EpiForce Security, our flagship product, allows your organization to protect data and network communications by isolating end users, servers, clients and mission critical data into network security zones, for networks with physical and/or virtual systems, regardless of system platform.

1. EpiForce
EpiForce: Protecting Personal Information
What is EpiForce?
A pani® EpiForce® is a software-based, cross-platform server isolation,
encryption and access management solution that enables logical
security zoning and policy-based protection of data in motion. EpiForce has a
Benefits
• Cross-platform support to protect
heterogeneous environments
distributed, centrally managed architecture that is transparent to end users,
• Apply network security policies to
applications and infrastructure, making it quicker to deploy and less costly to
legacy applications
manage than hardware-centric solutions.
• Selectively apply strong encryption
policies
Single Solution: Physical and Virtual Servers
• Transparent to existing applications,
EpiForce security software delivers cross-platform server protection for both
without code rewrites
virtual and physical environments with a single solution. Server isolation
• Create logical security zones regardless
eliminates vulnerabilities within the corporate network by isolating servers and
of platform or physical location
desktops containing business critical data into logical security zones, regardless of
platform and physical location. Access to these zones is strictly based on policy, • Prevent security gaps when relocating a
and communication between the systems may be selectively encrypted. Cross- virtual machine to another server
platform server isolation provides flexibility and efficiency not available with • Highly scalable architecture
traditional network security solutions, and mitigates risk in the event of a breach. • No end user training
• Limit audit scope and provide a strong
Logical Security Zoning audit trail
Logical security zones offer a superior, software-based alternative to traditional • FIPS 140-2 Level 1 validation
network segmentation accomplished with firewalls and VLANs. Zones enable flat
EpiForce is ideal for:
corporate networks to be separated into isolated security communities without
• Remote worker/contractor isolation
reconfiguring the network and without regard to the physical location of computers.
Servers and endpoints are assigned membership into one or more logical security • PCI-DSS, HIPAA, SOX and CoCo
zones, creating a flexible, layered security approach within the corporate network. • Mergers, acquisitions and divestitures
Logical security zones can be based on endpoint identity, IP address, user identity • Financial institutions, retail stores,
and port. health care and public sector
www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA,92821, USA,
America +1.714.577.1600, United Kingdom +44 (0)118 9298060

2. With EpiForce, logical security zones can span across physical and virtual environments, and systems can belong
to one or more zones. Inclusion in a logical security zone is persistent and does not cease when a system is
physically relocated or a virtual machine is moved, providing organizations the flexibility to locate systems
where warranted by business demands. Logical security zones can be virtually unlimited in size,
a contrast to the constraints of available ports on a switch or a firewall in traditional
network segments.
Logical security zones are centrally administered through one or
more Epiforce Administration Consoles, enabling zones and security
policies for an entire network to be modified with only a few
mouse clicks. Administration can be delegated and workflow
enabled for approving and committing policy changes.
Logical security zones may be created, moved or modified without the
need to physically reconfigure the network. EpiForce controls access to members Logical security zones enable layered security
of logical security zones and dictates which systems can communicate with each other. without regard to platform or physical location.
Policy-Based Encryption of Data in Motion
Policy-based encryption of data in motion offers a superior alternative to the rigid encryption approaches common in link encryptors,
network firewalls and personal firewalls. Policy-based encryption of data in motion secures communications between servers and/or
clients based on policies configured by the security administrator.
Apani EpiForce takes a unique two-pronged approach to encryption – delivering an efficient, low-overhead encryption mechanism and
enabling security administrators to selectively deploy encryption policy at the port level. This approach allows EpiForce to strike an optimal
balance between communications security and application performance, while reducing overall bandwidth requirements due to encryption.
Policy-based encryption of data in motion offers a superior alternative to the rigid, all-or-nothing encryption approaches common today. It
secures communications between users, virtual machines, physical servers and clients based on policies set by the security administrator.
Policy-based encryption offers efficient and selective encryption at the port level.
www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA
America +1.714.577.1600, United Kingdom +44 (0)118 9298060

3. EpiForce ®
Features & Benefits
Management
Centralized Management Interface Auto Create and “Push” Install Support
Manage security policy for all EpiForce-enabled servers and endpoints EpiForce enables thousands of servers and endpoints to be added and
from a single administration console. One or more administration consoles assigned security policy at once, streamlining initial and incremental
can be utilized simultaneously, enabling the flexibility to manage deployments. Client software can be deployed through most standard
centrally, regionally or by business unit. “push” installation packages such as Microsoft Acitve Directory and
LANDesk.
Role-Based Delegation of Admin Privileges
Maximize flexibility in operationalizing security policy by delegating Operations
administrator privileges to five roles including Super User, Account Logical Security Zones
Management, System Settings, Operations, Audit and Read-Only. Isolate servers and endpoints into one or more private communities without
regard to their physical location. Logical security zones can be based on IP
Powerful Administrator Workflow address or range, port, geographic region or user group. Logical security
Utilize powerful workflows to create, submit, approve and commit zones can be spanned across physical and geographic boundaries.
security policy. All administrator actions are tracked as Change Sets and
entered into the workflow process. Policy-Based Encryption of Data in Motion
Efficiently secure communications between servers and endpoints based
Enhanced Alert and Activity Logging on port-level policy. Policy-based encryption is highly scalable, maximizes
Monitor operations of all client software through real-time alerts on application performance and minimizes bandwidth requirements.
penetration attempts, operational status, IPSec protocol status and an EpiForce combines strong encryption and data integrity using
audit trail of key management and encapsulation protocols. EpiForce industry-standard protocols.
stores activity logs in standard Syslog and Windows Events Log formats.
Distributed Architecture
Easy Deployment and Upgrades EpiForce is a distributed architecture with policy enforced between servers
EpiForce is compatible with most third party deployment tools including and clients themselves, eliminating the bottlenecks and single points of
Microsoft Active Directory and LANDesk. failure common in hardware-based solutions like firewalls, VLANs and NAC.
Installation and Interoperability Policy Persistence
Cross-Platform Support Security policy deployed by EpiForce remains persistent, regardless of the
EpiForce agent software is available for a broad range of operating physical location of a server or endpoint. When a machine is moved, the
systems, providing the flexibility to secure complex, heterogeneous security policy goes with the machine and does not require any policy
enterprise environments common in large companiess. changes or administrative action.
Network Layer Transparency Customizable Failover Procedures
EpiForce operationalizes IPSec at the network layer and is transparent Granular and customizable failover procedures enable more flexibility to
to existing infrastructure and software applications. Legacy applications deploy EpiForce into normal business processes.
can easily be secured, eliminating the cost, time and incompatibilities
associated with rewriting applications. Support for Unprotected Hosts
Enforce policy for servers, endpoints and devices that don’t have EpiForce
Broad VPN Client Support installed, allowing printers and other devices to be included in logical
EpiForce is compatible with VPN client software from leading vendors security zones.
including Cisco and Nortel.
On-Demand Policy Distribution
Facilitate large deployments and the extension of EpiForce to servers and
endpoints that have minimal disk and memory resources.
www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA
America +1.714.577.1600, United Kingdom +44 (0)118 9298060

4. EpiForce
®
EpiForce Specifications
Management Platforms Supported
EpiForce Management • Windows Server 2008, Standard and Enterprise Editions (x86-32 and x86-64)
(Admin Server & Database) • Windows Server 2008 R2 Standard and Enterprise Editions (x86-32 and x86-64)
• Windows Server 2003 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
• Windows Server 2003 R2 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
Admin Console • Windows Server 2008, Standard and Enterprise Editions (x86-32 and x86-64)
• Windows Server 2008 R2 Standard and Enterprise Editions (x86-32 and x86-64)
• Windows Server 2003 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
• Windows Server 2003 R2 Standard and Enterprise Editions with SP2 (x86-32 and x86-64)
• Windows 2008
Agent Platforms Supported
Microsoft Windows Linux
• Windows XP, SP2 or SP3 (x86-32) • Red Hat Enterprise Linux 4 (x86-32 and x86-64)
• Windows 7 (x86-32 and x86-64) • Red Hat Enterprise Linux 5 (x86-64)
• Windows 2003 Standard Edition, SP2 (x86-32 and x86-64) • Red Hat Enterprise Linux 6 (x86-64)
• Windows 2003 Enterprise Edition, SP2 (x86-32 and x86-64) • SuSE Linux Enterprise Server 11
• Windows 2008 Standard Edition (x86-64) • Linux on System z
• Windows 2008 Standard Edition, R2 (x86-64)
• Windows 2008 Enterprise Edition (x86-64) Apple
• Windows 2008 Enterprise Edition, R2 (x86-64) • Mac OS X 10.6, 10.7
IBM Community Enterprise Operating Systems
• IBM AIX 5.3 (POWER, 64-bit) • CentOS 5 (x86-64)
• IBM AIX 6.1 & 7.1 (POWER, 64-bit)
Solaris HP
• Solaris 8 (64-bit SPARC) • HP-UX 11i v1 (64-bit PA-RISC)
• Solaris 9 (64-bit SPARC) • HP-UX 11i v2 (64-bit Itanium)
• Solaris 10 (64-bit SPARC)
Technical Specifications
Authentication x.509v3 certificate-based
Security Standards IPsec, IKE, x.509v3, FIPS 140-2
IPsec Data Encryption 3DES (168-bit key), AES-128, AES-256
IPsec Data Integrity HMAC SHA-1
Certificate Authority Embedded x.509v3 certificate-based with automatic certificate management
Connection Authentication x.509v3 certificate-based with verification using DSS
Key Management Automatic key generation and updating using IPsec standard Internet Key Exchange protocol (IKE), Diffie-
Hellman Key Exchange, Identity Protection
Scalability Supports up to 100,000 agents
www.apani.com, 2929 E. Imperial Hwy Suite 110, Brea, CA, 92821, USA,
America +1.714.577.1600, United Kingdom +44 (0)118 9298060 Document Number 003ds1010v10
© 2011 Apani Networks. Apani and EpiForce are registered trademarks of Apani Networks. All other marks are the property of their respective owners.