Cambium Networks Data Centers

Cambium Networks’ network controller, cnMaestro™, runs in at least 3 geographically separate Amazon AWS data centers. A combination of physical and cyber security, coupled with geographic regions and availability zones allow cnMaestro™ to remain secure and resilient in the face of most failure modes, including natural disasters or system failures.

AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergoes annual SOC 1 audits and has been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.

Cambium Networks Data Center Highlights:

• Globally distributed, redundant, physically separate data centers
• 24/7 automatic outage detection and alert system
• Underlying architecture provides cnMaestro™ with 99.99% uptime
• All network settings replicated across at least two geographically separate data centers simultaneously
• Automated nightly backups
• IP and port-based firewall protection
• Comprehensive physical on-site security
• Immediate failover to hot spare in case of hardware failure or natural disaster

cnMaestro™ separates user data from network monitoring and configuration with an out-of-band management system.

No user traffic—browsing data, application data, etc.—passes through cnMaestro™: it flows unimpeded to its intended internal or external destination. cnMaestro™ sends network configuration data via a secure (AES encrypted) connection with Cambium Networks access points. Each access point maintains its own key. Only aggregate user data is sent to cnMaestro™ for reporting purposes.

Cambium Networks uses cloud-based out-of-band management as it is:

Secure.
User traffic is routed directly to the intended destination; no user traffic passes through cnMaestro™ data centers.

Scalable.
With no local controller, each network has no controller bottlenecks.

Reliable.
Cloud-hosted in multiple redundant locations for high availability. The network continues to function even if cnMaestro™ is unavailable.

Other cloud-based solutions will disable your access points if you don’t purchase a license. Cambium Networks is different. We provide the cloud controller free of charge and have built the architecture to keep a network operational (with most features) without relying on the cloud controller at all. It’s truly your network.

Cambium Networks has an advanced architecture to ensure minimum disruption to users in the event Cambium Networks access points cannot communicate with cnMaestro™ due to a temporary WAN failure or other outages.

In the event an access point is unable to communicate with cnMaestro™:

• Users can access the Internet, provided a WAN connection is available
• Users can access local network resources (directories, printers, etc.)
• Users can continue to authenticate via splash pages (unlike other cloud systems, cnMaestro™ hosts the splash pages on the access points).
• Network policies (walled garden, blocked devices, etc.) remain in effect
• Users can authenticate via 802.1X/RADIUS
• Users can roam between access points
• Users can initiate and renew DHCP leases
• Established VPN tunnels continue to operate

If cnMaestro™ is temporarily unreachable, the following services are unavailable:

• Network configuration and monitoring tools
• On voucher-enabled public networks, splash pages continue to load and all vouchers are presumed authentic, granting users temporary access for up to one hour. Normal authentication resumes once a connection with cnMaestro™ is reestablished.

Cambium Networks recommends users follow these security best practices for an added layer of security on their networks.