The platform is the foundation of the Secure Service Hub (SSH). It addresses a number of cross-cutting concerns, like managing Tenants, Permissions and Users. Applications, like the Service Case Management and the Performance Analyzer, build their functionality on top of the platform. Functionalities can be an integrated part of the plaform or provided as external applications. I.e. The Service Case Management is an integrated platform feature and the Performance Analyser is an external application.

A Tenant represents a single company on the SSH platform.

A tenant may or may not contain several organisations that are in hierarchical relationship with each other (see Organisations, Scope). All Users belong to exactly one tenant. Tenants can be linked with other Tenants.

Tenant Role
A Tenant Role further describes a Tenant and marks the tenant as either an "Operator-" or "Service Provider-"Tenant.

As of now, these are the only two Tenant Roles available. By selecting a Tenant Role for a Tenant, the set of available Features for the Tenant is determined. The difference between these roles lies only in the way they relate to machines: Operator-tenant operate machines and may require assistance by Service Providers. A Service Provider is able to offer service for machines. In many cases, a Service Provider will also be a Machine Manufacturer - but this is not a requirement or in any automatically the case. Because the business needs of Operators and Service Providers are quite different, each Tenant Role is supplied with a set of different Features.

For each Tenant Role, a different set of functionality is made available.

Operator-Tenants will i.e. require functionality to create Service Cases with their Service Provider, while a Service Provider-Tenant requires functionality that enables its users to pick up Service Cases and maybe onboard additional customers.

Linked Tenant
If an operator runs machines from a machine manufacturer, who is also using the SSH platform, the tenants of those companies can be linked.

The SSH platform brings together Operators and Service Providers, to enable easy and efficient service business. By linking the Tenants, additional functionality becomes available (such as i.e. data sharing and easier collaboration).

In the SSH the tenant of each company can comprise a number organisations, that can be model the company's internal structure.

Organisations can contain Machines and additional organizations, so that a hierarchical structure can be created. However, in many cases Organization might only be used to separate Machines into i.e. different plants, departments or branches. Organisations can be used as Scopes for Permissions.

Service Provider have customers, to which they offer service business.

Every Operator that is in a business relationship with a Service Provider, is considered the Customer of that Service Provider. A Customer is the Service Provider's view on an Operator Tenant, it contains address information and information about the Customer's organisation. Customers can also be linked with Tenants, if the Customer i.e. wants to engage in Data Sharing with a Service Provider.

Machines are an integral part of the SSH platform, as they represent the real world machinery that is operated in facilities around the globe.

Machines are operated by an Operator-Tenant and can receive service from a Service Provider-Tenant. Machines are uniquely identified by their serial number. Other relevant information of a certain type of Machine is collected in the Machine's Machine Model.

Machine Model
Machine Models can be considered templates that comprise all the relevant attributes for a certain type of machine.

As no machine is quite like another, different types of machines have different attributes. Machine Models are created by the Machine Manufacturer. Every machine has exactly one Machine Model.

From a Customer's point of view, Machines (or parts of machines) are subsumed under the term Asset.

Customer Machine
Whenever a Machine from an Operator is added to the platform and a Service Provider for that machine is set, additional information for that Customer's Machine are recorded (especially whether or not a machine is covered by a warranty and, potentially, for what amount of time that warranty is valid) under the term Customer Machine.

A User is the representation of a person using the SSH.

Users are part of a Tenant and can be assigned User Roles. Users are required to provide a valid email address in order to be able to log in into SSH.

User Role
A User Role is a collection of Permissions to fit a certain archetypical role (like "Shopfloor Manager", "Machine Operator" or "Administrator").

Built-in-User Role
Every tenant comes with a bunch of built-in roles based on the tenant that can be assigned to the users of ths tenant.
The built-in role is available for all tenants and allows to administrate the tenant. The first user of the tenant is always automatically a tenant admin.

Each User can be assigned one or more User Roles.

User Group
not implemented yet. to come with future updates

Permissions are used to control which funtionality is available to Users. Permissions define what actions a User is permitted to take within the SSH platform.

Depending on the Permissions assigned to Users, or Permissions assigned to User Roles (which in turn are assigned to users), define the functionality that a User is able to access. However, this control of access is usually not enough to efficiently manage larger organisation. Scopes can be used to further limit the access of users, based on Organisations.

In addition to Permissions, Scopes are used to define which objects a user is allowed to see and/or interact with.

So while, say, User A and User B are both assigned the role "Shofloor Manager", User A is responsible solely for plant 1 while User B is responsible for plant 2 only. User A though, has no business in changing anything in plant 2, while the same goes for User B and plant 1. Permissions alone are not enough to model this kind of restriction. When introducing scope though, it suddenly becomes possible to define that User A is "Shopfloor Manager" for plant 1 only and User B is "Shopfloor Manager" for plant 2.

Edge Device
An Edge Device is a small computer which is connected to a Machine.

In some cases Edge Devices might actually be built into machines, so that they are inseparable from the machine itself. In other cases, an Edge Device might be connected to more than machine. An Edge Device offers limited computational capability and network connection and is in many ways a kind of "gateway" to the connected machines. A big upside of Edge Devices is that they can run applications directly on the shopfloor. For instance, Edge Devices are able to run diagnostic programs that monitor the machine without having to send a large amount of data over a (potentially) high latency and low bandwith internet connection. Edge Devices also offer the possibility of delivering additional applications to exisitng machines at a later point in time in order to enhance the machine's capabilities.

(Machine) Operator
A Machine Operator is a Tenant Role.

Machine Operators operate Machines and may require service for those Machines from a Service Provider.

Service Provider
A Service Provider is a Tenant Role.

Service Providers are able to provide service for Machines. Service Providers may be Machine Manufacturers, however, it is not impossible to imagine a company that offers service business for machines without being the Machine Manufacturer.

#Service Case Management
The Service Case Management is the key functionality of the Secure Service Hub (SSH). It brings together Machine Operators and Service Providers and enables them to optimize and troubleshoot machines in an effective and most efficient way, removing the need of physical on-site presence for servicing as much as possible.

Service Case
An Operator may open a Service Case with a Service Provider in order to request assistance, or, more broadly speaking, get in touch with a service representative from the Service Provider.

Conference Call
While working on a Service Case it might be necessary to establish a real-time conference call with voice and or video data to i.e. collaborate on finding and fixing a certain issue on a machine. If and when a Service Case is filed, it becomes possible for either side (Operator or Service Provider) to initiate a Conference Call. In addition to a real-time Conference Call, service representatives can also make use of a text based Chat and Whiteboard functionality.

When working on a Service Case it might be necessary to use a text based Chat to interact with a service representative or machine operator in an asynchronous way (much like using WhatsApp). This functionality becomes available if and when a Service Case has been filed. The Chat history can be accessed through the Service Case.

When collaboratively working on a Service Case it might be helpful to share images or drawings, this can be done using the Whiteboard functionality. All Whiteboard content is stored alongside the Service Case.

Remote Access
In order to help solve problems with Machines, it might be necessary for a Service Provider to access the Machine directly in a secure way. The Operator can enable Remote Access for a Machine, so that a representative from the Service Provider can connect to the Machine directly i.e. using a Tunnel connection.

In most cases, Operators and Service Providers will be spread around the globe with no means of directly accessing each other IT infrastructure. To still enable Service Providers to help Operators solve issues with their machines, the SSH platform can create a secure tunnel connection from the Operator's Machine to the Service Provider, if the Operator has enabled Remote Access within a filed Service Case.

#Performance Analyzer
The Performance Analyzer builds on top of the SSH platform to offer additional analytical service to Machine Operators. The Application collects, processes and visualizes data gathered from connected machines, to allow insights into the machine performance.


RAW data API