Zyxel Nebula: An Overview of Key Cloud Network Ecosystem Capabilities
For small and medium-sized enterprises, building a network can be difficult due to high costs. Zyxel offers the Nebula cloud system to solve this problem. It is a solution for creating and managing a network that focuses not only on hardware, but also on software components. We will tell about its features, key features and devices below.
Introduction
All products under the Nebula brand, including wireless access points, switches and routers, are cloud-based. Unlike traditional solutions, they can be real-time centrally managed, configured, diagnosed and monitored using the application or through a web portal. Thus, you can control both specific devices and the network as a whole. The high level of scalability also makes it easy to deploy new sections of the network simply by connecting new devices. This does not require any special knowledge and can be done even without the participation of IT specialists - you just need to connect the devices and they will start working. Nebula also makes it easy to establish a reliable, secure VPN connection over the Internet between multiple network segments.
Key features of the system:
- built-in management tools for the rapid deployment of large networks;
- an intuitive, automated network management interface, as well as continuous updating of functions that greatly facilitate network management and - allow those who work with it for the first time to quickly learn;
- centralized visibility of all components, which allows you to reduce the cost of software and hardware by optimizing the network;
- A complete portfolio of solutions from one vendor, which provides good compatibility of network components;
- a licensing model on credit and on demand provides the flexibility of using the system depending on the current needs of the business;
- devices and the network itself continue to work, even if the license has expired.
Network Architecture
Nebula provides an architecture for creating and managing networks over the Internet using the Software as a Service (SaaS) model. That is, it eliminates the need for the physical construction of local systems for network management. All Nebula devices are managed from the cloud through a secure TLS connection. Thus, you can manage hundreds of devices from anywhere where the Internet is and make changes to policies and network settings through the central control panel.
Nebula uses the infrastructure and services built on the basis of Amazon Web Service (AWS), so data and traffic are protected by AWS Cloud Security. The data coming from the devices is divided in two - service information (for example, configuration, monitoring data, statistics, etc.) are transferred to the cloud using a secure connection using the specialized NETCONF protocol (more about it later), and user traffic (for example, during Web surfing or application use) is sent immediately to the target server without going through the cloud.
NETCONF
Nebula is the industry's first solution to use the NETCONF protocolfor the security of changing network settings through the cloud. When transmitting data using this protocol, the TLS protocol is used, which guarantees data security. Prior to implementing NETCONF, command line interface scripts and SNMP were used. These solutions have some disadvantages, for example, there is no transaction management and reliable security mechanisms. The NETCONF protocol was just designed to address these shortcomings. It supports TCP to overcome the NAT barrier and is considered more reliable than the above protocols. It also uses less traffic, which is important when managing a network through the cloud. Thus, it is now the optimal solution for Nebula.
Nebula control center
The Nebula Control Center (NCC) provides the user with extensive tools for working with the network and a clear vision of the processes occurring in it. Through the web interface, which is available on computers, smartphones and tablets, you can immediately see an analysis of network performance, device status, and overall network status. The information enters the Nebula Control Center automatically, all that the administrator needs to do is just log into it. The Nebula Control Center also has a number of security tools that protect devices and users, as well as provide the necessary information to enhance the security of the entire network. Next, we describe the main features that NCC provides.
Role Based Management
The network owner can assign different roles to the administrators who work with it. Each role has one or another set of functions for managing the network and setting up guest access. This protects against the fact that a person who does not have the authority to do so can perform certain actions that could be harmful. Proper distribution of roles also ensures that the network is configured correctly by administrators.
Real time monitoring
In Nebula, network status monitoring occurs on a 24/7 basis. Administrators receive information about all activity in the network, including the operation of installed equipment. Such reports can be saved and subsequently used during the installation of new devices or network expansion. All reports are flexibly configured, so that administrators receive only the necessary information.
Network structure management tools
Integrated by multi-functional dashboards, maps, floor plans, etc., these tools allow you to fine-tune selected areas through the Nebula Control Center. Just select the desired site, they will receive detailed network analysis, authentication management, verification of settings, VPN tunnels and other elements.
Configure alerts
This tool helps administrators manage multiple network devices. As soon as one of them has a configuration change, the administrator immediately receives a notification. They come from the entire network, no matter how big it is, and allow you to keep your settings and security policies up to date.
Protection against incorrect settings
To prevent communication interruptions caused by incorrect or incorrect settings, Nebula devices can request settings directly from the Nebula Control Center and receive them through the cloud. This allows you to always keep the network operational.
Login Audit
Nebula Control Center automatically records the login time and IP address of each administrator registered in the system. This allows you to track who made any changes to the system, as well as when they were made.
SSL support
Communication between cloud services and administrators is carried out through secure channels using the SSL protocol. This means that all confidential data is protected and cannot be intercepted by a third party.
Closing a connection after a timeout
In Nebula cloud architecture, a connection can only be active for a certain period of time. If no traffic is transmitted over an open connection within the specified time period, the user will be disconnected from the system, having received an appropriate warning before that. Then the session can be restored by re-entering the username and password.
Nebula Mobile App
The proprietary mobile application for iOS and Android offers tools to significantly speed up network management. For example, using a QR code scanner, you can quickly register new devices by simply scanning the barcode. For each registered device, you can see detailed information, for example, the serial number and MAC address, as well as in which location it is installed. For each location, detailed information is also shown. For example, you can see the network load and find out how many devices are currently connected to one or another network device (wireless access point or router). You can also take photos of installed devices and leave images in the application. All this helps (and significantly facilitates) IT specialists to monitor the network status in real time.
Product family
Wireless access
points Nebula wireless access points are designed for installation in offices, schools, hospitals, shops, restaurants and other public places, as well as in enterprises. They support the latest 802.11ac standard and technologies such as MIMO, Smart Antenna, DCS, Load Balancing, Smart Client Steering and others. All this allows you to build a productive Wi-Fi network and organize reliable signal coverage. All of them are controlled through the cloud and have an automatic configuration function, which greatly facilitates the deployment and maintenance of a wireless network. Below you can find the characteristics of Nebula branded access points.
Features:
• MIMO 2x2 802.11ac AP access point supports speeds up to 1.2 Gbps (NAP102);
• The MIMO 3x3 802.11ac AP access point supports speeds up to 1.75 Gbps (NAP203, NAP303, NAP353);
• Antenna with double optimization (NAP203);
• Smart antenna (NAP303);
• Enclosure providing all-weather protection to IP66 (NAP353);
• Self-configuration, automatic deployment (zero-touch);
• Enterprise-class security and optimization of radio communications;
• DCS, load balancing and smart client steering;
• Support for registration in the system with a Facebook account;
Switches
Nebula Layer 2 network switches that support Layer 2 traffic are a good deployment solution for branch offices and then managed through the cloud. Nebula Control Center allows you to remotely monitor and configure all available ports, as well as configure several switches in a couple of mouse clicks just using one template. A number of cloud advantages are also available: simplified configuration and management, display of the state of the entire network and real-time monitoring, which significantly accelerates the deployment of a branch network. Advanced settings such as ACLs, VLAN-based QoS, and PoE scheduling greatly improve network management efficiency. Below you can get acquainted with the characteristics of Nebula branded network switches.
Features:
• Gigabit L2 switches with 8/24-ports with PoE support and without PoE;
• Availability of 10GE uplink ports for connecting to a high-speed network (NSW200-28P);
• Convenient configuration of ACL and VLAN;
• Support for DHCP Server Guard and IGMP snooping;
• Support for PoE technology with a power budget of 375 watts (NSW200-28P, NSW100-28P) / 180 watts (NSW100-10P);
• Port mirroring for monitoring network traffic;
• Intelligent PoE technology and network topology;
• RADIUS or 802.1X authentication, static MAC forwarding;
Security Gateways
Nebula Network Security Gateways provide organizations with reliable network security. They use Next-Gen Firewall features, such as IDP (intrusion detection system), which provides a high level of protection for small and medium-sized businesses. Nebula Security Gateways are designed with cloud in mind and can automatically receive their settings, configure site-to-site VPNs, and automatically receive software updates and security signatures via the Internet. Using the Nebula cloud interface, administrators can set security policies for the entire network and easily control networks in all branches. Below you can find the characteristics of Nebula's proprietary network security gateways.
Features:
• Full control from the cloud over the network, security and applications;
• Easy site-to-site VPN configuration
• Network security is provided by Next-Generation Firewall, IDP and Application Patrol;
• Built-in DHCP, NAT, QoS and VLAN management functions;
• Support for static routing and DynDNS services;
• Security rules and application management;
• Authentication support in the Nebula cloud.
Licensing
Nebula cloud services are available in several subscription options. But the main thing is that even if a license has expired, users can continue to use the basic functions of the service. This allows the network to always remain operational. Next, let's talk about the types of licenses provided.
Credit Licensing
To reduce the initial cost of operating a Nebula device, a one-year Nebula Control Center license is supplied with it. After the expiration of this license, users can renew it with Nebula Points. Credit licensing reduces the number of SKUs and license keys required to activate the service, since license credits can be used for different types of devices and models, regardless of whether the license is used for a new device or not.
Nebula Control Center Limited Lifetime License
The limited lifetime license is intended for users who need a full-featured service for a long time to configure and monitor devices using NCC without an annual license renewal, as well as to replace previously purchased Nebula devices with new ones without additional licensing costs.
In addition, the limited lifetime licensing scheme is similar to the licensing of traditional controllers, is understandable and convenient. It was developed in addition to the credit licensing model, which provides predictable costs for the purchase of licenses, provides more flexibility to both customers and partners in the channel, and reduces costs in the long run.
License Nebula Security Service License
To reduce the initial cost of purchasing a license, simplifying registration and activating the Nebula Security Gateway (NSG), each NSG comes with an IDP and Application Patrol Nebula Security Service license (NSSIDP) for 1 year. The NSS-IDP license must be purchased in addition to the Control Center license. If the company uses several NSGs, the expiration dates of their licenses can also be synchronized, but they cannot be synchronized with the licenses for the Nebula Control Center service.
Synchronous license expiration
The Zyxel Nebula Control Center automatically adjusts the expiration dates of all licenses on the same day. When a company purchases additional licenses for equipment, the validity periods of old and new licenses are recounted and adjusted so that all licenses have the same expiration date, and as a result, all licenses of the company are valid until the same date. Please note that the use of the Zyxel Nebula Service is subject to the terms of the License Co-termination.
In the dry residue
Zyxel Nebula is an ecosystem of hardware and software that allows you to centrally build a network on their basis and manage from one place with simple tools. The Zyxel Nebula family includes wireless access points, switches and security gateways, as well as a cloud-based control center. The constructed network is intended for use in small and medium-sized enterprises, which have several branches, as well as in public places (restaurants, schools, etc.). For companies that are constantly expanding, it is very convenient to increase the network size due to the ease of installation of new devices and their settings - in fact, the equipment is configured automatically, which saves both network maintenance and IT staff maintenance. Zyxel also offers flexible licensing models, and also guarantees the functionality of the basic network functions even after the expiration of the subscription. All this makes Nebula very attractive for SMB (small and medium business) enterprises.
Introduction
All products under the Nebula brand, including wireless access points, switches and routers, are cloud-based. Unlike traditional solutions, they can be real-time centrally managed, configured, diagnosed and monitored using the application or through a web portal. Thus, you can control both specific devices and the network as a whole. The high level of scalability also makes it easy to deploy new sections of the network simply by connecting new devices. This does not require any special knowledge and can be done even without the participation of IT specialists - you just need to connect the devices and they will start working. Nebula also makes it easy to establish a reliable, secure VPN connection over the Internet between multiple network segments.
Key features of the system:
- built-in management tools for the rapid deployment of large networks;
- an intuitive, automated network management interface, as well as continuous updating of functions that greatly facilitate network management and - allow those who work with it for the first time to quickly learn;
- centralized visibility of all components, which allows you to reduce the cost of software and hardware by optimizing the network;
- A complete portfolio of solutions from one vendor, which provides good compatibility of network components;
- a licensing model on credit and on demand provides the flexibility of using the system depending on the current needs of the business;
- devices and the network itself continue to work, even if the license has expired.
Network Architecture
Nebula provides an architecture for creating and managing networks over the Internet using the Software as a Service (SaaS) model. That is, it eliminates the need for the physical construction of local systems for network management. All Nebula devices are managed from the cloud through a secure TLS connection. Thus, you can manage hundreds of devices from anywhere where the Internet is and make changes to policies and network settings through the central control panel.
Nebula uses the infrastructure and services built on the basis of Amazon Web Service (AWS), so data and traffic are protected by AWS Cloud Security. The data coming from the devices is divided in two - service information (for example, configuration, monitoring data, statistics, etc.) are transferred to the cloud using a secure connection using the specialized NETCONF protocol (more about it later), and user traffic (for example, during Web surfing or application use) is sent immediately to the target server without going through the cloud.
NETCONF
Nebula is the industry's first solution to use the NETCONF protocolfor the security of changing network settings through the cloud. When transmitting data using this protocol, the TLS protocol is used, which guarantees data security. Prior to implementing NETCONF, command line interface scripts and SNMP were used. These solutions have some disadvantages, for example, there is no transaction management and reliable security mechanisms. The NETCONF protocol was just designed to address these shortcomings. It supports TCP to overcome the NAT barrier and is considered more reliable than the above protocols. It also uses less traffic, which is important when managing a network through the cloud. Thus, it is now the optimal solution for Nebula.
Nebula control center
The Nebula Control Center (NCC) provides the user with extensive tools for working with the network and a clear vision of the processes occurring in it. Through the web interface, which is available on computers, smartphones and tablets, you can immediately see an analysis of network performance, device status, and overall network status. The information enters the Nebula Control Center automatically, all that the administrator needs to do is just log into it. The Nebula Control Center also has a number of security tools that protect devices and users, as well as provide the necessary information to enhance the security of the entire network. Next, we describe the main features that NCC provides.
Role Based Management
The network owner can assign different roles to the administrators who work with it. Each role has one or another set of functions for managing the network and setting up guest access. This protects against the fact that a person who does not have the authority to do so can perform certain actions that could be harmful. Proper distribution of roles also ensures that the network is configured correctly by administrators.
Real time monitoring
In Nebula, network status monitoring occurs on a 24/7 basis. Administrators receive information about all activity in the network, including the operation of installed equipment. Such reports can be saved and subsequently used during the installation of new devices or network expansion. All reports are flexibly configured, so that administrators receive only the necessary information.
Network structure management tools
Integrated by multi-functional dashboards, maps, floor plans, etc., these tools allow you to fine-tune selected areas through the Nebula Control Center. Just select the desired site, they will receive detailed network analysis, authentication management, verification of settings, VPN tunnels and other elements.
Configure alerts
This tool helps administrators manage multiple network devices. As soon as one of them has a configuration change, the administrator immediately receives a notification. They come from the entire network, no matter how big it is, and allow you to keep your settings and security policies up to date.
Protection against incorrect settings
To prevent communication interruptions caused by incorrect or incorrect settings, Nebula devices can request settings directly from the Nebula Control Center and receive them through the cloud. This allows you to always keep the network operational.
Login Audit
Nebula Control Center automatically records the login time and IP address of each administrator registered in the system. This allows you to track who made any changes to the system, as well as when they were made.
SSL support
Communication between cloud services and administrators is carried out through secure channels using the SSL protocol. This means that all confidential data is protected and cannot be intercepted by a third party.
Closing a connection after a timeout
In Nebula cloud architecture, a connection can only be active for a certain period of time. If no traffic is transmitted over an open connection within the specified time period, the user will be disconnected from the system, having received an appropriate warning before that. Then the session can be restored by re-entering the username and password.
Nebula Mobile App
The proprietary mobile application for iOS and Android offers tools to significantly speed up network management. For example, using a QR code scanner, you can quickly register new devices by simply scanning the barcode. For each registered device, you can see detailed information, for example, the serial number and MAC address, as well as in which location it is installed. For each location, detailed information is also shown. For example, you can see the network load and find out how many devices are currently connected to one or another network device (wireless access point or router). You can also take photos of installed devices and leave images in the application. All this helps (and significantly facilitates) IT specialists to monitor the network status in real time.
Product family
Wireless access
points Nebula wireless access points are designed for installation in offices, schools, hospitals, shops, restaurants and other public places, as well as in enterprises. They support the latest 802.11ac standard and technologies such as MIMO, Smart Antenna, DCS, Load Balancing, Smart Client Steering and others. All this allows you to build a productive Wi-Fi network and organize reliable signal coverage. All of them are controlled through the cloud and have an automatic configuration function, which greatly facilitates the deployment and maintenance of a wireless network. Below you can find the characteristics of Nebula branded access points.
Features:
• MIMO 2x2 802.11ac AP access point supports speeds up to 1.2 Gbps (NAP102);
• The MIMO 3x3 802.11ac AP access point supports speeds up to 1.75 Gbps (NAP203, NAP303, NAP353);
• Antenna with double optimization (NAP203);
• Smart antenna (NAP303);
• Enclosure providing all-weather protection to IP66 (NAP353);
• Self-configuration, automatic deployment (zero-touch);
• Enterprise-class security and optimization of radio communications;
• DCS, load balancing and smart client steering;
• Support for registration in the system with a Facebook account;
Switches
Nebula Layer 2 network switches that support Layer 2 traffic are a good deployment solution for branch offices and then managed through the cloud. Nebula Control Center allows you to remotely monitor and configure all available ports, as well as configure several switches in a couple of mouse clicks just using one template. A number of cloud advantages are also available: simplified configuration and management, display of the state of the entire network and real-time monitoring, which significantly accelerates the deployment of a branch network. Advanced settings such as ACLs, VLAN-based QoS, and PoE scheduling greatly improve network management efficiency. Below you can get acquainted with the characteristics of Nebula branded network switches.
Features:
• Gigabit L2 switches with 8/24-ports with PoE support and without PoE;
• Availability of 10GE uplink ports for connecting to a high-speed network (NSW200-28P);
• Convenient configuration of ACL and VLAN;
• Support for DHCP Server Guard and IGMP snooping;
• Support for PoE technology with a power budget of 375 watts (NSW200-28P, NSW100-28P) / 180 watts (NSW100-10P);
• Port mirroring for monitoring network traffic;
• Intelligent PoE technology and network topology;
• RADIUS or 802.1X authentication, static MAC forwarding;
Security Gateways
Nebula Network Security Gateways provide organizations with reliable network security. They use Next-Gen Firewall features, such as IDP (intrusion detection system), which provides a high level of protection for small and medium-sized businesses. Nebula Security Gateways are designed with cloud in mind and can automatically receive their settings, configure site-to-site VPNs, and automatically receive software updates and security signatures via the Internet. Using the Nebula cloud interface, administrators can set security policies for the entire network and easily control networks in all branches. Below you can find the characteristics of Nebula's proprietary network security gateways.
Features:
• Full control from the cloud over the network, security and applications;
• Easy site-to-site VPN configuration
• Network security is provided by Next-Generation Firewall, IDP and Application Patrol;
• Built-in DHCP, NAT, QoS and VLAN management functions;
• Support for static routing and DynDNS services;
• Security rules and application management;
• Authentication support in the Nebula cloud.
Licensing
Nebula cloud services are available in several subscription options. But the main thing is that even if a license has expired, users can continue to use the basic functions of the service. This allows the network to always remain operational. Next, let's talk about the types of licenses provided.
Credit Licensing
To reduce the initial cost of operating a Nebula device, a one-year Nebula Control Center license is supplied with it. After the expiration of this license, users can renew it with Nebula Points. Credit licensing reduces the number of SKUs and license keys required to activate the service, since license credits can be used for different types of devices and models, regardless of whether the license is used for a new device or not.
Nebula Control Center Limited Lifetime License
The limited lifetime license is intended for users who need a full-featured service for a long time to configure and monitor devices using NCC without an annual license renewal, as well as to replace previously purchased Nebula devices with new ones without additional licensing costs.
In addition, the limited lifetime licensing scheme is similar to the licensing of traditional controllers, is understandable and convenient. It was developed in addition to the credit licensing model, which provides predictable costs for the purchase of licenses, provides more flexibility to both customers and partners in the channel, and reduces costs in the long run.
License Nebula Security Service License
To reduce the initial cost of purchasing a license, simplifying registration and activating the Nebula Security Gateway (NSG), each NSG comes with an IDP and Application Patrol Nebula Security Service license (NSSIDP) for 1 year. The NSS-IDP license must be purchased in addition to the Control Center license. If the company uses several NSGs, the expiration dates of their licenses can also be synchronized, but they cannot be synchronized with the licenses for the Nebula Control Center service.
Synchronous license expiration
The Zyxel Nebula Control Center automatically adjusts the expiration dates of all licenses on the same day. When a company purchases additional licenses for equipment, the validity periods of old and new licenses are recounted and adjusted so that all licenses have the same expiration date, and as a result, all licenses of the company are valid until the same date. Please note that the use of the Zyxel Nebula Service is subject to the terms of the License Co-termination.
In the dry residue
Zyxel Nebula is an ecosystem of hardware and software that allows you to centrally build a network on their basis and manage from one place with simple tools. The Zyxel Nebula family includes wireless access points, switches and security gateways, as well as a cloud-based control center. The constructed network is intended for use in small and medium-sized enterprises, which have several branches, as well as in public places (restaurants, schools, etc.). For companies that are constantly expanding, it is very convenient to increase the network size due to the ease of installation of new devices and their settings - in fact, the equipment is configured automatically, which saves both network maintenance and IT staff maintenance. Zyxel also offers flexible licensing models, and also guarantees the functionality of the basic network functions even after the expiration of the subscription. All this makes Nebula very attractive for SMB (small and medium business) enterprises.