1 / 14

Mission Assurance Concepts and Discussion NEPTUNE Power CoDR

Mission Assurance Concepts and Discussion NEPTUNE Power CoDR. Richard Kemski June 10, 2002. Agenda. Mission Assurance from JPL Perspective Deep Space Missions Similarity to Deep Sea Missions Fault Protection Power System Pedigree Power System Reliability/Availability

daniel_millan
Télécharger la présentation

Mission Assurance Concepts and Discussion NEPTUNE Power CoDR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mission Assurance Concepts and DiscussionNEPTUNE Power CoDR Richard Kemski June 10, 2002

  2. Agenda • Mission Assurance from JPL Perspective • Deep Space Missions Similarity to Deep Sea Missions • Fault Protection • Power System Pedigree • Power System Reliability/Availability • Node Power Modeling (Bottoms up estimate) • Neptune Risk Management • Neptune Mission Assurance Drivers • Thoughts on Mission Assurance Implementation • Thoughts on Mission Assurance Best Practices • Summary

  3. Mission Assurance from JPL Perspective • Mission Assurance is involved throughout the complete mission lifecycle • From proposal (initial planning) phase to design/development phase through operations phase • Mission Assurance personnel are integrated into the project structure • Project management, Risk management, Design team, Manufacturing, Test & Integration, and Operations (including maintenance) • Mission Assurance includes: • EEE Parts, Environmental Design & Test Requirements, Reliability, Quality Assurance (H/W & S/W), Materials & Processes Control, Systems Safety (includes personnel and H/W), Operations Assurance

  4. Deep Space Long life Environment driven design Temperature, Radiation, micrometeoroids, Launch dynamics, EMI/EMC Pre-launch handling environment Mix of new, inherited and modified inherited designs System robustness traded with cost, science and operations impacts Failures during operations are either costly and/or impossible to fix Deep Sea Long life Environment driven design Temperature, Ocean chemistry, Pressure, bio-fouling, Deployment dynamics, EMI/EMC Pre-deployment handling environment Mix of new, inherited and modified inherited designs System robustness traded with cost, science and operations impacts Failures during operations are costly to fix often with significant delay Deep Space Missions Similarity to Deep Sea Missions

  5. Fault Protection • Protects against propagation of fault to other elements of the system • Sense and isolation of fault (response is combination of H/W and S/W) • Spacecraft employ combination of block or functional redundancy wherever possible • Neptune employs dual shore power sources (to protect against shore/sea node failure propagation) and sensing & isolation (to protect against any node/line failure propagation)

  6. Power System Pedigree • Shore AC/DC 10KV converters – New COTS design, different(?) application environment • Shore to Sea & backbone cable – Inherited, similar application environment (possibly higher current than qualified to) • “Magic” spur cable – New design • Alcatel Branching Units (BU’s) – Inherited (very few units deployed), similar application environment • 400V, 48V DC/DC node converters – New design • “Magic” cable to node and node to science terminations– New design • Node circuit breakers – Inherited COTS, different application environment (requires new packaging) • Node fault protection sense circuitry (differential I, over I, distance, etc.) – New designs • SCADA software – New designs

  7. Power System Reliability/Availability • System Modeling • 45 Nodes modeled plus 2 Intelligent BBU (equivalent to 2 nodes) • Repair opportunities available annually • Analysis by simulation at various confidence levels • Given various node reliabilities (MTBFs of 30, 45, or 60 years) • Given different success criteria (no node outages allowed, 1 node outage allowed, . . . ) • Results indicate that if few, or no, failures are allowed high node reliability is required (results shown for 90% confidence) * Failure is defined as loss of node

  8. Node Power Modeling (Bottoms up estimate) • Node Power includes: • Start-Up Supply • Overcurrent Protection • Feedback Control • 48 Series DC – DC Converters • Preliminary MIL-HDBK-217F parts count prediction • 50% stress on all parts • 10C case ambient temperature • Part Quality is class S • Estimated MTBF is 826 years for a single converter • 17% probability 48 in series will operate 30 years, therefore redundancy or architectural modification of converter design should be considered

  9. Neptune Risk Management • Minimum science requirements must be defined and accepted by the funding organization (NSF), partners and scientists • Design, Operations, and Mission Assurance Requirements derived from science requirements • All risks (technical, cost, schedule) measured against impact to minimum science requirements

  10. Neptune Mission Assurance Drivers • 30 year life (goal of > 2 years between node replacements per NOPP report) • Pressure – approx. 200 – 300 atm. • 2oC < T< 30oC (includes surface testing/handling and deployed environment) • 2oC low qualification temperature precludes deployment/repair in icing environment • High power consumption/heat dissipation ? • Corrosive effects of water, salt, sulfur, biofouling, ? - on cable insulation, node connectors, ? • Effects of high DC E field on submerged materials (cable insulation – treeing, galvanic corrosion at anodes, ?) • Systems and personnel safety during assembly test, I & T, installation, and repair operations due to heavy equipment, high power, high voltage application

  11. Thoughts on Mission Assurance Implementation • Representatives from each MA discipline part of design team • Close working relationship with design, fabrication, test engineers • Generate Mission Assurance & Safety Plan and Environmental Design & Test Plan early to avoid programmatic surprises later • Perform system level Fault Tree Analysis (FTA) and FMECA (includes both hardware and software) • Use failure rates and probabilities judiciously (I.e., where available data is relevant to application and environment) • Where data is unavailable: • Perform accelerated tests on article of interest (e.g., connectors) • Assumes activation energies are known (where not known perform Design Of Experiments) • Identify reliability discriminators (order of magnitude) • Identify common mode failures (e.g., spur cable or spur connector failure causes node power and communications failure) • Understand full impacts of application environment on inherited hardware • Inherited hardware rarely stays inherited

  12. Thoughts on Mission Assurance Best Practices • Perform full parts qualification to “S” space level requirements • Perform Worst Case Analysis (V, T, life) or HAST at assembly level (in lieu of WCA) • Parts Stress Analysis (derated parts have a significant impact on improving system lifetime) • Evaluate all materials and processes for application and environmental compatibility • Perform full qualification testing, or workmanship acceptance testing (at a minimum) on all assemblies • Perform QA audits of all manufacturing processes and inspections of all delivered assemblies • Involve Safety and QA early for all assembly and system level testing • Perform Safety review of all high voltage testing and repair procedures

  13. Summary • Involve Mission Assurance team early and throughout mission lifecycle • Integrate Mission Assurance into project team • Perform “Best Practices” as suggested • Consider all potentially catastrophic failure modes – Unknown unknowns have almost always been the cause of loss of mission

More Related