Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fault Protection Techniques in JPL Spacecraft

Published byClaud Walter Hodge Modified over 6 years ago

Similar presentations

Presentation on theme: "Fault Protection Techniques in JPL Spacecraft"— Presentation transcript:

1 Fault Protection Techniques in JPL Spacecraft
Paula S. Morgan Jet Propulsion Laboratory, California Institute of Technology Jason Bratcher EE 585 Monday, December 1, 2008

2 Introduction For a spacecraft to function properly it is desirable to monitor systems and subsystems continuously This is costly and impractical Time constraints due to distance for communication will not allow this Instead we use autonomous fault protection so the spacecraft can correct anomalies itself without ground station interaction Bratcher, Jason. EE 585

3 Health & Safety Concerns for Deep Space Missions
Exposure to the sun’s intense heat Optical solar reflectors Mirror tiles Multi-layer insulation thermal blankets Internal temperature regulation Circulation of the spacecraft’s gas or liquid (fuel) cools the internal hardware of the spacecraft heats the gas/liquid so it doesn’t freeze Human interaction Electro-static discharge Immediate failures vs. Latent failures Command generated failures Turn off receiver (can’t communicate) Turning on too many components (under-voltage power-outage) Increasing lag time between transmission and reception Distance between the Earth and Saturn’s orbit causes approximately one hour transmission time Bratcher, Jason. EE 585

4 Fault Protection Implementation Approach
Fault protection is applied by implementing: Functional redundancy Redundant hardware Autonomous fault protection monitors and responses Swap redundant units Maintain spacecraft health Safeguard operation through continuous monitoring of spacecraft systems Anomalous conditions preprogrammed safe code Autonomous fault protection implemented on spacecraft only if: Ground response is not feasible or practical Fault resolution action is required in a pre-defined period of time Bratcher, Jason. EE 585

5 Standard Fault Protection Implementation
Most spacecraft rely on a “general-purpose, safe mode” Configure Lower power state (turns off nonessential payloads) Command a thermally safe attitude Provide a safe state for hardware Establish an uplink and downlink with a low-gain antenna Terminate sequence currently executing on spacecraft “Command Loss Response” is communication error fault protection that protects against: Ground antenna failures Environmental interferences Spacecraft hardware failures Erroneous spacecraft attitude (pointing error) Radio frequency interferences Error in an uplinked sequence (radio device accidentally turned off) Bratcher, Jason. EE 585

6 Standard Fault Protection Implementation Cont.
Under-Voltage Response (system loss of power) Oversubscribing available power Short in the power system Communications bus overload Under-Voltage fault protection should Acknowledge the drop in power Shed the non-essential payloads from the communications bus Isolate the defective device Re-establish essential hardware Bratcher, Jason. EE 585

7 Fault Protection in JPL Spacecrafts
Bratcher, Jason. EE 585

8 Fault Protection in JPL Spacecrafts
The Cassini Spacecraft requires up to an hour of response time which is not ideal for fault resolution from a ground station Bratcher, Jason. EE 585

9 Fault Protection Application
Fault protection responsibility is allocated to ground teams and the spacecraft itself based on severity of fault The autonomous fault protection is divided into two applications Subsystem Internal fault Protection (SIFP) System Fault protection (SFP) Fault protection is allocated to the SIFP if the subsystem can recover without affecting any other subsystem Bratcher, Jason. EE 585

10 Fault Protection Ground Rules and Requirements
In general, fault protection is designed with the following priorities: Protect critical spacecraft functionality Protect spacecraft performance and consumables Minimize disruptions to normal sequence operations Simplify ground recovery response, including provisions of downlink telemetry It is also desirable to ensure: The safe state of a spacecraft allows commanding for a pre-defined amount of time after an anomaly Error Logging is kept periodically and sent back to ground stations Bratcher, Jason. EE 585

11 Fault Interaction Non-interfering faults Interfering faults
Non-critical sequence Critical sequence Bratcher, Jason. EE 585

12 Fault Protection Architecture in JPL Spacecraft
The main Computer (CDS: Command and data processing computer) is the host for the4 spacecraft’s SFP monitors and responses Below is the services and architecture for the SFP in the CDS Bratcher, Jason. EE 585

13 Fault Protection Architecture in JPL Spacecraft Cont.
SFP and SIFP are a group of monitors and responses that are initiated and executed by their own “Fault Protection Manager” Fault Protection Managers can be disabled during a mission for various reasons The response is only appropriate when the associated device is powered on and operating The response is required only for specific mission events The response is not appropriate for a particular event The response is not compatible with the currently operating sequence Bratcher, Jason. EE 585

14 Cassini’s Under-Voltage FP / Safe Mode FP Responses
Diode isolate RTGs Loadshed Regain voltage regulation Power on required devices Set UV flags CDS watches flags Un-isolate healthy RTGs Reset UV flags Enter safe mode Bratcher, Jason. EE 585

15 Cassini’s Command Loss Fault Response
Command Loss FP hardware for Cassini consists of Dual computer CDS units Redundant radio Frequency devices (RFS) Deep space transponders Traveling wave tube amplifiers Telemetry control units Three antennas (high and low gain) The FP response is to enter an endless loop to attempt to restore uplink by performing hardware swaps and commanding an alternate attitude Bratcher, Jason. EE 585

16 Cassini’s Command Loss Fault Response Cont.
Bratcher, Jason. EE 585

17 References [1] P. S. Morgan, “Fault Protection Techniques in JPL Spacecraft” Ph.D. thesis, Jet Propulsion Laboratory/California Institute of Technology, Pasadena, California [2] C. E. Ong. Fault Protection in a Component-based Spacecraft Architecture. Massachusetts Institute of Technology. Accessed November, Available: Bratcher, Jason. EE 585

Download ppt "Fault Protection Techniques in JPL Spacecraft"

Similar presentations

Satellite Communication

Satellite Communication
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
WPI CS534 Showcase Jeff Martin. * Computer Software on Deep Space 1 * Used to execute plans/mission objectives * Model based * Constraint based * Fault.

WPI CS534 Showcase Jeff Martin. * Computer Software on Deep Space 1 * Used to execute plans/mission objectives * Model based * Constraint based * Fault.
EEE440 Modern Communication Systems Satellite Systems.

EEE440 Modern Communication Systems Satellite Systems.
1 Spacecraft Thermal Design Introduction to Space Systems and Spacecraft Design Space Systems Design.

1 Spacecraft Thermal Design Introduction to Space Systems and Spacecraft Design Space Systems Design.
Simulating A Satellite CSGC Mission Operations Team Cameron HatcherJames Burkert Brandon BobianAleks Jarosz.

Simulating A Satellite CSGC Mission Operations Team Cameron HatcherJames Burkert Brandon BobianAleks Jarosz.
Space Environment I Introduction to Space Systems and Spacecraft Design Space Systems Design.

Space Environment I Introduction to Space Systems and Spacecraft Design Space Systems Design.
Operating System Organization

Operating System Organization
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
During a mains supply interruption the entire protected network is dependent on the integrity of the UPS battery as a secondary source of energy. A potential.

During a mains supply interruption the entire protected network is dependent on the integrity of the UPS battery as a secondary source of energy. A potential.
C&DH System COMMAND AND DATA HANDLING C&DH CDS MTM 3/13/03.

C&DH System COMMAND AND DATA HANDLING C&DH CDS MTM 3/13/03.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Launching, Orbital Effects & Satellite Subsystems

Launching, Orbital Effects & Satellite Subsystems
1 Formation Flying Shunsuke Hirayama Tsutomu Hasegawa Aziatun Burhan Masao Shimada Tomo Sugano Rachel Winters Matt Whitten Kyle Tholen Matt Mueller Shelby.

1 Formation Flying Shunsuke Hirayama Tsutomu Hasegawa Aziatun Burhan Masao Shimada Tomo Sugano Rachel Winters Matt Whitten Kyle Tholen Matt Mueller Shelby.
1 Fault Tolerance in the Nonstop Cyclone System By Scott Chan Robert Jardine Presented by Phuc Nguyen.

1 Fault Tolerance in the Nonstop Cyclone System By Scott Chan Robert Jardine Presented by Phuc Nguyen.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
POWER SYSTEM PROTECTION

POWER SYSTEM PROTECTION
Module 5, Unit A Vocabulary Review Game. 2 pt 3 pt 4 pt 5pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2pt 3 pt 4pt 5 pt 1pt 2pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4pt.

Module 5, Unit A Vocabulary Review Game. 2 pt 3 pt 4 pt 5pt 1 pt 2 pt 3 pt 4 pt 5 pt 1 pt 2pt 3 pt 4pt 5 pt 1pt 2pt 3 pt 4 pt 5 pt 1 pt 2 pt 3 pt 4pt.
20a - 1 NASA’s Goddard Space Flight Center Attitude Control System (ACS) Eric Holmes, Code 591 Joe Garrick, Code 595 Jim Simpson, Code 596 NASA/GSFC August.

20a - 1 NASA’s Goddard Space Flight Center Attitude Control System (ACS) Eric Holmes, Code 591 Joe Garrick, Code 595 Jim Simpson, Code 596 NASA/GSFC August.
Venus Observations HST Program 12433. Objectives v Explain Venus observing strategy. v Review areas of special concern with Venus observations and explain.

Venus Observations HST Program Objectives v Explain Venus observing strategy. v Review areas of special concern with Venus observations and explain.

Similar presentations

Ads by Google