OVERVIEW OF THE SERVICE
Vessel Insight enables customers to:
- Capture quality sensor data from vessels, using purpose built Vessel Insight Edge hardware and software
- Securely transport the data from vessel to the Vessel Insight cloud storage
- Get quick insight into fleet and vessel status by using standard dashboards
- Analyze and export vessel data
- Access to a broad range of value adding application in the Kognifai Maritime Ecosystem
The service consists of both software and hardware which is installed on board the vessel.
SOFTWARE
Vessel Insight dashboards and applications are provided as Software as a Service (SAAS) and are accessible via a web browser. Users will be able to start all applications from .kognif.ai. The applications are built using modern technology and run on the Kognifai Platform. The Kognifai Platform is a digital platform consisting of a set of technology components – managed as a common entity – on which digital products and services can be built and managed. The platform backend and cloud infrastructure are based on Microsoft Azure.
HARDWARE
Vessel Insight uses maritime approved hardware. The hardware provided as part of the service for installation on board the vessel includes:
- Vessel Insight Edge Computer. A maritime approved PC which serves as a gateway and captures, aggregates, and encrypts data from the vessel control system and sensors before transport.
- Vessel Insight Edge router. A 24-port router connected to the vessel control systems/sensors and the Global Secure Network (GSN). The Global Secure network ensures secure and reliable transfer of data to cloud.
SYSTEM REQUIREMENTS
A summary of the requirements for using the service is stated below.
Upon onboarding the hardware components of the service, a “Network information request form” will be provided to capture details and necessary information to configure the components.
INTERNET CONNECTIVITY
- Internet connectivity over wired Ethernet (RJ45-CAT5) must be provided at the location where the Vessel Insight Edge router will be installed
NETWORK AND PORT REQUIREMENTS
Below is an overview, describing the necessary network and port configurations required for the service.
ON VESSEL
The following openings are required in the ship firewall:
| Traffic | TCP/UDP | Port |
| DNS | UDP | 53 |
| NTP | UDP | 123 |
| IKE | UDP | 500 |
| IPSec | UDP | 4500 |
| EPS (Option if direct internet link) | IP | 50 |
| IoT – AMQP | TCP | 5671 |
Also, if DHCP cannot be provided, static IP Information for the WAN link must be provided, like Host IP address, Network mask, and Default Gateway.
CUSTOMER OFFICE LOCATIONS
Accessing Vessel Insight
- Port 443 must be open for outbound connections
- The following internet URL endpoints must be accessible: *.kognif.ai, login.microsoftonline.com, graph.microsoft.com, account.activedirectory.windowsazure.com, secure.aadcdn.microsoftonline-p.com, api.amplitude.com, bam.nr-data.net, *.statuspage.io, aadcdn.msauth.net, js-agent.newrelic.com
PHYSICAL REQUIREMENTS
- Vessel Insight Edge Hardware must be mounted according to the Mounting Specification which will be supplied when subscribing to the service. Wired Ethernet connection (RJ45-CAT5) to the Vessel Insight Edge router is required
- Vessel Insight Edge router must be mounted according to the Mounting Specification which will be supplied when subscribing to the service
- [Optional] Malware Protection Service PC must be mounted according to the Mounting Specification which will be supplied when subscribing to the service
CONNECTOR PROTOCOL SUPPORT
- The communication between the Vessel Insight Edge Router and the source system(s) on the vessel must be open for the chosen protocols. Configuration and necessary work to achieve this will be the customer’s responsibility.
DATA STORAGE
The Kognifai Platform is built on top of the public cloud solution as offered by Microsoft Azure. Azure data centers are used for processing and storage of data. The datacenters are operated to conform with industry standards for physical security, compliance, reliability and audited for compliance with ISO27001 and ISO 27018 standards on a yearly basis.
Location for customer data is on Azure European datacenters.
If there is a need for terminating the use of the service, data export and data cleanup can be initiated by submitting a ticket to Kongsberg support.
ACCESS TO THE SERVICE
Access to the service is provided through kognif.ai over the open internet. The URL will be https://*.kognif.ai where the subdomain address (*) will be assigned to the customer when subscribing to the service.
Vessel Insight supports the following browsers:
- Microsoft Edge, Google Chrome, Safari, Mozilla Firefox (latest versions)
SECURITY
Cybersecurity is a key aspect of the Kognifai Platform. Access to the service is limited to authenticated and authorized end users. Vessel Insight uses Kognifai ID for providing user authentication through federation with Microsoft Azure Active Directory (Azure AD) for single sign -on scenarios. Azure AD is a broadly used and highly secure framework for authenticating users, which provides configurable controls for accessing the service, e.g. Multi-Factor Authentication.
Further details on Cyber Security and Kognifai Platform are available in the Trust Center. Questions and concerns regarding security and privacy can be directed to trust@kongsbergdigital.com
CUSTOMER SPECIFIC SERVICES
The Vessel Insight service is delivered with a pre-defined set of features, providing instant value and short time-to-market. However, if customizations are needed beyond the standard service, Kongsberg Digital can offer a highly professional team to accommodate the needs. Onboarding to this offer is subject to be agreed upon in a case-by-case manner.
VESSEL INSIGHT FEATURES
An overview of the various functions and features of the service:
The feature details are explained in Appendix A – Feature set descriptions.
The “Included” column show details for the feature.
- “Yes”: Included in the service
- “Option”: The feature can be added at an added cost
“On roadmap”: The feature is planned for release in the future and might incur added cost.
| Feature | Included |
| User and access Management | |
| Customer onboarding | Yes |
| User Onboarding and role management | Yes |
| Kognifai ID | Yes |
| IoT & Edge | |
| Vessel Insight Edge Computer | Yes (1) |
| Vessel Insight Edge Router for Secure Data Transfer | Yes |
| Global Secure Network License | Yes |
| Malware Protection Service (incl. HW appliance) | Option |
| Sensor Transfer Configuration tool | Yes |
| Edge Gateway Management | Yes |
| Data Buffer for periods without connectivity | Yes (2) |
| Connectors (3) | |
| MQTT | Yes |
| NMEA | Yes |
| Modbus TCP | Yes |
| Modbus Serial | On roadmap |
| OPC UA | Yes |
| OPC DA | Option |
| Features | |
| Fleet view | Yes (4) |
| Vessel view | Yes (5) |
| Asset view | Yes (5) |
| Map view | Yes |
| Sensor Structure Configuration Tool | Yes |
| Data analysis tool | Yes |
| Data export tool | Yes |
| Vessel Configuration Tool | Yes |
| 3rd party data connector Power BI | Yes |
| Non.connected Vessels | Yes (5) |
| Non-connected Vessels | Yes (5) |
| App Launcher | Yes |
| Data Quality view | On roadmap |
| Notifications | On roadmap |
| Vessel Insight API | Yes (6) |
| Data | |
| 50 Tags stored in Hot storage for 6 months, cold storage 1 year (1Hz) | Yes |
| Data Export (file based) | Yes |
| 200 Tags stored in Hot storages for 6 months, cold storage 1 year (1Hz) | Option |
| Extended number of Tags stored in Hot storage for an extended period | Option |
| Platform-to-platform integration | Option |
| Cyber Security, Service, and support | |
| Support and Service Level Agreement | Yes |
| Kongsberg Remote Support Ready | Yes |
| Access to Kognifai Maritime Ecosystem | Yes |
| Cyber Security | Yes |
| Customer Success Service | Yes |
| Monitoring | Yes |
| Software updates | Yes |
(1) Option to purchase Basic Gateway hardware with local storage and processing as an add-on
(2) Exact number of days for buffer depending on number of tags being replicated to cloud
(3) Vessel Insight service includes 1 connector for a Kongsberg Control System as well as 2 3rd party connectors
(4)View content completeness depending on source sensor availability
(5) Vessel Insight service include 5 non-connected vessels, more vessels available at an added cost
(6) Number of API calls are subject to limits
(7) Satellite connectivity is not included, but can be purchased as a separate add-on
| Internet connectivity | |
| Utilize existing customer internet connectivity | Yes |
| Satellite connectivity through KVH | Option (7) |
APPENDIX A – FEATURE SET DESCRIPTIONS
USER AND ACCESS MANAGEMENT
- Customer onboarding involve provisioning of the customer tenant based on information gathered during initial onboarding phase. Information request form is provided by the onboarding team.
- User and role management capabilities for the service are based on Kognifai ID. Setup is flexible and provides delegated management of users that will be accessing the service.
- Delegated management of users requires administrator consent to enable the OAuth permission “User.Read.All” for the Vessel Insight service in the federated user directory.
- Federation options is limited to capabilities in Microsoft Azure Active Directory.
IOT & EDGE
Internet-Of-Things components for capturing sensor and system data consists of:
- Edge Gateway software modules, providing a single data access pipeline for data to be transmitted to cloud. For situations where internet access is not available, data is buffered on the vessel and transmitted when internet access is restored. Remote management of Edge Gateway software modules is provided through the Edge Gateway management tool for the operational team.
- Hardware for hosting the IoT Gateway software modules, currently a Lenovo MC330 pc running Linux Ubuntu LTS.
- Secure data transfer through the Kongsberg private VPN solution “Global Secure Network”, using a 24 port Cisco router
- Sensor Transfer Configuration Tool that provides an easy-to-use user interface for selecting which sensors on the vessel that will be replicated to the Vessel Insight cloud.
- [Option] Malware Protection Service, a hardware/software bundle that provides malware scanning of software introduced into the vessel network from USB sticks.
CONNECTORS
The following connectors are available for capturing data from sensors onboard the vessel:
- MQTT
- NMEA 0183 (TCP/UDP) (8)
- Modbus TCP (RTU) (9)
- Modbus Serial (RTU) [On roadmap]
- OPC UA (10)
- [Option] OPC DA
(8) Supports only NMEA 0183 protocol and can read data for his conventional field delimited messages, i.e. messages starting with the ‘
