Software procurement decisions have traditionally been weighted towards a software solution’s capabilities matching a predetermined set of functional requirements. Non-functional requirements are often not weighted equally, whereas in fact they should be the most important consideration from an asset (software) lifecycle cost point of view. This causes most organisations to have a multitude of software solutions in silos they need to maintain and support.
Advances in cloud, communication and enterprise mobility technologies allow us to move away from delivering technology-enabled solutions in silos to a platform or shared services model. The financial and performance benefits enabled by subscribing to a shared services model are termed Platform Economics.
Benefits include using the same technology stack (managing communication, data, information, identity, security and transactions) and shared managed services (training, change management, maintenance, user- and technical support) across all countries and programmes.
Mezzanine’s Helium platform will allow clients to host their application and its “modules”, each addressing a specific functional requirement listed in their policy documents on a single technology platform with the associated commercial and operational benefits.
Helium is the glue between the network and communication layer, the application and developer ecosystem, partner services and client specific legacy systems and services. This enterprise architecture allows for a loosely coupled configuration for client and country specific deployments. Our client's products will be consumed using a unique configuration of third party services and solution providers. The Helium Platform is highly configurable to accommodate for this non-functional requirement.
High-level, non-technical overview of Helium
- Helium Infrastructure: Helium can be hosted on physical or virtual machines. We configure and maintain the operating systems and the rest of the Helium technology stack.
- Helium Core Business Services: Each service provides other Helium components with a well-defined API for performing specific tasks. Examples include sending and receiving of SMS messages, sending and receiving payments, identity management (authenticating web and mobile users), storing data and merging databases. These services are loosely coupled to support Helium's service-oriented design.
- Helium Middleware: Several of Helium's core business services are essentially integration services, built to provide app developers with simple, standardized access to third party services. These integration services make use of middleware, also referred to as agents, to integrate with different providers.
- Core RESTful Web Services: Each of Helium's core business services publish RESTful web services for integration into Helium middleware and Helium app engines. These web services can also be used by third party platforms to leverage Helium's integrations into mobile network operator services and providers of mobile money wallets.
- App RESTful Web Services: Helium's app engines generate app specific RESTful web services for every app that is deployed to these engines. These web services are useful for integrating into app/client specific third party/in-house systems.
The client's solution is deployed as a managed combination of the core capabilities listed below:
(1) Mobile Devices – field staff and mobile application users will be equipped with a Helium-enabled mobile device. The device will be registered and assigned to an authorised individual enrolled on the Web Management Portal against one or more defined user roles. All reports submitted from a registered device will automatically be linked to the associated individual. The application will be pre-programmed on the device.
- Centralised registration allows accurate and secure assignment of login and password details to all system users.
- Role-based authentication and authorization system design allows preconfigured rights management and configuration of who has access to which modules and personal records.
- Confirmation codes enable system administrators to confirm that the correct device was delivered to the correct user or service point.
(2) Application - The Application is an easy-to-use and robust android application that has been used for more than seven years in several countries and industries. All application implementations to date confirmed that the application is easy-to-use across programme and geographical barriers. The Helium Mobile Application has been deployed in more than 30,000 rural, peri-urban and urban sites in more than five countries in Southern-, Eastern and Western Africa.
Store-and-forward: To support full functionality of the client's application in areas where there is no network coverage, a message queue is used to keep cached data on the phone. Reports are stored on the handsets and transferred immediately or as soon as network coverage becomes available. The date, time and location of each transaction are uploaded with the report. Should the user not have network access for a couple of days, all reports will be aggregated correctly for reporting purposes. The store-and-forward functionality is a major contributor in making the Helium mobile application our preferred technology. Structured SMS and USSD technology do not support this functionality.
- Intelligent workflows: Administrative and operational decision support functions will support the user on a real-time basis. Workflow automation, scheduling of tasks and triggering of notification services are orchestrated based on a predefined rule sets and algorithms.
- Improved speed and convenience of reporting: The application flow guides the user through the application step by step, which makes data entry quick and effective. Forms can be submitted in an easy and intuitive process.
- Automatic data quality and integrity control: The application will perform data field validation and monitor whether all the compulsory data fields were populated. Out-of-bound data entries will be queried.
- Remote deployment of new/updated client workflow and report templates: As the programme and reporting requirements change over time, the client application can remotely deploy a new program flow to all users at once.
- Location based services: The application can upload the location of a transaction with the transaction report, based on the user specifications. The preferred accuracy of the spatial recording can be pre-programmed to optimise battery usage: The higher the required resolution, the more battery power is consumed to obtain a satisfactory location reading from the GPS satellites.
- Data encryption and SSL communication: A binary protocol with transport layer security (TLS) is used for communication between handsets and the application server. A server-side security service decodes and decrypts the binary protocol, which provides a secure and compliant (SOAP and Java ESB) interface to the handset layer. Handsets authenticate themselves with a Unique User Identity number and password, which is stored on the server side.
(3) Application Server and Hosting Environment - The application server and databases can be hosted on a Global Instance and in a local, in-country instance compliant with country regulations. To honour our suggested 99% availability Service Level Agreement, we recommend the use of a Tier III data facility, such as the one offered by Vodacom in Midrand, South Africa - one of the most technically advanced facilities in Africa. Infrastructure and support services comply with international standards for security, reliability and system maintenance.
Benefits of the recommended Tier III infrastructure:
- A state-of-the-art Internet Hosting Environment: A fully managed and secure service that includes server monitoring, back-up disaster recovery and failover services.
- Bandwidth: The application server is deployed on the Vodacom gigabit network, thus ensuring a reliable end-user experience.
- Fully secure: 24/7/365 security, including biometric physical access control, firewalling and full environment monitoring.
- Skilled and competent support: 24/7/365 Client Services Operations Centre, fully geared with highly skilled engineers.
- Stability and guaranteed uptime: Comprehensive server management and engineering support to ensure maximum availability, including redundant facilities for co-located hosting solutions.
- Managed Virtual Hosting: Virtualization allows for rapid scaling of deployments as more countries are on-boarded.
- Data Security: No data centre staff will have access to the content of the client databases. Only authorised staff members, enrolled by the System Administrator, will have access to the database.
(4) Web-based Management Portal (PC version) – authorised management users can access the web-based management portal from anywhere in the world at any time. The management portal can be accessed via a high-grade encrypted URL connection (AES 256-bit connection encrypted) using any third-party browser. Each page viewed is encrypted before being transmitted over the internet. Encryption ensures that no unauthorized person or entity responsible to facilitate a part of the data path or client journey can access data and information in an interpretable format travelling between mobile devices, computers and servers. A role-based authorization and authentication system is used to secure data, and aggregated reports are available in directly after submission.
- Designed for low bandwidth communication infrastructure.
- Integrated decision support services based on the client's business processes.
- Notification services allowing automated report delivery via web, SMS and e-mail.
- Data Warehouse and reporting tools that support:
- Fixed reporting in accordance with the prescribed report templates
- Agile/flexible ad hoc reporting
- Graphic, spatial and dashboard data representation
- Data drilldowns
- Integration with third-party reporting solutions
(5) System Administration and Web Management Portal – this capability is used by the programme managers for administration purposes. The system administration solution includes modules to manage users on all system levels, including location levels and user roles.
- Allows centralized management of the national program
- Increases embedded device and handset traceability
- Logs all user transactions for audit purposes