The Med Fleet project uses a fleet of drones to deliver medical kits to users that request assistance. The requests originate from a mobile application that uses GPS to identify the current location of the user that needs help. The incoming requests are then prioritized, scheduled, and assigned to one of the drones in the fleet. The drone is then dispatched to deliver the medical kit to the GPS coordinates. Example applications include:
The technical considerations for the project were substantial and the architectural decisions were left entirely up to the team members (more on this later). Another domain that warranted serious consideration were the safety concerns associated to this project. Not only are users relying on the application for time sensitive medical support, flying drones opens up many safety concerns to anything in the area (personal injury, property damage, etc). The challenge lied in finding a balance of resources to build out the technology while emphasizing safety in all layers of the application.
It's worth noting that our implementation of this application uses inexpensive quadcopters that are capable of flying for about 20 minutes (our drones also don't support carrying a payload). Our implementation was primarily to simulate how more robust drones would be programed, organized, and dispatched.
This project was unique as it was the student’s responsibility to both set the project requirements as well as implement the application (whereas requirements are typically set by the end users or product owners and not the developers). This type of scenario demanded that the Med-Fleet team be both ambitious yet realistic. One major advantage we had was our agile development methodology, which allowed us to reprioritize our focus from sprint to sprint. Rather than trying to lay out all our requirements upfront and handcuff ourselves to a static project plan; we were able to shift our requirements as we saw fit. A more thorough break down of our user stories is provided in a later section but the below table summarizes the major project requirements across each sprint:
Sprint | Requirements |
---|---|
Proof of Concept (Sprint 1) | The major requirement we had for Sprint 1 was to get all systems talking to each other and passing JSON data across each module. Our primary objective was to submit a request using the mobile app and have the drone successfully execute a round trip to the user. |
Sprint 2 | In Sprint 2 we built out our mobile app to allow users to be able to select where to send the drone. Additionally, we implemented functionality to allow the drones to make multiple user drops on a single trip. |
Sprint 3 | The main goals of Sprint 3 were to support the concurrent dispatching of multiple drones to fulfill multiple tickets. |
The Med-Fleet team undertook this project with the understanding that the Med-Fleet system would need to meet the stringent requirements of a Safety-Critical system. One of the main goals of all three of our sprints was to ensure great emphasis was placed on not only the thorough analyzation of all potential risks, but also taking the proper precautions to mitigate such risks. Unfortunately due to lack of resources and time, many of these policies were unfortunately only theoretical in nature, however that does not take away their overall importance and effect they had on the design of the Med-Fleet system. Nonetheless, the Med-Fleet team was able to put their best effort towards incorporating as many tangible safety features as proved feasible.
The Med-Fleet system is considered a Safety-Critical system for the potential consequences that a failure of the system could cause, with a worse-case scenario being fatal. In addition to the grave consequences any number of errors could cause, Med-Fleet also operates within two highly regulated fields, the aerospace and medical industries. With strict oversight from agencies such as the Federal Aviation Administration (FAA) and Centers for Medicare and Medicaid (CMM) whom enforces the Health Insurance Portability and Accountability Act (HIPAA), the Med-Fleet system is burdened with even further liability.
To address these important issues, at the beginning of the project, the team created a Failure Mode Effects and Criticality Analysis (FMECA). In this document, the team addressed many of the possible issues that the system could experience. These issues were then further dissected to better understand the effects the system might experience and the likely causes behind these problems. With this comprehensive review of the conceivable flaws in the Med-Fleet system, the team was better able to grasp the necessary steps to rid, if possible, or otherwise relieve any potential negative impact. The Med-Fleet team prepared for a wide scope of possible system failures. From the seemingly ridiculous, like an eagle attack on a drone, to the more realistic, such as a server crashing, the team’s goal had been to create a system prepared to handle all negative scenarios. Through such analysis the Med-Fleet team was able to incorporate rigid safety features into the design of all aspects of the system. This approach affords the Med-Fleet system an easier path to appeasing FAA and CMM requirements when scaling up to a full production environment in the future.
As the team moved forward and began to integrate such safety precautions into the Med-Fleet system, the major problems were partitioned into three separate categories so that each issue could be approached in a more efficient manner. The three categories were hardware, software, and regulatory issues.
To attack hardware related issues, the Med-Fleet team employed numerous techniques. A lightweight-monitoring platform watching over several aspects of our system was set up through a Jenkins server. Our Med-Fleet monitor was created to watch over drones in real-time as they are deployed on missions. This could be used to manually override any major issues in the future, much like radar for an air-traffic controller. In addition to monitoring, physical inspection of drones were conducted before all flights. For the phone app many different android devices were used to check for any OS compatibility issues. In addition to these proactive steps, the Med-Fleet team also set up two field tests to inspect the system as a whole. The overall goal, although unachievable due to lack of time and resources, would be to ensure that the Med-Fleet system is not only highly available, but also in the case of down time, to have a full failover system set up. As the team found out when the main server became inaccessible during one of the sprints, the entire Med-Fleet codebase is already very portable, allowing for easier migration if a failover was in place. In addition to these necessities, it would be vital to set up extensive monitoring of services, memory, and performance of all servers that are a part of the Med-Fleet system.
Software issues were initially addressed by the developers, whom put their respective code through numerous tests. Upon release to GitHub, black-box testing was able to be done by other members of the team. The Jenkins server used for monitoring also served as an automated testing platform for several aspects of the med-Fleet system. However the most critical resource the MedFleet team was able to use for software testing was a drone simulation program called Software in the Loop (SITL). By syncing up the Med-Fleet system to SITL, the team was able to continuously test changes to code in a near realistic environment. The Med-Fleet team looked at the simulations completed in SITL as confidence that code was behaving as expected. Leveraging the success of these analyses allowed the team to conduct the field tests mentioned above. This site’s testing section gives a general overview of other techniques also used to ensure proper functionality of the Med-Fleet system.
The Med-Fleet team was probably the least successful in implementing solutions to Regulatory issues as they are rather extensive and complicated to understand without legal aid. Rather than neglecting these completely, the Med-Fleet team placed a large emphasis on the importance of safety throughout development. While maintaining an agile environment during our sprints, it was noted that to best implement safety features, a more structural waterfall like process should be in place to gather such requirements. Through this hybrid approach to the design of a Safety-Critical system, it was easier to ensure certain safety requirements were taken into account by developers before creating code. Some of the self-imposed restrictions the Med-Fleet team planned development around, were all drones needed to be assigned different flying altitudes, separate base stations, and specific flying zones to ensure that even in error the chances of a drone crash would be further limited. Self-imposed regulations such as these not only helped to create a safer system, but also shortened development time, as safety features did not have to be hacked in to an existing codebase, possibly creating even further trouble in the process. Through the employment of such a proactive attitude in preventing software and hardware issues at the beginning of development, the Med-Fleet team theorizes that many of the potential regulatory issues, which would affect a more mature Med-Fleet system, can be largely mitigated.
The Med Fleet system is composed of six separate modules that all communicate with each other using JSON. Each one of these sections is described below:
The Med-Fleet process starts when a user requests assistance using the Android mobile application. The user is required to specify the severity of their emergency as well as their current location. When the user presses ‘submit’ the mobile app sends a JSON Post request to the ticketing system (the post request contains the users GPS coordinates as well as the severity of their emergency). The application was built using Android Studio and SDK Version 23 (Marshmallow).
The ticketing system was developed using the MongoDB, Express, Angular, and Node.js (MEAN) stack. It listens for requests on an open port and when it receives one, it parses the JSON and logs the data as a ticket into a MongoDB. The system currently sits on an instance of Microsoft Server 2012 residing in Azure.
Mission Control’s primary purpose is to plan missions, schedule drones, and to communicate with Ground Control. Its process starts by accepting connection requests from one or more Ground Control instances (the Java application uses multiple threads and gives each Ground Control instance its own thread).
When Mission Control detects a new ticket, it decides which Ground Control instance should receive the ticket, makes sure the GPS coordinates are within the safety adherence zone, creates a route for the drone, and communicates the route to the Ground Control system.
Once Mission Control has passed all of this information to the Ground Station, it then listens for Ground Control to pass back data about the drones mission; Mission Control is responsible for taking this data and injecting it into the MongoDB.
Ground Control is a python based application whose primary responsibility is communicating with and scheduling the drones. The application interfaces with the drones via the DRONE KIT API (http://dronekit.io/)
The Ground Control system starts by opening up a socket with Mission Control and listening for new missions. When a new mission comes in, Ground Control dispatches the drone to the GPS coordinates provided by Mission Control. Ground Control receives real time flight data from the drone; including, latitude, longitude, altitude, speed, etc. This information is received and passed back to Mission Control for entry into the database.
The Med-fleet Monitor is a web application built using Angular 2. It allows users to view the current status of Tickets and Drones via the google maps API and tables. This data is constantly updating giving users a near real time view of unfolding events.
The below image provides a high level representation of how a request enters the system and leads to a drone being dispatched.
The Med-Fleet system was subject to rigorous testing throughout each sprint. Due to the designation of it being a Safety-Critical system, the entire team understood the importance of such practice. With this thorough focus the Med-Fleet team was able to confidently work up to real-life simulations of the system in the deployment of two quarterly field tests. The Med-Fleet system is still not ready for production, as Safety-Critical systems, need to prove themselves nearly flawless. However all of the progress made towards a goal of moving to a beta-testing environment, can be widely attributed to the extensive testing already in place. The table below helps to give a brief overview of the many different types of testing used by the Med-Fleet team.
Testing Type | Schedule | Remarks |
---|---|---|
|
Ad Hoc |
|
|
Weekly |
|
Field Test
|
Quarterly |
|
Jenkins Server:
|
GitHub Polling, Specified Intervals |
|
Each user story is related to one or more of the following use cases:
The first sprint was the proof of concept sprint. In this sprint, we created the basic version of the phone app to send the severity and GPS location of the phone to the ticketing system. A basic framework of mission control was developed to handle one drone with one mission. The goal of our first sprint was to complete a single mission.
The second sprint was to build on top of the proof of concept. In this sprint, we were able to update the phone app to integrate Google maps with a drop pin interface to give user provided GPS coordinates. Mission control and Ground Control were scaled to accommodate multiple missions for a single drone on a single trip.
The third sprint was dedicated to scaling out to multiple drones working on multiple missions. We updated the phone app to confirm the GPS coordinates before sending a request. We included additional calculations to integrate distance and speed for mission control to generate the flight path for multiple drones.
For a complete breakdown of our user stories by Sprint, please see Appendix A.
The below table was exported from our Project Management software (Jira) and represents how each user story is tied back to a use case.
User Stories | UC#01 | UC#02 | UC#03 | UC#04 | UC#05 |
---|---|---|---|---|---|
Mission Control needs to establish communication with GroundControl System | x | ||||
Mission Control shall sort unassigned ticket queue | x | ||||
Ground Station Shall Connect to Drones | x | ||||
Ground Station Shall Send drone on mission | x | ||||
When there are unassigned tickets, Mission Control shall place them in unassigned request queue. | x | ||||
While any component is operational it shall send a signal to the system to confirm it is online | x | ||||
While any drone/sites/base stations are active the gui shall display all relevant data | x | x | |||
While drones are flying Ground Control shall send data to Mission Control. | x | ||||
While the Ground Control is connected to drones, the Ground Control shall receive data from Mission Control. | x | ||||
While the Ground Control is connected to drones, the Ground Control shall send data and commands to drones. | x | x | x | ||
While the System is running data stall be persistent | x | x |
User Stories | UC#01 | UC#02 | UC#03 | UC#04 | UC#05 |
---|---|---|---|---|---|
Ground Station shall assign multiple drop locations to a drone | x | ||||
Ground Station shall command drones using Guided Mode | x | x | x | ||
The application shall have an embedded Google Map that shows the users current location. | x | x | |||
The embedded Google Map shall allow the user to change where the drone request originates from (using "pin drop" functionality). | x | x | |||
The Mission Control shall calculate distance and time for each mission given GPS coordinates and drone speed. | x | x | x | ||
The Mission Control System shall create a flight zone | x | ||||
The Mission Control System shall find the nearest destination next to the current target. | x | ||||
The Mission Control system shall fix the concurrency issues | x | ||||
The Mission Control System shall process multiple tickets | x | ||||
The System shall pass updated pin coordinates to the ticketing system via JSON post request | x | x | x | ||
While The system is running the website must update in real time |
User Stories | UC#01 | UC#02 | UC#03 | UC#04 | UC#05 |
---|---|---|---|---|---|
GroundControl shall receive confirmation from Drone upon MissionCompletion | x | ||||
GroundControl shall send missions to Drones | x | ||||
Medfleet monitor shall show all relevant Drone and Mission information | x | x | x | ||
PhoneApp shall add confirmation pop-up | x | ||||
The Database shall hold all global variables. | x | ||||
The Mission Control System shall process multiple tickets for multiple drones | x |
Below is a link to our GitHub Repository which contains Read Me's and source code for each module:
Med Fleet Git Hub Repository