Digital Twin as a Service: Architecture Patterns for Predictive Maintenance on Shared Cloud Platforms
Learn repeatable architecture patterns for delivering predictive-maintenance digital twins as a multi-tenant cloud service.
Digital twin platforms are moving from one-off factory pilots to repeatable, multi-tenant cloud offerings. For hosts, MSPs, and platform teams, that shift creates a new opportunity: turn predictive maintenance into a productized service that combines OT/IT integration, streaming ingestion, model retraining, and pricing logic in a way customers can actually buy and deploy. The hard part is not the model itself; it is the architecture around it, especially when you must support legacy equipment, plant-by-plant variance, and strict tenant isolation. If you are already designing managed cloud environments, it helps to think about this like a specialized version of the patterns in managed private cloud operations, but with industrial telemetry, maintenance workflows, and edge constraints layered on top.
This guide translates manufacturing case studies into reusable cloud architecture patterns for DaaS offerings. We will cover how to standardize the asset data model, retrofit edge devices onto older equipment, build streaming ingestion pipelines, retrain models safely, isolate tenants, and structure SaaS pricing models that make recurring digital-twin services commercially viable. Along the way, we will connect predictive maintenance lessons from factories to infrastructure patterns used in digital twins for data centers, because the hosting challenges are surprisingly similar: noisy sensors, heterogeneous assets, and the need to reduce downtime without creating operational sprawl.
Why Digital Twin as a Service Is Different from Traditional Predictive Maintenance
It is a product, not just a project
Most predictive maintenance initiatives begin as a narrow pilot on one high-value asset. That approach is sensible because it validates the sensor path, the failure mode, and the response process before anyone promises ROI at scale. But a DaaS offering must go further: it needs tenancy boundaries, repeatable onboarding, explicit SLAs, and an economics model that survives uneven customer usage. In other words, you are not just building an analytics pipeline; you are building a service that can onboard ten factories with different equipment ages and still produce comparable outputs.
That is why the best industrial programs standardize the data architecture early. In the source case study, Grantek standardized asset data so the same failure mode behaved consistently across plants, mixing native OPC-UA connectivity on newer equipment with edge retrofits for legacy assets. That is the real distinction between a project and a platform: the platform creates equivalence classes for assets, alarms, and maintenance events so the cloud can reason over them at scale. For a broader pattern on turning connected assets into recurring service revenue, see turning any device into a connected asset.
The cloud value is in coordination, not only prediction
Predictive maintenance is often described as anomaly detection, but operational value comes from coordination. If a vibration model predicts bearing failure, the business outcome depends on whether the system can route work orders, reserve inventory, notify schedulers, and update replacement timing in the same loop. That is exactly why connected systems outcompete isolated CMMS-style alerting. Cloud platforms can fuse maintenance, energy, and inventory into one decision stream, which is the same reason modern real-time visibility tools outperform disconnected dashboards.
For hosts and MSPs, this means the architecture should treat maintenance recommendation, work orchestration, and asset state as first-class services. If your customer only gets a score, they still need a technician to interpret it. If they get a score plus a confidence band, an estimated remaining useful life, and an automated work order suggestion, the service starts to resemble a true operational platform. That is the line between “analytics” and “digital twin as a service.”
The payback profile favors repeatable infrastructure
Manufacturing predictive maintenance is attractive because the physics are well understood and the data streams are often already present. Vibration, temperature, current draw, and frequency are classic signals with documented failure patterns, which makes the initial business case easier than many AI use cases. Once one plant proves the pattern, the economics of rollout depend on infrastructure repetition: the same model packages, the same connectors, the same security controls, and the same edge onboarding templates. That is why the architecture should be designed like a multi-tenant SaaS from day one rather than a bespoke plant integration.
Industry teams often underestimate the importance of metrics and lifecycle governance. A good pattern is to instrument the service the way a product team would instrument growth: onboarding time, model drift rate, alert precision, and percentage of assets mapped to a canonical schema. If you need a model governance frame, the ideas in metric design for product and infrastructure teams and operationalising trust in MLOps translate very well to industrial DaaS.
Reference Architecture for Shared-Platform Digital Twins
Layer 1: Asset identity and canonical data model
The foundation is a normalized asset model. Every compressor, motor, pump, conveyor, or molding machine should be represented as a canonical entity with an identity, location, lineage, sensor map, and maintenance history. Without that structure, you end up with plant-specific naming conventions and one-off ETL rules that make cross-site benchmarking impossible. A good DaaS platform should make “same failure mode” mean the same thing regardless of which plant, country, or customer generated the data.
This is where ontology-lite often beats heavyweight semantic projects. Start with a practical taxonomy: asset class, component, telemetry channel, threshold, event, work order, and failure label. Then map customer-specific tags into that model with a translation layer. The workflow is similar to how digital identity systems need a stable core abstraction even when authentication sources vary, as explored in digital identity and creditworthiness. In industrial cloud, the “identity” is the asset; everything downstream depends on that anchor.
Layer 2: Edge acquisition and retrofit gateway
New equipment may speak OPC-UA or MQTT natively, but real deployments always include legacy assets with PLCs, serial links, or even manual logbooks. The practical answer is an edge retrofit layer that can normalize old and new data sources into a unified event stream. In many plants, this is where the first major integration budget is spent, because the sensors are cheap compared to the labor required to expose legacy signals safely. A host that wants to offer DaaS should build a standard edge kit: gateway hardware, connector images, secure device identity, remote update policy, and a test harness for retrofits.
The retrofit layer is also where latency, buffering, and survivability matter most. If the WAN drops, the edge node must continue collecting data, compressing batches, and replaying messages when connectivity returns. That operational pattern resembles the way distributed logistics systems keep cargo moving during disruptions, which is why the resilience thinking in disruption-resilient logistics is useful even for industrial telemetry. In practice, edge retrofits should be treated as a product SKU, not a one-time engineering favor.
Layer 3: Streaming ingestion and event backbone
Once telemetry reaches the cloud, the architecture should prioritize streaming ingestion over batch ETL. Predictive maintenance depends on time order, burst behavior, and short-lived anomalies, so you need a durable event backbone with schema validation, replay, and partitioning by tenant and asset class. Whether you use Kafka, Pulsar, Kinesis, or another bus, the key is that the stream becomes the shared contract between ingestion, feature generation, anomaly scoring, and work orchestration. If you have already designed telemetry pipelines for industrial observability, this will feel familiar; if not, use the same discipline you would apply to storage for autonomous AI workflows: secure the data plane first, then optimize throughput.
A streaming-first design also helps when customers add sensors later. You can replay historical windows to backfill models, compare behavior before and after a retrofit, and maintain an audit trail for model decisions. This makes it much easier to prove why a recommendation was issued, which matters for maintenance teams that need trust before changing operating procedures. For a broader security and integrity lens on ML pipelines, review how adversarial data can corrupt ML systems; the lesson transfers directly to industrial telemetry quality.
Data Standardization: The Hidden Multiplier in Predictive Maintenance
Normalize telemetry before you normalize models
Teams frequently rush to machine learning before they have a clean data contract. That creates model fragility, because every site encodes timestamps, units, and alarm thresholds differently. Standardization should happen at the ingestion and asset modeling layers so that downstream feature pipelines see consistent units, sample intervals, and state labels. When standardized correctly, the model no longer needs to guess whether a temperature reading is Celsius or Fahrenheit, whether a vibration signal is RMS or peak-to-peak, or whether a downtime event refers to the machine, the line, or the entire cell.
This is not just a data engineering preference; it is a scale requirement. If you ever want to compare asset classes across customers, you need standardized semantics. That is the cloud equivalent of building interoperability into healthcare systems, which is why the playbook in interoperability-first integration is relevant. In both cases, value comes from making heterogeneous systems legible to a shared analytics layer.
Build a failure-mode library, not just a sensor library
The strongest predictive maintenance programs do not merely catalog sensors. They catalog failure modes: bearing wear, misalignment, cavitation, seal leakage, thermal overload, and lubricant degradation. Each failure mode should have associated signals, expected progression, confidence scores, and remediation steps. This turns the platform into a knowledge system instead of a black-box anomaly engine, which increases both trust and usability.
A useful implementation pattern is to define templates per asset class. For example, a centrifugal pump template might include suction pressure, discharge pressure, vibration, motor current, and temperature, with known relationships and failure signatures. When a customer onboards a new pump, the platform instantiates that template instead of inventing a fresh model from scratch. That is the same reason product teams standardize workflows and avoid reinventing each pipeline; the repeatability reduces both cost and error.
Instrument data quality as a service metric
Data quality should be visible to the customer, because bad sensors produce bad recommendations and wasted labor. Track missing samples, drift in sensor calibration, out-of-range spikes, and label lag. Then expose those metrics in the portal so plant teams can see whether a model issue is actually a data issue. When the platform makes data quality visible, customers are less likely to blame the model for upstream instrumentation problems.
For hosts and managed-service providers, this is one of the best ways to reduce support burden. If a customer can self-diagnose a failing sensor or a misconfigured tag map, you avoid unnecessary escalations. The same logic applies in managed cloud environments, where visibility into resource consumption and alert quality reduces friction. If you need a strong operational benchmark mindset, the article on cost controls in managed private cloud is a useful companion.
Model Retraining Pipelines That Survive Real Operations
Retraining should be scheduled, triggered, and reviewable
Digital twin models cannot remain static. Equipment ages, loads change, maintenance practices evolve, and sensor replacements alter baselines. A robust DaaS platform should support three retraining paths: scheduled retraining on a cadence, event-driven retraining when drift is detected, and manual retraining when engineers label a new failure pattern. If you only support one path, the service will either retrain too often or not enough.
The safest pattern is to treat retraining as a governed release process. Candidate models should be evaluated against holdout windows, compared to the current production model, and promoted only if precision, recall, false-positive cost, and alert lead time improve or remain within tolerance. That is the same mentality used in model iteration tracking: every iteration should be measurable, comparable, and reversible.
Separate feature generation from model serving
Feature pipelines should be reproducible and versioned independently from serving endpoints. In practical terms, that means the system can rebuild training sets from raw telemetry, maintenance labels, and contextual metadata without depending on a live inference service. This separation prevents a common failure mode where a model starts producing inconsistent outputs because its feature transform changed silently. It also makes audits easier when operations teams ask why a maintenance recommendation changed after a deployment.
For a shared cloud platform, feature stores and model registries should be tenant-aware. Some features may be global, such as asset class priors, while others remain tenant-specific, such as local ambient conditions or maintenance policy. This split lets you benefit from cross-tenant learning without leaking sensitive operational information. It is one of the best reasons to design the platform as a layered service instead of a monolithic dashboard.
Use human-in-the-loop feedback to improve labels
In manufacturing, labels are often sparse, delayed, or incomplete. A maintenance technician may replace a part without documenting root cause clearly, or a failure may be prevented so early that the event never becomes a clean label. Human-in-the-loop workflows can close that gap by capturing technician confirmations, photo evidence, notes, and work-order outcomes. Over time, these signals improve the quality of the failure-mode library and reduce false positives.
Good feedback design matters because industrial users are busy. The interface should ask for the minimum meaningful response: confirmed issue, false alarm, action taken, or unknown. Anything more detailed can be optional, but the platform should make it easy to enrich labels when the technician has time. This is similar in spirit to workflow simplification strategies used in other complex systems, such as the structured approach described in plain-language review rules for developers.
Tenant Isolation and Security for Multi-Customer DaaS
Isolation must exist at data, model, and operational layers
Multi-tenant isolation is not solved by a login page. For digital twin services, isolation must exist in storage partitions, IAM, encryption boundaries, stream topics, model registries, and support workflows. If a shared ingestion layer handles all customers, each tenant’s messages must still be cryptographically and logically separated. If a shared model serves multiple customers, the service must guarantee that tenant A cannot infer tenant B’s operating conditions or maintenance patterns.
This is where many industrial platforms fail commercially, because security teams correctly worry about lateral movement and data leakage. A sound design pattern is to use per-tenant namespaces with shared control planes and isolated data planes where necessary. The more sensitive the telemetry, the more likely you should segregate compute or key material. For a deeper cloud-security analog, the guidance in secure and scalable access patterns for cloud services maps well to these concerns.
Edge devices are part of the threat model
Edge retrofits expand the attack surface. Every gateway, sensor bridge, and remote maintenance channel becomes a potential entry point, which means the platform needs secure boot, signed updates, device identity, certificate rotation, and least-privilege access. It should also support graceful quarantine: if a device behaves anomalously, isolate that node without taking down the rest of the plant. That is particularly important when remote technicians need access during outages or plant shutdown windows.
Industrial teams often underinvest in this layer because the retrofit is framed as an integration project instead of an ongoing operational subsystem. That is a mistake. The edge is now part of the service, so its lifecycle needs patching, observability, and incident response. If you are evaluating security and runtime risk for higher-stakes environments, the logic in tokenization versus encryption is a useful reminder that the right protection mechanism depends on where the data moves and who must access it.
Design for auditability and customer trust
Industrial buyers want proof, not just claims. They want to know who accessed their data, when a model changed, what version produced a recommendation, and whether the pipeline retained raw evidence for review. The best DaaS platforms therefore log lineage from sensor to feature to prediction to ticket. That traceability becomes part of the sales story, especially for regulated industries and customers with strict vendor risk requirements.
From a commercial standpoint, auditability can be a differentiator. Many buyers will pay more for a platform that can support compliance, root-cause analysis, and controlled sharing across plants. If your architecture supports exportable logs, versioned model cards, and reversible deployment history, you are selling a safer operating model, not just telemetry. That credibility is part of why DaaS can command better margins than generic monitoring software.
Pricing Models for Digital Twin Offerings
Price by asset, site, or outcome — but know the trade-offs
Pricing is where many otherwise strong platforms struggle. Asset-based pricing is intuitive and works well when customers have a stable number of monitored machines. Site-based pricing is easier to forecast for the provider but may feel unfair if one plant has far more telemetry and model activity than another. Outcome-based pricing is attractive in theory because it aligns incentives, but it is hard to measure cleanly and can create disputes if maintenance practices vary.
In practice, the best offer often combines a platform fee plus usage or asset tiers. For example, you might charge a base subscription for tenant access, then add per-asset monitoring bands, premium connectors for legacy retrofits, and separate fees for advanced model retraining or API access. That structure resembles the pricing logic in fee optimization and trade-offs, where the winning model balances simplicity, transparency, and margin.
Make edge retrofits and compute explicit line items
Customers usually understand why a pure cloud subscription is cheaper than a large SCADA modernization program, but they may not understand why retrofitting old equipment costs extra. Make the value obvious by separating the edge kit, installation labor, device management, and connectivity cost. This prevents margin erosion and reduces surprises when the first legacy site requires more work than the pilot plant. In a shared-platform model, pricing should reflect not only software consumption but also the reality of industrial integration.
A useful commercial tactic is to package three tiers: observe, predict, and optimize. Observe covers telemetry ingestion and dashboards. Predict adds anomaly detection and remaining-useful-life modeling. Optimize includes retraining pipelines, work-order integration, and advanced reporting. That packaging makes the service easier to buy and easier to expand once the customer sees value, much like buying decisions in tiered hosting plans become more rational when the feature ladder is clear.
Use ROI narratives grounded in downtime economics
The most persuasive sales story is not “we use AI”; it is “we reduce unplanned downtime, unnecessary PMs, and emergency parts runs.” A manufacturing buyer wants to know how much one avoided failure is worth in lost production, overtime labor, scrap, and delayed delivery penalties. If you can tie pricing to a fraction of the estimated saved downtime, the offer becomes easier to defend internally. This is where digital twin offerings benefit from the same data-driven persuasion used in data-backed funding narratives and other ROI-centric commercial playbooks.
Pro tip: Package ROI around avoided downtime and technician time reclaimed, not around “AI accuracy.” Buyers purchase operational reliability, not model benchmarks.
Implementation Playbook: From Pilot to Shared Platform
Start with one critical asset class and one plant
The source material is clear: successful programs start small. Choose one high-impact asset class, one site, and one failure mode that already has a visible pain point. The goal is to validate the full loop from sensor to alarm to intervention, not to build a grand platform on day one. A narrow pilot also helps the team learn how the plant really operates, which is often very different from the documented process.
Once the pilot is stable, document the onboarding path as a playbook. Capture the data mapping steps, edge hardware requirements, alert thresholds, model retraining steps, and escalation paths. Then repeat the process on a second site with different equipment to test the standardization layer. This is the same “thin-slice” philosophy that reduces risk in large integrations, as shown in thin-slice prototype integration.
Automate onboarding, not just deployment
Hosts often overfocus on infrastructure deployment and underfocus on data onboarding. For DaaS, customer success depends on mapping assets, validating telemetry, and establishing labels. Build templates that provision tenant namespaces, device identities, stream topics, dashboards, and model registries automatically. Then pair that automation with an onboarding checklist that validates sensor coverage, sampling rate, and data quality before the service is marked live.
Automation should also extend to environment controls and cost governance. Predictive maintenance services can become expensive when raw telemetry is retained indefinitely or model retraining runs too often. This is where patterns from stress-testing cloud systems for commodity shocks are valuable: design for usage volatility, not idealized average load.
Build the customer operations loop
The strongest platforms do not stop at alerting. They connect alerts to work orders, parts inventory, technician feedback, and post-maintenance validation. Over time, this creates a loop where the twin becomes more accurate because it learns from operational outcomes. The customer benefits because maintenance becomes more scheduled, more targeted, and less reactive.
That loop is also where you can differentiate on service quality. Offer dashboards for maintenance managers, APIs for OT engineers, and audit exports for security or compliance teams. Give each persona the slice of the platform they need without forcing everyone into the same UI. This helps avoid the common trap of building a technically elegant platform that is commercially awkward to use.
Comparison Table: Digital Twin Deployment Models
Use the table below to choose the most suitable deployment strategy for your customer segment, operating constraints, and pricing posture.
| Model | Best For | Pros | Cons | Pricing Fit |
|---|---|---|---|---|
| Single-site pilot | First-time adopters | Fast validation, low risk, easier stakeholder alignment | Limited scale, weak cross-site benchmarking | Fixed project fee |
| Multi-site managed DaaS | Enterprise manufacturers | Reusable templates, better telemetry normalization, stronger ROI | Harder tenant isolation, more governance overhead | Subscription plus asset tiers |
| Edge-heavy hybrid deployment | Legacy plants | Works with old machines, resilient when connectivity is poor | More device management, higher deployment complexity | Platform fee plus retrofit charges |
| Outcome-based service | Customers with mature data quality | Strong incentive alignment, easy executive buy-in | Measurement disputes, variable margins | Shared-savings or KPI-linked pricing |
| OEM-backed twin platform | Equipment manufacturers | Deep asset knowledge, native model templates, strong trust | Potential lock-in, slower cross-vendor interoperability | Bundled with equipment or support |
Common Failure Modes and How to Avoid Them
Failure mode: model accuracy without operational adoption
A highly accurate model can still fail if technicians do not trust or use it. This usually happens when alerts are too noisy, explanations are weak, or recommendations arrive too late to be useful. The remedy is to tune for lead time, precision, and actionability rather than raw AUC. The maintenance team has to see the alert as worth responding to, otherwise the service becomes shelfware.
Failure mode: too much plant-specific customization
If each tenant gets a unique data model, connector stack, and retraining workflow, you do not have a platform — you have a consulting practice. Customization should happen at the configuration layer, not in the core codebase. The architecture should encourage reusable templates with limited overrides, especially for canonical asset classes and common failure modes. That is how you preserve margins while still accommodating plant diversity.
Failure mode: weak governance on telemetry and labels
Industrial AI systems are only as good as their evidence chain. If labels are incomplete and lineage is unclear, no one can tell whether a model improved because of better data or because of accidental leakage. Establish governance early: version data contracts, track label provenance, and require approvals for production model promotion. This is the same principle behind governed MLOps pipelines, just applied to industrial operations.
FAQ
What is the best first use case for a digital twin as a service platform?
The best first use case is a high-value, high-failure-cost asset with readily available telemetry and a clear maintenance pain point. Pumps, motors, compressors, and molding equipment often fit this profile because vibration, temperature, and current draw can reveal degradation early. Start with one asset class and one plant so you can refine the ingestion, labeling, and alerting loop before scaling. That approach lowers risk and makes the commercial value easier to prove.
How do you handle legacy equipment that cannot speak modern protocols?
Use edge retrofits: gateway devices, protocol converters, and local buffering layers that normalize legacy signals into your canonical event stream. The important part is not the hardware brand but the repeatability of the onboarding pattern. Your edge kit should include secure identity, a tested connector image, and offline buffering. In practice, the retrofit layer should be treated as a managed product, not an ad hoc integration task.
What is the safest way to support multi-tenant customers?
Isolate tenants at the data, compute, model, and access layers. At minimum, use separate namespaces, per-tenant encryption boundaries, and strict IAM. For higher-risk customers, isolate ingestion, storage, and inference more aggressively and keep audit logs immutable. The more customer-sensitive the telemetry, the more conservative you should be about shared infrastructure.
How often should predictive maintenance models be retrained?
There is no universal cadence, but the best answer is usually a mix of scheduled and event-driven retraining. Schedule retraining based on the normal rate of equipment change and trigger it when drift, sensor changes, or new maintenance outcomes indicate model degradation. The key is to make retraining governed and reversible, so you can compare new and old models side by side before promotion. That keeps the service stable while still adapting to real-world change.
Which pricing model works best for digital twin offerings?
Most providers do best with a hybrid model: base platform subscription plus asset or site tiers, with add-ons for edge retrofits, advanced analytics, or premium support. Outcome-based pricing can work, but only when the customer’s measurement quality and operational discipline are strong enough to avoid disputes. The simplest pricing is often the easiest to sell, while the more sophisticated pricing may preserve margin better for complex deployments. Choose the structure that matches your onboarding and support costs.
What metrics matter most after launch?
Focus on onboarding time, telemetry completeness, alert precision, false-positive rate, model drift, mean time to detect, mean time to respond, and avoided downtime. If you also track technician acceptance and the number of alerts that lead to completed work orders, you’ll get a much better picture of service usefulness. For the platform operator, these metrics show whether the digital twin is creating operational change or just generating dashboards.
Conclusion: The Repeatable Pattern Behind a Commercial Digital Twin Service
Digital twin as a service works when the architecture makes industrial complexity repeatable. The winning pattern is not “build a better model”; it is “build a better system” with canonical data models, edge retrofit kits, streaming ingestion, governed retraining, and tenant-aware security. When these pieces fit together, predictive maintenance becomes something a host can package, price, and support as a real cloud product. That is how manufacturing lessons turn into a defensible platform business.
If you are designing your own offering, start with the operational basics: asset identity, telemetry quality, and customer workflow integration. Then layer in retraining governance, multi-tenant controls, and pricing that reflects deployment complexity. For additional background on related infrastructure and operational patterns, explore digital twins for hosted infrastructure, governed MLOps, storage for autonomous AI workflows, and managed private cloud cost controls. Build it like a platform, price it like a service, and operate it like critical infrastructure.
Related Reading
- Where Quantum Computing Will Pay Off First: Simulation, Optimization, or Security? - Useful for understanding where advanced compute belongs in operational workloads.
- How Ad Fraud Corrupts Your ML: A Security Team’s Playbook to Protect Model Integrity - Great companion for model trust, poisoning risk, and data integrity.
- Digital Twins for Data Centers and Hosted Infrastructure: Predictive Maintenance Patterns That Reduce Downtime - See how the same twin concepts apply to cloud hardware.
- Operationalising Trust: Connecting MLOps Pipelines to Governance Workflows - A practical guide to production-grade model governance.
- Quantum Readiness Without the Hype: A Practical Roadmap for IT Teams - Helpful for planning long-horizon infrastructure bets without overcommitting.
Related Topics
Ethan Mercer
Senior Cloud Architecture Editor
Senior editor and content strategist. Writing about technology, design, and the future of digital media. Follow along for deep dives into the industry's moving parts.
Up Next
More stories handpicked for you
Hiring Playbook for Hosting Companies: Evaluating Cloud Specialists Beyond Certifications
Stop Being a Generalist: A Practical Career Blueprint from IT Generalist to Cloud Cost‑Optimization Engineer
When a Single‑Customer Model Fails: How Hosting Providers Should Design Contracts and Architecture for Client Resilience
Cloud Platforms for AgTech: Managing Commodity Volatility with Predictive Analytics
Edge Analytics for Web Hosts: How to Integrate IoT and Edge Compute for Real‑Time Insights
From Our Network
Trending stories across our publication group
From Farm Gate to ML Model: Architecting Secure Data Flows for Agricultural Analytics
Hosting and Processing Low-Latency Market Data Feeds: Infrastructure Patterns for Trading Apps
The Real Cost of Healthcare Storage in 2026: Hardware, Egress, Compliance, and Support
Designing cloud-focused interview tasks that test business empathy, not just Terraform
An Economic Scenario Playbook for Cloud Contracts: Negotiating with Scenario-Based SLAs
