
The short version: A new crew member's first day should include getting their devices enrolled on the correct VLAN (crew, not guest or nav), setting up boat email and the WhatsApp/scheduling groups the department actually uses, and flagging any laptop that's never touched a marine mesh network before it causes a support ticket mid-charter. Offboarding matters just as much — revoke access and rotate shared logins the day someone leaves, not whenever someone remembers. RemoteFix 24/7 runs both ends of this remotely, worldwide, for a flat fee with No Fix, No Fee.
Most modern yachts run at least three logically separate networks off the same Ubiquiti, Peplink, or Wavelink hardware: a guest VLAN for charter clients, a crew VLAN for personal devices, and a navigation/operational network that has no business being reachable from either. A new crew member's laptop and phone need to land on the crew VLAN specifically — not the guest network because it's the one with the easiest-to-remember password, and never the nav segment because someone handed them the bridge WiFi code out of habit.
On boats with proper network segmentation, this means adding the device's MAC address to a whitelist or issuing a time-scoped crew credential through the access controller, then confirming the device actually associates with the right SSID and pulls an IP in the correct subnet — not just that it shows "connected." A device that grabs an address via DHCP fallback because the AP profile is misconfigured can end up bridged onto a shared broadcast domain with nav electronics, which is a bigger problem than it sounds on a boat running AIS, chartplotter sync, or a NMEA 2000 gateway on the same physical switch.
The other half of joining day is bandwidth etiquette: a new hire dropping a full phone backup or a season's worth of photos onto the crew network the moment they get signal can visibly choke everyone else's connection, especially over Starlink Maritime or VSAT with a shared data pool. Walking a new crew member through this on day one — rather than after they've already saturated the pipe — saves the department a bad first week.
Most vessels run crew email on a shared Microsoft 365 or Google Workspace tenant tied to the management company or the boat's own domain, and getting a new hire's account provisioned, MFA enrolled, and mail syncing to their phone is a fifteen-minute job that's easy to push to "later" in the chaos of a first day — which is exactly when it gets forgotten and someone misses a provisioning order or a guest preference sheet three weeks in.
Beyond email, most crews run on a mix of WhatsApp broadcast lists (by department, by watch, boat-wide safety announcements), a shared calendar or rotation app for watch schedules and days off, and increasingly a dedicated crew-management or scheduling platform used by the management company or crew agency for timesheets and STCW certificate tracking. None of these are complicated individually, but a new joiner needs to be added to the right groups with the right notification settings — muted broadcast channels they should actually be reading is a recurring source of missed briefings.
If the vessel uses a VPN for crew banking or admin access, the client needs to be installed and tested on the new hire's device at this stage too, though the deeper mechanics of why that VPN matters as you cross flag-state and jurisdiction boundaries are covered separately in our guide to crew personal device support.
A surprising share of onboarding friction has nothing to do with the boat's network and everything to do with the new crew member's device never having encountered one like it. Consumer laptops configured for a single home router often default to aggressive power-saving on the WiFi adapter, which causes intermittent drops on marine mesh systems that roam a device between access points as it moves through the boat — the adapter goes to sleep between roams and doesn't reconnect cleanly.
Captive portals are another common snag: some crew networks or marina WiFi require a login page before granting internet access, and certain laptop and phone OS versions handle captive portal detection differently, occasionally requiring a manual browser visit to trigger the login prompt rather than the automatic pop-up most people expect.
Printer drivers for the crew mess printer, VPN clients that conflict with a pre-existing corporate VPN from a previous job, and time zone or system clock drift from a device that's crossed several time zones and flag-state jurisdictions in a week can all cause software license checks or two-factor authentication codes to fail in ways that look unrelated to the actual cause. None of this is exotic troubleshooting — it's just unfamiliar until you've seen it a few dozen times across a few dozen new hires' laptops.
Beyond their own devices, most new crew inherit access to a set of shared logins and department tools on day one: a provisioning or ordering platform for galley or deck supplies, a maintenance-log or PMS (planned maintenance system) app for engineering handoffs, tender GPS and chartplotter apps, safety and drill logging tools, and often a shared streaming account or two for the crew mess.
The practical risk here isn't complicated but it's routinely mishandled: these credentials get shared verbally, written on a whiteboard, or texted in plain language, and nobody tracks who currently has access to what. A better pattern — and one we help crews set up remotely — is a shared, encrypted password manager vault scoped to the department, so access can be granted and revoked per person without every account password needing to change every time someone joins or leaves.
This matters more than it seems on a boat with regular crew turnover during charter season, where a rotating cast of day-workers and freelance stews may need short-term, limited access to some tools but not others.
Offboarding gets far less attention than onboarding, and it's the bigger security gap on most boats. The checklist is short but needs to happen on the day someone leaves, not whenever the department head gets around to it:
Skipping this doesn't usually cause an immediate problem — it causes a slow accumulation of stale accounts and forgotten access that becomes a real liability months later, especially on boats with high seasonal crew turnover.
We don't set up your crew VLAN policy or hand out network credentials — that stays with your ETO or management company, as it should. What we do is the remote technical legwork that eats an HOD's afternoon: joining a call with the new hire to get their laptop's drivers, VPN client, and email syncing correctly; diagnosing why a specific device won't hold a connection to the crew mesh; setting up a shared password manager vault for a department; or working through an offboarding checklist device-by-device so nothing gets missed in the handover chaos.
It's a flat $79.99 USD Quick Fix or $149.99 USD Express session, worldwide, with No Fix, No Fee — the same session structure whether the boat is in Antibes, Fort Lauderdale, or three days out from either. RemoteFix 24/7 is operated by IT Cares of Canada, founded in 2014 by Samad Mokrini, and we serve 130+ cities worldwide, which matters when your new hire's laptop problem needs solving before the boat leaves the dock, not whenever a local shop can fit you in.
The crew VLAN specifically, not the guest network and never the navigation or operational network. Most yachts run these as separate logical networks off the same hardware; a new hire's devices should be added to the crew whitelist or issued a crew-scoped credential, and it's worth confirming the device actually pulls an IP in the correct subnet rather than just showing as connected.
Common causes include aggressive WiFi power-saving settings that don't roam cleanly between marine mesh access points, captive portal login pages that some devices don't trigger automatically, and VPN clients left over from a previous job that conflict with the boat's own VPN. These usually take a short remote session to diagnose and fix.
The most reliable approach is a shared, encrypted password manager vault scoped to the department, so access can be granted or revoked per person without rotating every password every time someone joins or leaves. Verbal or whiteboard-shared passwords are the most common source of stale access on boats with regular turnover.
Removing the departing crew member from WhatsApp broadcast and safety groups, and revoking their device from the crew network whitelist. Both are easy to forget in the rush of a crew change and can leave a former crew member with visibility into the boat's schedule or the ability to silently reconnect to the network from nearby.
Yes. A technician connects to the new hire's device over a secure remote session and configures email, VPN client, and comms app syncing while they watch. It's a flat $79.99 or $149.99 USD session with No Fix, No Fee, available worldwide regardless of what port or anchorage the boat is in.
No — that stays with your ETO or shore-side IT/management company, since it involves decisions about the vessel's core network architecture. What we handle is the device-level work: getting individual crew laptops and phones properly connected, diagnosing why a specific device won't hold a connection, and remote onboarding/offboarding support for comms and admin tools.