Vessel Insight - Service Description
Overview of the service
Vessel Insight enables customers to:
- Capture quality sensor data from vessels, using purpose built Vessel Insight Edge hardware and software
- Securely transport the data from vessel to the Vessel Insight cloud storage
- Get quick insight into fleet and vessel status by using standard dashboards
- Analyze and export vessel data
- Access to a broad range of value adding application in the Kognifai Maritime Ecosystem
The service consists of both software and hardware which is installed on board the vessel.
Vessel Insight dashboards and applications are provided as Software as a Service (SAAS) and are accessible via a web browser. Users will be able to start all applications from <customer>.kognif.ai. The applications are built using modern technology and run on the Kognifai Platform. The Kognifai Platform is a digital platform consisting of a set of technology components – managed as a common entity – on which digital products and services can be built and managed. The platform backend and cloud infrastructure are based on Microsoft Azure.
Vessel Insight uses maritime approved hardware. The hardware provided as part of the service for installation on board the vessel includes:
- Vessel Insight Edge Computer. A maritime approved PC which serves as a gateway and captures, aggregates, and encrypts data from the vessel control system and sensors before transport.
- Vessel Insight Edge router. A 24-port router connected to the vessel control systems/sensors and the Global Secure Network (GSN). The Global Secure network ensures secure and reliable transfer of data to cloud.
A summary of the requirements for using the service is stated below.
Upon onboarding the hardware components of the service, a “Network information request form” will be provided to capture details and necessary information to configure the components.
- Internet connectivity over wired Ethernet (RJ45-CAT5) must be provided at the location where the Vessel Insight Edge router will be installed
Network and port requirements
Below is an overview, describing the necessary network and port configurations required for the service.
The following openings are required in the ship firewall:
EPS (Option if direct internet link)
IoT – AMQP
Also, if DHCP cannot be provided, static IP Information for the WAN link must be provided, like Host IP address, Network mask, and Default Gateway.
Customer office locations
Accessing Vessel Insight
- Port 443 must be open for outbound connections
- The following internet URL endpoints must be accessible: *.kognif.ai, login.microsoftonline.com, graph.microsoft.com, account.activedirectory.windowsazure.com, secure.aadcdn.microsoftonline-p.com, api.amplitude.com, bam.nr-data.net, *.statuspage.io, aadcdn.msauth.net, js-agent.newrelic.com
- Vessel Insight Edge Hardware must be mounted according to the Mounting Specification which will be supplied when subscribing to the service. Wired Ethernet connection (RJ45-CAT5) to the Vessel Insight Edge router is required
- Vessel Insight Edge router must be mounted according to the Mounting Specification which will be supplied when subscribing to the service
- [Optional] Malware Protection Service PC must be mounted according to the Mounting Specification which will be supplied when subscribing to the service
Connector protocol support
- The communication between the Vessel Insight Edge Router and the source system(s) on the vessel must be open for the chosen protocols. Configuration and necessary work to achieve this will be the customer’s responsibility.
The Kognifai Platform is built on top of the public cloud solution as offered by Microsoft Azure. Azure data centers are used for processing and storage of data. The datacenters are operated to conform with industry standards for physical security, compliance, reliability and audited for compliance with ISO27001 and ISO 27018 standards on a yearly basis.
Location for customer data is on Azure European datacenters.
If there is a need for terminating the use of the service, data export and data cleanup can be initiated by submitting a ticket to Kongsberg support.
Access to the service
Access to the service is provided through kognif.ai over the open internet. The URL will be https://*.kognif.ai where the subdomain address (*) will be assigned to the customer when subscribing to the service.
Vessel Insight supports the following browsers:
- Microsoft Edge, Google Chrome, Safari, Mozilla Firefox (latest versions)
Cybersecurity is a key aspect of the Kognifai Platform. Access to the service is limited to authenticated and authorized end users. Vessel Insight uses Kognifai ID for providing user authentication through federation with Microsoft Azure Active Directory (Azure AD) for single sign -on scenarios. Azure AD is a broadly used and highly secure framework for authenticating users, which provides configurable controls for accessing the service, e.g. Multi-Factor Authentication.
Further details on Cyber Security and Kognifai Platform are available in the Trust Center. Questions and concerns regarding security and privacy can be directed to
Customer specific services
The Vessel Insight service is delivered with a pre-defined set of features, providing instant value and short time-to-market. However, if customizations are needed beyond the standard service, Kongsberg Digital can offer a highly professional team to accommodate the needs. Onboarding to this offer is subject to be agreed upon in a case-by-case manner.
Vessel Insight Features
An overview of the various functions and features of the service:
The feature details are explained in Appendix A – Feature set descriptions.
The “Included” column show details for the feature.
- “Yes”: Included in the service
- “Option”: The feature can be added at an added cost
“On roadmap”: The feature is planned for release in the future and might incur added cost.
|User and access Management|
|User Onboarding and role management||Yes|
|IoT & Edge|
|Vessel Insight Edge Computer||Yes (1)|
|Vessel Insight Edge Router for Secure Data Transfer||Yes|
|Global Secure Network License||Yes|
|Malware Protection Service (incl. HW appliance)||Option|
|Sensor Transfer Configuration tool||Yes|
|Edge Gateway Management||Yes|
|Data Buffer for periods without connectivity||Yes (2)|
|Modbus Serial||On roadmap|
|Fleet view||Yes (4)|
|Vessel view||Yes (5)|
|Asset view||Yes (5)|
|Sensor Structure Configuration Tool||Yes|
|Data analysis tool||Yes|
|Data export tool||Yes|
|Vessel Configuration Tool||Yes|
|3rd party data connector Power BI||Yes|
|Non.connected Vessels||Yes (5)|
|Non-connected Vessels||Yes (5)|
|Data Quality view||On roadmap|
|Vessel Insight API||Yes (6)|
|50 Tags stored in Hot storage for 6 months, cold storage 1 year (1Hz)||Yes|
|Data Export (file based)||Yes|
|200 Tags stored in Hot storages for 6 months, cold storage 1 year (1Hz)||Option|
|Extended number of Tags stored in Hot storage for an extended period||Option|
|Cyber Security, Service, and support|
|Support and Service Level Agreement||Yes|
|Kongsberg Remote Support Ready||Yes|
|Access to Kognifai Maritime Ecosystem||Yes|
|Customer Success Service||Yes|
|Utilize existing customer internet connectivity||Yes|
|Satellite connectivity through KVH||Option (7)|
(1) Option to purchase Basic Gateway hardware with local storage and processing as an add-on
(2) Exact number of days for buffer depending on number of tags being replicated to cloud
(3) Vessel Insight service includes 1 connector for a Kongsberg Control System as well as 2 3rd party connectors
(4)View content completeness depending on source sensor availability
(5) Vessel Insight service include 5 non-connected vessels, more vessels available at an added cost
(6) Number of API calls are subject to limits
(7) Satellite connectivity is not included, but can be purchased as a separate add-on
Appendix A – Feature set descriptions
User and access management
- Customer onboarding involve provisioning of the customer tenant based on information gathered during initial onboarding phase. Information request form is provided by the onboarding team.
- User and role management capabilities for the service are based on Kognifai ID. Setup is flexible and provides delegated management of users that will be accessing the service.
- Delegated management of users requires administrator consent to enable the OAuth permission “User.Read.All” for the Vessel Insight service in the federated user directory.
- Federation options is limited to capabilities in Microsoft Azure Active Directory.
IoT & Edge
Internet-Of-Things components for capturing sensor and system data consists of:
- Edge Gateway software modules, providing a single data access pipeline for data to be transmitted to cloud. For situations where internet access is not available, data is buffered on the vessel and transmitted when internet access is restored. Remote management of Edge Gateway software modules is provided through the Edge Gateway management tool for the operational team.
- Hardware for hosting the IoT Gateway software modules, currently a Lenovo MC330 pc running Linux Ubuntu LTS.
- Secure data transfer through the Kongsberg private VPN solution “Global Secure Network”, using a 24 port Cisco router
- Sensor Transfer Configuration Tool that provides an easy-to-use user interface for selecting which sensors on the vessel that will be replicated to the Vessel Insight cloud.
- [Option] Malware Protection Service, a hardware/software bundle that provides malware scanning of software introduced into the vessel network from USB sticks.
The following connectors are available for capturing data from sensors onboard the vessel:
- NMEA 0183 (TCP/UDP) (8)
- Modbus TCP (RTU) (9)
- Modbus Serial (RTU) [On roadmap]
- OPC UA (10)
- [Option] OPC DA
(8) Supports only NMEA 0183 protocol and can read data for his conventional field delimited messages, i.e. messages starting with the '$' sign, does not process NMEA 0183 protocol's AIS messages i.e. messages that have special encapsulation in them and start with the '!' sign
(9) Supports only Modbus RTU (binary) protocol and can only read data from:
Coil (address 0), Discrete (address 1), Analogue (address 3) or Holding (address 4) type registers.
The connector can receive data via a Modbus TCP Master or Modbus TCP Slave type channels
(10) Equipment must act as OPC UA Server and address of OPC Server must be provided
Note on use of Modbus protocol when Vessel Insight Edge acting as Master: Communication between Vessel Insight Edge and source system will initiate from Vessel Insight Edge and this will initiate a security risk assessment during onboarding, which in turn, might prevent deployment of that specific configuration.
The following Apps are provided with the service:
- The Fleet View provides a bird's eye view of the fleet and key information, with data both retrieved from vessel sensors and systems and from other data sources
- The Vessel View gives insight into vessel specific details such as current speed, average speed for the last 7 days as well as fuel consumption indicators
- Asset View displays information on key assets such as main engine running hours, generator running hours and fuel consumption for the last 7 days
- Map View provides worldly view of fleet position and connectivity status
- The Analysis app provides in depth access to all sensor data for all vessels using a timeseries viewer function, and functionality to export data for further analysis.
- Vessel Config is a tool to view and edit vessel configuration and details such and ME and GEN
- Sensor Structure Configuration Tool to create and change the visual representation of the sensor structure and hierarchy
- Power BI connector is a part of Microsoft Power BI connectors, and allow users to retrieve Vessel Insight data from Vessel Insight upon authenticating to the service.
- Non-connected vessels are a visualization of vessels, based purely on AIS data
- App launcher is a convenient navigation pane to all applications the user has access to, both on Vessel Insight and from partners in the Vessel Insight Maritime Ecosystem
- RESTful Vessel Insight Data API available through the Vessel Insight Developer portal. Signup required.
The following data storage and management are provided with the service:
- Up to 50 Tag-values with 1Hz resolution can be transmitted from the vessel to the Kognifai Platform Cloud. Larger sets of Tag-values can be provided at an additional cost.
- Data Export is available for the end user through the Analysis module on a per-timeseries basis
Cybersecurity, Service, and Support
The following is provided for Cyber Security, Service and Support:
- Support and Service Level Agreement: More information about the service level objectives can be found here.
- Customer Success Service: A dedicated team is actively ensuring that the expectations of the subscribers of the Vessel Insight service are met
- Kognifai Maritime Ecosystem: customers will have access to a broad range of applications and services which can provide deeper insight and advisory functions for their fleet.
- Kongsberg Remote Support Ready: Remote support through Bomgar software is available as an option with an added cost
- Cybersecurity is built-into the Vessel Insight service from ground up and operational teams are following ISO27001 standards
- from the operational team, using internal monitoring tools
- Customers will receive all software updates which include fixes and new features as part of the subscription.
The following Internet connectivity options exist for the service:
- Utilize existing customer internet connectivity: The existing internet connection for the vessel is the default connectivity option for the service
- [Option] Satellite connectivity through KVH: An optional communication service through bundled antenna and service can be provided at an added cost