The Xaptum ENF is composed of several integrated, logical components that provide the functionality, security, and management of the network. Each of the components provides a set of features that can be controlled via an API or the ENF Command Line Interface (enfcli) tool.
The User Management feature allows domain administrators to activate/deactivate users, add/modify their permissions, etc. See the How-To Guides for details on adding new users and deactivating existing ones.
The Network Control feature manages domains and customer subnets.
Each customer is assigned a private
/48 domain. From there, each
customer may create 65,535
/64 subnets. This allows
microsegmentation to compartmentalize access and risk. Using the enfcli,
customers can create a new network
with one simple command.
The IAM allows for easy management of device access to the ENF. Similar endpoints can be grouped, allowing easy management of thousands of them simultaneously. Admins can associate an entire group to a particular network in one step or manually manage access credentials for individual endpoints like backend servers.
The Firewall feature allows admins to open paths between devices and servers. The ENF employs a default-deny approach. Unless expressly configured by the customer, communication paths are blocked – even on the same subnet. Both inbound and outbound rules are supported. Rules can be applied to multiple devices and subnets at once based on how the network has been microsegemented.
The ENF provides a private DNS service to make management easier than with IPv6 addresses. The configured domain names are independent of the public DNS system and completely private within each domain. Please refer to this How-To Guide to better understand user control over DNS Zones, Records, and Servers.
The Captive Server provides remote management for the ENF Router Card, including WiFi configuration and firmware updates. Setting up a new router card is instantaneous and many cards can be managed as a single group by sharing a common configuration called a device profile.
The schedule for firmware updates is fully configurable to minimize operational downtime and the service allows phased, off-peak updates. For example, you can schedule 20% of the cards to update between 1 A.M. Saturday and 3 A.M. Monday. The service tracks which cards have been upgraded and can safely handle intermittent connections or power losses.