The ENF Router Card provides a simple, plug-n-play method to connect a host (e.g. an IoT gateway, industrial PC, or other edge computer) to the ENF. The card takes care of establishing the tunnel to the ENF and routing all of the host’s traffic through the tunnel. This approach relieves the user of the need to incorporate a TPM in their design, install the software to establish a secure tunnel, and manage the routing configuration to ensure that the secure tunnel is used. Instead, a customer can simply install the router card and all traffic will be routed through the ENF.
The ENF Router Card comes with 2 options for connecting to the internet:
Here, the card is the sole network interface for the host and presents an ENF IPv6 address to the host. The card itself connects to the last-mile ISP and tunnels all the host traffic over this connection to the ENF. While WiFi is the primary option that’s available today, other card variants are in the making to support different last-mile connectivities such as LTE and LoRA.
WiFi is not always available and sometimes it is advantageous for a host to be able to connect to the ENF through its choice of interface. In such cases, the card’s Host Socket Sharing (HSS) feature comes into play to leverage its identity and encryption features while still allowing the host to use its preferred networking device regardless of connectivity type (e.g., ethernet).
Traffic is pulled from the host into the card for tunneling and encapsulated packets are pushed back to the host NIC for delivery to the ENF. Return traffic is similarly shunted to the card and un-encapsulated packets are sent back to the host for local delivery. It is essential to ensure that all traffic (ingress and egress) passes through the card.
The ENF Router Card is designed to be included in edge gateways in place of a standard mini PCI-e WiFi card but with an additional capability. It acts as a standard WiFi card initially, switching to tunneling traffic to the ENF when the customer desires. As such, three modes of operation are supported:
The card merely acts as a remotely configurable WiFi network card. Traffic from the host is simply passed to the local WiFi network, just like a standard card. The host obtains an IP address from the local network, and traffic is not secured. The WiFi connection (SSIDs, passphrases) is configured remotely, rather than from the host.
When enabled, the host sees the Xaptum ENF as the local network, rather than the actual WiFi network. The card secures all traffic for the host. The host gets a single ENF IPv6 address from the card, and all traffic is securely tunneled to the ENF. As with passthrough mode, the WiFi connection is configured remotely.
The card secures and routes all traffic for multiple devices behind the host via the ENF. It assigns a separate ENF IPv6 to each device using DHCPv6. As with the other modes, the WiFi connection is configured remotely.