Maritime & Shipping

Your Wärtsilä Engine Fails 2,000 Miles from Port. Now What?

Remote access that actually works over satellite bandwidth. 70% fewer fly-outs. IMO 2021 compliant. No drydock required.

Sub-100 Kbps typical usage

8-minute vendor access

30-minute deployment

Maritime-adjacent proof: Baker Hughes • AltaGas + offshore platforms with satellite constraints
Xona-Maritine-Image

The Problem Nobody Talks About

Here's what actually happens when engine control fails at sea: You're managing 45 vessels across three trade routes. It's 2am. The MAN engine on your container ship shows temperature anomalies. Your charter customer's SLA says the vessel stays on schedule—delays cost $50K per day.

Your options: Fly an engineer out for $10K and 8 hours. Or coordinate VPN access through IT tickets that take 2-3 days. Or divert to the nearest port and blow the charter agreement.

None of these work. VPNs need 500+ Kbps bandwidth—you have 256 Kbps VSAT for $500/month/vessel. IT tickets are too slow for emergencies at sea. And your marine superintendent team is stretched thin covering 24/7 across global timezones.

This is the problem Xona solves.

Remote access that works over maritime satellite bandwidth (256-512 Kbps VSAT, sub-100 Kbps typical usage). Access behaves predictably across your fleet—whether MAN engine diagnostics or Furuno navigation updates, your shore team knows what to expect. Your port technical manager provisions OEM vendor access in 8 minutes—not 2-3 days.

The result: 70% fly-out reduction = $320K annual savings for your 45-vessel fleet. Faster MTTR. Predictive maintenance that catches issues before they force $2M-$5M drydock entries.

Actually, There's a Satellite Bandwidth Problem

VPNs Need 500+ Kbps. You Have 256 Kbps.

VPN vendors will tell you remote access "just works." Here's what they don't tell you: VPNs need 500+ Kbps bandwidth. You're paying $500/month/vessel for 256-512 Kbps VSAT. The math doesn't work.

When your Furuno ECDIS needs a security update or your Kongsberg automation system needs diagnostics, VPN tunnels either fail completely or consume so much bandwidth that your crew can't send email.

What marine superintendents actually do:
Fly engineers out 36 times per year at $5K-$15K per trip. Total: $180K-$540K annually.

Actually, There's a Vendor Coordination Problem

8-15 OEMs. 147 Standing Credentials. Zero Visibility.

Your port technical manager coordinates 8-15 OEM vendors across your fleet: MAN engines, Wärtsilä propulsion, Furuno navigation, Kongsberg automation, Inmarsat communications.

  • Submit IT ticket for VPN access (2-3 days processing)

  • IT provisions VPN credentials for vendor engineer

  • Vendor installs VPN client (doesn't work on older tools)

  • Connection fails because VSAT can't support VPN overhead

  • Fly engineer out anyway

The workaround: 
Shared passwords. Standing credentials. No session recording. 147 active vendor passwords across the fleet.

Actually, There's an IMO 2021 Compliance Gap

Port State Control Now Reviews Cybersecurity

IMO Resolution MSC.428(98) requires documented cybersecurity framework for remote access. Port state control inspections (Paris MOU, Tokyo MOU, USCG) now include cybersecurity review. SIRE 2.0 vetting inspections have Chapter 13 dedicated to cyber security.

What you need: Audit trails showing who accessed which vessel, when, for how long, which systems. MFA authentication records. Session recording.

Vessel detention risk:
$50K-$100K per day. One detention wipes out your entire year's savings from "free" VPN solutions.

Why Alternatives Don't Work at Sea

vs. Traditional VPN Solutions (Cisco, Palo Alto)

Capability
Satellite Bandwidth
Latency Handling
Vendor Access
IMO Compliance
Deployment
Session Isolation
VPN Solutions
500+ Kbps required
Fails at 500ms+
2-3 days (IT ticket)
Manual documentation
Weeks (network changes)
Network tunnel (lateral risk)

Xone-Logo-White@2x

 

Sub-100 Kbps typical (80% lower)
Optimized for 500ms+ satellite latency
8 minutes (self-service)
Automated audit trails
30 minutes per vessel
Session-level (zero lateral movement)

Winner: Xona provides 80% bandwidth reduction, 8-minute vendor access vs. 2-3 days, and automated IMO compliance vs. manual documentation.

vs. IT ZTNA Vendors (Zscaler, Palo Alto)

Capability
Intermittent Connectivity
Maritime Protocol Support
Legacy OS Compatibility
Satellite Latency
On-Premises Deployment
IT ZTNA
Assumes cloud connectivity
No NMEA, Modbus maritime
Requires modern OS
Optimized for <50ms
Cloud-only

Xone-Logo-White@2x

 

Disconnected mode for offline
NMEA 0183/2000, Modbus, CAN
Windows XP embedded systems
Handles 500ms+ satellite
On-prem option (data stays local)

Winner: Xona provides intermittent satellite support, maritime protocol compatibility, legacy OS support, and on-premises deployment.

How Xona Actually Works

It's not a VPN. That's the point.

8-Minute Provisioning

Self-service vendor access in 8 minutes vs. 2-3 days

Marine superintendent logs into browser console, grants Wärtsilä vendor 8-hour access to specific vessel's engine control system. No IT dependency. No tickets.

Browser-Based Connection

Sub-100 Kbps typical (80% lower than VPN)

Wärtsilä engineer clicks link, accesses MAN engine diagnostics through browser. No VPN client. No software installation. Works on any device.
 

Session Isolation

Automatic IMO-ready audit trail

Vendor sees engine control system only—cannot pivot to navigation, cargo systems, or other vessels. Zero lateral movement. Protocol isolation at gateway.

It's VSAT-Agnostic (Unlike Maritime-Specific Tools)

Navarino's remote access only works with Navarino VSAT. Marlink's platform only works with Marlink satellite. You use mixed providers across your fleet
Xona works with all of them. No satellite provider lock-in. No forced migration. Works with Inmarsat FleetBroadband, Iridium Certus, Speedcast, Thuraya, KVH—access behaves predictably regardless of vessel location or satellite provider.

Xona Inmarsat Logo
Xona Iridium Logo
Xona Speedcast Logo
Xona Thuraya Logo
Xona KVH Logo
Xona Marlink Logo
Xona Inmarsat Logo
Xona Iridium Logo
Xona Speedcast Logo

Your On-Call Life Gets Better

Marine Superintendents

Less firefighting. More predictive maintenance.

Before
Managing 35 vessels across three trade routes. Coordinating OEM vendor access takes 2-3 days through IT tickets. Stuck between slow VPN provisioning or expensive fly-outs (36 times per year).

After
Self-service vendor access provisioning in 8 minutes. No IT dependency. Provision MAN, Wärtsilä, Furuno, Kongsberg vendor access directly.

Emergency fly-outs: 36/year → 11/year (70% reduction)

Port Technical Managers

Zero vessel detention risk.

Before
Maintaining 147 standing vendor credentials across 45-vessel fleet. Shared passwords. No session recording. Port state control audits flag credential management gaps.

After
94% reduction in standing credentials (147 → 9 active, all time-bound). Just-in-time access with auto-expiration. 100% audit trail coverage.

Audit prep: 6 months → 3 weeks (automated)

Fleet Operations Managers

ROI in 4-6 months.

Before
Emergency fly-out budget: $180K-$540K annually for 45-vessel fleet (36 trips × $5K-$15K per trip). Vessel detention risk $50K-$100K/day. Unplanned drydock entries from missed remote diagnostics.

After
70% fly-out reduction = $320K annual savings. Zero port state control cybersecurity findings. Predictive maintenance catching issues before unplanned drydock.

Payback period: 4-6 months (fly-out savings alone)

ROI Calculator: Maritime Fly-Out Reduction

45-Vessel Fleet Baseline

Emergency Fly-Outs

Baseline Annual Cost

Frequency
Cost per trip
Typical cost

Annual Baseline

36 trips/year
$5K-$15K
$12-13K avg
$432K

With Xona (70% Reduction)

After Deployment

Fly-outs per year
Trips eliminated
Remaining fly-out cost

Annual Savings

11 trips
25 trips
$132K
$300K-$320K

Additional ROI Components

$2M-$5M

Avoided unplanned drydock entry

$50K-$100K

Vessel detention avoidance (per day)

4-6 mo

Payback period
One avoided unplanned drydock pays for entire fleet Xona deployment

Use Cases: Quantified Operational Outcomes

Emergency Engine Diagnostics at Sea

Container ship 2,000 nautical miles from nearest port experiences MAN engine performance degradation. Engine control system shows temperature anomalies. Charter customer SLA requires vessel maintains schedule—delays cost $50K per day.

Before Xona

Coordinate emergency fly-out ($5K-$15K cost, 4-8 hours travel). Or vessel diverts to nearest port (off-schedule, charter SLA violation). Or IT ticket processed for VPN access (2-3 days, too slow).

With Xona

Marine superintendent provisions MAN vendor access in 8 minutes. MAN diagnostics engineer connects within 15 minutes. Root cause identified: cooling system sensor fault (non-critical). Vessel maintains schedule.

Quantified Outcome
  • Avoided fly-out: $5K-$15K saved
  • Charter schedule maintained: $50K penalty avoided
  • Total value: $55K-$65K for single incident

Fleet-Wide ECDIS Software Update

45-vessel fleet requires Furuno ECDIS security update to address IMO-identified vulnerability. Update must be completed before next port state control inspection cycle.

Before Xona

Coordinate Furuno vendor port visits to each vessel (45 × $3K-$5K = $135K-$225K). Or fly engineers to vessels at sea (45 × $10K = $450K). Or wait for home port (3-6 months, misses compliance window).

With Xona

Port technical manager provisions Furuno vendor access. Remote ECDIS updates over VSAT (30 min per vessel). 45 vessels updated in 2 weeks. Complete audit trail generated automatically.

Quantified Outcome
  • Cost savings: $135K-$225K (avoided site visits)
  • Compliance timeline: 2 weeks vs. 3-6 months
  • Port state control ready: Audit documentation out-of-box

Predictive Maintenance for Wärtsilä Propulsion

Tanker vessel's Wärtsilä propulsion system shows gradual performance degradation over 3-month period. Marine superintendent suspects bearing wear but needs Wärtsilä analysis to determine if issue requires drydock entry.

Before Xona

Fly Wärtsilä engineer to vessel at sea ($10K-$15K). Or wait until scheduled drydock (6 months away)—risk catastrophic failure requiring emergency drydock ($2M-$5M). Or divert to nearest yard ($50K/day off-charter).

With Xona

Marine superintendent provisions Wärtsilä vendor access. Remote propulsion data analysis, vibration patterns, temperature trends. Diagnosis: Bearing wear within limits, can operate until scheduled drydock. Parts ordered in advance.

Quantified Outcome
  • Avoided emergency drydock: $2M-$5M saved
  • Avoided unnecessary fly-out: $10K-$15K saved
  • One incident pays for entire fleet Xona deployment
Capabilities

Built for Manufacturing Operations

System Requirements

  • indows Server 2016+ or Linux (Ubuntu 20.04+, RHEL 8+)
  • 4 vCPU, 8GB RAM minimum
  • VSAT, Inmarsat, or Iridium (256 Kbps minimum)
  • Windows XP+ or Linux embedded supported
  • No software on vessel systems (agentless)

Supported Protocols

  • NMEA 0183 and NMEA 2000 (navigation)
  • Modbus TCP/RTU (industrial automation)
  • CAN bus (Controller Area Network)
  • Proprietary OEM protocols (MAN,
  • Wärtsilä, Furuno, Kongsberg)
    RDP, SSH, VNC, HTTP/HTTPS

Integration Capabilities

  • Active Directory (native integration)
  • LDAP, SAML 2.0 (SSO)
  • MFA: TOTP, SMS, hardware tokens
  • SIEM: Splunk, Elastic, IBM QRadar
  • IMO Resolution MSC.428(98) format reports

Security Architecture

  • Session-level isolation (brokered access)
  • Zero lateral movement (vessel-to-vessel)
  • Protocol isolation (NMEA, Modbus at gateway)
  • Time-bound credentials (4/8/24-hour auto-expire)
  • 100% session recording (video + keystroke)

FAQ

Will this work over our VSAT bandwidth?

Yes. Sub-100 Kbps typical usage works reliably over 256-512 Kbps VSAT, Inmarsat FleetBroadband, Iridium Certus. Proven in offshore platforms with similar satellite constraints.

Can we deploy without drydock?

Yes. 30-minute deployment per vessel while operating. No drydock ($2M-$5M cost avoidance), no port time, no network changes. 45-vessel fleet deployed in 6 weeks with zero disruption.

Will OEM vendors adopt this?

Yes. Browser-based access means no VPN client installation. Works with MAN, Wärtsilä, Furuno, Kongsberg diagnostic tools they already use. Zero vendor onboarding friction.

How fast can we get vendor access during emergencies?

8 minutes. Marine superintendent provisions access through browser console in 5-8 minutes (vs. 2-3 day IT tickets). Time-bound credentials auto-expire. Self-service—no IT dependency.

Is this IMO 2021 compliant?

Yes. Automated audit trails align with IMO Resolution MSC.428(98). Session recording, MFA logs, access control documentation for port state control inspections. Customer passed inspection with zero cybersecurity findings.

Does this lock us into a VSAT provider?

No. VSAT-agnostic—works with Inmarsat, Iridium, Marlink, Speedcast, Thuraya, Navarino, KVH. Optimize provider by route and vessel type, no lock-in.

What ROI can we expect for our maritime fleet?

Typical 70% fly-out reduction = $320K annual savings for 45-vessel fleet. Payback period 4-6 months through fly-out savings alone. Additional ROI: avoided unplanned drydock entries ($2M-$5M per vessel), vessel detention avoidance ($50K-$100K per day), charter performance improvement, shore engineering efficiency (30-40% reduction in 24/7 coordination).

Can we deploy across mixed vessel types?

Yes. Overlay architecture works across heterogeneous vessel networks—container ships with Inmarsat, tankers with VSAT, bulk carriers with Iridium. Same deployment process (30 minutes per vessel) regardless of vessel type. Supports mixed satellite providers and varied vessel IT infrastructure.

How does Xona integrate with our existing Active Directory?

Native Active Directory integration, LDAP/SAML support—works with existing IT infrastructure. No identity system changes required. MFA capabilities integrate with existing authentication systems (TOTP, SMS, hardware tokens). Single sign-on (SSO) available for shore-based provisioning console.

 

Customer Results

70%

Fly-Out Reduction
45-vessel global shipping fleet reduced emergency fly-outs from 36/year to 11/year, saving $320K annually through faster remote diagnostics and OEM vendor access coordination (8 minutes vs. 2-3 days).

0

Port State Control Findings
Customer passed port state control inspection with zero cybersecurity findings using Xona's automated IMO Resolution MSC.428(98) audit trail documentation. Analogous proof: 35-substation utility passed NERC CIP audit with zero findings.

6 wks

45-Vessel Fleet Deployed
Zero operational disruption, no drydock required, no technical crew training. 30-minute deployment per vessel while operating.

Schedule Maritime Fleet Assessment

30-minute consultation to evaluate fly-out reduction ROI and IMO 2021 compliance readiness for your specific fleet profile.

  • Fly-out cost baseline and 70% reduction projection
  • VSAT bandwidth compatibility assessment
  • IMO Resolution MSC.428(98) compliance gap analysis
  • Fleet deployment timeline (30 minutes per vessel)
  • ROI timeline (typically 4-6 months payback)
  • IMO Resolution MSC.428(98) Alignment
  • SIRE 2.0 Chapter 13 Vetting 

  • Maritime-Adjacent Proof (Offshore Platforms)

 Secure access for the systems that keep the world running.
© Xona Systems, 2026
Cookie Policy
Privacy Policy
Disclosure Policy
Website Terms of Service
Terms & Conditions