Everything else on a modern yacht depends on one thing that owners never see: the network. WiFi, connectivity, cameras, navigation data, entertainment and security all ride on it. Get the superyacht network design right and the rest becomes possible; get it wrong and no amount of fast internet or expensive hardware will save the experience aboard.
This guide explains what a yacht network actually has to do, why the usual flat network fails, and what a properly designed one looks like.
What a yacht network has to carry
A superyacht is a dense, mixed environment on a single hull. In one place, the network has to serve:
- Guests, who expect fast, effortless WiFi and total privacy.
- Crew, who run operations, admin and their own devices.
- Navigation and bridge systems, which are safety-critical and must never be disturbed.
- Cameras and security, often bandwidth-hungry and always sensitive.
- IoT and building services: lighting, climate, AV and more.
These have completely different needs for speed, priority, privacy and security. Asking them all to share one undifferentiated network is where most problems begin.
The problem with a flat network
A flat network is one where everything sits together in a single space with, usually, a single shared WiFi password. It is simple to set up and quietly disastrous:
- No isolation. A compromised guest phone or a misbehaving device can see and reach everything else, including navigation and owner data.
- No privacy. Guest, crew and owner traffic all mix together.
- No control. A single heavy user or a broken device can degrade the whole network, including the bridge.
- No security story. There is nothing to contain a problem, so a small incident becomes a total one.
This is the setup we most often find aboard, and replacing it with structure is usually the highest-impact change we make.
Segmentation: the core idea
The fix is segmentation using VLANs. A VLAN splits one physical network into several separate logical ones, so guest, crew, navigation and IoT each live in their own isolated segment while still sharing the same cabling and switches. The effect is powerful:
- A problem in one segment (say a compromised guest device) cannot reach the others.
- Navigation and bridge electronics are kept strictly apart, so nothing competes with safety-critical traffic.
- Owner and guest data is isolated by design, which is the foundation of real privacy.
- Each segment can have its own rules, priority and security.
Segmentation is the single most important concept in a serious yacht network, and it is standard practice in the corporate world we come from. It also underpins everything in our guide to yacht cyber security.
Designing for the hull
A good design is physical as much as logical. It means engineering for the specific vessel:
- A managed platform. We build on the UniFi ecosystem: gateway, switching and wireless as one coherent, manageable system.
- Access-point placement. Enough APs, positioned deliberately, so structure never leaves a dead spot, including exterior and mast-mounted units for full-deck coverage. There is more on this in our yacht WiFi and internet guide.
- Structured cabling and fibre. Planned for resilience and for the upgrades that will inevitably come.
- Firewalling and threat management at the gateway, watching traffic between segments.
Building for resilience
A network is only as good as its connection to the outside world, and at sea that connection is under constant stress. A resilient design assumes links will fail and plans for it: automatic failover across Starlink, cellular and, where fitted, VSAT, so an outage never becomes a guest-facing incident. We cover the connectivity side in our Starlink installation guide and the trade-offs in Starlink vs VSAT.
Identity on top
Segmentation decides where devices can go; identity decides whether they get on at all. The strongest yacht networks add certificate-based authentication (EAP-TLS) so only trusted, known devices can join, with no shared password to leak. Design and identity together are what make a network genuinely secure rather than merely tidy.
Get it right before the cabling
The cheapest time to design a network well is before it is built. On a newbuild or refit, planning the IT infrastructure early means cable runs, access-point positions and equipment spaces are built in from the start rather than compromised around later. That is exactly what our refit and newbuild consulting is for, and it saves money and regret. If the yacht is already fitted, a careful retrofit still delivers most of the benefit.
We design and build yacht networks to an enterprise standard in Palma de Mallorca, on-site when a job needs it. If your network is holding the rest of the yacht back, get in touch and we will help you fix it properly.
Frequently asked questions
- What is a VLAN and why does a yacht need one?
- A VLAN is a way of splitting one physical network into several separate logical ones. On a yacht it lets guest, crew, navigation and IoT devices live in isolated segments even though they share the same cabling and switches. That isolation is what keeps a compromised guest phone away from the navigation system and the owner's data. It is the single most important idea in a proper yacht network.
- Can you redesign our network without replacing all the hardware?
- Often, yes. Many jobs start by auditing what is aboard, then introducing segmentation and structure using as much of the existing equipment as is worth keeping. We are honest about what should be replaced and what should not, and we can phase the work so the yacht is never offline at a bad moment.
- Why UniFi rather than consumer networking gear?
- A yacht needs managed networking: VLANs, controlled WiFi across many access points, firewalling and visibility into what is happening. Consumer gear cannot do this properly. The UniFi ecosystem gives a single, coherent platform for gateway, switching and wireless that scales to a yacht and can be managed and supported over time.
- When is the best time to plan a yacht's network?
- Before the cabling goes in. On a newbuild or refit, getting the IT infrastructure designed early means the right cable runs, access-point positions and equipment spaces are built in from the start, rather than compromised around later. If that window has passed, a retrofit still delivers most of the benefit; it just takes more care.