Two of the key requirements for medical appliances and devices are high reliability and long-term availability. Since they perform challenging and often vital monitoring and control tasks, faults or equipment breakdowns need to be minimised or eliminated completely. To prove their reliability, medical devices have to pass stringent and costly qualification processes.
Life-critical applications often use several independent computers or processors to ensure uninterrupted operation, even if one unit fails. This is called ‘redundancy’ in the trade. For economic and practical reasons, it makes sense to bundle up several functions within a single device. Here, modern multi-core processor systems offer a safe and economical solution.
Key to such systems is the appropriate (for example, real-time) and safe separation of the various operating systems and functions between independent physical or logical processors with dedicated resources. A proven way to do this is by using real-time hypervisor technology.
The highest demands on medical devices are in the areas of security, reliability and availability. Traditionally, almost all safety-critical applications run on ‘hardened’ operating systems that ensure strictly deterministic (non-random) behaviour, sometimes even under real-time conditions. Vital functions must under no circumstances be affected or impaired by other processes. Who, for instance, would want to risk a respirator failure just because another process has caused a crash or a blue screen in the instrument?
This poses major challenges, especially with regard to system extensions and consolidations. The most critical function determines the operating system; all subordinated functions then need to be ported to this specific operating system at great effort and cost. This makes integration extremely difficult when using traditional single processor technology.
Matters are complicated by the fact that there are significantly fewer ‘ready-to-use’ software blocks available for these specific operating systems. There is a general lack of qualified software engineers – even for mainstream operating systems such as Windows and Linux – so finding engineers with the required specialised knowledge can easily turn into a search for the needle in the haystack. The results are lengthy and expensive software ports, or even new developments.
Certainly it would be much easier if existing turnkey templates or native (for example, graphics) solutions could be implemented directly. This would also result in significant time and cost savings with regard to the often mandatory certification updates and licensing procedures. Development times (time-to-market) and total cost of ownership are critical success factors in the medical equipment market, where devices have a relatively long life. Therefore, both should be kept to a minimum, especially since the devices have to undergo cumbersome and costly certification processes.
Another requirement for portable and semi-portable medical devices is minimum specific energy consumption, permitting fanless operation. Apart from the benefits of silent operation, this also enables hermetically-sealed device housings, which are simpler to disinfect and sterilise in clinical environments.
For portable devices, long battery life enabled by low basic energy consumption and elaborate battery management is a good selling point and an immediate cost-saving factor. As a rule, devices should be easy and intuitive to use despite their richer and more complex functionality.
Touch-screen controlled graphical user interfaces and menu navigation appear to be an ideal solution. However, touch control with high graphics resolution usually requires fast and power-hungry graphics hardware. In addition, most common graphics and menu-building toolsets are only available for Linux and Windows. Many manufacturers solve the problem by developing dedicated control and display computer systems based on these mainstream operating systems.
An integrated solution
In a perfect world it would be possible to integrate these requirements onto a single platform in which:
- fewer safety-critical applications, such as a comfortable user interface, run on mainstream software platforms such as Windows or UNIX
- critical applications requiring deterministic behaviour and real-time capabilities run on their native real-time operating system platforms, requiring only minimal changes (mainly for communication)
- controller functions can be implemented without additional controller hardware
- DSP functions can run as software implementations without extra DSP processors.
A single, scalable multi-processor platform is required to allow such a solution to run safely and without much integration and porting effort on a common platform. In addition, all hardware and firmware should be pre-integrated on a modular platform. A good way of achieving this complex task in the real world is by integrating a real-time hypervisor from Real-Time Systems with Intel‘s latest Embedded Core i5 and Core i7 hardware platforms on an ‘off-the-shelf’ computer-on-module (COM).
A real-time hypervisor is a low-level, firmware-like piece of software that manages the processor resources on a multi-processor platform in line with a set of specified rules. As a result, each virtual client (for example, an operating system) looks and behaves like a single, independent processor system. What makes real-time hypervisor unique is the fact that it can also manage multiple real-time operating systems without violating the (hard) real-time requirements on any of these systems.
For this purpose, the real-time hypervisor assigns available memory to the various operating systems on a strictly exclusive basis. Hardware devices, whether peripheral component interconnect or legacy devices, are configured in such a way that the respective interrupts are handled exclusively and distributed directly to the individual cores and operating systems.
The relevant operating system can only see and handle the resources, such as cores and memory devices, that are explicitly assigned to it. And because the respective interrupts are assigned directly to each operating system and directly access their own hardware devices, there is no need for any special or modified device drivers. It does not matter at all whether the overall system uses single or multiple instances of the same (real-time) operating system, or whether a mix of operating systems is installed.
A real-time hypervisor can choose the boot sequence and boot, operate or shut down each processor or operating system independently from the others. None of the installed operating systems performs tasks for other operating systems or the real-time hypervisor itself – security is therefore guaranteed at all times and under all circumstances. Communication between the various virtual machines can be arbitrary; the state-of-the-art is to use internal TCP/IP-based networks or adequately configured shared memory.
Most multi-core processors for embedded applications only provide two physical cores; a logical separation of these into virtual cores is a must if you want or have to use more separate cores to run your applications. This technology, which has been available with Intel processors for quite some time, is known as hyper-threading.
A processor core that supports this feature can be split into two separate virtual cores even without a real-time hypervisor, as it already has all the required additional hardware, such as dedicated interrupt controllers implemented on the chip.
Another significant bonus of the latest Intel multi-core processors is their turbo boost feature. This permits risk-free specific overclocking, which enables simple load balancing between the cores within a certain range.
Benefits of COM
Some of the greatest benefits of today’s processor devices can quickly turn into disadvantages in embedded applications. High integration density easily results in sub-millimetre pin grids that are virtually impossible to handle with conventional design and production tools. Another distinct disadvantage lies in the high frequencies and ultra-steep signal edges.
Medical electronics companies rarely have the specific knowledge required to handle these challenges adequately. This is why it makes good sense to work with partner companies in these critical areas, from an economical as well as a technical point of view.
The core competence can be easily acquired with pre-integrated COMs, while the specific know-how and experience of the COM supplier pays off with typical benefits such as:
- scalability via easily exchangeable modules
- pre-integrated, application-ready platforms that have no problems with specialised hardware; drivers and board-support packages available in a ready-to-use format for a rich choice of operating systems, including real-time versions
- significantly shorter development times and time-to-market, due to big savings in development, test and debugging efforts guaranteed high quality due to the specific know-how of the module supplier, and consolidation effects through customer feedback.
For this specific application, multi-core experience is a must. Ideally, this should be coupled with a close partnership with the supplier of the employed virtualisation software. It is also useful if the COM already comes with, or at least allows for easy configuration of, all significant additional hardware components. This particularly applies to powerful and energy-efficient graphics, as well as smart battery management on portable and mobile devices.
Future generations of even more powerful embedded multi-core processors with four or more physical cores will expand scalability beyond today’s top-range performance levels. Even today, there are multi-core, embedded, ultra low-voltage processors that enable useful functional and graphical extensions on small handhelds that, until recently, were only possible in wired medical devices.
In view of the outlined advantages and growing availability of multi-processor technology, it won’t be long before the first mediPad shows up in this market