No Slide Title
Download
Report
Transcript No Slide Title
What’s On
• 1 - Introduction
• 2 - Propulsion & ∆V
• 3 - Attitude Control
& instruments
• 4 - Orbits
& Orbit
Determination
• 5 - Launch Vehicles
• 6 - Power
& Mechanisms
• 7 - Radio & Comms
Engineering 176 Meeting #8
8 Reliability
(3 / 13)
• Clean rooms
• Processes, Parts
• QA / PA & parts track
• Testing
•µSpace-specific rel
9 Thermal basics (3 / 20)
10 - Thermal / Mechanical
Design. FEA. 2 x PDRs
(Joel Pedlikin - 4 / 3)
11 - Digital +Project
Management, Cost &
Sched. 2 x PDRs (4 / 10)
11.5 - Special Topics,
catching up (4 / 17)
12 - Design work (4 / 24)
13 - Presentations (5 / 1)
Design Roadmap
Define
Mission
Solutions &
Tradeoffs
Concept
Propulsion
/ ∆V
Comms
Attitude
Determine
& Control
Launch
Conceptual
Design
Requirements
Ground
Station
Thermal /
Structure
Deployables
Analysis
Info
Processing
Orbit
Top Level Design
Parts
Specs
Materials
Fab
Mass
Suppliers / Budgets
Power
∆V
Link
Bits
Iterate Subsystems
Detailed Design
Engineering 176 Meeting #8
$
Final Performance
Specs & Cost
Last
week:
Radios
Engineering 176 Meeting #8
The costs of…
- bit rate
- small user terminals
- large coverage area
Availability
- Global Mobile
- Many Locations
- Video
- CD radio
- Telephone
Spacecraft Cost
Engineering 176 Meeting #8
Bandwidth
- Fixed Location
- Paging
Power a baud (bit rate)
Power a (1/antenna dia)2
Power a Service Area
Power a obstacles
(windows, roofs)
• Service Area a orbit altitude
• Mass a (Antenna dia)3
•
•
•
•
Antenna Strategies
• Omni (Sputnik)
- 0 dB gain (or less)
- Requires >1 antenna
- Interference fringes
- Downlink power?
Directional (Pioneer)
- huge gain: 24 dB typ.
- requires >1 just in case
- Major ACS impact
Engineering
176 Meeting #8
- Steerable?
• Sector (HETE)
* 3 - 6 dB gain (or less)
* Requires >1 antenna
* Active Control
* but no ACS impact
Link design
• Start with Spacecraft
• What’s the critical link
– Up or down?
• What data rate required
• Frequency considerations
• GS limitations (power, gain)
• Some tricks:
• Eventually, pin down all but one or
two variables e.g.:
– Space antenna gain
– Modulation method
• Then do a trial link and iterate
• Note: Consumer links need lots of
margin => 10 dB good, 20 dB better
Engineering 176 Meeting #8
– How reliable does the link need
to be? What error rate?
– Coding requires only
computation
– How close to the horizon can
your GS see?
– Is only one link critical?
– Differentiate master GS from
user terminals
– Burst mode power can be
higher - use batteries
– Scanning a high-gain antenna
– Spread spectrum - hurts link
but helps sharing and security
(what’s in rqts?)
A note on do-ability
• Orbital Rockets - barely do-able and for 10,000 years, not
do-able. 100 years from now, might be as easy as flying a
Cessna to 10kft.
• Television - barely do-able in 1940s
• Flight- barely do-able: Lindberg and Earhardt
• Digital graphics - JPL IPL - famous in 1980s
• Radios: barely do-able in Marconi era
• Maybe we will say the same, 50 years from now, about…
- personal satellite comms
- earth services from space (light, power)
- space billboards
whatever happens - it starts kludgy
Engineering 176 Meeting #8
Richard Feynman
on do-ability:
• There was a time we didn’t understand
even how gravity behaved
• Then we modeled it (Kepler)
but didn’t have a law of gravitation
• Now we have the law of gravitation, (but not the physics)
• Understand large scale (planets, stars)
( Newton and Einstein)
• Understand meso scale (atoms to planets)
(Newton and Planc et al.)
• Do not understand sub-proton / sub-neutron scale
• QED was the first successful attempt to describe behavior
of sub-nuclear particles (Feynman Nobel)
Engineering 176 Meeting #8
Next Week:
Triple Witch
March 18:
Full Moon
March 19:
Perigee Moon
March 21:
Spring Equinox
Engineering 176 Meeting #8
Vernal Equinox
(‘03 March 21)
Too many
days
Skip a
leap
Every 4th year correction is
the Julian Calendar: leap
year - but it’s slightly to
much - the equinox slips
earlier - the calendar pages
turn too slowly
Engineering 176 Meeting #8
Don’t
Skip a
leap
Skip a
leap
Julian -> Gregorian subtracts
leap years on centuries (00
years) except 400, 800)
(next one to skip is in 2100
- see you there!)
No law says year/day = rational
Tonight
• Homework due: Radio Strategy:
- what & why & why not the other options
• Spacecraft Tx Power, modulation,
antenna selection, l
• Same for Ground Station
• Up and down link calcs
• Part 2: (class)
– Radio Review & thoughts
– Reliability (probably continued next week)
Engineering 176 Meeting #8
Due Thursday, March 20
• (already assigned, never too late)… Reading on Reliability:
– SMAD 19.2 (15 Pages worth reading / skimming)
– TLOM 15 (clean rooms and more)
• (for next week)…Reading on Thermal Design
– SMAD 11.5 (31 pages worth reading + good ref. Data)
– TLOM 10 (always worth reading)
• Mission Success / Reliability plan
– Designing in Reliability
– Insurance
– Estimate lifetime, P(Success)
- Mission Definition
- Risk mitigation
- Test Plan
All of this is needed in your design
Engineering 176 Meeting #8
Clean Room Anatomy
Clean room protects from:
• Dust
• ESD
• Temp / humidity extremes
• Oil & condensables
• People
Engineering 176 Meeting #8
Reliability
• See SMAD 19.2 (16pp) • Hard to predict for one“[The more difficult to
of-a-kind (P & mode)
fix, the more important
– Space Shuttle
becomes reliability]”
– Nuclear Power Plant
– Custom spacecraft or
• Success = All systems
component
critical to mission must
succeed
• Easier for production
– redundancy - if you have 2
radio sets, at least one
must succeed
• P(n Successes) =
∏i=1n[P(Success)i]
Engineering 176 Meeting #8
– Car engine
– Dog / cat / person
– Laptop / Battery
but according to some
distribution (Gaussian?)
Causes of Space Systems Failures
Engineering 176 Meeting #8
Parts Ensembles Reliability
Engineering 176 Meeting #8
Parts Reliability
• DoD Philosophy:
- best parts don’t fail
- heritage / margin
industrial
Class D
Commercial Class D1
Class B1
Class B2
Class S
Class B
but
- cost is maximum
- schedule is long
- huge margins mask poor design
- documentation burden bloats program
- are they better?
Amsat:
• Emphasize design
• Test long hours
• Prefer production components
Engineering 176 Meeting #8
Redundancy, Graceful Degradation
and Single String Design
• Redundancy not a panacea
– Increases part count more than 2x (=> lower reliability)
– Software complexity increases - to select among redundant
systems
– Cost, mass, volume and hence financial risk all rise
– More vulnerable to #1 cause of failure: poor design
– (while #2, environment and #3, human error are not ameliorated)
– More vulnerable to #4, connections-based failures
– Redundancy addresses only 5th rated failure cause:
piece part failure (and at maximum cost to the program)
• Single String
– Cheap, small, light, simple
– Total vulnerability to stochastic part failure
– great solution for large numbers of spacecraft
Engineering 176 Meeting #8
Single String,
Multiple Spacecraft
Example:
Ps = 0.96 using one S/C: S Cost = $10M
- or Ps = 0.96
Engineering 176 Meeting
#8 using two S/C (each @ Ps = 0.8): S Cost = $4M
Real World FMECA Stats.
• Interconnections and interactions (some
unknown), dominated by human factors,
dominate risks
• Same principles apply inside each black box
Engineering 176 Meeting #8
Ie - if we knew how to do
this, automobile and drug
recalls would be unknown
Graceful Degradation: Examples
4 sets of industrial “C” NiCads (cost $20k)
vs.
1 set of MIL-Spec cells ($400k)
8 cheap satellites in each of 7 orbit planes
vs.
3 geosynch satellites
Multiple plastic memory modules ($50k)
vs.
One S-class tape recorder
3 x single axis magnetometers
vs.
1 x 3 axis magnetometer
Which is safer - a single engine airplane
or
a twin engine airplane?
Engineering 176 Meeting #8
Real World Reliability
How others do it
– Systems Redundancy, subsystems degrade gracefully
(reliability of species, not individual survival)
“In
three words I can sum up everything I've learned about life: it goes on. - Robert
Frost (1874-1963)
– Balance:
• too much defense vs. too little
• Longevity vs. reproduction
• Trial & error in real world
• run & fight vs. reliability
• Think vs. do
• learning/adaptation vs. Q
• Consumer Products
– Redundancy is rare
- Repair / Replace easier
– Protect from user
- Routine Maintenance
– Product Evolution, not revolution
• No user-serviceable parts • Limited control / access
• Safety interlocks
• Field experience / statistics
• Manufacturing process investment (automated test & cal)
– Define “reliability” (e.g. “don’t kill people”)
Engineering 176 Meeting #8
Real World Reliability:
how we (should) do it
»Avoid poor design:
» Highest quality engineering team
» People (not parts) who have done it before
» Buddy system
» real world testing based on engineering, not specs/politics
• Redundancy for known problem components (batteries)
• Special treatment for special parts (DC/DC converters, electrolytic
capacitors):
– Select / deselect vendors based on experience
– Subject all to discrete component tests
– Careful visual inspection
• All Components: verify environment specs + test
• Remove hardware (use software):
– Packet creation / disassembly - Attitude Determination
– Charge control
- Fine pointing of optics
– Antenna pointing
- Is this trip necessary?
(use computers, drop towers,
balloons, aircraft)
Engineering 176 Meeting #8
Ghosts of Programs Past
HETE was stranded alive inside rocket
launch envelope
Software design and operator errors
caused Clementine to accidentally
exhaust all its propellant, ending its
Mission.
TRW’s Lewis (left) failed
within a few days on orbit
due to design and operator
errors. Orbital’s Clark
(right), Lewis’ “twin”, was
cancelled mid-program due
to budget overruns
Engineering 176 Meeting #8
JAS-1 underestimated power budget survived with limited operations.
Replaced by JAS-2
A poorly designed fuel system
destroyed mars observer just upon
reaching its destination.