Unlock Networking
Possibilities with
Cloud
Nebula Secure Cloud Networking Solution
Solution Guide
We help you make
everything easier
2 Solution Guide Nebula Secure Cloud Networking Solution
Overview
Nebula secure cloud networking solution provides
cloud-based, centralized control and visibility over
all Nebula wired, wireless, security firewall, security
router, and mobile router hardware — all without the
cost and complexity of on-site control equipment or
Highlights
• Intuitive, automated network management interface
as well as continuous feature updates that eliminate
training and labor for network implementation,
maintenance and support
• Zero-touch provisioning, built-in multi-tenant,
multisite network management tools accelerate
deployment of large networks
• Centralized, unified and on-demand control as well
as visibility that reduce capital expense for hardware
and software
• Free cloud management for the life of the product
without the need for ongoing costs
overlay management systems. With comprehensive
product portfolio that can be centrally managed from
the cloud, Nebula offers simple, intuitive and scalable
management for all networks.
• Access points and switches with NebulaFlex Pro,
USG FLEX firewalls (0102 bundled SKUs), ATP
firewalls, SCR security router (w/SCR Pro Pack),
and Nebula 5G/4G routers are sold with bundled
Professional Pack license for you to experience
advanced cloud management features
• A comprehensive networking and security product
portfolio from a single vendor ensures better
product compatibility
• Per-device licensing model with flexible
subscriptions provides rich diversity and high
flexibility for customers of all sizes
K-12 Campus
Boutique Hotel
Department Store
Branch Office
Cloud
Networking
Nebula AP
Nebula Switch
Nebula Security
Gateway/Firewall/Router
On-premises Nebula Hardware
Retail Store/Teleworker
https://nebula.zyxel.com/
Browser & Apps-based
Management
Nebula
Mobile Router
Management
Traffic
Solution Guide Nebula Secure Cloud Networking Solution 3
Introduction to
Nebula secure cloud
networking solution
Nebula’s networking and security products, including
access points, switches, security firewalls, security
router and 5G/4G routers, are purpose-built for cloud
management. They break the traditions and come
up with easy management, centralized control, auto-
configuration, real-time Web-based diagnostics, remote
monitoring and more.
The Nebula cloud managed networking introduces
an affordable, effortless approach for network
deployments with high security and scalability to
provide completely control over Nebula devices and
users. When an organization grows from small sites to
massive, distributed networks, the Nebula hardware with
cloud-based self-provisioning enables easy, quick and
plug-n-play deployment to multiple locations without IT
professionals.
Through Nebula cloud services, firmware and security
signature updates are delivered seamlessly, while secure
VPN tunnels can be established automatically between
different branches over the Web with just a few clicks.
Based on a secure infrastructure, Nebula is designed
with fault-tolerant properties that enable local networks
to keep operating properly in WAN downtimes.
4 Solution Guide Nebula Secure Cloud Networking Solution
Nebula secure cloud
networking solution
architecture
The Nebula Cloud provides a networking paradigm for
building and managing networks over the Internet in
the Software as a Service model. Software as a Service
(SaaS) is defined as a way of delivering software for
users to access via the Internet rather than local
installation. In the Nebula architecture, network
functions and management services are pushed to the
cloud and delivered as a service that provides instant
control to the entire network without wireless controllers
and overlay network management appliances.
Data Privacy and
Out-of-band
Control Plane
All Nebula devices are built from the ground up for cloud
management with the capability to communicate with
Nebula’s cloud control center through the Internet. This
TLS-secured connectivity between hardware and the
cloud provides network-wide visibility and control for
network management using the minimal bandwidth.
Over the cloud, thousands of Nebula devices around
the world can be configured, controlled, monitored and
managed under a single pane of glass. With multi-site
network management tools, businesses are allowed to
deploy new branches of any size, while administrators
are able to make policy changes any time from a central
control platform.
The Nebula service uses the infrastructure and services
built upon the Amazon Web Service (AWS), so all Nebula
security details can be referred to AWS Cloud Security.
Nebula is committed to data protection, privacy
and security as well as compliance with applicable
regulatory frameworks in the world. Nebula’s technical
architecture along with its internal administrative and
procedural safeguards can assist customers with design
and deployment of cloud-based networking solutions
that comply with EU data privacy regulations.
In Nebula’s out-of-band control plane, network and
management traffics are split into two different data
paths. Management data (e.g. configuration, statistics,
monitoring, etc.) turn towards Nebula’s cloud from
devices through an encrypted Internet connection
of the NETCONF protocol, while user data (e.g. Web
browsing and internal applications, etc.) flows directly
to the destination on the LAN or across the WAN without
passing through the cloud.
Cloud Hosted
Network Service
Internet Traffic
WLAN Traffic
Management
LAN Traffic
Traffic
Internet
Traffic
5Solution Guide Nebula Secure Cloud Networking Solution
Features of the Nebula Architecture:
• End user data does not traverse through the cloud.
• Unlimited throughput, no centralized controller
bottlenecks when new devices are added.
NETCONF Standard
• Network functions even if connection to cloud is
interrupted.
• Nebula’s cloud management is backed by a 99.99%
uptime SLA.
Nebula is an industry-first solution that implements
NETCONF protocol for safety of configuration changes
in cloud management as all NETCONF messages
are protected by TLS and exchanged using secure
transports. Prior to NETCONF, CLI scripting and SNMP
were two common approaches; but they have several
limitations such as lacking of transaction management
or useful standard security and commit mechanisms.
The NETCONF protocol has been designed to address
the shortcomings of the existing practices and protocols.
With the support of TCP and Callhome to overcome the
NAT barrier, NETCONF is considered more reliable and
elegant. It is also thinner than CWMP (TR-069) SOAP,
which saves Internet bandwidth. With these features,
the NETCONF protocol is regarded as more suitable for
cloud networking.
6 Solution Guide Nebula Secure Cloud Networking Solution
Nebula Control Center
(NCC)
Nebula Control Center offers a powerful insight into
distributed networks. Its intuitive and web-based interface
illustrates an instant view and analysis of network
performance, connectivity and status automatically and
continuously. Integrated with organization-wide and site-
wide management tools, Nebula provides a quick and
remote access for administrators to ensure the network is
up and performing efficiently.
Nebula Control Center is also engineered with a number
of security tools that provide optimal protection to
networks, devices and users; and they also deliver the
needed information to enforce security and enhance
control over the entire Nebula network.
Highlights
•
Responsive web design and intuitive user interface
with light & dark modes
•
Multi-lingual management interface (English,
Traditional Chinese, Japanese, German, French,
Russian and more to come)
•
Multi-tenant, multi-site manageability
•
Role-based administration privileges
•
First time setup wizard
• Powerful organization-wide management tools
First Time Setup Wizard
Nebula first time setup wizard helps create your
organization/site and setup an integrated network with
only a few simple clicks, making your devices up and
running in minutes.
•
Rich site-wide management tools
•
Site-based auto and smart configuration tools
•
Misconfigured protection against disconnecting NCC
•
Configuration changing alerts
•
Login & Configure auditing
•
Real-time and historical monitoring/reporting
•
Granular device based information and trouble
shooting tools
•
Flexible firmware management
Role-based Administration
Supervisors are allowed to appoint different privileges
for multiple administrators to manage network and
guess access. Specify management authority in the
network access control function to maximize security
and to avoid accidental misconfiguration.
Role-based Administration
7Solution Guide Nebula Secure Cloud Networking Solution
Organization-wide Management Tools
Powerful organization-wide features such as
organizational overview, configuration backup and
restore, configuration template and configuration clone
are supported to allow MSP and IT admins to manage
their org/sites much easier.
Site-wide Management Tools
Integrated with the feature-rich dashboards, maps,
floor plans, automatic visual and actionable network
topology and site-based auto and smart configuring
tools, the Nebula Control Center delivers instant
network analysis and automatically performs AP
authentication, configuration parity check, switch ports
link aggregation and site-to-site VPN.
Misconfiguration Protection
To prevent any connectivity interruption caused by
incorrect or inappropriate configuration, the Nebula
devices can intelligently identify if the order or setting
from NCC is correct to ensure the connection is always
up with the Nebula cloud.
Configuration Changing Alerts
Configuration changing alerts help administrators
to manage thousands of networking devices more
efficiently, especially in larger or distributed sites. These
real-time alerts are automatically sent from the Nebula
Cloud system when configuration changes are made
to keep new policies always up-to-date in the entire IT
organization.
Login & Configure Auditing
The Nebula cloud control center automatically
records the time and IP address of every logged
in administrators. The configure audit log lets
administrators track Web-based login actions on their
Nebula networks to see what configuration changes
were made and who made the changes.
Real-time & Historical Monitoring
Nebula Control center provides 24x7 monitoring over
the entire network, giving administrators real-time and
historical activity views with unlimited status records
that can be backdated to the installation time.
Map & Floor Plan
Misconfiguration Protection:
Set IP Address
8 Solution Guide Nebula Secure Cloud Networking Solution
Configuration Changing AlertsSite-wide Management Tools:
Nebula Mobile App
The Nebula mobile app offers a fast approach to network
management, providing an easy method for device
registration and an instant view of real-time network
status, which is particularly suitable for small business
owners with little to no IT skills. With it, you can perform
WiFi network configuration, break down usage by device
Highlights
• Sign up Nebula account
• Installation walk through wizard for creating org & site,
adding devices (QR code or manually), setting up WiFi
networks
• Hardware install guide and LED guide
• Enable/disable WiFi & sharing it via mobile messaging
applications or QR code
• Switch and gateway ports info
• Mobile router WAN status
• Site-wide client monitoring with action support
• Site-wide application usage analysis with action support
• Centralize 3-in-1 device status
and client, troubleshoot with live tools, check the status
of connected Nebula devices and clients at a glance,
and scan device QR codes to register large numbers of
devices to the Nebula Control Center all at once. The
app’s features and functions include:
• Site-wide and per-device usage graph
• Site-wide and per-device PoE consumption
• Check map and photo of device location
• Live trouble shooting tools: reboot, Locator LED, switch
port power reset, cable diagnostics, connection test
• Firmware upgrade schedule
• License overview and inventory
• Push notifications - Device down/up & license issue
related
• Notification center up to 7 days alert history
• Nebula support request (Pro Pack license is required)
9Solution Guide Nebula Secure Cloud Networking Solution
Product families
Access Points
with NebulaFlex/
NebulaFlex Pro
Zyxel NebulaFlex solution allows the access points
to be used in two modes; it’s easy to switch between
standalone mode and License Free Nebula Cloud
management, anytime, with a few simple clicks.
NebulaFlex
access point to different needs in an ever-changing
environment.
Access Points with NebulaFlex Product Options
Model NWA50AX NWA50AX Pro NWA90AX NWA90AX Pro
Product
name
provides true flexibility to adapt the
802.11ax (WiFi 6)
Dual-Radio PoE
Access Point
802.11ax (WiFi 6)
Dual-Radio PoE
Access Point
When used with Nebula you are able to centrally
manage, access real-time network information and
gain effortless control over your devices, all under a
single intuitive platform without the need to install any
software or add additional equipment like a controller.
NebulaFlex
functionality (standalone, hardware controller and
Nebula) to give business clients true flexibility whatever
their project may need.
Pro further supports triple mode
802.11ax (WiFi 6)
Dual-Radio PoE
Access Point
802.11ax (WiFi 6)
Dual-Radio PoE
Access Point
Typical
deployment
Radio
specification
Power DC input: 12 VDC 1.5 A
Antenna Embedded antenna Embedded antenna Embedded antenna Embedded antenna
* Bundled licenses are not applicable to NebulaFlex AP.
10 Solution Guide Nebula Secure Cloud Networking Solution
Small business,
Entry-level
establishments
• 1 x 802.11 b/g/n/ax
radio
• 1 x 802.11 a/n/ac/ax
radio
• 1.775 Gbps max rate
• 2x2 + 2x2 MU-MIMO
PoE (802.3at): power
draw 16 W
Small business,
Entry-level
establishments
• 1 x 802.11 b/g/n/ax
radio
• 1 x 802.11 a/n/ac/ax
radio
• 2.975 Gbps max rate
• 3x3 + 2x2 MU-MIMO
DC input: 12 VDC 2 A
PoE (802.3at): power
draw 20.5 W
Small business,
Entry-level
establishments
• 1 x 802.11 b/g/n/ax
radio
• 1 x 802.11 a/n/ac/ax
radio
• 1.775 Gbps max rate
• 2x2 + 2x2 MU-MIMO
DC input: 12 VDC 1.5 A
PoE (802.3at): power
draw 16 W
Small business,
Entry-level
establishments
• 1 x 802.11 b/g/n/ax
radio
• 1 x 802.11 a/n/ac/ax
radio
• 2.975 Gbps max rate
• 3x3 + 2x2 MU-MIMO
DC input: 12 VDC 2 A
PoE (802.3at): power
draw 20.5 W
Highlights
• Enjoy cloud features like zero-touch deployment,
real-time configurations with Nebula
• Easy setup on SSID/SSID schedule/VLAN/Rate limiting
• DPPSK (Dynamic Personal Pre-Shared Key) and
standard-based WPA Personal support
• Enterprise wireless security and RF optimization
• Secure WiFi solution provides remote workers the same
access to the corporate network and resources while
being protected with the enterprise-grade security.
• Connect and Protect (CNP) service provides small
business environments with a trusted and application
visible WiFi hotspot network to enhance wireless user
protection and experience.
• DCS, smart load balancing and client roaming/steering
• Rich Captive Portal support Nebula Cloud
Authentication Server accounts, social login with
Facebook accounts, Facebook WiFi, and Voucher
• Support smart mesh and wireless bridge
• Wireless health monitoring and report
Access Points with NebulaFlex Product Options
Model NWA55AXE NWA110AX NWA210AX
Product
name
802.11ax (WiFi 6) Dual-Radio
Outdoor PoE Access Point
802.11ax (WiFi 6) Dual-Radio
PoE Access Point
802.11ax (WiFi 6) Dual-Radio
PoE Access Point
Typical
deployment
Radio
specification
Power DC input: 12 VDC 1.5 A
Outdoor,
Entry-level establishments
• 1 x 802.11 b/g/n/ax radio
• 1 x 802.11 a/n/ac/ax radio
• 1.775 Gbps max rate
• 2x2 MU-MIMO
PoE (802.3at): power draw 16 W
Entry-level wireless
establishments
• 1 x 802.11 b/g/n/ax radio
• 1 x 802.11 a/n/ac/ax radio
• 1.775 Gbps max rate
• 2x2:2 + 2x2:2 MU-MIMO
DC input: 12 VDC 1.5 A
PoE (802.3at): power draw 17 W
Medium to high density
deployments
• 1 x 802.11 b/g/n/ax radio
• 1 x 802.11 a/n/ac/ax radio
• 2.975 Gbps max rate
• 4x4:4 + 2x2:2 MU-MIMO
DC input: 12 VDC 2 A
PoE (802.3at): power draw 19 W
Antenna External antenna Embedded antenna Embedded antenna
* Bundled licenses are not applicable to NebulaFlex AP.
11Solution Guide Nebula Secure Cloud Networking Solution
Loading...