KVH Industries case study

| Customer story
Download now

The Customer

Secure and robust OTA software updates for vessels over VSAT communication




Maritime | Global


KVH Industries is a global leader in mobile connectivity, content, and value-added services, delivering innovative technology designed to enable a mobile world and keep mariners always connected. The company has more than a dozen offices around the globe with research, development, and manufacturing operations based in Middletown, Rhode Island. KVH develops, manufactures, and provides maritime connectivity hardware and services worldwide to ensure vessels stay always connected. 

KVH’s passion is finding the right solutions for its customers, driven by its entrepreneurial spirit and unique breakthrough products. To ensure product performance and continue innovation through faster and seamless firmware and software updates, KVH required a secure and flexible OTA infrastructure.

7 k-1

prevented potential injuries

per user per day


effective collision avoidance and

drop-off protection


The Challenge

Four Keys to Delivering Secure Connectivity at Sea

Group 8455 (2) Maximize device availability and uptime across a geographically dispersed fleet
Group 8454 Deploy firmware and software updates in low-connectivity satellite environments
Group 8456 (1) Ensure robust security and regulatory compliance across vessel classifications
Group 8457 (1) Reduce time-to-market for new features and seamlessly integrate across operations


The Challenge

Deploying firmware and software updates in low-connectivity environments

KVH’s innovative technology serves as an “ISP for boats.” Operating a worldwide satellite network with over 7,000 subscribers, KVH provides its customers’ vessels with an internet communication path via parabolic terminals, enabling them to stay connected while at sea. Fast data speeds, reliable data management, global coverage, security, and proven professional service are critical facets to ensuring customer satisfaction for KVH.

KVH’s VSAT terminals use the Ku-band frequency spectrum (12-18 GHz) for satellite communication. KVH terminals consist of a fully stabilized tracking antenna unit above deck and a compact below-deck unit for antenna control, power, and data access and networking. With customers at sea worldwide, it is unrealistic to expect a sailor or commercial vessel to wait until they arrive in port to get a software update. Only providing updates in port severely limits the ability to deploy time-sensitive changes, such as security issues, in addition to releasing new features and functionality. The KVH team determined that over-the-air (OTA) is the best strategy to update the software on the remote terminals onboard boats.

To reduce the time to market for its next-generation products, KVH is also implementing a software deployment process with OTA capability. The TracNet™ H-Series line is the latest generation KVH product, covering three communication channels: VSAT for worldwide coverage at sea, 5G/LTE cellular for nearshore connections, and Wi-Fi for in-port or in-marina connections. A software algorithm automatically tests the strength of the different communication channels and automatically chooses the best connection for the vessel at any given time. Continuously monitoring and testing channel performance, the TracNet™ hybrid system selects the least expensive and most reliable communication channels should multiple channels be available with strong connections. Cellular and Wi-Fi are typically chosen as VSAT usually costs more and delivers slower connection speeds than cellular and Wi-Fi. Remote terminals on boats at sea must be able to receive software updates to optimize the connectivity on the vessel continually.

As a service provider enabling internet connectivity, DDoS and other cyber attacks pose a considerable security risk for KVH. Similar companies have suffered bricked terminals, stopping all communication services due to exploits. Such breaches require onsite visits to resolve device issues. Offering mainly commercial communications solutions, enterprise network security is essential for KVH customers who are highly concerned about possible vulnerabilities in the KVH product communication path. Government customers also have particular security specifications that KVH must meet. As such, KVH mostly builds the hardware and writes the software in its products in-house so it can retain vertical control over the security and quality of its products. The security needs of simple leisure boats and large luxury yachts to commercial and government vessels must be supported by KVH products.

In addition to VSAT communication support and security, the OTA update infrastructure must be highly robust and API-based to integrate with a self-service customer portal and support machine-to-machine communication. Communications or operational outages can place the lives of seafarers at risk and result in operational expenses in the hundreds of thousands or millions of dollars. Robustness is critical to ensuring KVH’s remote terminals and next-gen products are updated safely and securely in an automated way.

OTA Software Update Solution Technical Requirements

Tick Deploy completely over-the-air software updates
Tick Provide a fail-safe design with rollback capabilities
Tick Integrate with AWS IoT Core to manage application updates 
Tick Support application updates for Intel RealSense vision cameras
Tick Manage a device fleet at scale easily
Tick Minimize the bandwidth costs of deploying updates over cellular networks


The Solution

Implementing safe OTA updates 

Taking a best-of-breed approach, KVH selected Mender as its partner for OTA firmware and software updates. Leveraging Mender, KVH could deploy updates across channels, including the low-connectivity VSAT, an essential requirement in selecting its OTA solution. With Mender, KVH can update the full root filesystem within the antenna control component for satellite communications. KVH can also deploy software image updates using a read-only root filesystem to facilitate incremental updates and reduce bandwidth expenses.

In addition to low-connectivity support, Mender satisfied KVH’s strict security and regulatory requirements. With a security-by-design approach, KVH seamlessly integrated Mender and its OTA infrastructure into its robust multi-level cybersecurity program. KVH leveraged Mender’s robust security features to minimize the risk of bricked devices, cyber attacks, and operational outages.

KVH also required an OTA solution that was easy to set up, deploy, and integrate into its existing operations. With Mender, KVH can provide its customers with the capability to update their terminals at will. KVH customers can self-serve from a portal to see how their service is running.



The Mender Difference

Group 8455 Easy to set up, test, and deploy OTA infrastructure Group 8456 Fulfills OTA security and regulatory requirements
Group 8462-1 Seamless integration with existing KVH systems and services Group 8457 Ability to deploy full root filesystem and delta updates


Technology Ecosystem

Tick Embedded Linux (Debian and Yocto)
Tick AWS IoT Core 




The Benefits

Accelerated innovation with robust security and safety

Maximum device uptime with seamless firmware and software updates. The Mender OTA solution delivered greater agility for KVH while safeguarding against bricked devices. With Mender, the KVH team can easily set up and deploy OTA updates. The user-friendly interface and low-connectivity support enabled KVH to deploy software updates to the remote terminals on the boats over a satellite (VSAT) communication channel without the need to be at port or onsite visits. KVH can also now do read-only full root filesystem image updates and incremental updates and support updates via cellular and Wi-Fi communications. Mender minimizes the risk of bricked devices and operational outages through its fail-safe robust design, ensuring devices are never partially updated or left inoperable. 

Ensure security across a device fleet at sea. The KVH team could realize the power of OTA updates while ensuring security at each step with Mender’s security-by-design approach. KVH could seamlessly deploy security updates across its device fleet quickly and without onsite technician visits. Mender’s built-in enterprise security naturally fits with KVH’s cybersecurity program.

Optimized device management and improved customer experience with self-service support. KVH could deliver higher control and flexibility to its customers. With Mender, customers can control which updates their own devices get via a self-service customer portal. KVH is also able to support new and emerging business requirements, such as machine-to-machine communication.

Partnering with Mender for secure and robust OTA updates enabled KVH to continuously innovate and operate its next-generation products to deliver connectivity at sea.





Download the case study