula.
Nebula Control Center
The Nebula Control Center (NCC) provides the user with extensive tools for working with the network and a clear vision of the processes occurring in it. Through the web interface, which is available on computers, smartphones and tablets, you can immediately see the analysis of network performance, device status, and overall network status. Information enters the Nebula Control Center in automatic mode, all the administrator needs to do is just enter it. The Nebula Control Center also has a number of security tools that protect devices and users, and also provide the necessary information to enhance the security of the entire network. Next, we describe the main features that the NCC provides.
Role-based management
The network owner can assign different roles for administrators working with it. Each role has one or another set of functions for managing the network and setting up guest access. This saves from the fact that a person who does not have the authority to do so can perform certain actions that can be harmful. Proper distribution of roles also ensures that the network administrators correctly configure the network.
Real-time monitoring
In Nebula, monitoring network status occurs 24/7. Administrators receive information on all network activity, including the operation of installed equipment. Such reports can be saved and subsequently used during the installation of new devices or network expansion. All reports are flexibly configured, so that administrators receive only the necessary information.
Network management tools
Integrated with multi-functional dashboards, maps, floor plans, and more, these tools allow you to fine-tune selected areas through the Nebula Control Center. Simply select the desired site they will receive a detailed network analysis, authentication management, checking settings, VPN-tunnels and other elements.
Setting alerts
This tool helps administrators manage multiple network devices. As soon as one of them has a configuration change, the administrator immediately receives a notification. They come from the entire network, how big it is and they allow you to keep your settings and security policies up to date.
Protection against incorrect settings
To prevent interruptions due to incorrect or incorrect settings, Nebula devices can request settings directly from the Nebula Control Center and receive them via the cloud. This allows you to always maintain the network in working condition.
Login Audit
Nebula Control Center automatically records the login time and IP address of each administrator registered in the system. This allows you to track who made what changes to the system, as well as when they were made.
SSL support
Communication between cloud services and administrators is carried out over secure channels using the SSL protocol. This means that all sensitive data is securely protected and cannot be intercepted by a third party.
Closing the connection after a timeout
In the Nebula cloud architecture, a connection can only be active for a certain period of time. If during the established period no traffic is transmitted over the open connection, the user will be disconnected from the system, having received a corresponding warning before. Then the session can be restored by re-entering a username and password.
Nebula mobile application
Branded mobile application for iOS and Android offers the tools to significantly accelerate network management. For example, using a QR code scanner, you can quickly register new devices by simply scanning the bar code. For each registered device, you can view detailed information, for example, the serial number and MAC address, as well as in what location it is installed. Detailed information is also shown for each location. For example, you can view the network load and find out how many devices are currently connected to a particular network device (wireless access point or router). You can also take pictures of installed devices and leave the images in the application. All this helps (and makes it much easier) ITT to monitor the status of the network in real time.
Product family
Wireless access points
Nebula wireless access points are designed for installation in offices, schools, hospitals, shops, restaurants and other public places, as well as in enterprises. They support the latest 802.11ac standard and technologies such as MIMO, Smart Antenna, DCS, Load Balancing, Smart Client Steering and others. All this allows you to build a productive Wi-Fi network and organize reliable signal coverage. All of them are controlled through the cloud and have the automatic configuration feature, which greatly facilitates the deployment and maintenance of the wireless network. Below you can see the characteristics of branded access points Nebula.
Features:
• The MIMO 2x2 802.11ac AP access point supports speeds up to 1.2 Gbps (NAP102);
• MIMO 3x3 802.11ac AP access point supports speeds up to 1.75 Gbps (NAP203, NAP303, NAP353);
• Antenna with double optimization (NAP203);
• Smart antenna (NAP303);
• Enclosure providing all-weather protection for IP66 (NAP353);
• Self-configuration, automatic deployment (zero-touch);
• Enterprise-class security and radio communication optimization;
• DCS, load balancing and smart client steering;
• Support for registration in the system with a Facebook account;
Switches
Nebula network switches with support for processing traffic level 2 is a good solution for deployment in branch offices and then managed through the cloud. Nebula Control Center allows you to remotely monitor and configure all available ports, as well as configure multiple switches in a couple of mouse clicks simply using one template. A number of cloud advantages are also available: simplified configuration and management, display of the state of the entire network and control in real time, which significantly speeds up the branch network deployment. Such advanced settings like ACLs, VLAN-based QoS, and PoE schedules significantly improve network management efficiency. Below you can see the characteristics of branded network switches Nebula.
Features:
• Gigabit L2 switches with 8/24 ports with PoE support and without PoE;
• Availability of 10GE uplink ports for connecting to a high-speed network (NSW200-28P);
• Convenient configuration of ACL and VLAN;
• Support for DHCP Server Guard and IGMP snooping;
• Supports PoE technology with a power budget of 375 watts (NSW200-28P, NSW100-28P) / 180 watts (NSW100-10P);
• Port mirroring to monitor network traffic;
• Intellectual PoE technology and network topology;
• RADIUS or 802.1X authentication, static MAC forwarding;
Security Gateways
Nebula network security gateways provide organizations with reliable network protection. They use Next-Gen Firewall features, for example, IDP (Intrusion Detection System), which provides a high level of protection for small and medium-sized businesses. Nebula security gateways are designed for management from the cloud and can automatically receive their settings, configure site-to-site VPN, automatically receive software updates and security signatures via the Internet. Using the Nebula cloud interface, administrators can set security policies for the entire network and easily monitor networks in all branches. Below you can see the characteristics of Nebula branded network security gateways.
Features:
• Full control from the cloud over the network, security and applications;
• Easy site-to-site VPN setup
• Network security provide Next-Generation Firewall, IDP and Application Patrol;
• Built-in DHCP, NAT, QoS and VLAN management functions;
• Support for static routing and DynDNS services;
• Security rules and application management;
• Support for authentication in the cloud Nebula.
Licensing
Nebula cloud services are available in several subscription options. But the main thing is that even if the validity of any license has expired, users can continue to use the basic functions of the service. This allows the network to always remain in a healthy state. Next, let's talk about the types of licenses provided.
Credit licensing
To reduce the initial cost of operating the device, the Nebula comes with a license for the Nebula Control Center for a period of one year. After the expiration of this license, users can renew it with Nebula Points. Credit licensing reduces the number of SKUs and license keys required to activate the service, since licenses for licenses can be used for different types of devices and models, regardless of whether a license is used for a new device or not.
Limited lifetime license for Nebula Control Center services
The limited lifetime license is designed for users who need a full-featured service for a long time to configure and monitor devices using the NCC without renewing licenses annually, and also to replace previously purchased Nebula devices with new ones without additional licensing costs.
In addition, the scheme of limited lifetime licensing is similar to the licensing of traditional controllers, understandable and convenient. It was designed to complement the credit licensing model, which provides predictable costs for the purchase of licenses, and provides more flexibility to both customers and channel partners, and reduces costs over the long term.
Nebula Security Service License
To reduce the initial cost of purchasing a license, simplify registration and activate the Nebula Security Gateway (NSG) security gateways, each NSG comes with a IDP and Application Patrol license for the Nebula Security Service license (NSSIDP) for 1 year. The NSS-IDP license must be acquired in addition to the license for the Control Center. If a company uses multiple NSGs, then the expiration dates of their licenses can also be synchronized, but they cannot be synchronized with the licenses for the Nebula Control Center service.
Synchronous license expiration
The Zyxel Nebula Control Center automatically adjusts the expiration dates of all licenses for the same day. When a company purchases additional licenses for equipment, the expiration dates of the old licenses and the new ones are recalculated and adjusted so that all the licenses have the same expiration date, and as a result, the company has all the licenses valid until the same date. Please note that the use of the Zyxel Nebula Service is subject to the terms of the License Co-termination.
In the dry residue
Zyxel Nebula is an ecosystem of hardware and software that allows you to centrally build a network on their basis and manage from one place with simple tools. The Zyxel Nebula family includes wireless access points, switches and security gateways, as well as a cloud management center. The constructed network is intended for use in small and medium-sized businesses that have several branches, as well as in public places (restaurants, schools, etc.). For companies that are constantly expanding, it is very convenient to increase the size of the network due to the ease of installing new devices and their settings - in fact, the equipment configuration occurs automatically, which saves both on network maintenance and on the maintenance of IT staff. Zyxel also offers flexible licensing models, and also ensures that the basic network functions work even after the subscription expires. All this makes Nebula very attractive for SMB (small and medium business) enterprises.
Introduction
All products under the brand Nebula, including wireless access points, switches and routers, have the ability to manage from the cloud. Unlike traditional solutions, they can be centrally managed, configured, diagnosed and monitored in real time using an application or through a web portal. Thus, it is possible to control both specific devices and the network as a whole. The high level of scalability also makes it easy to deploy new parts of the network simply by connecting new devices. This does not require any special knowledge and can be done even without the participation of IT professionals - you just need to connect the devices and they will start working. Nebula also makes it easy to establish a secure, secure VPN connection over the Internet between multiple network segments.
')
Key features of the system:
- built-in management tools for the rapid deployment of large networks;
- an intuitive, automated network management interface, as well as constant updating of functions that greatly facilitate network management and - allow you to quickly learn the professionals who work with it for the first time;
- centralized visibility of all components, which reduces the cost of software and equipment by optimizing the network;
- A complete portfolio of solutions from a single vendor, which ensures good compatibility of network components;
- a licensing model on credit and on demand provides the flexibility of using the system depending on the current needs of the business;
- devices and the network itself continue to operate, even if the license has expired.
Network architecture
Nebula provides an architecture for creating and managing networks over the Internet using the Software as a Service (SaaS) model. That is, it eliminates the need for the physical construction of local systems to manage the network. All Nebula devices are managed from the cloud via a secure TLS connection. In this way, you can manage hundreds of devices from anywhere in the world and make changes to policies and network settings through a central control panel.
Nebula uses infrastructure and services built on the basis of Amazon Web Service (AWS), so data and traffic are protected by AWS Cloud Security. The data coming from the devices is divided in two — service information (for example, configuration, monitoring data, statistics, etc.) is transmitted to the cloud using a secure connection using the specialized protocol NETCONF (about it later), and user traffic (for example, during surfing the web or using apps) is sent immediately to the target server without going through the cloud.
NETCONF Standard
Nebula is the industry's first solution that uses the NETCONF protocol to secure network configuration changes via the cloud. When transferring data using this protocol, TLS is used, which guarantees data security. Before the introduction of NETCONF, command line interface scripts and the SNMP protocol were used. These solutions have some drawbacks, for example, there is no transaction management and reliable security mechanisms. The NETCONF protocol was designed to eliminate these shortcomings. It supports TCP to overcome the NAT barrier and is considered more reliable than the above protocols. It also uses less traffic, which is important when managing a network through the cloud. So, this is now the optimal solution for the Nebula.
Nebula Control Center
The Nebula Control Center (NCC) provides the user with extensive tools for working with the network and a clear vision of the processes occurring in it. Through the web interface, which is available on computers, smartphones and tablets, you can immediately see the analysis of network performance, device status, and overall network status. Information enters the Nebula Control Center in automatic mode, all the administrator needs to do is just enter it. The Nebula Control Center also has a number of security tools that protect devices and users, and also provide the necessary information to enhance the security of the entire network. Next, we describe the main features that the NCC provides.
Role-based management
The network owner can assign different roles for administrators working with it. Each role has one or another set of functions for managing the network and setting up guest access. This saves from the fact that a person who does not have the authority to do so can perform certain actions that can be harmful. Proper distribution of roles also ensures that the network administrators correctly configure the network.
Real-time monitoring
In Nebula, monitoring network status occurs 24/7. Administrators receive information on all network activity, including the operation of installed equipment. Such reports can be saved and subsequently used during the installation of new devices or network expansion. All reports are flexibly configured, so that administrators receive only the necessary information.
Network management tools
Integrated with multi-functional dashboards, maps, floor plans, and more, these tools allow you to fine-tune selected areas through the Nebula Control Center. Simply select the desired site they will receive a detailed network analysis, authentication management, checking settings, VPN-tunnels and other elements.
Setting alerts
This tool helps administrators manage multiple network devices. As soon as one of them has a configuration change, the administrator immediately receives a notification. They come from the entire network, how big it is and they allow you to keep your settings and security policies up to date.
Protection against incorrect settings
To prevent interruptions due to incorrect or incorrect settings, Nebula devices can request settings directly from the Nebula Control Center and receive them via the cloud. This allows you to always maintain the network in working condition.
Login Audit
Nebula Control Center automatically records the login time and IP address of each administrator registered in the system. This allows you to track who made what changes to the system, as well as when they were made.
SSL support
Communication between cloud services and administrators is carried out over secure channels using the SSL protocol. This means that all sensitive data is securely protected and cannot be intercepted by a third party.
Closing the connection after a timeout
In the Nebula cloud architecture, a connection can only be active for a certain period of time. If during the established period no traffic is transmitted over the open connection, the user will be disconnected from the system, having received a corresponding warning before. Then the session can be restored by re-entering a username and password.
Nebula mobile application
Branded mobile application for iOS and Android offers the tools to significantly accelerate network management. For example, using a QR code scanner, you can quickly register new devices by simply scanning the bar code. For each registered device, you can view detailed information, for example, the serial number and MAC address, as well as in what location it is installed. Detailed information is also shown for each location. For example, you can view the network load and find out how many devices are currently connected to a particular network device (wireless access point or router). You can also take pictures of installed devices and leave the images in the application. All this helps (and makes it much easier) ITT to monitor the status of the network in real time.
Product family
Wireless access points
Nebula wireless access points are designed for installation in offices, schools, hospitals, shops, restaurants and other public places, as well as in enterprises. They support the latest 802.11ac standard and technologies such as MIMO, Smart Antenna, DCS, Load Balancing, Smart Client Steering and others. All this allows you to build a productive Wi-Fi network and organize reliable signal coverage. All of them are controlled through the cloud and have the automatic configuration feature, which greatly facilitates the deployment and maintenance of the wireless network. Below you can see the characteristics of branded access points Nebula.
Features:
• The MIMO 2x2 802.11ac AP access point supports speeds up to 1.2 Gbps (NAP102);
• MIMO 3x3 802.11ac AP access point supports speeds up to 1.75 Gbps (NAP203, NAP303, NAP353);
• Antenna with double optimization (NAP203);
• Smart antenna (NAP303);
• Enclosure providing all-weather protection for IP66 (NAP353);
• Self-configuration, automatic deployment (zero-touch);
• Enterprise-class security and radio communication optimization;
• DCS, load balancing and smart client steering;
• Support for registration in the system with a Facebook account;
Switches
Nebula network switches with support for processing traffic level 2 is a good solution for deployment in branch offices and then managed through the cloud. Nebula Control Center allows you to remotely monitor and configure all available ports, as well as configure multiple switches in a couple of mouse clicks simply using one template. A number of cloud advantages are also available: simplified configuration and management, display of the state of the entire network and control in real time, which significantly speeds up the branch network deployment. Such advanced settings like ACLs, VLAN-based QoS, and PoE schedules significantly improve network management efficiency. Below you can see the characteristics of branded network switches Nebula.
Features:
• Gigabit L2 switches with 8/24 ports with PoE support and without PoE;
• Availability of 10GE uplink ports for connecting to a high-speed network (NSW200-28P);
• Convenient configuration of ACL and VLAN;
• Support for DHCP Server Guard and IGMP snooping;
• Supports PoE technology with a power budget of 375 watts (NSW200-28P, NSW100-28P) / 180 watts (NSW100-10P);
• Port mirroring to monitor network traffic;
• Intellectual PoE technology and network topology;
• RADIUS or 802.1X authentication, static MAC forwarding;
Security Gateways
Nebula network security gateways provide organizations with reliable network protection. They use Next-Gen Firewall features, for example, IDP (Intrusion Detection System), which provides a high level of protection for small and medium-sized businesses. Nebula security gateways are designed for management from the cloud and can automatically receive their settings, configure site-to-site VPN, automatically receive software updates and security signatures via the Internet. Using the Nebula cloud interface, administrators can set security policies for the entire network and easily monitor networks in all branches. Below you can see the characteristics of Nebula branded network security gateways.
Features:
• Full control from the cloud over the network, security and applications;
• Easy site-to-site VPN setup
• Network security provide Next-Generation Firewall, IDP and Application Patrol;
• Built-in DHCP, NAT, QoS and VLAN management functions;
• Support for static routing and DynDNS services;
• Security rules and application management;
• Support for authentication in the cloud Nebula.
Licensing
Nebula cloud services are available in several subscription options. But the main thing is that even if the validity of any license has expired, users can continue to use the basic functions of the service. This allows the network to always remain in a healthy state. Next, let's talk about the types of licenses provided.
Credit licensing
To reduce the initial cost of operating the device, the Nebula comes with a license for the Nebula Control Center for a period of one year. After the expiration of this license, users can renew it with Nebula Points. Credit licensing reduces the number of SKUs and license keys required to activate the service, since licenses for licenses can be used for different types of devices and models, regardless of whether a license is used for a new device or not.
Limited lifetime license for Nebula Control Center services
The limited lifetime license is designed for users who need a full-featured service for a long time to configure and monitor devices using the NCC without renewing licenses annually, and also to replace previously purchased Nebula devices with new ones without additional licensing costs.
In addition, the scheme of limited lifetime licensing is similar to the licensing of traditional controllers, understandable and convenient. It was designed to complement the credit licensing model, which provides predictable costs for the purchase of licenses, and provides more flexibility to both customers and channel partners, and reduces costs over the long term.
Nebula Security Service License
To reduce the initial cost of purchasing a license, simplify registration and activate the Nebula Security Gateway (NSG) security gateways, each NSG comes with a IDP and Application Patrol license for the Nebula Security Service license (NSSIDP) for 1 year. The NSS-IDP license must be acquired in addition to the license for the Control Center. If a company uses multiple NSGs, then the expiration dates of their licenses can also be synchronized, but they cannot be synchronized with the licenses for the Nebula Control Center service.
Synchronous license expiration
The Zyxel Nebula Control Center automatically adjusts the expiration dates of all licenses for the same day. When a company purchases additional licenses for equipment, the expiration dates of the old licenses and the new ones are recalculated and adjusted so that all the licenses have the same expiration date, and as a result, the company has all the licenses valid until the same date. Please note that the use of the Zyxel Nebula Service is subject to the terms of the License Co-termination.
In the dry residue
Zyxel Nebula is an ecosystem of hardware and software that allows you to centrally build a network on their basis and manage from one place with simple tools. The Zyxel Nebula family includes wireless access points, switches and security gateways, as well as a cloud management center. The constructed network is intended for use in small and medium-sized businesses that have several branches, as well as in public places (restaurants, schools, etc.). For companies that are constantly expanding, it is very convenient to increase the size of the network due to the ease of installing new devices and their settings - in fact, the equipment configuration occurs automatically, which saves both on network maintenance and on the maintenance of IT staff. Zyxel also offers flexible licensing models, and also ensures that the basic network functions work even after the subscription expires. All this makes Nebula very attractive for SMB (small and medium business) enterprises.
Source: https://habr.com/ru/post/339024/
All Articles