Engineering 176 Meeting #8
What’s On•8 & 9 Reliability
(March 14 & 19)Clean rooms and processesParts qualityQA / PA and parts trackingTestingµSpace specific reliability
• 9 more Reliability + Thermal basics (March 19)
• 10 - Thermal / Mechanical
Design. FEA(Joel Pedlikin - April 4)
• 11 - Digital +Project Management, Cost & Schedule
• 12 - Design work• 13 - Presentations
• 1 - Introduction• 2 - Propulsion & ∆V• 3 - Attitude Control
& instruments• 4 - Orbits
& Orbit Determination
• 5 - Launch Vehicles• 6 - Power
& Mechanisms• 7 - Radio & Comms
Engineering 176 Meeting #8
Design Roadmap
DefineMission
ConceptSolutions &Tradeoffs
ConceptualDesign
Requirements Analysis
OrbitPropulsion
/ ∆VComms
AttitudeDetermine & Control
LaunchGroundStation
Thermal /Structure
Deployables
InfoProcessing
Top Level Design
Iterate Subsystems
Suppliers / Budgets
PartsSpecs
Mass
Power
$
∆V
Link BitsMaterialsFab
Detailed DesignFinal Performance
Specs & Cost
Engineering 176 Meeting #8
A note on do-ability• Orbital Rockets - barely do-able and for 10,000
years, not do-able. 100 years from now, might be as easy as flying a Cessna to 10kft.
• Television - barely do-able in 1940s
• Flight- barely do-able: Lindberg and Earhardt
• Digital graphics - JPL IPL - famous in 1980s
• Radios: barely do-able in Marconi era
• Maybe we will say the same, 50 years from now, about… - personal satellite comms
- earth services from space (light, power)- space billboards
whatever happens - it starts with us
Engineering 176 Meeting #8
Due tonight• Part 1 (homework): Radio Strategy:
- what & why & why not the other options• Spacecraft Tx Power, modulation, antenna selection, • same for Ground Station• Up and down link calcs
• Part 2: (class) System Design review / discussion:1 hour start on reliability• ~20 minute presentation x 3 groups = 1 hour• ~ 2 reviewers (plus me) from AeroAstro
- review, but mainly help with designs and answer your questions
Engineering 176 Meeting #8
Due Tuesday, March 19• Reading on Reliability:
– SMAD 19.2 (15 Pages worth reading / skimming)– TLOM 15 (clean rooms etc.)
• Reading on Thermal Design– SMAD 11.5 (31 pages worth reading + good ref. Data)– TLOM 10
• Mission Success / Reliability plan– Designing in Reliability - Mission Definition– Insurance - Risk mitigation – Estimate lifetime, P(Success) - Test Plan
Engineering 176 Meeting #8
Clean Room Anatomy
Clean room protects from:
• Dust • ESD
• Temp / humidity extremes
• Oil & condensables
• People
Engineering 176 Meeting #8
Reliability• See SMAD 19.2 (16pp)
“[The more difficult to fix, the more important becomes reliability]”
• Success = All systems critical to mission must succeed – redundancy - if you
have 2 radio sets, at least one must succeed
• P(n Successes) = ∏i=1
n[P(Success)i]
• Hard to predict for one-of-a-kind (P & mode)
– Space Shuttle– Nuclear Power Plant– Custom spacecraft or
component
• Easier for production– Car engine– Dog / cat– Laptop / Battery
but according to some distribution (Gaussian?)
Engineering 176 Meeting #8
Causes of Space Systems Failures
• Poor Design
• Misjudge Environment
• Human Errors
• Connections
• Piece Part Failure
compared with
Where we put our reliability and
More
Less
Where we expend reliability efforts
Real Causes of failure
• Piece Parts
• Assembly (connections)
• Human errors
• Poor Design
• Environment
Engineering 176 Meeting #8
Parts Ensembles Reliability
10 0 10 1 10 2 10 3 10 4 10 5
1.0
0.8
0.6
0.4
0.2
0
Number of Parts in Ensemble
0.999 Part Reliability 0.9999 Part
Reliability
0.99999 Part Reliability
Myth: Small Satellites are less reliable than conventional satellites.
Reality: Experience shows they are more reliable - and analysis indicates they should be.
Engineering 176 Meeting #8
Parts Reliability
‘60s ‘70s ‘80s ‘90s
Government Commercial
Class S implemented
beginClass S
planning
1st Qualified
ManufacurersList
1st Automotive
apps
Transistors
JapaneseQuality
Challenge
submicrontechnology
Customer / supplier
partnerships
• DoD Philosophy:- best parts don’t fail- heritage / margin
but- cost is maximum- schedule is long- huge margins mask poor design- documentation burden bloats program- are they better?
industrial Class D Class B1 Class S
Commercial Class D1 Class B2 Class B
Class B Class S industrialAmsat: • Emphasize design • Test long hours • Prefer production components
Engineering 176 Meeting #8
Redundancy, Graceful Degradation and Single String Design
• Redundancy not a panacea– Increases part count more than 2x (=> lower reliability)– Software complexity increases - to select among
redundant systems– Cost, mass, volume and hence financial risk all rise– Vulnerable to #1 cause of failure: poor design– (also#2, environment and #3, human error not
ameliorated)– (#4, connections-based failures, are increased)– Redundancy addresses only 5th rated failure cause,
piece part failure(and at maximum cost to the program)
• Single String– Cheap, small, light, simple– Total vulnerability to stochastic part failure– great solution for large numbers of spacecraft
Engineering 176 Meeting #8
Single String, Multiple Spacecraft
$10M
$1.0M
$0.1M
0.25 0.50 0.75 1.0
0.80
$2M
0.96
$10M
PsExample: Ps = 0.96 using one S/C: Cost = $10M
- or -Ps = 0.96 using two S/C (each @ Ps = 0.8):Cost
= $4M
Engineering 176 Meeting #8
Real World FMECA Stats.• MIL-HNBK-217E
Sensor Encoder Computer Tx
0.99 0.99 .98 0.97 Ps = 0.93
Connector
0.99 0.99 .98 0.97
Sensor Encoder Computer Tx
Ps = 0.83
• Real World
• Interconnections and interactions (some unknown), dominated by human
factors, dominate risks
• Same principles apply inside each black box
Ie - if we knew how to do this, automobile
and drug recalls would be unknown
Engineering 176 Meeting #8
Graceful Degradation: Examples4 sets of industrial “C” NiCads (cost $20k)
vs. 1 set of MIL-Spec cells ($400k)
8 cheap satellites in each of 7 orbit planesvs.
3 geosynch satellites
Multiple plastic memory modules ($50k)vs.
One S-class tape recorder
3 x single axis magnetometersvs.
1 x 3 axis magnetometer
Which is safer - a single engine airplane or
a twin engine airplane?
Engineering 176 Meeting #8
Real World ReliabilityHow others do it
– Systems Redundancy, subsystems degrade gracefully (reliability of species, not individual survival)“In three words I can sum up everything I've learned about life: it goes on. - Robert Frost (1874-1963)
– Balance: • too much defense vs. too little • run & fight vs. reliability• Longevity vs. reproduction • Think vs. do• Trial & error in real world • learning/adaptation vs. Q
• Consumer Products– Redundancy is rare - Repair / Replace easier– Protect from user - Routine Maintenance– Product Evolution, not revolution
• No user-serviceable parts • Limited control / access• Safety interlocks • Field experience / statistics• Manufacturing process investment (automated test & cal)
– Define “reliability” (e.g. “don’t kill people”)
Engineering 176 Meeting #8
»Avoid poor design:» Highest quality engineering team» People (not parts) who have done it before» Buddy system» real world testing based on engineering, not specs/politics
• Redundancy for known problem components (batteries)
• Special treatment for special parts (DC/DC converters, electrolytic capacitors):– Select / deselect vendors based on experience– Subject all to discrete component tests– Careful visual inspection
• All Compoments: verify environment specs + test
• Remove hardware (use software):– Packet creation / disassembly - Attitude Determination– Charge control - Fine pointing of optics– Antenna pointing - Is this trip necessary?
(use computers, drop towers,balloons, aircraft)
Real World Reliability: how we (should) do it
Engineering 176 Meeting #8
JAS-1 underestimated power budget - survived with limited operations.
Replaced by JAS-2
Software design and operator errors caused Clementine to accidentally
exhaust all its propellant, ending its Mission.
HETE was stranded alive inside rocket launch envelope
TRW’s Lewis (left) failed within a few days on orbit
due to design and operator errors. Orbital’s Clark
(right), Lewis’ “twin”, was cancelled mid-program due
to budget overruns
A poorly designed fuel system destroyed mars observer just upon
reaching its destination.
Ghosts of Programs Past