THEMIS MISSION SYSTEM OVERVIEW Dr Ellen Taylor University

Скачать презентацию THEMIS MISSION SYSTEM OVERVIEW Dr Ellen Taylor University Скачать презентацию THEMIS MISSION SYSTEM OVERVIEW Dr Ellen Taylor University

c2a23f559fd39790f249d2e3885e4ae7.ppt

  • Количество слайдов: 43

THEMIS MISSION SYSTEM OVERVIEW Dr. Ellen Taylor University of California - Berkeley THEMIS MISSION THEMIS MISSION SYSTEM OVERVIEW Dr. Ellen Taylor University of California - Berkeley THEMIS MISSION PDR OVERVIEW-1 UCB, November 12, 2003

Overview Requirement Process • • Requirement Development and Verification Process Mission Requirements Document (Status, Overview Requirement Process • • Requirement Development and Verification Process Mission Requirements Document (Status, Statistics, Control) Mission Level Requirements • • Lifetime and Radiation Resource Budgets (Allocations, Tracking and Control) Contamination Requirements (Magnetics, ESC, Contamination) Interface Requirements (ICD Document Status) Test and Verification Requirements (Verification Process) Fault Tolerance (Reliability analyses - Fault Tree, PRA, FMECA) Level 1 Science Error Budgets Risk Management Configuration Management System Change Notices • Major system trades THEMIS MISSION PDR OVERVIEW-2 UCB, November 12, 2003

Requirement Development Top-Level requirements developed during Phase A • • Concept Study Report (CSR) Requirement Development Top-Level requirements developed during Phase A • • Concept Study Report (CSR) provides basic mission concept Outlines top-level requirements imposed by science and programmatic objectives Mission requirements flown down (to subsystem level), formalized and documented early in Phase B • • • All elements of CSR concept and mission requirements reviewed by development team Mission Requirements Database (MRD) developed and reviewed MRD finalized and put under Configuration Control at System Requirements Review (SRR), July 2003 Subsystem Interfaces and Component Requirements further detailed in Phase B • Interface Control Documents between Subsystems and Institutions • System and Subsystem Specifications (Board Specifications, SOWs, etc) • Mission Plans and Policies (PAIP, Risk Management Plan, FMECA, etc) • Control Plans (Magnetics, ESC, Contamination) THEMIS MISSION PDR OVERVIEW-3 UCB, November 12, 2003

Requirement Verification Plans developed in Phase B and C • • Development of Verification Requirement Verification Plans developed in Phase B and C • • Development of Verification Matrix ensures a test or analysis is scheduled for all Mission Requirements in MRD Performance Verification and Environmental Test Plan provides launch and space environments and outlines comprehensive component, subsystem and system level test program Requirements Compliance and Verification Matrices completed in Phase D • • • MRD evolves into summary of test program as run Documents Verification and Compliance Status of all Requirements Provides direct trace-ability from requirements to test procedures and reports THEMIS MISSION PDR OVERVIEW-4 UCB, November 12, 2003

MRD Status MRD Rev A released at System Requirements Review (SRR) MRD Rev B MRD Status MRD Rev A released at System Requirements Review (SRR) MRD Rev B released prior to Instrument and Subsystem Peer Reviews • Incorporated SRR Recommendations and RFAs • Added verification plan (Inspection/Analysis/Test) for each requirement MRD Rev C released at Mission PDR TBD/TBR List: ID Requirement M-13 THEMIS Probes shall be launched into a transfer orbit w/ following Detailed Performance Analysis by Boeing characteristics: apogee 12 +/- 0. 38 Re… (all parameters TBR) (Feb 2004) M-45 The THEMIS Probe Carrier Assembly (5 Fueled Probes plus Probe Carrier) shall not exceed 807 kg (TBR). Detailed Performance Analysis by Boeing (Feb 2004) M-51 The THEMIS Ground Station shall contact probes once an orbit (required) / once a day (desired) (TBR). Could be driven by accuracy/drift of clock. Oscillator trade (Nov 2003) M-62 The Launch Vehicle shall despin (if necessary) the Probe Carrier to less than 15 RPM (TBR) prior to probe deployment. Separation Analysis (Nov 2003) PB. EPS-5 The Battery capacity shall be sufficient to provide power for the Bus through the worst-case launch scenario of 90 minutes (TBR). Launch scenarios throughout year to be run by KSC (Dec 2003) PC. MEC-1 The Probe Carrier shall accommodate 5 probes of max mass, with Separation Analysis (Dec 2003) a minimum static clearance of 4 inches (TBR) between Probes PC. MEC-5 The Probes shall be released from the Probe Carrier within TBD sec of receiving the deployment signal from the launch vehicle Pending discussions with KSC and Boeing (Feb 2004) PC. MEC-11 The Probe Carrier Assembly (Probe Carrier, with all 5 Probes installed) shall have a roll MOI > 515 kg-m^2 (TBR) Pending discussions with KSC and Boeing (Feb 2004) PC. MEC-13 The Probe Bus separation system shall include TBD inhibits to prevent inadvertent release of the Probe from the Probe Carrier. Pending discussions with KSC Safety (Dec 2003) THEMIS MISSION PDR Schedule for Closure OVERVIEW-5 UCB, November 12, 2003

MRD Control MRD Change Control • • Change history column with each requirement Detailed MRD Control MRD Change Control • • Change history column with each requirement Detailed change log shows Rev A statement, Rev B statement, etc. Change log has approval column for check off by Systems and affected Subsystem leads Parent and Child IDs used to identify affected subsystems Change Statistics • Approximately 800 requirements tracked • Approximately 200 minor changes since SRR (wording, clarifications, deletions) • Approximately 20 major changes since SRR (error budgets, magnetics, timing) THEMIS MISSION PDR OVERVIEW-6 UCB, November 12, 2003

Key Requirement Documents Interface Control Plans: Sign-off by PDR • • • Instruments-to-IDPU ICDs Key Requirement Documents Interface Control Plans: Sign-off by PDR • • • Instruments-to-IDPU ICDs (covers software, data, electrical) Instruments-to-Probe ICDs (covers mechanical, thermal, contamination) Probe-to-IDPU ICD (electrical and mechanical) Launch Vehicle ICD (Boeing Mission Specification) Ground System ICDs (Space-to-Ground link, Ground Station, Data System) Electrical System Specification: Sign-off by PDR • • Provides Electrical Standards for board design System Plans for grounding, harness, etc. Contamination Control Plans: Draft by PDR, Sign-off by CDR • • Separate Plans for Magnetics, Electrostatic Cleanliness (ESC) and Contamination Provides contamination budgets, best design practice guidelines and verification plans Verification Plan and Environmental Spec: Draft by PDR, Sign-off by CDR • • • Performance Verification Plan Qualification Philosophy and Test Levels (Acceptance, Qualification, Protoflight) Vibration/Loads/Shock Environments Thermal Vacuum/Balance Environments EMI/EMC/Magnetics/ESC Test Requirements Mission Simulations and RF Compatibility Testing THEMIS MISSION PDR OVERVIEW-7 UCB, November 12, 2003

Document Status THEMIS MISSION PDR OVERVIEW-8 UCB, November 12, 2003 Document Status THEMIS MISSION PDR OVERVIEW-8 UCB, November 12, 2003

Mission Requirements • • • Lifetime and Radiation (M-1 to M-4) Fault Tolerance (M-5 Mission Requirements • • • Lifetime and Radiation (M-1 to M-4) Fault Tolerance (M-5 to M-8) Mission Design (M-9 to M-17 presented later in Mission Design) Resource Budgets (M-19 to M-28) Contamination Requirements (M-30 to M-37) Interface Requirements (M-39) Test Requirements (M-40 to M-42) Launch Vehicle (M-43 to M-47, M-62 to M-64) Ground Station (M-48 to M-58 presented later in Ground System) Safety (M-64 to M-71 presented later in Safety Splinter) THEMIS MISSION PDR OVERVIEW-9 UCB, November 12, 2003

Lifetime and Radiation REQUIREMENT SYSTEM DESIGN M-1. The THEMIS operational system shall be designed Lifetime and Radiation REQUIREMENT SYSTEM DESIGN M-1. The THEMIS operational system shall be designed for at least a two year lifetime. Compliance. All flight systems are designed analyzed for two year lifetime. M-3. THEMIS shall be designed for a total dose environment of 33 krad/year (66 krad for 2 year mission, 5 mm of Al, RDM 2) Compliance. Radiation analyses performed. Performance Assurance and Implementation Plan (PAIP) THM_pa_001 A. doc Version A-2003 -Sept 30 Signed-Off. From PAIP: Parts shall have a TID tolerance of 33 Krads or more based manufactures data sheet, demonstrated technology hardness, or lot testing. The Radiation Environment for THEMIS: Michael Xapsos Radiation Effects and Analysis Group Flight Data Systems and Radiation Effects Branch/Code 561 THEMIS MISSION PDR OVERVIEW-10 UCB, November 12, 2003

Lifetime and Radiation REQUIREMENT SYSTEM DESIGN M-4. THEMIS shall be Single Event Effect (SEE) Lifetime and Radiation REQUIREMENT SYSTEM DESIGN M-4. THEMIS shall be Single Event Effect (SEE) tolerant and immune to destructive latch-up. Compliance. Radiation analyses performed. Performance Assurance and Implementation Plan (PAIP) THM_pa_001 A. doc Version A-2003 -Sept 30 Signed-Off. From PAIP: Parts shall be SEL-immune to a LET >37 Me. V-cm 2/mg, or else shall be protected against damage by a protection circuit. Parts that affect critical functions shall be SEU immune, or else shall use a Triple Modular Redundancy scheme. Parts shall meet these criteria based on manufacturers data sheet, demonstrated technology hardness, or lot testing. The Radiation Environment for THEMIS: Michael Xapsos Radiation Effects and Analysis Group Flight Data Systems and Radiation Effects Branch/Code 561 THEMIS MISSION PDR OVERVIEW-11 UCB, November 12, 2003

Orbital Debris Analysis REQUIREMENT DESIGN M-2. The THEMIS project shall develop a plan to Orbital Debris Analysis REQUIREMENT DESIGN M-2. The THEMIS project shall develop a plan to meet the NASA orbital debris guidelines of re-entry in NSS 1740. 14 Compliance. Preliminary Orbital Debris Assessment (SAI-RPT-0555) has been completed complying with NASA Policy 8710. 3 A and Safety Standard 1740. 14. Re-entry < 25 years. Worse-case (P 1) passive reentry = 11. 8 years (debris assessment s/w) Debris Area < 8 m 2. Estimate for probes = 2. 68 m 2, Estimate for probe carrier and 3 rd stage = 1. 04 m 2. Compliance covered further by Swales (Brenneman) THEMIS MISSION PDR OVERVIEW-12 UCB, November 12, 2003

Resource Budgets - Propellant REQUIREMENT DESIGN M-19. THEMIS maneuvers shall be optimized for a Resource Budgets - Propellant REQUIREMENT DESIGN M-19. THEMIS maneuvers shall be optimized for a delta-V of 650 m/s Compliance. CBE worst case delta-V is 566 m/s (worst-case, P 1). Provides 15% contingency. M-20. All THEMIS Probes shall have 15% propellant Compliance. 15% propellant margin at launch is margin at launch included in mass, d. V allocations. Ref M-22. From THEMIS Maneuver Calculator: THEMIS MISSION PDR OVERVIEW-13 UCB, November 12, 2003

Resource Budgets - Mass REQUIREMENT DESIGN M-21 a. No THEMIS Probe shall exceed a Resource Budgets - Mass REQUIREMENT DESIGN M-21 a. No THEMIS Probe shall exceed a dry mass of 93. 3 kg. Compliance. CBE is 64. 07 kg. Contingency is 14. 7%. Provides 27% Program Managers Margin. M-21 b. The THEMIS Probe Carrier shall not exceed a mass of 147 kg. Compliance. CBE is 105. 34 kg. Contingency is 15. 8%. Provides 20. 5% Program Managers Margin. From THM-SYS-008 System Mass Budget: THEMIS MISSION PDR OVERVIEW-14 UCB, November 12, 2003

Resource Budgets REQUIREMENT DESIGN M-22. Each THEMIS Probe shall be designed to accommodate a Resource Budgets REQUIREMENT DESIGN M-22. Each THEMIS Probe shall be designed to accommodate a dry mass of 93. 3 kg and a Delta-V of 650 m/s, with a goal of 15% propellant margin at launch. Compliance. Ref PB. RCS-1, -2, -3: Tanks are sized (38. 70 kg) to accommodate full mass growth, attitude maneuvers and 650 m/s d. V. Mass is allocated assuming a 15% propellant margin at launch. THEMIS MISSION PDR OVERVIEW-15 UCB, November 12, 2003

Resource Budgets - Mass REQUIREMENT DESIGN M-45. The THEMIS Probe Carrier Assembly (5 Fueled Resource Budgets - Mass REQUIREMENT DESIGN M-45. The THEMIS Probe Carrier Assembly (5 Fueled Probes plus Probe Carrier) mass-to-orbit shall not exceed 807 kg (TBR*). Compliance. CBE is 619. 21 kg. Contingency is 10. 3%. Provides 25. 34% Program Managers Margin. *Note: TBR added since SRR. Decrease in launch vehicle performance estimate possible. From THM-SYS-008 System Mass Budget: THEMIS MISSION PDR OVERVIEW-16 UCB, November 12, 2003

Resource Budgets - Power REQUIREMENT DESIGN M-23. No THEMIS Probe shall exceed an on-orbit Resource Budgets - Power REQUIREMENT DESIGN M-23. No THEMIS Probe shall exceed an on-orbit power draw of 41. 5 W. Compliance. CBE is 24. 31 W. Contingency is 20. 53%. Provides 41. 64% Program Managers Margin. M-24. The Probe power system shall be designed to accommodate an EOL on-orbit average power of 41. 5 W. Compliance. Ref PB. EPS-6: EPS design provides >41. 5 W on-orbit average power. M-25. Each Probe shall be designed to achieve electrical energy balance over an orbit assuming a 30 minute transmitter power on time and 180 minute eclipse. Compliance. Ref PB. EPS-7: EPS designed for peak power of 65 W during 30 min downlink; Ref PB. EPS 8: EPS designed for 49 W during 180 minute eclipse. From THM-SYS-009 System Power Budget: THEMIS MISSION PDR OVERVIEW-17 UCB, November 12, 2003

Resource Budgets - Data REQUIREMENT DESIGN M-26. No THEMIS Probe shall not exceed 750 Resource Budgets - Data REQUIREMENT DESIGN M-26. No THEMIS Probe shall not exceed 750 Mbits/orbit (uncompressed) Instrument science and housekeeping data and 87 Mbits/orbit Probe Bus housekeeping data. Compliance. Ref IN-10: Instrument Payload data budget estimate is 744 Mbits/orbit for worst case probe, P 2. Ref PB-14 and PB. CDH-32: Storage rate variable from 250 bps to 4 kbps, nominal 1 kbps or 11 MB (87 Mbits) per day for inner probes. M-27. Each THEMIS Probe shall be capable of storing 1 orbit + 1 days worth of Instrument and Probe Bus housekeeping data. Compliance. Ref IN. DPU-6: Instrument memory sized for 1 orbit + 1 day (256 MB SSR); Ref IN. CDH 14: Probe memory sized for 1 orbit + 1 day (16 MB + variable storage rate) From THM-SYS-010 System Data Budget: • Detailed Instrument rates calculated for each Mode (Slow Survey, Fast Survey, Particle Burst and Wave Burst) • Summary Page provides data volume for each Probe by estimating how long Probe will be in different Modes THEMIS MISSION PDR OVERVIEW-18 UCB, November 12, 2003

Resource Margins REQUIREMENT DESIGN M-28. Resource budgets (mass, power) shall show margin at each Resource Margins REQUIREMENT DESIGN M-28. Resource budgets (mass, power) shall show margin at each project milestone per the Systems Engineering Management Plan (SEMP). Compliance. THM-SYS-006 System Engineering Management Plan signed off. Mission PDR contingency and margin matches schedule. From System Engineering Management Plan (SEMP): • Contingency is defined as a percentage of resource added to an estimate as a provision for uncertainty. Contingency is based on the level of maturity: 1. Concept: 25% 2. Design: 15% 3. Prior Build: 7. 5% 4. Fabrication: 4% 5. Flight Build: 2% Contingency % that doesn’t meet schedule triggers re-allocation and possible release of PM Margin. • Program Managers (PM) Margin is defined as the amount of resource remaining when an estimate plus the associated contingencies are subtracted from the available quantity. The project will maintain appropriate margin at each phase, as shown: 1. Phase A Concept: > 30% 2. Preliminary Design Review (PDR): > 20% 3. Conceptual Design Review (CDR): > 15% 4. Pre-Environmental Review (PER): > 10% 5. Pre-Ship Review (PSR): 2% to 5% PM Margin % that doesn’t meet the following Margin Schedule will trigger a project level risk mitigation plan, resulting in possible descope of mission objectives. Schedule is consistent with historic NASA project trends. NASA Systems Engineering Handbook, SP-6105, 1995, says spacecraft dry mass tends to grow during Phases C and D by as much as 25 to 30 percent. JPL guidelines say that from the Phase B start to launch, growth ranged from 20% to 48%. AIAA Recommended Practice (R 020 A 1999) doesn't give mass growth by phase, but by type of calculation, and has 12 -30% growth allowance. THEMIS MISSION PDR OVERVIEW-19 UCB, November 12, 2003

Resource Tracking & Control From System Engineering Management Plan (SEMP): In order to ensure Resource Tracking & Control From System Engineering Management Plan (SEMP): In order to ensure that the design will meet Mission Requirements, Systems Engineering controls the following key resources: • Mass (dry mass, delta-V, propellant margin) • Power • Telemetry (data budget) • RF Link Margin Resource Requirements have been flowed down to the Probe, Probe Carrier, and Instrument Payload in the MRD. Each Instrument and Probe Subsystem includes: • Current Best Estimate (CBE), updated periodically as the design matures • Contingency, based on design maturity, following schedule outlined in SEMP • System not-to-exceed allocation (current CBE + contingency) documented in Mission Requirements Database Sum of not-to-exceeds is less than the System Capability providing Program Managers Margin held at UCB All Resources closely tracked throughout program • Continually tracked and updated by System Engineers (Probe and Instrument) • Periodically (once a month) reported to and reviewed by MSE and PM • Periodically (once a month) reported to NASA Mission Manager THEMIS MISSION PDR OVERVIEW-20 UCB, November 12, 2003

Magnetics REQUIREMENT DESIGN M-30: AC magnetic noise radiated by the Probe and other instruments Magnetics REQUIREMENT DESIGN M-30: AC magnetic noise radiated by the Probe and other instruments shall not exceed the following levels at 1 meter from the Probe: <30 p. T/sqrt(Hz) at 1 Hz; <1 p. T/sqrt(Hz) at 10 Hz; <0. 1 p. T/sqrt(Hz) at 1 k. Hz; and <0. 1 p. T/sqrt(Hz) in range 1 -10 k. Hz Compliance. Magnetic requirements, guidelines and verification plan provided in THM-SYS-002 Magnetics Contamination Control Plan. From THEMIS Magnetics Contamination Control Plan: Figure 2 -2: AC magnetic noise level requirement (solid curves) and goal (dashed curves) at 1 m from the spacecraft. Ordinate is frequency in Hz. Abscissa is amplitude spectral density in nano. Teslas per root Hz. THEMIS MISSION PDR Figure 2 -1: FGM and SCM sensitivity at the sensor location (1 m and 2 m respectively). Ordinate is frequency measured in Hz. Abscissa is amplitude spectral density in nano. Teslas per root Hz. OVERVIEW-21 UCB, November 12, 2003

Magnetics REQUIREMENT DESIGN M-31 a: DC magnetic field generated by the Probe and other Magnetics REQUIREMENT DESIGN M-31 a: DC magnetic field generated by the Probe and other instruments shall not exceed 5 n. T at 2 meters from the Probe (location of FGM). M-31 b: DC magnetic field generated by the Probe subsystems and other instruments shall be stable to <0. 1 n. T at 2 meters from the Probe (location of FGM) Compliance. Magnetic requirements, budget, guidelines and verification plan provided in THMSYS-002 Magnetics Contamination Control Plan. M-32. All THEMIS elements shall comply with the Magnetics Cleanliness standard described in the THEMIS Magnetics Contamination Control Plan. Compliance. THM-SYS-002 Magnetics Contamination Control Plan in review. Verification Matrix to be completed. THEMIS Magnetic Cleanliness Program: • Magnetics Control Board Established (Vassilis Angelopoulos, UCB; Ellen Taylor, UCB; Paul Turin, UCB; Tom Ajluni, SA; Mike Mc. Cullough, SA; David Jeyasunder, SA; Bob Snare, UCLA; Chris Russell, UCLA ) • Bi-weekly meetings held to coordinate all relevant activities • Main Offenders List and Preliminary Magnetics Budget Established • Budgeting was based on a survey of THEMIS components and identifying the main offenders listed below in decreasing order for each group: Hard Perm Fields Soft Perm Fields Mu metal shielding, welding Stray Fields Solar panels, Current loops (power cables), Battery, RF components AC Fields • Latch valves, Thruster valves, Tanks, Motors, SST magnets Solar panels, Power converters Special considerations and activities to be taken (testing, modeling, analysis) for each of these major offenders are described in Magnetic Contamination Control Plan • Magnetic Verification and Test planning in progress THEMIS MISSION PDR OVERVIEW-22 UCB, November 12, 2003

Electrostatic Cleanliness REQUIREMENT DESIGN M-33. Quasi-DC voltages produced by the Probe and the other Electrostatic Cleanliness REQUIREMENT DESIGN M-33. Quasi-DC voltages produced by the Probe and the other instruments shall not affect the quality of the EFI measurement. Compliance. ESC requirements, guidelines and verification plan provided in THM-SYS-003 Electrostatic Cleanliness Plan. M-34. All THEMIS elements shall comply with the THEMIS Electrostatic Cleanliness (ESC) Plan Compliance. THM-SYS-003 Electrostatic Cleanliness Specification signed off. Verification Matrix to be completed. From THEMIS Electrostatic Cleanliness Specification: • Requirement: The maximum tolerable variation in potential across the surface of the THEMIS spacecraft, d. Vmax, shall be 1 Volt, with a goal of 0. 1 Volts • Flow-down: No exposed components (solar cells, thermal coatings, boom appendages and sensors, exposed portions of instruments, spacecraft hardware, cables) shall charge to potentials in excess of the maximum tolerable variation with respect to the mean spacecraft potential, and all exposed surfaces shall be tied together into a single conductive surface. • Adherence: Upper bounds on bulk resistivity and resistance to ground to meet requirement calculated: • Verification: Adherence to specification is guaranteed by ESC subcommittee, consisting of EFI Lead Scientist and the MSE (at a minimum). End item verification straightforward - measuring resistance between any pair of surfaces. THEMIS MISSION PDR OVERVIEW-23 UCB, November 12, 2003

Contamination REQUIREMENT DESIGN M-35. The molecular contamination of the ESA sensor shall be less Contamination REQUIREMENT DESIGN M-35. The molecular contamination of the ESA sensor shall be less than 0. 01 ug/cm^2. Compliance. Cleanliness levels, bake-out and purge requirements provided in THM-SYS-004 Contamination Control Plan. M-36. The molecular contamination of the SST sensor shall be less than 0. 1 ug/cm^2. Compliance. Cleanliness levels, bake-out and purge requirements provided in THM-SYS-004 Contamination Control Plan. M-37. All THEMIS Elements shall comply with the THEMIS Contamination Control Plan Compliance. THM-SYS-004 Contamination Control Plan in review. Verification Matrix to be completed. From THEMIS Contamination Control Plan (based on successful FAST program): • Instrument Requirements: • External cleanliness level of 500 A per MIL-STD-1246 B • ESA & SST purged continuously, not to be interrupted for periods longer than 24 hours • Non-flight covers remain installed at all possible times • Spacecraft Requirements: • Typically maintained at a Visibly Clean, Highly Sensitive level per NASA-JSC-SN-C-0005 • Cleaned to Level 500 A per MIL-STD-1246 B for instrument integration, occasions when the non-flight covers are removed from ESA and SST • Adherence and Verification: • THEMIS Subsystem Bake-out Plan • Class 100, 000 clean area for integration and test • Bagged w/approved material during periods of inactivity or when removed from clean area • Routinely verified by visual inspection with a white lamp per NASA-JSC-SN-C-0005, Revision C THEMIS MISSION PDR OVERVIEW-24 UCB, November 12, 2003

Interfaces REQUIREMENT DESIGN M-39. All THEMIS Elements shall be compatible per their ICDs Compliance. Interfaces REQUIREMENT DESIGN M-39. All THEMIS Elements shall be compatible per their ICDs Compliance. Most flight system ICDs signed off or in final review cycle. Verification Matrices to be completed. From THM-SYS-000 Document List: Electrical ICDs (Instrument to IDPU) • THM-SYS-103 EFI Digital Fields Board-to IDPU ICD • THM-SYS-104 EFI Boom Electronics Board-to-IDPU ICD • THM-SYS-105 ESA and SST Electronics Card Spec (ICD) • THM-SYS-106 FGM I/F Requirement Document (ICD) • THM-SYS-107 SCM Interface Control Document (ICD) Mechanical ICDs (Instrument to Probe) • THM-SYS-108 Probe-to-EFI Radial Booms ICD • THM-SYS-109 Probe-to-EFI Axial Booms ICD • THM-SYS-110 Probe-to-SST ICD • THM-SYS-111 Probe-to-FGM Mag Boom ICD • THM-SYS-112 Probe-to-SCM Mag Boom ICD IDPU to Probe Interface • THM-SYS-101 IDPU/ESA-to-Probe ICD Flight to Ground ICDs • THM-SYS-102 Command Format Specification • THM-SYS-115 Telemetry Data Format Specification THEMIS MISSION PDR OVERVIEW-25 Rev B Rev A Rev B Rev - Signed Off In Review In Signature Cycle Rev B Rev B In Signature Cycle In Review Rev F Signed Off Rev A Rev C In Review UCB, November 12, 2003

Test and Verification REQUIREMENT DESIGN M-40. All THEMIS components shall verify mission performance requirements Test and Verification REQUIREMENT DESIGN M-40. All THEMIS components shall verify mission performance requirements are met per the Verification Plan and Environmental Test Specification Compliance. Verification method documented for each requirement in MRD. Reference to THM-SYS 005 Verification Plan and Environmental Test Specification - preliminary draft released. (Swales Lead). Will be signed off by CDR. From THEMIS Systems Engineering Management Plan: • Verification Program • Applies to all technical requirements stated in MRD and associated documents • Each item in MRD has fields for verification method, procedure, and result • All associated documents will include verification matrix, containing same criteria • • Verification Methodology • Verification of requirements is by inspection, analysis, demonstration, test or combination • Tasks for each method include: establishing the criteria; preparing plans and procedures; implementing; and documenting the results. Verification Levels • Verification will be performed at one or more of following levels: Assembly, Subsystem, Element, Space Segment THEMIS MISSION PDR Inspection Process of measuring, examining, gauging, or otherwise comparing an article with specified requirements. Analysis is defined as the mathematical or physical interpretation of simulation data or test data. Demonstration is defined as those measurements of a system or equipment taken in the field in which actual or representative environments and external stimuli are used, with recording of information individually or cumulatively to correlate events with time and stress. Tests are defined as measurements made under fully controlled and traceable conditions using simulated environments and external stimuli, as well as those measurements of a system or equipment taken in the field in which actual or representative environments and external stimuli are used. OVERVIEW-26 UCB, November 12, 2003

Test and Verification REQUIREMENT DESIGN M-41. All THEMIS components shall survive and function prior Test and Verification REQUIREMENT DESIGN M-41. All THEMIS components shall survive and function prior to, during and after exposure to the launch and space environments described in the Verification Plan and Environmental Test Spec. Compliance. THM-SYS-005 Verification Plan and Environmental Test Specification preliminary draft released. (Swales Lead). Will be signed off by CDR. Verification Matrix to be completed. From THEMIS Systems Engineering Management Plan: • Verification Plan and Environmental Test Specification • Document shall define the environmental test tolerance limits at each level of assembly • Contains the parameters associated with environmental tests and analysis planned, including: • Test conditions (i. e. temperature, cleanliness) • Environmental levels • Durations • Functional operations • Safety and contamination precautions • Instrumentation • Procedure/Report Requirements • Parameters apply to the following tests described in the specification: • Shock test requirements • Acoustic excitation levels • Qualification and acceptance vibration test levels • Electromagnetic test levels • Thermal and thermal vacuum test profiles including hot and cold soak durations, transitions, etc. • Life testing THEMIS MISSION PDR OVERVIEW-27 UCB, November 12, 2003

Test and Verification REQUIREMENT DESIGN M-42. All THEMIS components shall be tested per the Test and Verification REQUIREMENT DESIGN M-42. All THEMIS components shall be tested per the Comprehensive Performance Test (CPT), at the times defined in the I&T Test Flow. Compliance. CPT planned and called out in I&T flow. From THEMIS Systems Engineering Management Plan: Systems Engineering is responsible for preparing the CPT. The purpose of the CPT is to ensure that the Instrument Payload and Probe Bus are completely functionally tested and ready for environmental tests. It is also used as part of the validation process during environmental tests. This plan combines all test plans associated with the Probe, and is based on the tests identified in lower level Instrument Calibration Plans…. From Swales I&T Flow - Rev. B: THEMIS MISSION PDR OVERVIEW-28 UCB, November 12, 2003

Launch Vehicle REQUIREMENT DESIGN M-43. THEMIS shall be compatible with a Delta II 2925 Launch Vehicle REQUIREMENT DESIGN M-43. THEMIS shall be compatible with a Delta II 2925 -10 Compliance. KSC Mission Manager assigned, biweekly telecons started. M-44. Within the schedule cap (March 2007), the THEMIS launch date shall not be restricted Compliance. Orbit design is independent of launch date. Safe State thermal and power analyses for any time in the year still to be verified. M-46. The fundamental frequency of the Probe Carrier Assembly (Probe Carrier + 5 Fueled Probes) in launch configuration shall be greater than 15 Hz lateral, 35 Hz axial. Compliance. Ref PB. Mec-11: See FEM results, probe 1 st mode is 43. 7 Hz. Ref PC-7: See FEM results, PCA 1 st lateral mode is 18. 29 Hz, 1 st axial mode is 48. 27 Hz. For components reference Environmental Spec design requirements (Stowed >75 Hz, Deployed >0. 25 Hz). M-47. The Probe Carrier Assembly (Probe Carrier + 5 Fueled Probes) shall comply with the LV c. g. location and principal axis misalignment requirements. Compliance. Ref PC. Mec-9: PC balanced to max CG within 1. 3 mm (0. 05 in) of centerline. Ref PC. Mec-10: PC balanced to max principle axis misalignment <0. 25 deg. M-62. The Launch Vehicle shall despin (if necessary) the Probe Carrier to less than 15 RPM (TBR) prior to probe deployment. Compliance. Separation analysis run for 15 RPM +/ -5 RPM uncertainties due to launch vehicle performance specification. M-63. The Launch Vehicle shall provide a separation Compliance. Discussion w/ KSC on-going. signal to the Probe Carrier to indicate when the five probes should start the separation sequence. THEMIS MISSION PDR OVERVIEW-29 UCB, November 12, 2003

Error Budgets • • Level 1 requirements flow down directly to Instrument performance requirements Error Budgets • • Level 1 requirements flow down directly to Instrument performance requirements In addition, an overall error budget is developed to ensure Level 1’s will be met From THEMIS Error Budget: • Driving requirement on pointing stability. S-8: Determine the cross-current-sheet current change near the current disruption region at substorm onset … using the planar current sheet approximation with relative (inter-probe) resolution and inter-orbit (~12 hrs) stability of 0. 2 n. T. • Inter-orbit stability over 12 hours shall be <0. 2 n. T (relates to FGM sensor only) • IN. FGM-3 a: The relative stability of the FGM shall be less than 0. 2 n. T over 12 hrs • Inter-probe resolution shall be <0. 2 deg (relates to knowledge only) • ACS knowledge (FGM internal) shall be <0. 1 deg (Bx and By) • GS-SOC-13: ACS knowledge (FGM-to-spin axis) shall be estimated to within 0. 1 degree every hour using ground-based processing; and • IN. FGM-3 b: The relative stability of the FGM shall be less than 0. 1 n. T over 1 hr • Mechanical/thermal stability shall be <0. 1 deg • IN. BOOM-2: Magnetometer Boom stability shall be better than 0. 1 degree (includes boom and bus components, i. e. sensor mount to boom, boom thermal stability, boom mount to bus, thermal stability of deck) • Driving requirements on absolute time. Level 1 science objective of onset and evolution of substorm instability to within 30 seconds; the onset time of the auroral breakup, current disruption and reconnection should all be known to within 10 seconds. With a 3 second cadence due to the spin period on the 3 probes in the current disruption region, error on the absolute time must be less than 1 second • PB. CDH-44: The C&DH subsystem shall maintain Coordinated Universal Time (UTC) with an accuracy of +/- 0. 5 sec. • Requirement drives the accuracy of the C&DH oscillator. Oscillator drift then drives how often the probes must be contacted to update the on-board time. THEMIS MISSION PDR OVERVIEW-30 UCB, November 12, 2003

Error Budgets From THEMIS Error Budget: • Driving requirements on absolute knowledge: S-6. Track Error Budgets From THEMIS Error Budget: • Driving requirements on absolute knowledge: S-6. Track between probes the earthward ion flows (400 km/s) from the reconnection site and the tailward moving rarefaction wave in the magnetic field…with sufficient precision of… B to within 1 n. T… • Requires absolute FGM orientation on one probe to 1 deg (translated from 1 n. T in 10 n. T field, near the current sheet where flows and current disruption measurements are made). 1 deg Requirement 0. 1 deg ACS knowledge (FGMto-spin axis) GS-SOC-13: ACS knowledge (FGM-to-spin axis) shall be estimated to within 0. 1 deg every hour using ground-based processing; assuming IN. FGM-3 b: The relative stability of the FGM shall be <0. 1 n. T over 1 hr 0. 5 deg ACS inertial knowledge GS-SOC-14: ACS knowledge (spin-to-Probe Z axis) shall be (spin axis-to-Probe Z estimated to within 0. 5 deg using ground-based processing; assuming axis) IN. BOOM-1: Magnetometer Boom deployment shall be repeatable to 1 degree, 3 sigma. 0. 1 deg Stability: Contribution from probe magnetics M-31 b: DC field stability of the Probe and other instruments shall not exceed 0. 1 n. T at 2 meters from the Probe (location of FGM sensor). 0. 1 deg Stability: Contribution mechanical, thermal IN. BOOM-2: Magnetometer boom stability shall be better than 0. 1 deg (includes boom and bus components, i. e. sensor mount to boom, boom thermal stability, boom mount to bus, bus thermal stability) 0. 1 deg • Description Accuracy: Time tag IN. DPU-32: The IDPU shall time-tag DFB and FGM data to <0. 5 ms (0. 1 deg equivalent to 0. 83 ms for 3 sec spin period) Bus stability (Probe Z axis-to-Izz principle axis) and Magnetometer drift (drift is 0. 2 n. T/300 n. T, or <0. 03 deg, at perigee) are considered negligible THEMIS MISSION PDR OVERVIEW-31 UCB, November 12, 2003

Fault Tolerance REQUIREMENT DESIGN M-6. THEMIS Probe 3 or 4 shall be capable of Fault Tolerance REQUIREMENT DESIGN M-6. THEMIS Probe 3 or 4 shall be capable of replacing any other probe during the minimum mission Compliance. Replacement margin (>50%) has increased considerably since CSR with optimized mission design. Note: P 3/P 4 replacement of P 1 does not have to take it through a second year (since minimum mission is obtained in one year). Forward runs for replacement strategies still to be completed. M-7. Each Probe shall have a viable safe-state after carrier separation Compliance. Preliminary analyses show viable safestate (thermally safe, power positive) for nominal launch date. Additional analyses to be completed for launch any day of year. M-8. THEMIS Probes shall implement Failure Detection and Correction (FDC) Compliance. Selective autonomy in detecting and correcting faults has been implemented in design (i. e. thruster shut-off). From THEMIS Maneuver Calculator – Replacement Strategy: THEMIS MISSION PDR OVERVIEW-32 UCB, November 12, 2003

Fault Tolerance REQUIREMENT DESIGN M-5. To the maximum extent possible, THEMIS operational system shall Fault Tolerance REQUIREMENT DESIGN M-5. To the maximum extent possible, THEMIS operational system shall be designed to be single fault tolerant and still meet minimum mission success criteria Compliance. Single point failures, reliability and possible failure modes have been assessed through Fault Tree Analyses, PRAs, and preliminary FMECA. In addition, THEMIS is inherently single point tolerant by virtue of M-6, constellation redundancy and use of on-orbit spare. Fault Tree Analysis • Validates and depicts analyzed relationships between probe components and subsystems and associated “block” failure, regardless of cause • Fault Tree Analysis completed in Phase A continues to be valid due to little system architecture change Probability Risk Assessment (PRA) • Evaluates the likelihood of entering potential failed states • Preliminary PRA performed to trade internal bus architecture and validate reliability related to minimum and nominal mission lifetime requirements • Component-Level PRA (worst-case electronics board) performed in Phase B on Instrument Payload • Component-Level PRA will be performed in Phase B (prior to CDR) on flight system after all vendors are selected Failure Mode Effects and Criticality Analyses (FMECA) • Determines potential failure modes, data points required to detect them, and steps that should be taken to mitigate them • Preliminary FMECA performed (THM-SYS-007 THEMIS Failure Modes Effects and Criticality Analysis) • One-day FMECA Technical Interchange Meeting (TIM) with all technical leads scheduled THEMIS MISSION PDR OVERVIEW-33 UCB, November 12, 2003

Fault Tree Analysis THEMIS MISSION PDR OVERVIEW-34 UCB, November 12, 2003 Fault Tree Analysis THEMIS MISSION PDR OVERVIEW-34 UCB, November 12, 2003

Probability Risk Assessment • PRA String Model used to obtain mission reliability values • Probability Risk Assessment • PRA String Model used to obtain mission reliability values • Conservative component reliability data from vendors and internal electronics database used to generate individual failure rates Mission reliability: • THEMIS MISSION PDR OVERVIEW-35 UCB, November 12, 2003

FMECA Objectives and Process FMECA main objectives • • • Verify redundant paths are FMECA Objectives and Process FMECA main objectives • • • Verify redundant paths are isolated or protected such that any single failure that causes the loss of a functional path shall not affect the other functional path or the capability to switch operation to that redundant path Verify system has no single or redundant interface failure mode, which could affect safety of personnel, or cause catastrophic failure of the launch vehicle Verify any single point failure have sufficient reliability so as to not compromise the probability of mission success Identify existing methods of failure detection and any possible need for new methods Identify any failure modes that may be time critical for corrective action FMECA process • Performed at subsystem interface level for functional elements (Power, Data, Thermal, Software, Mechanisms) using block diagrams traceable to FMECA worksheets (JPL tool) THEMIS MISSION PDR OVERVIEW-36 UCB, November 12, 2003

FMECA Worksheet COLUMN HEADER DEFINITION FMECA Item Code Unique number assigned to the functional FMECA Worksheet COLUMN HEADER DEFINITION FMECA Item Code Unique number assigned to the functional interface under analysis. Interface Concise statement of the functional interface. Potential Failure Modes Concise statement of each failure mode possible. Potential Failure Effects of the failure mode on component, subsystem, or LV. Severity (Sev) On a scale of 1 -10, the severity of each failure (10=most severe). Potential Cause Concise statement of the potential cause(s) of the interface failure. Probability (Prob) On a scale of 1 -10, the probability of the failure occurring. Current Design Controls Examination of the current design as applied to the failure mode. Specifically includes: the detection method for each failure mode; action that may be taken in the event of the failure; description of alternate means of operation; and/or redundancy available after a failure. Detect-ability (Det) On a scale of 1 -10, the ability to detect if the failure occurred. Risk Priority Number The combined weighting of severity, likelihood, and detect-ability. Recommended Action Concise statement of response plan as required. Responsibility and Target Completion Date Action Taken Identification of person responsible to implement response plan by a specific milestone. Concise statement of action that was taken. New Sev, Prob, Det, FPN Re-evaluation of failure mode. THEMIS MISSION PDR OVERVIEW-37 UCB, November 12, 2003

FMECA Results Category Definitions • • • Category 1 failures include loss of all FMECA Results Category Definitions • • • Category 1 failures include loss of all Probes or potential catastrophic effect on launch vehicle. FPN above 200. Category 2 failures included loss of one Probe, or significant (de-habilitating) problems. FPN of 20 -200. These failures include loss of core functions on one Probe (power distribution, data collection, etc. ) Category 3 failures included significant degradation of baseline science mission. FPN of 1020. These failures included timing, experiment quality and thermal considerations. Identification of Problem Areas • Category 1 Failures: None. Only potential single point failure is the separation signal not triggering release or triggering an inadvertent separation of a probe or probes during ascent • • • Category 2 Failures: Single-string system results in numerous category 2 failures • • • Current design control: two of three inhibitors to release a probe Recommended action: design must be extensively reviewed and tested Current design controls: selected redundancy and graceful degradation where possible (Examples: redundant mag boom deploy, stability proven for one wire boom failure, failed attenuator does not effect minimum science, selective board level redundancy, i. e. either DFB ADC can fail, switch in the redundant, cross-strapped, ADC) Recommended actions: identification of critical item list and mitigation techniques Category 3 Failures: Complete loss of an instrument and specific elements of system design that could effect quality of all sensor data result in some category 3 failures • Current design controls: science resilience (minimum mission can still be accomplished with partial or total loss of one or more sensors on different probes), timing analyses, contamination control plans, redundant thermal paths THEMIS MISSION PDR OVERVIEW-38 UCB, November 12, 2003

FMECA Results Critical Items List • • Significant aspect of the potential cause or FMECA Results Critical Items List • • Significant aspect of the potential cause or mechanism of Category 2 failures. Circuit elements are studied from the critical items list and, on a case-by-case basis, the best method for adding redundancy or ensuring reliability is recommended (see Worksheet). THEMIS Critical Items List (in decreasing order): 1. Separation Signal; 2. Receiver; 3. Transponder; 4. BAU Coldfire; 5. IDPU 8085 6. FPGAs; and 7. FETs Failure Prevention and Mitigation Techniques • Analysis Techniques • • • Parts Stress Analysis (PSA): examines all of the components in a circuit to ensure parts operate within their prescribed guidelines under all input conditions assuming standard derating criteria (change in Power Supply voltage, change in temperature, change in load, etc. ) Worst-Case Analysis (WCA): looks at lifetime and performance issues and is appropriate for circuits whose performance degradation cannot be reasonably compensated for Board-Level Thermal Analysis: detailed look at parts placement on a circuit board; power consumption; conductivity between part leads and part junction; conductivity of circuit board and housing; and reference plate temperature to derive predicted junction temperatures Timing and Frequency Simulations: simulates FPGA performance under given set of test vectors to ensure adequate timing margin, etc. exists in the design Test Techniques • • Voltage Margin Testing: varies the operational voltage and the operational temperature to values outside those specified Frequency Margin Testing: clock signals are run from an external function generator and rise time, frequency, and symmetry are adjusted over approximately a 10% range THEMIS MISSION PDR OVERVIEW-39 UCB, November 12, 2003

Risk Management Continuous Risk Management • • • Lessons Learned database reviewed SAI-PLAN-0618 Probe Risk Management Continuous Risk Management • • • Lessons Learned database reviewed SAI-PLAN-0618 Probe Bus and Probe Carrier Continuous Risk Management (CRM) Plan completed Swales using web based tool PRIMX for managing risks UCB Risk Management Plan in progress with help from GSFC Project uses 5 x 5 matrix (ranking 1 -5 probability and impact) to assess risks Risk Reporting • • • UCB will have access to Swales PRIMX tool Probe and Probe Carrier top 10 risks will be reported to UCB monthly Report combined with UCB top 10 risks and reported to GSFC Explorers monthly Project specific risks will be presented during Confirmation Assessment Review (CAR) THEMIS MISSION PDR OVERVIEW-40 UCB, November 12, 2003

Configuration Management From THM-SYS-011 Configuration Management Plan: Configuration Identification • Provides schedule of data Configuration Management From THM-SYS-011 Configuration Management Plan: Configuration Identification • Provides schedule of data and document release to facilitate interface and interaction between subsystems and subcontractors Configuration Accounting • • Controlled document, drawing and schematic revisions, ensure formal review process for changes, maintain history Engineering database control using PDMWorks. TM • Security: password protected, typical UCB network protection • Controlled Access: only authorized user can view, add or delete (Read, Write permissions), only one owner at any one time has ability to change document and check it back in • Controlled Revision: automated revision control and history tracking, all previous revisions kept within database • Accountability: maintains log of all persons responsible for any change, addition, or deletion to the database Configuration Assurance and Verification • • • Accomplished by end-item inspection and documentation review to determine product compliance with the latest approved baseline Responsibility relies mainly with the MAM The THEMIS Performance Assurance and Implementation Plan (PAIP) provides the plans for inspection and test, requirements for end-item acceptance, and procedures for numbering and serializing accepted parts, subassemblies, and assemblies THEMIS MISSION PDR OVERVIEW-41 UCB, November 12, 2003

Configuration Management From THM-SYS-011 Configuration Management Plan: Configuration Control • • Formal change approval/disapproval Configuration Management From THM-SYS-011 Configuration Management Plan: Configuration Control • • Formal change approval/disapproval implemented to protect against uncoordinated/ unauthorized change Change process involves an Impact Assessment (IA) followed by a formal approval process. The IA is attached a System Change Notice (SCN) and submitted to the Configuration Control Board (CCB) for approval. • Impact Assessments (IAs): Includes rationale for a change to baseline, summary of impact • System Change Notices (SCNs): Prompts a systematic evaluation of the proposed changes • Problem Failure Reports (PFRs): Initiated after a problem is found, documents impacts, assesses alternatives and provides recommended courses of action • Configuration Control Board (CCB) used for Level 1, 2, 3 changes • Subsystem trades (level 4) can be made within the resources of the subsystem. Systems Engineer insight and involvement. • Trades that impact subsystem/system interfaces or resource allocations (level 3/level 2) require concurrence by the Configuration Control Board (CCB): Principal Investigator, Project Manager, Mission Systems Engineer (MSE), Probe Systems Engineer, Mission Operations Manager and affected Team Leads. GSFC Mission Manager insight. • Trades that impact Level 1 baseline science/programmatic requirements must include approval by Principal Investigator and GSFC Mission Manager. • Trades that impact Level 1 minimum science/programmatic requirements must include have approval by NASA HQ. THEMIS MISSION PDR OVERVIEW-42 UCB, November 12, 2003

System Change Notices SCN 001 Propulsion Tank Size Change • • Initiated to improve System Change Notices SCN 001 Propulsion Tank Size Change • • Initiated to improve propellant margins by 11. 5% Required EFI spin plane booms to be ‘canted’ by small angle Increased propellant load from 34. 52 to 38. 7 kg Approved SCN 002 Separation System Change • • Initiated to ensure separation system met timing requirement Required heavier pyro activated clamp band Increased Probe Carrier mass allocation from 103 to 122 kg Approved SCN 003 Thruster Size Change • • Initiated to improve maneuver efficiency Required dynamic instability analysis (Fuel Slosh and Boom Wire “Wiggle”) Increased Thrusters from 1 N to 5 N Approved SCN 004 SST Envelope Increase • • • Initiated to ensure full SST FOV is accommodated Required reduction in minimum static clearance between probes kept by Swales (3. 8 in vs. 4 in) Approved SCN 005 ACS Stability • • Initiated after recent dynamic simulations Requires further verification of mass properties and analyses If problem does exist, axials can be shorted or radials lengthened with little system impact On-going THEMIS MISSION PDR OVERVIEW-43 UCB, November 12, 2003




  • Мы удаляем страницу по первому запросу с достаточным набором данных, указывающих на ваше авторство. Мы также можем оставить страницу, явно указав ваше авторство (страницы полезны всем пользователям рунета и не несут цели нарушения авторских прав). Если такой вариант возможен, пожалуйста, укажите об этом.