Engineering 176 Meeting #8 What’s On 8 & 9 Reliability (March 14 & 19) Clean rooms and processes Parts quality QA / PA and parts tracking Testing µ Space

Engineering 176 Meeting #8

What’s On•8 & 9 Reliability

(March 14 & 19)Clean rooms and processesParts qualityQA / PA and parts trackingTestingµSpace specific reliability

• 9 more Reliability + Thermal basics (March 19)

• 10 - Thermal / Mechanical

Design. FEA(Joel Pedlikin - April 4)

• 11 - Digital +Project Management, Cost & Schedule

• 12 - Design work• 13 - Presentations

• 1 - Introduction• 2 - Propulsion & ∆V• 3 - Attitude Control

& instruments• 4 - Orbits

& Orbit Determination

• 5 - Launch Vehicles• 6 - Power

& Mechanisms• 7 - Radio & Comms


Design Roadmap

DefineMission

ConceptSolutions &Tradeoffs

ConceptualDesign

Requirements Analysis

OrbitPropulsion

/ ∆VComms

AttitudeDetermine & Control

LaunchGroundStation

Thermal /Structure

Deployables

InfoProcessing

Top Level Design

Iterate Subsystems

Suppliers / Budgets

PartsSpecs

Mass

Power

$

∆V

Link BitsMaterialsFab

Detailed DesignFinal Performance

Specs & Cost


Last

week: Radios


A note on do-ability• Orbital Rockets - barely do-able and for 10,000

years, not do-able. 100 years from now, might be as easy as flying a Cessna to 10kft.

• Television - barely do-able in 1940s

• Flight- barely do-able: Lindberg and Earhardt

• Digital graphics - JPL IPL - famous in 1980s

• Radios: barely do-able in Marconi era

• Maybe we will say the same, 50 years from now, about… - personal satellite comms

- earth services from space (light, power)- space billboards

whatever happens - it starts with us


Due tonight• Part 1 (homework): Radio Strategy:

- what & why & why not the other options• Spacecraft Tx Power, modulation, antenna selection, • same for Ground Station• Up and down link calcs

• Part 2: (class) System Design review / discussion:1 hour start on reliability• ~20 minute presentation x 3 groups = 1 hour• ~ 2 reviewers (plus me) from AeroAstro

- review, but mainly help with designs and answer your questions


Due Tuesday, March 19• Reading on Reliability:

– SMAD 19.2 (15 Pages worth reading / skimming)– TLOM 15 (clean rooms etc.)

• Reading on Thermal Design– SMAD 11.5 (31 pages worth reading + good ref. Data)– TLOM 10

• Mission Success / Reliability plan– Designing in Reliability - Mission Definition– Insurance - Risk mitigation – Estimate lifetime, P(Success) - Test Plan


Clean Room Anatomy

Clean room protects from:

• Dust • ESD

• Temp / humidity extremes

• Oil & condensables

• People


Reliability• See SMAD 19.2 (16pp)

“[The more difficult to fix, the more important becomes reliability]”

• Success = All systems critical to mission must succeed – redundancy - if you

have 2 radio sets, at least one must succeed

• P(n Successes) = ∏i=1

n[P(Success)i]

• Hard to predict for one-of-a-kind (P & mode)

– Space Shuttle– Nuclear Power Plant– Custom spacecraft or

component

• Easier for production– Car engine– Dog / cat– Laptop / Battery

but according to some distribution (Gaussian?)


Causes of Space Systems Failures

• Poor Design

• Misjudge Environment

• Human Errors

• Connections

• Piece Part Failure

compared with

Where we put our reliability and

More

Less

Where we expend reliability efforts

Real Causes of failure

• Piece Parts

• Assembly (connections)

• Human errors

• Poor Design

• Environment


Parts Ensembles Reliability

10 0 10 1 10 2 10 3 10 4 10 5

1.0

0.8

0.6

0.4

0.2

0

Number of Parts in Ensemble

0.999 Part Reliability 0.9999 Part

Reliability

0.99999 Part Reliability

Myth: Small Satellites are less reliable than conventional satellites.

Reality: Experience shows they are more reliable - and analysis indicates they should be.


Parts Reliability

‘60s ‘70s ‘80s ‘90s

Government Commercial

Class S implemented

beginClass S

planning

1st Qualified

ManufacurersList

1st Automotive

apps

Transistors

JapaneseQuality

Challenge

submicrontechnology

Customer / supplier

partnerships

• DoD Philosophy:- best parts don’t fail- heritage / margin

but- cost is maximum- schedule is long- huge margins mask poor design- documentation burden bloats program- are they better?

industrial Class D Class B1 Class S

Commercial Class D1 Class B2 Class B

Class B Class S industrialAmsat: • Emphasize design • Test long hours • Prefer production components


Redundancy, Graceful Degradation and Single String Design

• Redundancy not a panacea– Increases part count more than 2x (=> lower reliability)– Software complexity increases - to select among

redundant systems– Cost, mass, volume and hence financial risk all rise– Vulnerable to #1 cause of failure: poor design– (also#2, environment and #3, human error not

ameliorated)– (#4, connections-based failures, are increased)– Redundancy addresses only 5th rated failure cause,

piece part failure(and at maximum cost to the program)

• Single String– Cheap, small, light, simple– Total vulnerability to stochastic part failure– great solution for large numbers of spacecraft


Single String, Multiple Spacecraft

$10M

$1.0M

$0.1M

0.25 0.50 0.75 1.0

0.80

$2M

0.96

$10M

PsExample: Ps = 0.96 using one S/C: Cost = $10M

- or -Ps = 0.96 using two S/C (each @ Ps = 0.8):Cost

= $4M


Real World FMECA Stats.• MIL-HNBK-217E

Sensor Encoder Computer Tx

0.99 0.99 .98 0.97 Ps = 0.93

Connector

0.99 0.99 .98 0.97

Sensor Encoder Computer Tx

Ps = 0.83

• Real World

• Interconnections and interactions (some unknown), dominated by human

factors, dominate risks

• Same principles apply inside each black box

Ie - if we knew how to do this, automobile

and drug recalls would be unknown


Graceful Degradation: Examples4 sets of industrial “C” NiCads (cost $20k)

vs. 1 set of MIL-Spec cells ($400k)

8 cheap satellites in each of 7 orbit planesvs.

3 geosynch satellites

Multiple plastic memory modules ($50k)vs.

One S-class tape recorder

3 x single axis magnetometersvs.

1 x 3 axis magnetometer

Which is safer - a single engine airplane or

a twin engine airplane?


Real World ReliabilityHow others do it

– Systems Redundancy, subsystems degrade gracefully (reliability of species, not individual survival)“In three words I can sum up everything I've learned about life: it goes on. - Robert Frost (1874-1963)

– Balance: • too much defense vs. too little • run & fight vs. reliability• Longevity vs. reproduction • Think vs. do• Trial & error in real world • learning/adaptation vs. Q

• Consumer Products– Redundancy is rare - Repair / Replace easier– Protect from user - Routine Maintenance– Product Evolution, not revolution

• No user-serviceable parts • Limited control / access• Safety interlocks • Field experience / statistics• Manufacturing process investment (automated test & cal)

– Define “reliability” (e.g. “don’t kill people”)


»Avoid poor design:» Highest quality engineering team» People (not parts) who have done it before» Buddy system» real world testing based on engineering, not specs/politics

• Redundancy for known problem components (batteries)

• Special treatment for special parts (DC/DC converters, electrolytic capacitors):– Select / deselect vendors based on experience– Subject all to discrete component tests– Careful visual inspection

• All Compoments: verify environment specs + test

• Remove hardware (use software):– Packet creation / disassembly - Attitude Determination– Charge control - Fine pointing of optics– Antenna pointing - Is this trip necessary?

(use computers, drop towers,balloons, aircraft)

Real World Reliability: how we (should) do it


JAS-1 underestimated power budget - survived with limited operations.

Replaced by JAS-2

Software design and operator errors caused Clementine to accidentally

exhaust all its propellant, ending its Mission.

HETE was stranded alive inside rocket launch envelope

TRW’s Lewis (left) failed within a few days on orbit

due to design and operator errors. Orbital’s Clark

(right), Lewis’ “twin”, was cancelled mid-program due

to budget overruns

A poorly designed fuel system destroyed mars observer just upon

reaching its destination.

Ghosts of Programs Past

Documents

Engineering 176 Meeting #8 What’s On 8 & 9 Reliability (March 14 & 19) Clean rooms and processes Parts quality QA / PA and parts tracking Testing µ Space