From a single Raspberry Pi to a fleet of hundreds โ Xaccel IoT gives you the tools to connect, monitor, automate, and secure every device.
No SSH client, no VPN, no IP address to remember. Just log in and connect.
A full xterm.js terminal runs directly in your browser. Supports color output, interactive programs (htop, vim, nano), copy/paste, and terminal resizing. Works on any device โ laptop, tablet, or phone.
Forward any TCP port from your remote device to your local machine. Access Grafana dashboards, MySQL databases, Node-RED, web UIs, or any service โ without exposing it to the internet.
Store your SSH private keys securely in the portal. Select a saved key when opening a console session for instant, password-free access to any device.
The agent makes an outbound WebSocket connection over port 443. You never need to open inbound ports, configure NAT rules, or change your network setup.
Click a device and you're connected in seconds. No waiting for VPN handshakes, no IP lookups, no SSH config files to maintain.
Multiple team members can open independent SSH sessions to the same device simultaneously. Each session is isolated and fully independent.
See and control your Android device screen remotely. Use DroidVNC-NG (no root required) or droid-vnc-server (rooted) to expose a VNC server, then access it directly in your browser via the built-in noVNC viewer โ no VNC client app needed.
Access full graphical desktops directly in your browser โ no VNC client required. Create a VNC tunnel and the portal opens a built-in noVNC viewer with fullscreen, clipboard, and Ctrl+Alt+Del support. Works on Linux, Android (rooted), and embedded systems.
Access device web UIs (port 80/443) directly in your browser via a secure reverse proxy โ no SSH tunnel command needed. Create an HTTP tunnel and the portal opens the device's web interface instantly with a single click.
Know exactly what every device is doing โ right now and over time.
Per-core and aggregate CPU utilization, updated every 30 seconds.
RAM used vs. available, with swap usage tracking.
Storage capacity and usage on all mounted volumes.
Bytes sent and received per second on all interfaces.
1, 5, and 15-minute system load averages.
Time since last reboot, tracked continuously.
Without monitoring, you only know about problems when users complain. With Xaccel IoT, you see issues forming โ a disk filling up, CPU spiking, memory leaking โ before they cause downtime.
Get an email the moment a device stops checking in. Know within 2 minutes if a device loses power or network connectivity.
Set custom thresholds for CPU, memory, and disk. Get alerted when any metric exceeds your limit โ before it causes a crash.
Optionally receive a notification when a device comes back online after being offline โ confirm recovery without checking manually.
Configurable cooldown periods prevent alert spam. Once an alert fires, it won't fire again until the cooldown expires (default: 30 minutes).
Set different thresholds for different devices. A high-load server can have a higher CPU threshold than a low-power sensor node.
Alerts are delivered by email with full context โ device name, metric value, threshold, and a direct link to the device in the portal.
Stop doing the same task on 50 devices one at a time. Automate it.
Run any shell command on one device, a group, or your entire fleet simultaneously. Commands execute in parallel โ 100 devices takes the same time as 1. Full output from every device is captured and logged.
Push any file from your computer to one device or your entire fleet. Perfect for config files, scripts, certificates, firmware updates, or any file your devices need. Files up to 100MB supported.
Organize devices into logical groups โ by location, function, customer, or environment. Use groups as targets for batch jobs and file uploads. Filter the device list by group for quick access.
Every batch job is logged with the command, target devices, execution time, and full output from each device. Review, replay, or audit any past job at any time. Nothing is lost.
Every design decision in Xaccel IoT starts with security. Here's how we protect you.
All traffic between agents, the portal, and your browser is encrypted with TLS 1.3. No plaintext data ever traverses the network.
The agent connects outbound over port 443 (HTTPS/WSS). Your devices never listen for inbound connections โ eliminating an entire class of attack vectors.
Every API request requires a signed JWT token. Tokens expire automatically and can be revoked instantly. Passwords are hashed with bcrypt.
Each account is completely isolated at the database level. Your devices, users, and data are never accessible to other accounts โ even on shared infrastructure.
Each device authenticates with a unique cryptographic token. Tokens can be regenerated at any time, instantly revoking access for a compromised device.
Every action โ logins, console sessions, batch jobs, file uploads, settings changes โ is logged with timestamp, user, and IP address. Full accountability.
Protect admin accounts with TOTP-based two-factor authentication. Scan a QR code with any authenticator app (Google Authenticator, Authy, 1Password) and require a 6-digit code at every login. Enable or disable 2FA from the Settings page.
Regenerate your device setup key at any time. Connected agents are instantly notified via WebSocket and update their credentials automatically โ no manual reconfiguration needed on any device.
Login and registration endpoints are rate-limited to 10 requests per 15 minutes per IP. After 10 consecutive failed login attempts, accounts are locked for 15 minutes โ stopping brute-force attacks cold.
Every response includes Content-Security-Policy, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: no-referrer, and Strict-Transport-Security โ enforced automatically via Helmet.
Passwords must be 8โ128 characters and include uppercase, lowercase, a number, and a symbol. Password reset tokens are 32 cryptographically random bytes, expire in 1 hour, and are invalidated on use.
On Android devices, the agent automatically blocks all direct external connections to the VNC port via iptables โ only tunnel connections through localhost can reach it. Rules are re-enforced every metrics cycle so they survive network resets.
Forgot password and contact forms always return success โ whether or not the email exists. This prevents attackers from probing which accounts are registered. Error details stay server-side only.
Invite your entire team to the portal. Each person gets their own login, their own session history, and their own SSH keys.
Assign roles to control what each team member can do. Admins get full access; regular users can access devices but not billing or settings.
No shared passwords. Every team member has their own credentials. Revoke access for a single person without affecting anyone else.
Payments processed via Authorize.net. Your card details are tokenized and never stored on our servers. PCI-compliant by design.
Invoices are generated automatically each billing cycle and emailed to you. View and download all past invoices from the portal at any time.
Upgrade or downgrade your plan at any time. Changes take effect immediately. Switch between monthly and annual billing to save 20%.
No SSH. No manual updates. Push firmware, scripts, and packages to thousands of devices simultaneously.
Deploy shell scripts, tarballs (.tar.gz), Debian packages (.deb), RPM packages, ZIP archives, or raw binaries. The agent auto-detects the package type and applies it correctly on every device.
Every package is verified with a SHA-256 checksum before being applied. If the checksum doesn't match, the update is rejected and the device reports a failure — your firmware is never corrupted in transit.
Deploy to 5%, 10%, or 25% of your fleet first. Monitor success rates before rolling out to everyone. The server randomly selects devices within your rollout percentage — no manual device selection needed.
Watch updates roll out in real time. Per-device status shows: pending → downloading → applying → success/failed. Full error messages for any failed device. Cancel pending jobs before they execute.
Connect Google Workspace, Azure AD, Okta, or any OIDC provider. New users are provisioned automatically.
Connect your Google Workspace organization. Team members sign in with their @company.com Google account — no separate passwords to manage.
Integrate with Azure Active Directory / Entra ID. Supports single-tenant and multi-tenant configurations. Works with Microsoft 365 accounts.
Connect Okta, Auth0, Keycloak, or any OpenID Connect-compliant identity provider using the standard discovery URL.
New team members are automatically created in Xaccel IoT on their first SSO login — no manual account creation needed. Name and email are pulled from the IdP token.
Uses the OIDC Authorization Code flow with PKCE (S256) — the most secure OAuth2 flow. State and nonce validation prevent CSRF and replay attacks.
Each tenant configures their own SSO independently. Test the IdP connection before saving. Disable SSO at any time — users fall back to email/password login.
Advanced capabilities for production IoT deployments at scale.
Ed25519 cryptographic signing for OTA firmware packages. Agents verify signatures before applying updates โ preventing tampered firmware from ever running on your devices.
Deploy firmware to a canary percentage first. Set success thresholds โ auto-promote to full fleet or auto-rollback if too many devices fail. Full rollback support built in.
Define recurring jobs with cron expressions. Visual cron builder with presets. Target all devices, a group, or a single device. Email + WebSocket alerts on completion.
Centralize logs from all devices โ journald, syslog, and custom files. Live tail via SSE, search and filter by device/level/source, export as CSV or JSON.
Fully rebrand the portal with your company name, logo, colors, favicon, and custom CSS. Custom domain support โ serve the portal from your own domain with TLS.
Automatically provision and deprovision users via SCIM 2.0 (RFC 7644). Compatible with Okta, Azure AD / Entra ID, and Google Workspace. Per-tenant bearer tokens.
Define custom metrics with shell collector scripts. Agents run collectors and post values. Dashboard with sparkline charts, threshold alerts, and time-series queries.
Fine-grained RBAC with superadmin, admin, and user roles. Admin-only access to branding, SCIM tokens, scheduled jobs, and OTA signing keys.
Ship cloned devices that self-register on first boot โ no manual steps. Bake a provisioning token into your base image; each device auto-registers using its MAC address, gets unique credentials, and appears in the portal instantly.
Start your free 14-day trial today. No credit card required. Connect your first device in under 5 minutes.
14-day free trial ยท No credit card required ยท Cancel anytime