Frequently Asked Questions

Building Blocks

Secure Access Service Edge (SASE)

  • As described by Gartner, Secure Access Service Edge (SASE) is a cybersecurity framework combining network security functions (such as FWaaS and ZTNA), with WAN capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations. These capabilities are unified under a global cloud-native architecture and factor in endpoint identity, real-time context, and security/compliance policies.

    Please refer to the Concepts article for additional discussion.

  • Yes. ENF is essentially Xaptum’s SASE fabric, designed to meet the demanding needs of the dispersed, mobile edge. The sections below lay out how it provides not only the essential functionality but also the scalability and interoperability desired for edge computing applications.

Zero Trust Networking

  • Zero Trust Networking is based on the “never trust, always verify” paradigm. Any two entities willing to communicate within a given network must first establish the credentials in order to get authorized access into the network. This prevents accidental or intentional breach of trust or unauthorized access into a network domain thereby securing the network in its entirety.

  • Yes. ENF’s endpoint-centric firewall enables Zero Trust Networking at scale.

  • Each endpoint has a unique ID (IPv6 address) and access credentials that can be managed in two complementary ways:

    - A zero-touch provisioning process for large batches of devices leaving the factory ready-to-go eliminates the complexity and cost of manual certificate and key management. Devices don’t need to be authorized individually, but each retains unique credentials allowing access to be revoked individually.

    - A traditional PKI-based approach for individually managed assets that may have existing credentials which can simply be ported. This setup works seamlessly with existing PKI architecture and key rotation is fully under the control of the end user.

  • ENF doesn’t use the Public Key Infrastructure (PKI) approach, eliminating reliance on an external party (e.g. a Verisign). Traditional PKI-centric approaches are very complex in their tendency to both burden constrained devices and make it easy to accidentally open security holes.

  • ENF doesn’t support security tokens. These provide a way to add authentication to layer 5 (application) protocols like HTTP(S), MQTT, and AMQP. Since the ENF authenticates all traffic at layer 3 via its tunnels, security tokens aren’t required for authentication at the application layer.

Overlay Network

  • The overlay network backbone is a distributed network of routers. This backbone has direct peering relationships to major ISPs and cloud providers to ensure fast, reliable transfer of traffic. Devices connect over arbitrary last-mile access by establishing a secure, mutually-authenticated tunnel to the overlay.

    Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. For example, distributed systems such as peer-to-peer networks and client-server applications are overlay networks because their nodes run on top of the Internet.

  • ENF is a secure, overlay network fabric for edge computing, offered as a hardware-backed, end-to-end service to secure and manage dispersed and demanding applications. ENF enables a zero attack surface with a zero trust network access and zero touch provisioning for edge computing applications with a software-defined multi-tenant, IPV6 overlay network.

  • Yes. Both IPv4 and IPv6 options are natively built-in. As such, ENF is backward and forward compatible with any IP-based network.

  • A well-known problem with IP networks is the dual use of IP addresses for both endpoint identity and endpoint location (i.e., network topology). When an endpoint moves, its network identity changes too, necessitating complex identity management and mapping schemes. Ideally, static names should identify entities logically, while addresses reflect the dynamic topology.

    The ENF assigns a static, permanent IPv6 identity to each device that is independent of its dynamic, last-mile IP address. Using a routable IPv6 address as the identifier allows the ENF to operate seamlessly with existing software, and decoupling from the last-mile physical address avoids the problems with traditional IP networks.

  • Standard SD-WAN products are designed to connect a few remote LANs, using multiple physical connections to optimize path selection, load sharing, and resiliency. They don't scale for edge computing or IoT applications, where each endpoint is standalone and potentially mobile.

    The ENF is designed to connect large numbers of dispersed endpoints by providing critical requisites like endpoint security, firewall, identity management, flexible routing over multiple backends, tracking, visibility, firewall.

  • Traditional VPNs weren’t designed for edge deployments, so have the following major shortcomings:

    - Efficiency: VPNs provide point-to-point tunneling, so all traffic must be routed through a VPN termination point in the backend. ENF integrates this tunnel termination into the backbone network, so traffic can still follow the shortest path.

    - Simplicity: VPNs are used in conjunction with other systems like DHCP servers, firewalls, and NMS that must be separately configured and managed, adding complexity and cost. ENF is an integrated SASE solution that handles all aspects of secure network management.

    - Ease-of-Use: Credentials for VPN clients are provisioned manually or require complicated certificate chains and PKI. ENF uses a zero-touch provisioning process that is easily integrated into the supply chain.

    Please refer to the Concepts article for additional discussion.

  • A private APN from a cellular carrier allows your mobile devices to access your corporate network without exposing them to the public Internet, but is an expensive and inflexible approach to securing edge devices.

    - Speed: A private APN often takes several months to deploy, due to the complex network integration required. The ENF provides the same isolation, but can be deployed in hours.

    - Flexibility: A private APN works with a single cellular carrier (and possibly its partners), locking you into one vendor and contract. The ENF works with any internet connection (cellular, wi-fi, etc.) from anywhere in the world, increasing reliability and reducing cost.

    - Simplicity: APNs are used in conjunction with other systems like DHCP servers, firewalls, and NMS that must be separately configured and managed, adding complexity and cost. ENF is an integrated SASE solution that handles all aspects of secure network management.

    Please refer to the Concepts article for additional discussion.

Network Segmentation

  • Microsegmentation enables organizations to create zones within their data centers and cloud environments, isolating and securing different workloads from each other. In edge environments, microsegmentation restricts lateral communication between devices that would otherwise bypass perimeter-focused security tools.

  • Imagine a mid-size building facility has multiple security zones to segment data flow and access with tenants across these zones. For example, for the network segment managing the lighting, HVAC must be non-overlapping with the payment systems network of a retail tenant housed within the same facility. Likewise, the facilities operator needs to maintain an exclusive segment for its elevator management system. Microsegmentation enables this logical separation of networks for operators to streamline and simplify management, thus reducing the risk for unintended data or access leaks.

  • The ENF uses microsegmentation and default-deny firewall rules to mitigate risks of lateral attacks. Microsegmentation allows the customer to isolate machines that have no reason to communicate. This assures that a compromise in one segment of the network cannot pass to another segment. Furthermore, in order for any machine to communicate, specific firewall rules must be created for both the inbound and outbound traffic. For example: IoT devices can be configured to pass data to a server on a specific port, but communication between IoT devices is still restricted. This eliminates the possibility of remotely spreading an attack from one device to another.

  • Slicing the network is analogous to defining multiple overlays or overlay segments. Each Xaptum customer receives a ::/48 IPv6 address block, referred to as a domain. This unique domain can be partitioned into ::/64 isolated network segments. As such, up to 65536 subnets can be defined.

  • Devices are provisioned in batches of any size, depending on individual customer needs. For the ENF to know the address ranges to assign, the network administrator must simply declare which network segment to use for specific groups of devices. During provisioning, each endpoint is assigned to a ::/64 subnet. As such, each overlay slice/segment can technically support upto 2^64 endpoints.


  • Multi-tenancy refers to hosted services where workloads for multiple customers operate in the same shared environment. The workloads (tenants) are logically isolated, but physically integrated. The logical isolation must be complete, but the amount of physical integration will vary. The more physical integration, the harder it is to preserve the logical isolation. The same applies to the dispersed edge as well. For example, each commercial tenant with a dedicated retail space can be assigned unique, non-overlapping networks to effectively manage data from the beacons stationed within their retail floor.

  • The ENF enforces strict isolation of traffic across customers using the unique ::/48 domain assigned to each. You may partition your block into ::/64 subnets to enforce further isolation within your deployment. Traffic between different domains and subnets is prevented unless explicitly enabled by both sides.

Hardware Root of Trust

  • Using a hardware secure element (HSE) like a TPM to store device credentials and keys prevents theft and duplication. Software keys are vulnerable to theft by installers, service technicians, and remote hackers.

  • - Robust, tamper-resistant storage of cryptographic keys.

    - Resists attempts to extract or duplicate keys.

    - Integrated cryptographic accelerators.

    - Protection against both virtual and physical attacks.

    - Portability among devices.

  • - Keys can be duplicated or modified.

    - Vulnerable to both remote and physical attacks.

  • Manually managing keys for a large fleet of devices is both time consuming and error-prone and even a single misconfigured device can expose the network to attack. ENF uses Trusted Platform Modules (TPMs) to ensure secure communication between endpoints on the network. TPMs are cryptographic coprocessors with numerous software and hardware protections to resist tampering.

    Customers have the option to design and build their devices with TPMs built-in. In this case, the customer has full control of the devices and the cryptographic keys that are provisioned. Alternatively, the ENF Router Card has a TPM that is provisioned at Xaptum’s secure facility.

    Note that the keys do not need to be managed individually. Group-provisioning, as provided by XTT, is essential for large scale edge deployments.

    ENF assigns permanent logical IPv6 addresses, which serve as unique identifiers, to endpoints within the customer’s domain. Endpoint identities are managed by the customer as they decide which group or subnet the device belongs to.

Distributed Firewall and Access Management

  • Identity and Access Management on the ENF requires no more than a basic understanding of command line tools. The solution is accompanied with the Edge Network Fabric Command Line Interface (ENFCLI) configuration utility and an ENF account, which enable centralized orchestration.

    Zero Touch Provisioning allows the ENF to automatically and securely provision new devices. This guide demonstrates just how simple it is to manage and provision devices using the XTT protocol. Customers can set policies across thousands of devices with just a few ENFCLI commands.

    Servers, whether on-prem, in the cloud, or virtual, are usually set up one at a time – either manually or via an orchestration tool such as Ansible or AWS Certificate manager. The ENF supports these flows by allowing you to specify the access credentials (i.e., public key) for each server. This guide delineates the simple steps involved in creating a server identity and consequently, managing its access credentials.

  • In general, a “network controller” is a tool or api with the ability to provision, configure, and modify networks from a central location. ENF includes a network controller both as a tool (enfcli) and an api. The enfcli is a text-based command line interface (cli) that can configure devices, networks, and the firewall. It can be scripted to enable automation. The api has all of the cli’s capabilities and takes it one step further by allowing customers to integrate ENF network controls into custom dashboards.

  • The ENF functions as an endpoint-centric, stateless firewall, supporting rules for TCP, UDP, and ICMP traffic.

    A traditional network firewall restricts traffic between different physical networks, but not between hosts on the same network. For this, host-based firewalls are required, but these are complex to manage at scale.

    The ENF extends the network firewall to the edge, enforcing the same restrictions for dispersed and remote endpoints. It replaces the need for host-based firewalls with a centrally-managed solution.

  • The ENF comes with the firewall natively built-in, not as a seperate piece. Therefore, devices could get compromised without compromising the backbone’s firewall.

  • Yes. Network administrators can define app-level, firewall rules to enforce security by IP, port, or transport-layer protocol. Granular isolation is not just possible but easy with the ENF because distributed firewall capabilities come built-in with its architecture.

  • In addition to connecting individual devices, gateways, and servers to the ENF, traffic can be routed into backend cloud and data center networks using direct connections such as AWS Direct Connect, Azure Express Route, and more. Traffic controls include user-configurable limiting of both packet and data rates for individual endpoints.

Compliance and Data

  • Yes. ENF offers support for a wide range of security standards (including NIST, CIP, ISO/IEC, FCC, and FIPS). It provides end-to-end data trails to assist security professionals in conducting forensic audits.

  • Yes. Xaptum is SOC 2 compliant and audit documentation for the same is available upon request.

  • Xaptum’s cryptographic module isn’t FIPS 140-2 certified because the ENF implements an unrelated TPM variant. However, it affords customers the ability to use their own hardware. Please contact us if this compliance is essential to your needs.

  • The ENF collects and exports a variety of device status information including connection status, last-mile IP address, data rates, and packet rates. This information is available via REST API, the web dashboard, and can be exported into third-party NMS tools.

  • ENF’s private address space is invisible to malicious third party actors. Akin to device addresses, traffic to and from the overlay is also encrypted. Moreover, devices cannot receive traffic from anywhere but the ENF.

  • While all traffic is routed through the ENF, data is not stored or cached. This helps ensure data integrity and facilitates compliance.

  • The ENF Router Card enables devices to establish a secure, encrypted tunnel over any last-mile public internet access. All data is end-to-end encrypted using the industry-standard TLS cryptographic protocols.

  • The ENF is a standards-compliant IP network, so any vulnerability/threat tool of your choice can be used. Xaptum can host this for you (e.g., the open-source IDS/IPS tool Snort) or you can configure an ENF network tap to send a copy of all traffic through your own tool. An OpenDXL Ontology interface is available to further leverage third-party inspection.

Functionality & Focuses

Secure Remote Access

  • ENF enables secure remote access for both remote technicians connecting to on-prem applications/devices and devices accessing corporate resources. Sensitive assets are protected with microsegmentation. Cyber risk is lowered with zero-trust network access (ZTNA), multi-factor authentication (MFA), and end-to-end traffic encryption. The solution strengthens the customer’s security posture and facilitates compliance.

  • Yes. ENF has the ability to facilitate remote access using SSH. It is one of the most widely demanded features amidst enterprises as well as system integrators, ISVs, MSPs (managed service providers), etc.

  • Yes, all communication across the ENF is essentially multi-factor authenticated by default. End users logging-in to the Xaptum control panel use a YubiKey for an extra layer of security. On the other hand, devices use access credentials stored somewhere on the hardware itself to establish mutually authenticated tunnels to the ENF. These may be designed and manufactured with an onboard TPM or may make use of an expansion card such as an access card or the ENF Router Card which contains a TPM chip.

  • To ensure uncompromised security, a two-way handshake is carried out every time a device connects or re-connects. As such, the device and the ENF are required to authenticate each other over last-mile switches.

OT Security

  • Legacy operational technology (OT) assets such as devices on the factory floor, HVAC systems in buildings, etc lack IP connectivity and require a gateway or other protocol translator. When these networks/devices first connect off-prem to the cloud, basic security measures are often omitted. As such, the attack surface is widened, leaving room for threat actors to intrude OT assets.

    However, there is a growing need to exchange OT data with IT systems for predictive maintenance, advanced telemetry/analytics, etc. While OT/IT convergence is inevitable, stakeholders aren’t on the same page. Enterprise IT departments aren’t geared towards the need for ease of use and efficiency in these environments. Operational teams, on the other hand, aren’t best equipped to navigate the complexities in controlling access and securing data exchange across multiple networks and the public Internet.

  • ENF is foundationally designed to extend IT-grade firewall and security mechanisms to dispersed OT endpoints operating in demanding environments.

    ENF enables persistent tracking of OT endpoints which enables organizations to provide complete visibility into previously invisible OT networks.

    ENF enforces zero-trust networking security between OT and IT with built-in identity and access management (IAM) at scale. This enables continuous detection of anomalies in real time from a unified dashboard.

  • ENF is purpose-built for OT networks, designed to reduce the complexity of OT security. As a technology-agnostic solution, it enables customers to leverage existing IT infrastructure in protecting OT assets. Deployment and use doesn’t disrupt operations or require significant investments in new tools and staffing.

    Moreover, the OT security provided is comprehensive with an improvement in the availability, safety, and reliability of OT assets and networks within industrial enterprises and critical infrastructure. ENF bridges the IT/OT cybersecurity gap as one of the few solutions compatible across IT, OT, and converged IT/OT environments. Additionally, it’s one of the few OT security providers to offer secure remote access natively.

  • Industrial protocols are not inspected. The data is passed along, unaltered, to the destination endpoint.

Critical Infrastructure

  • Critical infrastructure including water and wastewater systems, smart city infrastructure, traffic control systems, etc. have vulnerabilities posing serious cyber risks that jeopardize communities by extension. While networks for these have traditionally been physically managed and air-gapped, remotely managing and securing them today has gotten increasingly difficult with new technologies being introduced to legacy systems.

    Presidential Policy Directive 21 (PPD-21), the infrastructure protection and resilience directive, highlights the need to strengthen and secure critical infrastructure sectors. These have an impact on other sectors and require solutions to reduce vulnerabilities, block threats, minimize consequences and expedite response and recovery.

  • - The ENF overlay provides "black cloud" invisibility to critical systems

    - Its endpoint-centric firewall enables Zero Trust Networking at scale

    - Remote sites can be secured efficiently with familiar networking tools

    - Microsegmentation capabilities help isolate SCADA from shared IT networks

    - New sites can be onboarded/connected quickly with last-mile flexibility

Mission Critical Applications

  • Yes. Transport on the ENF overlay can span multiple data access networks such as cellular, broadband, satellite, and ethernet, analogous to MNA (Multi-Network Access). Switching between them is seamless and transparent to devices, thus providing unparalleled high-availability to customers with fast-roaming needs. Moreover, as switching between networks is an ENF function, network and carrier overheads are reduced and handoffs are blazing fast.

  • ENF assigns a permanent address, to each endpoint, that does not change with connectivity alterations on the last mile. As such, sessions can remain open even as the connection changes, drops, or becomes weak.

Key Differentiators

Turnkey Deployment

  • Yes. A solution ready package (SRP) consisting of a gateway with north & south-bound interfaces, Xaptum access card, and operating system is available. This reduces time to deployment and operationalization besides the recurring operating costs for managing and maintenance. Mobile connectivity can be included as well for an additional charge.

  • The ENF is Xaptum’s singular, all-encompassing, turnkey solution. It functions as a lightweight VPN client but with powerful SDP capabilities built-in. The overlay provides the same "black cloud" invisibility. The endpoint-centric firewall enables Zero Trust Network Access (ZTNA) at scale. Lastly, the ENF approach uses familiar networking tools, eliminating the need to learn new vendor-specific SDP software or configuration language.

  • While not included with the ENF bundle by default, leading gateways are optionally provided based on customer requirements.

Hyper-scale Infrastructure

  • The underlying mechanism for key management at massive scale is Xaptum Trusted Transit (XTT) – a protocol for scalable identity and credential provisioning. XTT integrates the initial root of trust into the supply chain in the form of a TPM 2.0 chip provisioned with a group attestation key, eliminating the need for manual provisioning.

    At first boot, this key is used to prove group membership, upon which the device is automatically provisioned with a specific identity from the network associated with that group. This process, which requires no manual intervention, is repeated at massive scale for dispersed devices.

  • The dispersed nature of edge computing presents a major operational challenge uncommon in the traditional Internet or enterprise networks. Devices that are managed together (say a fleet of trucks) may not be physically co-located and instead, be widely distributed. The operational approaches for management and security used in enterprise networks, where most hosts are densely contained in buildings or campuses, do not translate well to today’s edge computing.

    ENF solves the problem of security and scalability for dispersed assets by facilitating seamless edge-to-cloud and cloud-to-edge service migration as well as management and monitoring anytime, anywhere – agnostic to the geographic span of device deployments that are potentially spread across multiple customer sites.

  • Xaptum’s customers can set up a secure edge network in no time. Deploying a new ENF endpoint can be done in about 10 minutes by a technician without IT knowledge. The ENF Router Card is a mini PCI express card that is installed in the gateway computer. Once the card is installed and the antenna connected, the gateway must simply be powered on. In a matter of minutes, the card will connect to the ENF, configure itself, and download any updates. Provisioning or de-provisioning the network or resources, and revoking trust are equally rapid with Xaptum’s solution.

  • ENF is designed to track dispersed and mobile assets at scale. ENF assigns unique, permanent logical IP addresses to endpoints within the networks assigned to customers. While these logical IP endpoints become invisible to the public Internet, customers can securely keep track of their assets, irrespective of the static or dynamic state, along with the data trail.

  • ENF’s native capabilities are in line with Gartner’s idea of an effective SASE offering as one that can deliver in-line encrypted traffic inspection (decryption and subsequent re-encryption) at scale, ideally delivered from the cloud and without the use of proprietary hardware. The latest version of TLS is also supported.

Interoperable Communication

  • ENF can use any available last-mile network, including cellular, WiFi, and ethernet, and enables easy switching between the most optimal and affordable last mile options.

  • Yes. ENF can use any available last-mile network, including 5G and Gigabit LTE. It also enables easy switching between the most optimal and affordable last mile options.

  • The ENF is a standards-compliant IP (layer 3) network, and thus is agnostic to application protocols, devices, gateways, and servers. It can tunnel multiple transport layer protocols and is compatible with all device manufacturers, software vendors, and cloud hosts. There are no SDKs or agent platform lock-ins. ENF clients require only standard TLS & crypto libraries.

  • Native support for HTTPS, AMQP, and MQTT, ought to take a toll on bandwidth and is out of scope of the overlay design. However, as a standards-compliant IP (layer 3) network, the ENF is agnostic to application-layer protocols. For use cases demanding extra durability, customers can certainly implement the ideal protocol on top of the ENF.

  • As a standards-compliant IP (layer 3) network, ENF is agnostic to the last-mile or physical-layer protocols. It supports any WLAN protocol, e.g. all varieties of 802.11 Wi-Fi.

  • As a standards-compliant IP (layer 3) network, the ENF is compatible with all servers, gateway/host/device manufacturers, software vendors, and cloud hosts. Unrestricted by any specific list of certificatied devices, customers are able to leverage existing assets – wired or wireless, IP-enabled or non-IP-enabled.

  • While the ENF is built over a Linux implementation, it remains device-agnostic as the ENF Router Card can be used with any operating system that can support a mini-PCI peripheral card. The host/gateway can be running any OS as long as it can send data to the router card. Moreover, the ENF APIs have been made public for clients wanting to implement their own version without the card.

  • Provider-agnostic by design, the ENF will work with whatever the customer has in place. It supports not only the top-tier public clouds but also private providers or data centers.

Customer Success


  • The distributed IPv6 routing and firewall service runs on Xaptum’s infrastructure in major Internet exchanges. Operating in these points-of-presence (POP) allows Xaptum to peer directly with major ISPs, enabling low latency delivery of all traffic.

    A minimal latency is naturally introduced from endpoint traffic passing through the network backbone. Xaptum provides SLA with less than ~10ms round-trip latency between the customer endpoint and the public cloud host. However, given ENF’s flexibility, latency on the last-mile is out of the solution scope.

  • The ENF basically functions as a lightweight VPN client. All communication is handled by the ENF Router Card and the host simply needs to pass along the data. As such, the overhead/cost is minimal.

  • The solution comes with the flexibility to customise data throughput to help cut TCO. Customers may pick between the different tiers available in meeting specific needs. This API documentation explores how users can manipulate rate limits on their domain. There’s no fundamental limit on bandwidth, and capacity could be amped up to support more demanding use cases (e.g. infrared cameras).

  • The solution has been designed to replace the firewall efficiently. Implementing the ENF requires only outbound connection on port 443. As most traditional firewalls mandate the same, extensive changes are typically not needed for devices already on the field.

  • The ENF provides secure IPv6 transport of data between endpoints. From the application side, the ENF appears to be simply an IPv6 network. Because of this, the ENF is agnostic as far as industrial protocols are concerned. It will securely deliver any stream of data that can be routed over an IP network. Since most protocols must interact with a LAN or WAN at some point, they can also be routed through the ENF.


  • Each Xaptum customer receives a ::/48 IPv6 address block, which we call a domain. The domain can be partitioned into ::/64 networks (up to 65536 subnets). Groups of devices are assigned to networks, with each device receiving a permanent IPv6 address from that network. The configurable firewall controls the types of traffic that can be sent to endpoints.

  • ENF can be deployed on a device in three different ways, using: (i) the ENF Router Card (NIC), (ii) embedded/designed-in driver or (iii) software driver

  • The router card approach provides a plug-and-play method to connect a gateway to the ENF. Using its TPM chip, the card establishes a secure tunnel to the overlay and routes all of the host’s traffic through it. On the other hand, for large scale deployments, a customer may choose to include the cryptographic hardware in the device by design (onboard TPM) to reduce costs.

  • The router card hard setup is extremely safe. The new drivers increase the attack surface only negligibly and these are hard coded to only talk to Xaptum’s servers. Messages can only be generated using Xaptum’s private keys.

  • After receiving the package of router cards or those optionally pre-installed in edge hardware, the customer scans a QR code to associate that particular batch with one of their /64 subnets. Until such linking takes place, the batch of cards can’t access the ENF.

  • 443 is the only port needed to be open for the solution to work. The ENF Router Card communicates with the Xaptum network via this port.

  • The ENF comes with the capability to onboard virtually when physical deployment is not feasible. Instead of relying on TPM, customers can manually create keys and share them to deploy endpoints as docker containers, virtual machines, or physical servers.


  • Xaptum can assist customers in assembling the prepackaged solution bundles and developing master scripts for rollout at scale. This helps in cutting operating costs drastically, eliminating the need to hire or retain hundreds of field-based deployment engineers.

  • The ENF uses a zero-touch provisioning process that integrates easily into the existing supply chain and requires no per-device provisioning or configuration. Xaptum can assist customers with this process, enabling them to drastically cut operating costs.

  • Yes, global IP mobility is natively supported by the ENF. It’s trusted networking model overcomes the restrictions of traditional address-defined networking by using an architecture that is built with mobility at its core. It offers a network of only provable host identities hand in hand with absolute flexibility on the last-mile.


  • ENF is deployed in a software-as-a-service subscription model.

  • The ENF pricing model is based on tiers of ENF capacity consumption. Each tier consists of a fixed number of ENF endpoint licenses. Unused capacity is converted to credits for value engineering services. Customers may upgrade to a subsequent tier as needed.

  • A license allows one device or gateway to use ENF for access, capacity, monitoring, and maintenance. Each connected gateway can manage up to 256 physical endpoints, including assigning unique IPv6 addresses to them.

  • Setting up and operating the ENF requires no more than a basic understanding of command line tools. The solution is accompanied with the Edge Network Fabric Command Line Interface (ENFCLI) configuration utility and an ENF account.

    Extremely simple to install and run, the ENFCLI allows customers to manipulate the network and devices, and comes with built-in help. The account, on the other hand, provides access to the control panel. Real-time traffic statistics can be viewed on the dashboard, allowing customers to visually monitor network activity.

    The Getting Started Tutorial demonstrates just how easy it is for customers to set up a server and a client on the ENF.


  • Each ENF point-of-presence employs a fully redundant architecture designed to ensure reliable operation during equipment failures. Hosted on AWS, the ENF backbone can support data exchange globally with a 99.999% service assurance. End-to-end SLAs can be implemented/offered based on customer requirements – latency criteria, bandwidth needs, uptime, zero packet drops, etc. Besides, Xaptum holds SOC 2 compliance and audit documentation for the same is available upon request.

Didn't find what you were looking for?

Contact us and we’ll get back to you as soon as possible.

Contact Us