We were able to take a look at two mission critical systems at the DLR (German Aerospace Center) open day yesterday, and noted some significant differences between these and “normal” desktop or web apps.

Tsunami warning system

This system was a €50mio+ prezzie from the German state to Indonesia following the 2004 Tsunami. It is an early warning system which compiles data from a number of sources (GPS, satellite, seismographs, buoys in various ports etc) and informs the operator whether a Tsunami is likely or not.

(Note to self: next time bring a proper camera)

The user interface consists of four screens, all with fairly typical desktop app user interfaces (think Outlook, but with more panels). Each screen has a function assigned, ranging from observation to action and includes maps, figures and so on.

The action screen is the only one to introduce a more web-app-like pattern, namely big buttons. This is the screen which will allows the user to alert the population, so (thank god) it is used nowhere near as often as the rest of the screens. It is also operated under pressure, so it makes sense that this would present the kind of simplifications and guidance seen in web apps to make them easier to learn and operate occasionally.

When triggered, the system then exposes another interaction: Disseminating the warning to the population. This happens through a number of channels such as SMS, PA etc. Crucial to this is the reduction of false alarms, which would be frequent without some pretty advanced tech, since only one in ten earthquakes results in a Tsunami. Naturally a population that fled nine times for no reason is unlikely to heed the tenth – this time correct – alert, making the whole system worthless. It is a scary thought that the effectiveness of millions of Euros of life saving technology can be undone at the last minute by a simple human factor known to kids as "crying wolf".

International Space Station control center

The classic “mission control” room, from where the European ISS module is constantly monitored. The other modules (US, Japan, Russia) have their own mission controls in their respective countries.

The UI is once again split over four screens with vast amounts of data covering all aspects of the operational health of the module, as well as map visualisation and some larger key figures. Occasionally they need to respond to some warning or other, but the bulk of the time is spent working through procedures to manage the experiments being run.

Interestingly when a warning does occur, they are supposed to pull out the manual to find out the procedure to follow. I would have thought this would be directly integrated in the UI, but possibly keeping the displays absolutely constant is more important.

Key Differences between mission critical and ‘mere mortal’ systems

  • A high level of tra