Skip to content

Crew Wi-Fi Hotspot Management

Overview

Many vessels today provide Internet access for crew members, but authenticating users, managing accounts, enforcing usage quotas, and handling billing across a large fleet can become operationally complex — especially when crew assignments rotate between vessels and satellite connectivity is intermittent.

RansNet Hotspot Gateway (HSG) addresses these challenges by automating the end-to-end crew Internet access lifecycle. The solution integrates with COMPAS (and other crew management and payment systems via API), synchronizes crew identities automatically, enforces per-user usage quotas, and allows crew members to self-purchase additional data when needed.

Crew WiFi Overview

Solution Architecture

The solution uses a two-tier HSG deployment following the Captive Portal over SD-WAN (CloudX) deployment model.

Component Role Location Purpose
Central HSG Single source of truth Operator's data centre or cloud (Azure/AWS) Crew identity, access profiles, quota management, billing records, API integration with COMPAS
Vessel HSG Local authenticator On board each vessel Hosts captive portal; provides fast login even with intermittent satellite connectivity

An SD-WAN VPN tunnel connects each vessel HSG back to the central HSG, providing the authentication backhaul and synchronization path.

Key Capabilities

  • Centralized identity management — Crew IDs are automatically synchronized from COMPAS to the central HSG via API, with vessel assignment determined by the crew scheduling system
  • Vessel-bound access — Each crew ID is restricted to authenticate only from its currently assigned vessel network; access automatically follows the crew member's rotation schedule
  • Single device enforcement — Each crew ID is permitted to be logged in from one device at a time, preventing account sharing
  • Weekly free quota — Every crew member receives a configurable weekly free data quota that resets automatically on a scheduled day and time
  • Self-service top-up — Crew members can purchase additional data quota directly through the captive portal; purchased quota does not expire and carries over across vessel reassignments
  • Post-billing integration — COMPAS retrieves top-up purchase records from the central HSG via API for reconciliation and billing
  • Application access control — Restrict certain applications or destinations based on crew role or department
  • Compliance logging — Internet access logs are captured as NetFlow records on the local vessel HSG for security compliance, audit trails, and dispute investigation

Deployment

Step 1: Deploy HSG Appliances and Build SD-WAN

Follow these steps to set up the foundation:

  1. Follow the Getting Started guide to deploy the central HSG and each vessel HSG appliance
  2. Configure API access on the central HSG using the Hotspot API guide for COMPAS or other crew management system integration
  3. Build an SD-WAN VPN tunnel from each vessel HSG to the central HSG

Note

  • The central HSG must have a static public IP address so that vessel HSGs can establish outbound SD-WAN VPN tunnels to it
  • Vessel HSGs can use any available Internet uplink (satellite, cellular, or shore connection) to initiate the VPN tunnel to the central HSG

Step 2: Configure Access Profiles

On the central HSG, create an access profile for each vessel (each profile maps to a unique Vessel ID). Configure the access rights attached to each profile:

Access Profile Configuration

Access Right Purpose Configuration
Session Timeout Maximum continuous connection time Example: 4 hours per session
Idle Timeout Disconnect after period of inactivity Example: 30 minutes
Bandwidth Rate Limits Maximum upstream and downstream speed Example: 10 Mbps down / 2 Mbps up
Free Quota Allocation Weekly/monthly data allowance Example: 5 GB per week
Access Control Rules Permitted or blocked services/destinations Block streaming; allow email/messaging

Info

Users assigned to an access profile automatically inherit all access rights defined in that profile. Updating a profile immediately applies to all users assigned to it.

Step 3: Create and Manage Crew Accounts

Crew accounts can be provisioned through multiple methods:

Account Management

Method Use Case Details
API automation Bulk provisioning Integrate with COMPAS via HSG RESTful API to automate account creation, modification, suspension as crew assignments change
Payment gateway Self-service purchases Configure payment gateway for crew to self-purchase access plans; HSG handles billing and invoicing
Manual VIP accounts Administrators Create individual accounts manually and assign directly to access profiles
Voucher bulk creation Physical distribution Use guest management console to mass-generate and print access vouchers

When creating user accounts, assign a user attribute (e.g., crew rank, department, position) to each account. This attribute is used as a matching criterion in automated quota management rules (see Step 4).

Note

If automating quota management — for example, performing weekly free quota resets — it is important to assign a consistent user attribute to each account so that automation rules can accurately identify and target the correct user groups.

Step 4: Configure Automated Quota Management

Under Data Maintenance, create automated rules to assign free data quota based on user attributes (e.g., crew rank). Rules can match on multiple criteria simultaneously, allowing differentiated quota tiers.

Quota Management Rules

Tier Typical Crew Role Free Quota Purpose
Officer Tier Captain, Chief Engineer, Officers 10 GB/week Higher quota for management roles
Standard Tier Ratings, Crew 5 GB/week Baseline quota for regular crew
Limited Tier Visitors, Contractors 2 GB/week Controlled access for non-permanent personnel

Note

  • When a user holds both a free quota allocation and purchased top-up quota, free quota is consumed first. Top-up quota is only drawn down once the free quota is exhausted.
  • A scheduled maintenance job runs every Sunday at 00:00 to purge any remaining unused free quota from the previous week, assign the new week's free quota, and carry over any remaining purchased top-up quota to the following week.

Step 5: Create the Crew Login Portal

RansNet provides extensive captive portal capabilities with a fully customizable interface. The crew Wi-Fi portal is configured to expose the following self-service functions:

Crew Portal Interface

Feature Purpose Benefits
Quota plan selection View available data plans and current quota balance Transparency; helps crew manage usage
Password change Allow crew to update their own login credentials Security; reduces IT support tickets
Data top-up Self-service purchase of additional data quota Revenue generation; crew autonomy
Billing history View past transactions and invoices Transparency; reduces billing disputes

The portal content is hosted locally on the on-board vessel HSG, providing a fast login experience independent of satellite link quality or latency.

Crew Portal Landing Page


Reporting and Monitoring

The HSG provides comprehensive reporting for fleet administrators and business stakeholders, covering user activity, session history, quota usage, purchase records, and detailed traffic logs.

User Dashboard

A real-time overview of active sessions, connected devices, quota consumption, and system health across the fleet.

User Dashboard

Key Metrics:

  • Active crew members currently logged in
  • Devices connected per vessel
  • Current quota consumption (free vs. purchased)
  • System health and uptime per vessel HSG

Session History

Complete historical session records per user, including login time, logout time, device, data consumed per session, and applied access profile. Used for traceability, SLA reporting, and dispute investigation.

Session History Records

Analysis Capabilities:

  • Filter by crew member, vessel, or date range
  • Export sessions for billing reconciliation
  • Identify peak usage times and patterns
  • Correlate sessions with quota consumption

Purchase and Top-Up Records

Full billing history of all self-service data top-up transactions, including amount, plan purchased, payment method, and timestamp. Records are retrievable by COMPAS or external billing systems via the HSG API for post-billing reconciliation.

Purchase History

Reconciliation Workflow:

  1. Crew member purchases top-up via portal
  2. HSG records transaction with timestamp and payment method
  3. COMPAS retrieves records via API on a scheduled basis
  4. Finance team reconciles and invoices crew member

NetFlow Traffic Logs

Granular per-connection traffic records captured as NetFlow data on the local vessel HSG. Provides visibility into individual connection destinations, protocols, and data volumes — supporting deeper user behavior analysis, security audits, and dispute resolution without relying on central connectivity.

Refer to NetFlow Traffic Logs for detailed setup and querying instructions.

Application Access Control

You can optionally use the HSG to restrict access to certain applications or destinations based on crew role, department, or vessel policy. This is useful for enforcing company acceptable-use policies, protecting bandwidth for critical operations, or complying with maritime security requirements.

Use Cases:

Scenario Control Benefit
Protect bandwidth Block video streaming during operational hours Preserve satellite bandwidth for critical applications
Security compliance Block access to known malicious domains Reduce risk of crew devices being compromised
Crew productivity Allow work applications; limit social media Encourage focus on duties during work hours
Cost control Throttle peer-to-peer and torrenting Prevent excessive data consumption

Implementation Methods:

  • IP/Port-based blocking — Block specific destination IPs or ports (e.g., port 6881-6889 for BitTorrent)
  • DNS blocking — Intercept DNS queries for blacklisted domains and return no-service response
  • Protocol-based filtering — Block or throttle specific protocols (e.g., video streaming protocols)

For detailed configuration examples and role-based access policies, refer to Restricted Applications in Crew Networks.


Best Practices

Quota Management

  • Differentiate by role — Officers and essential personnel typically receive higher quotas than general crew
  • Monitor consumption — Review quota usage reports weekly to identify power users and trends
  • Set realistic limits — Base quotas on actual usage patterns, not guesses; survey crew on expectations
  • Communicate policy — Publish quota limits and top-up pricing clearly to crew before deployment

Security and Compliance

  • Enable NetFlow logging — Capture traffic logs for audit trails and dispute resolution
  • Restrict applications — Block file-sharing, P2P, and streaming to protect bandwidth and prevent malware
  • Enforce strong passwords — Require crew to change default credentials on first login
  • Monitor access patterns — Review session logs for unusual activity or policy violations

Operational Continuity

  • Test vessel disconnections — Verify that crews can still authenticate when the central link is down (local authentication)
  • Implement failover — Configure backup authentication paths to ensure crew can always login
  • Regular backups — Backup central HSG configuration and crew database regularly
  • Coordinate maintenance — Schedule central HSG updates during low-traffic periods to minimize service disruption