VelaOS datasheet

VelaOS is a Linux endpoint operating system built on AlmaLinux 10.1 bootc. It turns a UEFI x86-64 thin client into a fully managed VDI endpoint, browser kiosk, or locked-down workstation — administered from a single cloud console.

The platform consists of three components: the on-device agent (Go, runs as a systemd service with a sealed-credential identity), the cloud API (Go, Echo v5, deployed on Fly.io), and the management console (Next.js 16, React 19, TypeScript strict).

VelaOS boots on any UEFI x86-64-v2 device meeting the minimum spec. Per-SKU derivative images add kargs or drivers; the base image is hardware-agnostic.

• UEFI x86-64-v2 CPU (post-2009 Intel / AMD)
• ≥ 4 GB RAM (8 GB recommended for VDI + browser)
• ≥ 32 GB storage (firm floor for bootc A/B + /var + /home)
• TPM 2.0 recommended (required for sealed LUKS flow)
• Secure Boot enabled + MOK enrolment at first flash
• Verified platforms: Wyse 5070, HP t640/t740, Lenovo M75q Gen 2, Intel NUC 11/12 Pro, Minisforum UN1265, Zotac ZBOX PI336

The console exposes 130+ REST endpoints covering the full device lifecycle.

• 60-second enrolment with a 7-character VelaOS Code
• Tri-state policy inheritance (inherit / override / unset) per ADR-0016
• Vela Catalog: cosign-signed VelaApps pulled per-tenant by policy — Citrix, Horizon, AVD, Windows 365, Chrome, Edge, Firefox ESR
• Ring-based rollouts (canary / pilot / broad) with auto-halt on failure
• Bootc A/B deployments with Greenboot health-check auto-rollback
• MQTT command channel with ed25519-signed envelopes
• Scheduled actions with cron + idle detection
• Per-device mTLS via per-tenant certificate authority
• Label-selector smart groups (K8s LabelSelector semantics)
• Live View remote support (screenshot + keyboard + click)
• Imprivata NFC + CCID smart-card redirection for clinical shift changes
• Branding + white-label, policy-scoped per tenant or group

Every control is baked in at bootc image build time — survives every upgrade. Secure Boot + shim + GRUB 2 + signed kernel + cosign-verified rootfs form the verified boot chain. At runtime: kernel lockdown=confidentiality, SELinux enforcing, fapolicyd execution trust anchors, firewalld default-drop with zero inbound surface, usbguard default-block, LUKS2 sealed to TPM PCRs 7+11.

MQTT on port 8883 uses per-device mutual TLS. Command envelopes are ed25519-signed by the cloud before publish; the agent verifies the signature before acting. A detailed security whitepaper is published separately as an ungated PDF.

Community is free for up to 3 devices — no credit card, no time limit. Flex is $2.40 per device per month on a rolling subscription. Committed Annual drops to $2.00 per device per month with a 2% prepay discount. Enterprise 3-year is $1.70 and Enterprise 5-year is $1.50.

Pricing is published on the website. It does not require a reseller call or a quote request. Full details at velaos.ch/pricing.

SOC 2 Type I is scheduled for the v3.0.0 general-availability cutover. ISO 27001 follows in the first year post-GA. VelaOS is EU-hosted (Frankfurt primary region) with no data leaving the EU under any tenant configuration.

VelaOS uses the major version number to signal release phase. v2.x is beta — all pre-production iteration ships on v2.x patch releases. v3.0.0 is the production general-availability cutover and is triggered only by explicit go-live authorisation.