KlasOS Keel

The Intelligent Edge OS

KlasOS Keel Overview

Keel is a lightweight linux based OS, with integrated KVM-based hypervisor and SDN capabilities providing a secure virtualization environment on Klas modules with compute capabilities.

The integrated KVM-based hypervisor supports sharing of the modules physical resources of compute, storage, networking, connectivity and pass-through of serial periphery e.g. USB, CAN, MVB to the hosted Virtual Machine.

In addition, Keel supports a secure web based portal, allowing IT admins to control and access their virtual machines without the need to install software on local machines.

Keel on Klas modules

Keel ships on a range of Klas modules, such as the TRX R2, TRX R6, VoyagerVM and Voyager m-Series as the default OS.

Keel Functions and Features

The following is a high level overview of supported features and capabilities of Keel and its KVM hypervisor. For a comprehensive overview of Keel please request a demo.

Category	Features
Firewall	Common Criteria validated (Q1’24 certification): Stateful Traffic Filter Firewall v1.4 IPv4/IPv6 support NAT, Prerouting/postrouting packet matching, Rate limiting, Synproxy, Packet reverse path validation, connection tracking, IP ACL, extended ACLs
Network and Routing	IPv4/IPv6, DNS, DHCP client/server/relay, NAT, Virtual Router Redundancy Protocol (VRRP), OSPF, BGP, IP SLA, DNS, GRE, NTP, PIM, Jumbo frame support, Link Aggregation (802.1AX/802.3ad), 802.1X supplicant, VLAN (802.1Q)
SD-WAN	Dynamic traffic routing Path monitoring: end-to-end path monitoring from the edge node to the target server Encrypted datapath, PSK and X.509 based Certificate management, Online Certificate Status Protocol (OCSP) Load balancing Hash based Link prioritization: weight based, BSD IP Filter Datapath redundancy Multiple edge endpoints can connect to the target server Secure path for remote device management Uses Common Criteria validated algorithms, DTLS
Virtualization	KVM based Hypervisor Standard resource allocation commands (CPU, HDD, RAM, vNIC) IDE, SATA and Virtio disk support Virtual NICs of e1000 or virtio Passthrough support for Serial, USB and PCIe devices Integrated VNC access via a web portal Serial console, power cycling (start, stop, pause, resume, shutdown), storage (clone, delete, export, import) Guest OS MAC Spoof Protection
Cellular	LTE/5G modem support Configurable APN Sim control, PIN/PUK Modem connection mode controls Query commands (MNO, Bearer, Signal Strength, etc) Firmware management
Wi-Fi	Access point and/or Client mode Channel locking Multicast-to-unicast
GPS	GPS relay
Management and Monitoring	SNMP, Persistent logging, SSH, Traceroute, ICMP Ping, OneView (VNC web service), Traffic capture, FIPS 140-2 Approved Cryptographic Algorithms
Access control / Security	RADIUS, local authentication and authorization, TACACS, No direct system access

Keel Use Cases

Keel delivers the flexibility and ease to deploy multi-tenanted services as hosted VMs at the edge. With integrated software-defined networking (SDN) capabilities users can quickly and easily create multiple secure and IP segmented networks, with LAN and/or WAN accessibility.

Furthermore, Keel’s integrated SD-WAN capabilities provide prioritization and automated WAN selection and routing of traffic, with support for traffic load balancing over a secure network overlay. Keel SD-WAN eliminates the need for 3rd party VPNs when connecting to virtual private cloud services, or when connecting directly to private networks and servers on-premise.

Figure: A topology of Keel software-defined capabilities for end-to-end secure communications.

Use Case - Secure Edge Connectivity

Industry Sector: Automotive

Requirement: Data collection service with secure remote access

Benefits of Keel

Keel CLI is used to securely upload/update the data collection VM image via SCP.
Ease of assigning dedicated storage spaces and private IP sub-networks.
Secure access to the VM using IP ACLs.

Secure path over a cellular connection with bidirectional access between the users cloud or on-premise server and the edge with Keel SD-WAN.
Interconnection of two private networks using NAT.

Use Case - Virtualized Multi-tenant Edge

Industry Sector: Government

Requirement: multi-tenanted private data services

Benefits of Keel

Separated physical resources per hosted tenant.
Dedicated virtual resources per VM.
Tenant isolation using network segmentation – dedicated vSwitch, with unique IP subnetworks.

L3 routing with dedicated physical WAN ports per tenant VM.
Secure network access with unique IP ACLs per tenant.
FIPS 140-2 Approved Cryptographic Algorithms

Use Case - IoT Telematics

Industry Sector: Rail

Requirement: high bandwidth data transfers to Virtual Private Cloud (VPC)

Benefits of Keel

Connects to both ethernet and serial based sensors – CAN, MVB and USB.
Data pre-processing and tagging with GNSS/GPS meta-data.

Supports multiple Mobile Network Operators.
Aggregates all available WAN bandwidth, maximizing data throughput.

Keel Packaging and Certification

Keel is available as a single image (.bin) file, signed with a digital signature for ease of secure updates over the air. Keel is currently undergoing Common Criteria certification (Q1’24).

Keel package differentiators:

Packaged as a single image file containing the entire operating system.
Digitally signed package, malformed or malicious images will not load in Klas modules.
Keel runs in RAM, and is not corrupted by the sudden loss of power.
Several versions of Keel images can be stored locally on the module for failover or fallback operations.
Keel comes with integrated driver software supporting multiple cellular and Wi-Fi modems.

`

Discover the advantages of using Keel

Reducing the burden on IT and network professionals with a secure and future-proofed intelligent and secure edge OS.

Lower Cost of
Ownership

Eliminates the need for multiple devices and the complexity of running siloed infrastructure at the edge.

Enhanced
Security

Reduced security exposure to threats that are commonly associated with traditional OS types.

Faster
Deployments

Minimal effort and experience required to deploy the edge, automated configuration for plug-n-play roll outs.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
_hjSession_*	30 minutes	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
visitor_id*	1 year 1 month 4 days	Pardot sets this cookie to store a unique user ID.
visitor_id*-hash	1 year 1 month 4 days	Pardot sets this cookie to store a unique user ID.

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

Modular Solutions

Connectivity on the Move

Automation & Monitoring

Edge Operating Systems

KlasOS Keel

The Intelligent Edge OS

KlasOS Keel Overview

Keel on Klas modules

Keel Functions and Features

Keel Use Cases

Figure: A topology of Keel software-defined capabilities for end-to-end secure communications.

Use Case - Secure Edge Connectivity

Use Case - Virtualized Multi-tenant Edge

Use Case - IoT Telematics

Keel Packaging and Certification

`

Discover the advantages of using Keel

Lower Cost ofOwnership

EnhancedSecurity

FasterDeployments

Related Products

Blackrock

Fleet Management Software

Lower Cost of
Ownership

Enhanced
Security

Faster
Deployments