Work

Awards

Resume

About

Aakash Mangla

Turning risky remote commands into safe, predictable workflows.

One of the most critical functions during the lifecycle of a connected device is sending and managing commands like Firmware Over-The-Air (FOTA) updates, configurations or any other custom commands to devices remotely.

Unlike standard SaaS apps where 'Undo' is easy, IoT commands carry a physical risk.

Pushing an incompatible file or losing connection during a command can permanently damage ("brick") the device hardware.

The team needed a safer way to send remote commands to connected devices.

Previously, our internal engineering team performed these high-risk operations using a custom-built Python tool. This workflow was fraught with usability issues.

High Risk of Error

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

Cognitive Load

Engineers worked under the constant stress that a single mistake could disable a fleet of vehicles.

What if we could turn this moment of distress into the power of control?

😖→😤

Let's begin from the start and see how we achieved it.

This project was started as a separate module for Vec-TR.

Vec-TR is a comprehensive SaaS platform developed by Vecmocon to manage the lifecycle, monitoring, and configuration of connected vehicles and IoT devices.

It includes different modules, each with their own functions, and command center was going to be one of the critical functionality of this app.

Vec-TR

Organizations

Assets and Devices

Dashboard Management

User Management

Inventory

Command Center

Events

Reports

Role Management

Asset Groups

Route History

Data Profiles

At the heart of this ecosystem lies the VIM (Vehicle Intelligence Module). Think of the VIM as the "brain" of the connected vehicle. Physically installed on the asset, it acts as a central gateway, aggregating critical telemetry data from sub-components like the Battery Management System (BMS) and Motor Controller.

The communication flow is bi-directional, creating a constant feedback loop

Upstream (Telemetry)

The VIM constantly pushes health and status data to the cloud, which Vec-TR visualizes for the user.

Downstream (Command & Control)

This was our design focus. The user needs to send complex instructions—such as configuration changes or firmware updates—from the Vec-TR web dashboard back to the VIM.

While the team was facing a lot of problems, those all could be categorized into three categories.

There were three main problems that the team was facing.

Decentralized Data & Version Chaos

Firmware files existed in a fragmented state, often shared via chat or stored on local drives. This lack of a "Single Source of Truth" made version control nearly impossible, leading to a high risk of engineers manually handing off and deploying outdated or unverified code.

High Cognitive Load & Lack of Guardrails

The workflow relied entirely on human vigilance to prevent disasters. Without system-level validation, it was dangerously easy to select an incompatible file or target the wrong vehicle. Crucially, the lack of a "Testing Ground" meant engineers had to push updates directly to production without a safe staging environment.

Operational Blindness (The "Black Box" Problem)

Once a command was triggered via the script, it entered a void. Engineers had no real-time visibility into the campaign's progress and, most critically, lacked an "Emergency Brake." If a deployment started failing, there was no way to pause or abort the operation, leaving the fleet vulnerable until the script finished.

Final Design and Details

Manage Files

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

Create Commands

Engineers worked under the constant stress that a single mistake could disable a fleet of vehicles.

Command Progress

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

The risk management and control design strategy

I introduced 'Positive Friction' in the workflow so that memory load shifts from the user to the system.

While sending a command to the device, the user's mindset is "I need to be careful. I am changing how a machine behaves." Let's see how.

Manage Files like Pro

Structured Metadata Ingestion

We replaced raw file dumps with a structured flow that captures critical versioning and hardware compatibility tags, ensuring the system can validate every file upon entry.

Default-to-Safe Staging

Uploaded files enter an "Inactive" state by default. This introduces positive friction, forcing a deliberate review moment to prevent accidental deployment of unverified firmware.

Role-Based Activation

To establish accountability, files cannot be used immediately. A distinct "Activation" step is required, ensuring only authorized leads can clear a firmware version for field deployment.

Create Commands with Confidence

Progressive Wizard Flow

We broke the complex task into a linear, four-step process. This progressive disclosure reduces cognitive load and keeps the user focused on one decision at a time.

Contextual Verification

Selecting a firmware file loads a detail card showing version metadata. This allows users to verify file compatibility in situ without navigating away to a different screen.

Intelligent Guardrails

The system disables incompatible assets or those already running tasks. Tooltips explain the "Why," preventing errors before they happen and building user trust in the system logic.

Scalable Asset Targeting

Designed for both precision and volume. Users can select specific devices for beta testing or utilize pre-defined Asset Groups to deploy updates to thousands of vehicles in a single click.

Flexible Execution Triggers

Accommodates different operational risks. "Immediate" mode executes instantly, while "Manual" mode stages the command, requiring a secondary authorization.

Timeout Thresholds

To prevent infinite retry loops that drain vehicle batteries, users define strict timeout periods. This ensures "zombie" commands don't clog the network if a device fails to respond.

Pre-Flight Safety Check

Before final execution, a comprehensive summary screen shows all choices. This is the final "fail-safe", allowing users to spot checks and prune specific assets just before committing.

View Command Status with Ease

Real-Time Campaign Observability

We designed a "Macro-to-Micro" view. Users get an instant health check via summary charts while retaining the ability to drill down into individual device logs for debugging.

Prominent Action States

For commands requiring manual confirmation, we used high-contrast visual hierarchy. The "Trigger" action is elevated to the top, ensuring operators never miss a pending deployment.

Intervention & Recovery Tools

Reality is messy. We built granular controls allowing users to Abort runaways, Retry specific failures, or Edit pending commands without needing to scrap the entire batch.

Turning risky remote commands into safe, predictable workflows.

One of the most critical functions during the lifecycle of a connected device is sending and managing commands like Firmware Over-The-Air (FOTA) updates, configurations or any other custom commands to devices remotely.

Unlike standard SaaS apps where 'Undo' is easy, IoT commands carry a physical risk.

Pushing an incompatible file or losing connection during a command can permanently damage ("brick") the device hardware.

The team needed a safer way to send remote commands to connected devices.

Previously, our internal engineering team performed these high-risk operations using a custom-built Python tool. This workflow was fraught with usability issues.

High Risk of Error

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

Cognitive Load

Engineers worked under the constant stress that a single mistake could disable a fleet of vehicles.

What if we could turn this moment of distress into the power of control?

😖→😤

Let's begin from the start and see how we achieved it.

This project was started as a separate module for Vec-TR.

Vec-TR is a comprehensive SaaS platform developed by Vecmocon to manage the lifecycle, monitoring, and configuration of connected vehicles and IoT devices.

It includes different modules, each with their own functions, and command center was going to be one of the critical functionality of this app.

The communication flow is bi-directional, creating a constant feedback loop

Upstream (Telemetry)

The VIM constantly pushes health and status data to the cloud, which Vec-TR visualizes for the user.

Downstream (Command & Control)

This was our design focus. The user needs to send complex instructions—such as configuration changes or firmware updates—from the Vec-TR web dashboard back to the VIM.

While the team was facing a lot of problems, those all could be categorized into three categories.

There were three main problems that the team was facing.

Decentralized Data & Version Chaos

High Cognitive Load & Lack of Guardrails

Operational Blindness (The "Black Box" Problem)

Final Design and Details

Manage Files

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

Create Commands

Engineers worked under the constant stress that a single mistake could disable a fleet of vehicles.

Command Progress

No way to avoid wrong file selection or asset selection. It allowed whatever the user was doing, even if it's wrong.

The risk management and control design strategy

I introduced 'Positive Friction' in the workflow so that memory load shifts from the user to the system.

While sending a command to the device, the user's mindset is "I need to be careful. I am changing how a machine behaves." Let's see how.

Manage Files like Pro

Structured Metadata Ingestion

We replaced raw file dumps with a structured flow that captures critical versioning and hardware compatibility tags, ensuring the system can validate every file upon entry.

Default-to-Safe Staging

Uploaded files enter an "Inactive" state by default. This introduces positive friction, forcing a deliberate review moment to prevent accidental deployment of unverified firmware.

Role-Based Activation

To establish accountability, files cannot be used immediately. A distinct "Activation" step is required, ensuring only authorized leads can clear a firmware version for field deployment.

Create Commands with Confidence

Progressive Wizard Flow

We broke the complex task into a linear, four-step process. This progressive disclosure reduces cognitive load and keeps the user focused on one decision at a time.

Contextual Verification

Selecting a firmware file loads a detail card showing version metadata. This allows users to verify file compatibility in situ without navigating away to a different screen.

Intelligent Guardrails

The system disables incompatible assets or those already running tasks. Tooltips explain the "Why," preventing errors before they happen and building user trust in the system logic.

Scalable Asset Targeting

Designed for both precision and volume. Users can select specific devices for beta testing or utilize pre-defined Asset Groups to deploy updates to thousands of vehicles in a single click.

Flexible Execution Triggers

Accommodates different operational risks. "Immediate" mode executes instantly, while "Manual" mode stages the command, requiring a secondary authorization.

Timeout Thresholds

To prevent infinite retry loops that drain vehicle batteries, users define strict timeout periods. This ensures "zombie" commands don't clog the network if a device fails to respond.

Pre-Flight Safety Check

Before final execution, a comprehensive summary screen shows all choices. This is the final "fail-safe", allowing users to spot checks and prune specific assets just before committing.

View Command Status with Ease

Real-Time Campaign Observability

We designed a "Macro-to-Micro" view. Users get an instant health check via summary charts while retaining the ability to drill down into individual device logs for debugging.

Prominent Action States

For commands requiring manual confirmation, we used high-contrast visual hierarchy. The "Trigger" action is elevated to the top, ensuring operators never miss a pending deployment.

Intervention & Recovery Tools

Reality is messy. We built granular controls allowing users to Abort runaways, Retry specific failures, or Edit pending commands without needing to scrap the entire batch.

Fin.