KlasOS Keel

The Intelligent Edge OS

KlasOS Keel Overview

Keel is a lightweight linux based open source OS, with integrated KVM-based hypervisor and SDN capabilities providing a secure virtualization environment on Klas modules with compute capabilities.

The integrated KVM-based hypervisor supports sharing of the modules physical resources of compute, storage, networking, connectivity and pass-through of serial periphery e.g. USB, CAN, MVB to the hosted Virtual Machine.

In addition, Keel supports a secure web based portal, allowing IT admins to control and access their virtual machines without the need to install software on local machines.

Keel on Klas modules

Keel ships on a range of Klas modules, such as the TRX R2, TRX R6, VoyagerVM and Voyager m-Series as the default OS.

Keel Functionality

Keel Functions and Features

The following is a high level overview of supported features and capabilities of Keel and its KVM hypervisor. For a comprehensive overview of Keel please request a demo.

Category Features
  • Common Criteria validated (Q1’24 certification): Stateful Traffic Filter Firewall v1.4
  • IPv4/IPv6 support
  • NAT, Prerouting/postrouting packet matching, Rate limiting, Synproxy, Packet reverse path validation, connection tracking, IP ACL, extended ACLs
Network and Routing IPv4/IPv6, DNS, DHCP client/server/relay, NAT, Virtual Router Redundancy Protocol (VRRP), OSPF, BGP, IP SLA, DNS, GRE, NTP, PIM, Jumbo frame support, Link Aggregation (802.1AX/802.3ad), 802.1X supplicant, VLAN (802.1Q)
  • Dynamic traffic routing
  • Path monitoring: end-to-end path monitoring from the edge node to the target server
  • Encrypted datapath, PSK and X.509 based
  • Certificate management, Online Certificate Status Protocol (OCSP)
  • Load balancing Hash based
  • Link prioritization: weight based, BSD IP Filter
  • Datapath redundancy
  • Multiple edge endpoints can connect to the target server
  • Secure path for remote device management
  • Uses Common Criteria validated algorithms, DTLS
  • KVM based Hypervisor
  • Standard resource allocation commands (CPU, HDD, RAM, vNIC)
  • IDE, SATA and Virtio disk support
  • Virtual NICs of e1000 or virtio
  • Passthrough support for Serial, USB and PCIe devices
  • Integrated VNC access via a web portal
  • Serial console, power cycling (start, stop, pause, resume, shutdown), storage (clone, delete, export, import)
  • Guest OS MAC Spoof Protection
  • LTE/5G modem support
  • Configurable APN
  • Sim control, PIN/PUK
  • Modem connection mode controls
  • Query commands (MNO, Bearer, Signal Strength, etc)
  • Firmware management
  • Access point and/or Client mode
  • Channel locking
  • Multicast-to-unicast
GPS GPS relay
Management and Monitoring SNMP, Persistent logging, SSH, Traceroute, ICMP Ping, OneView (VNC web service), Traffic capture, FIPS 140-2 Approved Cryptographic Algorithms
Access control / Security RADIUS, local authentication and authorization, TACACS, No direct system access

Keel Use Cases

Keel delivers the flexibility and ease to deploy multi-tenanted services as hosted VMs at the edge. With integrated software-defined networking (SDN) capabilities users can quickly and easily create multiple secure and IP segmented networks, with LAN and/or WAN accessibility.

Furthermore, Keel’s integrated SD-WAN capabilities provide prioritization and automated WAN selection and routing of traffic, with support for traffic load balancing over a secure network overlay. Keel SD-WAN eliminates the need for 3rd party VPNs when connecting to virtual private cloud services, or when connecting directly to private networks and servers on-premise.

Keel SDN Capabilities
Figure: A topology of Keel software-defined capabilities for end-to-end secure communications.

Use Case - Secure Edge Connectivity

Industry Sector: Automotive

Requirement: Data collection service with secure remote access

Benefits of Keel
  • Keel CLI is used to securely upload/update the data collection VM image via SCP.
  • Ease of assigning dedicated storage spaces and private IP sub-networks.
  • Secure access to the VM using IP ACLs.
  • Secure path over a cellular connection with bidirectional access between the users cloud or on-premise server and the edge with Keel SD-WAN.
  • Interconnection of two private networks using NAT.

Use Case - Virtualized Multi-tenant Edge

Industry Sector: Government 

Requirement: multi-tenanted private data services

Benefits of Keel
  • Separated physical resources per hosted tenant.
  • Dedicated virtual resources per VM.
  • Tenant isolation using network segmentation – dedicated vSwitch, with unique IP subnetworks.
  • L3 routing with dedicated physical WAN ports per tenant VM.
  • Secure network access with unique IP ACLs per tenant.
  • FIPS 140-2 Approved Cryptographic Algorithms

Use Case - IoT Telematics

Industry Sector: Rail 

Requirement: high bandwidth data transfers to Virtual Private Cloud (VPC)

Benefits of Keel
  • Connects to both ethernet and serial based sensors – CAN, MVB and USB.
  • Data pre-processing and tagging with GNSS/GPS meta-data.
  • Supports multiple Mobile Network Operators.
  • Aggregates all available WAN bandwidth, maximizing data throughput.

Keel Packaging and Certification

Keel is available as a single image (.bin) file, signed with a digital signature for ease of secure updates over the air. Keel is currently undergoing Common Criteria certification (Q1’24).

Keel package differentiators:

  • Packaged as a single image file containing the entire operating system.
  • Digitally signed package, malformed or malicious images will not load in Klas modules.
  • Keel runs in RAM, and is not corrupted by the sudden loss of power.
  • Several versions of Keel images can be stored locally on the module for failover or fallback operations.
  • Keel comes with integrated driver software supporting multiple cellular and Wi-Fi modems.


Discover the advantages of using Keel

Reducing the burden on IT and network professionals with a secure and future-proofed intelligent and secure edge OS.

Lower Cost of

Eliminates the need for multiple devices and the complexity of running siloed infrastructure at the edge.


Reduced security exposure to threats that are commonly associated with traditional OS types.


Minimal effort and experience required to deploy the edge, automated configuration for plug-n-play roll outs.

Scroll to Top