Vessel Insight - Service Description

Overview of the service

Vessel Insight enables customers to:

  • Capture quality sensor data from vessels, using purpose built Vessel Insight Edge hardware and software
  • Securely transport the data from vessel to the Vessel Insight cloud storage
  • Get quick insight into fleet and vessel status by using standard dashboards
  • Analyze and export vessel data
  • Access to a broad range of value adding application in the Kognifai Maritime Ecosystem

The service consists of both software and hardware which is installed on board the vessel.

Software

Vessel Insight dashboards and applications are provided as Software as a Service (SAAS) and are accessible via a web browser. Users will be able to start all applications from <customer>.kognif.ai. The applications are built using modern technology and run on the Kognifai Platform. The Kognifai Platform is a digital platform consisting of a set of technology components – managed as a common entity – on which digital products and services can be built and managed. The platform backend and cloud infrastructure are based on Microsoft Azure.

Hardware

Vessel Insight uses maritime approved hardware. The hardware provided as part of the service for installation on board the vessel includes:

  • Vessel Insight Edge Computer. A maritime approved PC which serves as a gateway and captures, aggregates, and encrypts data from the vessel control system and sensors before transport.
  • Vessel Insight Edge router. A 24-port router connected to the vessel control systems/sensors and the Global Secure Network (GSN). The Global Secure network ensures secure and reliable transfer of data to cloud.

System Requirements

A summary of the requirements for using the service is stated below.

Upon onboarding the hardware components of the service, a “Network information request form” will be provided to capture details and necessary information to configure the components.

Internet connectivity

  • Internet connectivity over wired Ethernet (RJ45-CAT5) must be provided at the location where the Vessel Insight Edge router will be installed

Network and port requirements

Below is an overview, describing the necessary network and port configurations required for the service.

On vessel

The following openings are required in the ship firewall:

Traffic

TCP/UDP

Port

DNS

UDP

53

NTP

UDP

123

IKE

UDP

500

IPSec

UDP

4500

EPS (Option if direct internet link)

IP

50

IoT – AMQP

TCP

5671

Also, if DHCP cannot be provided, static IP Information for the WAN link must be provided, like Host IP address, Network mask, and Default Gateway.

Customer office locations

Accessing Vessel Insight

  • Port 443 must be open for outbound connections
  • The following internet URL endpoints must be accessible: *.kognif.ai, login.microsoftonline.com, graph.microsoft.com, account.activedirectory.windowsazure.com, secure.aadcdn.microsoftonline-p.com, api.amplitude.com, bam.nr-data.net, *.statuspage.io, aadcdn.msauth.net, js-agent.newrelic.com

Physical requirements

  • Vessel Insight Edge Hardware must be mounted according to the Mounting Specification which will be supplied when subscribing to the service. Wired Ethernet connection (RJ45-CAT5) to the Vessel Insight Edge router is required
  • Vessel Insight Edge router must be mounted according to the Mounting Specification which will be supplied when subscribing to the service
  • [Optional] Malware Protection Service PC must be mounted according to the Mounting Specification which will be supplied when subscribing to the service

Connector protocol support

  • The communication between the Vessel Insight Edge Router and the source system(s) on the vessel must be open for the chosen protocols. Configuration and necessary work to achieve this will be the customer’s responsibility.

 

Data Storage

The Kognifai Platform is built on top of the public cloud solution as offered by Microsoft Azure. Azure data centers are used for processing and storage of data. The datacenters are operated to conform with industry standards for physical security, compliance, reliability and audited for compliance with ISO27001 and ISO 27018 standards on a yearly basis.

Location for customer data is on Azure European datacenters.

If there is a need for terminating the use of the service, data export and data cleanup can be initiated by submitting a ticket to Kongsberg support.

Access to the service

Access to the service is provided through kognif.ai over the open internet. The URL will be https://*.kognif.ai where the subdomain address (*) will be assigned to the customer when subscribing to the service.

Vessel Insight supports the following browsers:

  • Microsoft Edge, Google Chrome, Safari, Mozilla Firefox (latest versions)

Security

Cybersecurity is a key aspect of the Kognifai Platform. Access to the service is limited to authenticated and authorized end users. Vessel Insight uses Kognifai ID for providing user authentication through federation with Microsoft Azure Active Directory (Azure AD) for single sign -on scenarios. Azure AD is a broadly used and highly secure framework for authenticating users, which provides configurable controls for accessing the service, e.g. Multi-Factor Authentication.

Further details on Cyber Security and Kognifai Platform are available in the Trust Center. Questions and concerns regarding security and privacy can be directed to

Customer specific services

The Vessel Insight service is delivered with a pre-defined set of features, providing instant value and short time-to-market. However, if customizations are needed beyond the standard service, Kongsberg Digital can offer a highly professional team to accommodate the needs. Onboarding to this offer is subject to be agreed upon in a case-by-case manner.

Vessel Insight Features

An overview of the various functions and features of the service:

The feature details are explained in Appendix A – Feature set descriptions.

The “Included” column show details for the feature.

  • “Yes”: Included in the service
  • “Option”: The feature can be added at an added cost

“On roadmap”: The feature is planned for release in the future and might incur added cost.

Feature Included
User and access Management
Customer onboarding Yes
User Onboarding and role management Yes
Kognifai ID  Yes
IoT & Edge
Vessel Insight Edge Computer Yes (1) 
Vessel Insight Edge Router for Secure Data Transfer Yes
Global Secure Network License  Yes
Malware Protection Service (incl. HW appliance) Option
Sensor Transfer Configuration tool Yes
Edge Gateway Management Yes
Data Buffer for periods without connectivity  Yes (2) 
Connectors (3)
MQTT Yes
NMEA Yes
Modbus TCP Yes
Modbus Serial  On roadmap
OPC UA Yes
OPC DA  Option
Features
Fleet view  Yes (4)
Vessel view  Yes (5) 
Asset view  Yes (5) 
Map view  Yes
Sensor Structure Configuration Tool Yes
Data analysis tool Yes
Data export tool  Yes
Vessel Configuration Tool Yes 
3rd party data connector Power BI Yes
Non.connected Vessels Yes (5)
Non-connected Vessels  Yes (5)
App Launcher  Yes
Data Quality view  On roadmap 
Notifications On roadmap
Vessel Insight API  Yes (6)
Data
50 Tags stored in Hot storage for 6 months, cold storage 1 year (1Hz)  Yes
Data Export (file based)  Yes
200 Tags stored in Hot storages for 6 months, cold storage 1 year (1Hz)  Option
Extended number of Tags stored in Hot storage for an extended period  Option
Platform-to-platform integration Option
Cyber Security, Service, and support
Support and Service Level Agreement Yes
Kongsberg Remote Support Ready Yes 
Access to Kognifai Maritime Ecosystem  Yes 
Cyber Security  Yes 
Customer Success Service  Yes 
Monitoring  Yes 
Software updates Yes
Internet connectivity 
Utilize existing customer internet connectivity Yes
Satellite connectivity through KVH Option (7)

(1) Option to purchase Basic Gateway hardware with local storage and processing as an add-on

(2) Exact number of days for buffer depending on number of tags being replicated to cloud

(3) Vessel Insight service includes 1 connector for a Kongsberg Control System as well as 2 3rd party connectors

(4)View content completeness depending on source sensor availability

(5) Vessel Insight service include 5 non-connected vessels, more vessels available at an added cost

(6) Number of API calls are subject to limits

(7) Satellite connectivity is not included, but can be purchased as a separate add-on

Appendix A – Feature set descriptions

 

User and access management

  • Customer onboarding involve provisioning of the customer tenant based on information gathered during initial onboarding phase. Information request form is provided by the onboarding team.
  • User and role management capabilities for the service are based on Kognifai ID. Setup is flexible and provides delegated management of users that will be accessing the service.
  • Delegated management of users requires administrator consent to enable the OAuth permission “User.Read.All” for the Vessel Insight service in the federated user directory.
  • Federation options is limited to capabilities in Microsoft Azure Active Directory.

 

IoT & Edge

Internet-Of-Things components for capturing sensor and system data consists of:

  • Edge Gateway software modules, providing a single data access pipeline for data to be transmitted to cloud. For situations where internet access is not available, data is buffered on the vessel and transmitted when internet access is restored. Remote management of Edge Gateway software modules is provided through the Edge Gateway management tool for the operational team.
  • Hardware for hosting the IoT Gateway software modules, currently a Lenovo MC330 pc running Linux Ubuntu LTS.
  • Secure data transfer through the Kongsberg private VPN solution “Global Secure Network”, using a 24 port Cisco router
  • Sensor Transfer Configuration Tool that provides an easy-to-use user interface for selecting which sensors on the vessel that will be replicated to the Vessel Insight cloud.
  • [Option] Malware Protection Service, a hardware/software bundle that provides malware scanning of software introduced into the vessel network from USB sticks.

 

Connectors

The following connectors are available for capturing data from sensors onboard the vessel:

  • MQTT
  • NMEA 0183 (TCP/UDP) (8)
  • Modbus TCP (RTU) (9)
  • Modbus Serial (RTU) [On roadmap]
  • OPC UA (10)
  • [Option] OPC DA

(8) Supports only NMEA 0183 protocol and can read data for his conventional field delimited messages, i.e. messages starting with the '$' sign, does not process NMEA 0183 protocol's AIS messages i.e. messages that have special encapsulation in them and start with the '!' sign

(9) Supports only Modbus RTU (binary) protocol and can only read data from:

Coil (address 0), Discrete (address 1), Analogue (address 3) or Holding (address 4) type registers.

The connector can receive data via a Modbus TCP Master or Modbus TCP Slave type channels

(10) Equipment must act as OPC UA Server and address of OPC Server must be provided

Note on use of Modbus protocol when Vessel Insight Edge acting as Master: Communication between Vessel Insight Edge and source system will initiate from Vessel Insight Edge and this will initiate a security risk assessment during onboarding, which in turn, might prevent deployment of that specific configuration.

Features

The following Apps are provided with the service:

  • The Fleet View provides a bird's eye view of the fleet and key information, with data both retrieved from vessel sensors and systems and from other data sources
  • The Vessel View gives insight into vessel specific details such as current speed, average speed for the last 7 days as well as fuel consumption indicators
  • Asset View displays information on key assets such as main engine running hours, generator running hours and fuel consumption for the last 7 days
  • Map View provides worldly view of fleet position and connectivity status
  • The Analysis app provides in depth access to all sensor data for all vessels using a timeseries viewer function, and functionality to export data for further analysis.
  • Vessel Config is a tool to view and edit vessel configuration and details such and ME and GEN
  • Sensor Structure Configuration Tool to create and change the visual representation of the sensor structure and hierarchy
  • Power BI connector is a part of Microsoft Power BI connectors, and allow users to retrieve Vessel Insight data from Vessel Insight upon authenticating to the service.
  • Non-connected vessels are a visualization of vessels, based purely on AIS data
  • App launcher is a convenient navigation pane to all applications the user has access to, both on Vessel Insight and from partners in the Vessel Insight Maritime Ecosystem
  • RESTful Vessel Insight Data API available through the Vessel Insight Developer portal. Signup required.

Data

The following data storage and management are provided with the service:

  • Up to 50 Tag-values with 1Hz resolution can be transmitted from the vessel to the Kognifai Platform Cloud. Larger sets of Tag-values can be provided at an additional cost.
  • Data Export is available for the end user through the Analysis module on a per-timeseries basis

 

Cybersecurity, Service, and Support

The following is provided for Cyber Security, Service and Support:

  • Support and Service Level Agreement: More information about the service level objectives can be found here.
  • Customer Success Service: A dedicated team is actively ensuring that the expectations of the subscribers of the Vessel Insight service are met
  • Kognifai Maritime Ecosystem: customers will have access to a broad range of applications and services which can provide deeper insight and advisory functions for their fleet.
  • Kongsberg Remote Support Ready: Remote support through Bomgar software is available as an option with an added cost
  • Cybersecurity is built-into the Vessel Insight service from ground up and operational teams are following ISO27001 standards
  • from the operational team, using internal monitoring tools
  • Customers will receive all software updates which include fixes and new features as part of the subscription.

Internet connectivity

The following Internet connectivity options exist for the service:

  • Utilize existing customer internet connectivity: The existing internet connection for the vessel is the default connectivity option for the service
  • [Option] Satellite connectivity through KVH: An optional communication service through bundled antenna and service can be provided at an added cost