Return to "SHUTTLE AVIONICS - Design Constraints & Considerations - A Guide Book"
GENERAL 1.
INSTRUMENTATION COEFFICIENTS
Consideration
Due to performance requirements of various systems, sensor unique coefficient information is required
Impact
- Special infrastructure required
- Investment required in configuration controlled databases at vendor, designer, and user
- Time and resources to operate software utilities to merge unique information onto software deliverables is required
- Procedures and utilities to update unique data at user site
- Can be a serial time constraint to testing if component is changed out
Design Objectives
- Provide systems with wider performance margins so nominal data can be used
- Develop more accurate and precise sensors where performance is critical
- Establish a flight test certification process that expands allowable margins for operational use, and thus expands the test requirements
GENERAL 2.
TELEMETRY DATA AVAILABILITY
Constraint
Multiple configurations of telemetry data stream constrains testing
Impact
- Shuttle parallel testing is constrained in many circumstances by the need of a subsystem to be in a specific General Purpose Computer (GPC) memory configuration, GPC downlist format , or Pulse Code Modulation Master Unit (PCMMU) telemetry format load (TFL) to perform its subsystem flight checkout.
Design Objectives
- Create a telemetry system with sufficient bandwidth, and that will eliminate or, at least limit, the need for multiple telemetry formats (downlink and downlist)
- Limit the amount of telemetry to what is really required for operational health monitoring. Development flight instrumentation should be limited to prototype demonstrators for system certification only.
GENERAL 3.
AVIONICS COOLING
Constraint
Ground support for avionics LRU cooling required to operate avionics. In addition, avionics cooling requirements limit avionics activation and emergency power down responsiveness
Impact
- Coldplate cooled avionics boxes incur a large amount of operations overhead due to coldplate dings and GSE requirements for removal and replacement of these boxes
- Loss of cooling requirements are very restrictive requiring vehicle power down if cooling loss is to exceed 5 minutes
- SSME Controller requires special vehicle aft compartment air/GN2 purge
- Complexity of active fluid cooling loops constrains responsiveness and dependability of avionics operations
Design Objectives
- Develop passive cooling for avionics boxes to the maximum extent possible. If active cooling is required, air cooled avionics are preferred over pumped-fluid coldplate designs.
- If an active system is necessary, recognize the maintenance requirements and fully understand the requirements for cooling loss and minimize its impact to ground operations (e.g., the avionics devices should be tolerant to cooling loss for greater than the 15 minutes it takes to deactivate the vehicle.
GENERAL 4.
CONNECTOR RETEST
Constraint
Any connector demate requires continuity verification of every pin on that connector in order to certify functional integrity.
In some cases, the design precludes the use of functional retest to verify connector functions and required level of available redundancy. More exotic means must be used, such as Break-out-Box installation (an example is the Brake/Skid Control Box Fails that are OR’ed together at a Load Control Assembly, thus requiring intrusive means to determine particular Fail functionality or required level of available power redundancy.
Impact
- Innumerable unplanned functional retests required (even some planned demates that drive planned work)
- The GNC system (including its wiring, not just box connections) averages 659 connector pin invalidation's, on average, each processing flow
- Demates late in process flow invalidates previous certification for flight
Design Objectives
- Eliminate or minimize checkout requirements due to connector demates/remates
- Eliminate or minimize the need to demate flight connectors for checkout. For Troubleshooting, provide test points that also minimize the need for demate from flight certified configuration.
- Design avionics boxes with smart, low wire count communications methods. On Shuttle, an example of an intelligent, with low wire count connections is the Air Data Transducer Assembly (ADTA). Poor examples are the Aerosurface Amplifier (ASA) and Multiplexer/Demultiplexer (MDM).
- Ensure that all avionics functions requiring field certification are verifiable non-intrusively, that is, without the need of drag-on equipment.
GENERAL 5.
CONNECTOR MATED INDICATION
Consideration
Presently no way to automatically verify if all connectors are mated prior to testing.
Explanation: It is often required for hazardous or critical operations to know if a system’s electrical configuration is operational. Example: an actuator must have at least one channel of control with hydraulic power applied. If no channels are connected, there is no control of the actuator. The rudder/speedbrake was once powered up hydraulically without knowledge that the command path connections were demated for troubleshooting not associated with actuator control itself. As a result, there was damage to the actuator. This could be economically disastrous if a gimballing engine moved in an uncontrolled manner into another engine (reference GNC 2. Engine Collision), or pose a safety hazard to personnel.
Impact
- Time and accounting infrastructure required to understand electrical configuration prior to power-on operations.
- Safety of personnel and flight hardware
Design Objectives
- Out-of-configuration condition recognized (and preferably isolated) upon activation.
GENERAL 6.
PARALLEL SWITCH CONTROL
Consideration
Lack of parallel cockpit switch control from the ground on the Shuttle constrains automation
Impact
- Prevents automatic vehicle power up and power down
- Prevents automatic checkout of some component functions
Design Objectives
- Provide parallel cockpit switch control from the ground for all power switches and many of the component functions to allow for checkout automation.
GENERAL 7.
MAN-IN-THE-LOOP
Constraint
Many Shuttle systems require Man-in-the Loop to perform system testing causing serial time impacts and variability of the servicing, maintenance and checkout processes
Impact
- Daily operations - Data Processing System (DPS), Environmental Control and Life Support Systems (ECLSS), Electrical Power & Distribution (EPD), and Instrumentation are all required to support all daily shuttle power-up operations. This results in a large level of support infrastructure (labor hours and equipment)
- Many manual switch actions are required to power-up, power-down and reconfigure these systems. The manual intervention occurs both in the vehicle, as well as at dedicated ground support equipment and facility locations to support daily servicing, maintenance, troubleshooting, and checkout. Prevents automation and takes time
- The manual actions in the vehicle are usually switch throws or gauge readings in the cockpit, but for fluid systems operation (such as hydraulics support for flight control activity) may involve hand valve operation, or operation of drag-on equipment such as aspirators, etc., all creating serial time delays, unnecessary activity in sensitive areas of the vehicle as well as a general heightened level of labor support and traffic.
Design Objectives
- For daily operations - allow ground command capability to power-up, power-down and reconfigure systems as required for turnaround.
- System checkout - when developing a new system, require the vehicle’s avionics architecture to be flexible enough to be fully validated for turnaround. This should be accomplished by the vehicle autonomously from flight software application (preferably), or a ground automated sequence without manual intervention. in the vehicle or at remote sites (except for initiation).
GENERAL 8.
AVIONICS LRU ACCESS / MOUNTING
Constraint
Improve avionics line replaceable unit (LRU) access.
Impact
- Shuttle LRU access for troubleshooting and R&R in most cases is not user friendly. In the case of the OMS primary Controller, OMS Pod removal is required. As another example, the Accelerometer Assemblies require removal, replacement, and rectification of unrelated components which unnecessarily exposes sensitive and delicate coldplates. (Reference GNC 12. Accelerometer Assemblies (AA’s) Inaccessible)
- Significant manpower needed to remove and replace components when mounting methods vary widely.
- Collateral damage often difficult to avoid. Example: A recent smoke detector removal and replacement damaged the Reaction Jet Driver - Forward (RJDF) # 2 causing extensive unplanned work.
- The wing body-mounted elevon actuators have no external panels for installation/removal access. Removal and replacement of these devices requires weeks of work perform and cannot even be performed at the pad in the vehicle-vertical position, which would result in a roll-back and destack.
Design Objectives
- Ergonomically designed access to LRU'S for troubleshooting and R&R purposes would greatly enhance ground operations.
- Consider military aircraft standardized black box mounting methods for rapid LRU changeout.
GENERAL 9.
AVIONICS LRU FASTENING DEVICES
Consideration
Fastening devices for installing avionics components should provide for trouble-free removal and installation and guaranteed for the lifetime of the vehicle (i.e., repetitive use).
Explanation: Many of the fasteners used for Shuttle avionics components have been unreliable and costly to replace. The use of stainless steel inserts and stainless steel bolt and captive fasteners have led to galled threads, inability to install or remove, and uncertainty of flight certification torque values at the time of installation. Many fasteners require the measurement of running torque and final torque. In addition, the self-locking features of many of these fasteners are not satisfactory for repetitive installations. Costly component damage has resulted from these design deficiencies.
Impact
- Serial time delay to removal and replacement procedures.
- Damage to LRU and vehicle mounting areas.
- Unnecessary logistics burdens.
- Damage to sensitive coldplates, which are difficult to repair and replace.
Design Objectives
- Design should provide for reliable installation and fastening devices. Need for simple, inexpensive, quick installation fastening devices without need for massive mounting system rework (including coldplates).
GENERAL 10.
AVIONICS LRU GROUND HANDLING EQUIPMENT
Constraint
The removal/reinstallation of many avionics components requires special ground support equipment (GSE).
Impact
- The installation and use of GSE for the removal and replacement of avionics components greatly increases the time required to accomplish this task.
- The cost of storing, maintaining and calibrating the equipment is onerous.
Design Objectives
- Ergonomically designed access to flight components would enhance ground operations and eliminate the cost of designing, procuring and maintaining this GSE.
GENERAL 11.
AVIONICS BITE / TEST POINTS
Consideration
Lack of Built-In-Test-Equipment (BITE) and test monitoring points (available in the telemetry data stream) constrains the ability to know whether the required level of redundancy is available for commitment to flight (and retention of system certification from launch to launch). Also delays problem isolation.
Impact
- Numerous test monitoring points are required to isolate problems to the LRU level
- Avoid intrusive Break-out-Box connections and signal cross-strapping
- Reference also General 4 and General 5 (Connector mates/demates).
Design Objectives
- Develop and demonstrate an avionics architecture for a reusable, orbital vehicle that has the capability of knowing whether its systems have retained their integrity (that is, have not lost functionality that forces loss of system certification) - automatically.
- Designing avionics with sophisticated BITE and numerous test monitoring points can greatly enhance ground operations capability to quickly isolate and replace problem LRU'S.
- Demonstrate that functional failures can be isolated without manual/intrusive troubleshooting tasks.
- Also reference design objectives in General 4 and General 5 (Connector mates/demates).
GENERAL 12.
CRITICAL REDUNDANT POWER VERIFICATION
Consideration
Equipment's redundant power should be verified automatically upon power on.
Impact
- Manual/Serial redundant power verification tests using bus drop techniques, etc., are used to work around the constraint
- V1161 - Non Hazardous Power Verifications
- S0024 - Hazardous RCS Power Verifications
- Bus Drop techniques force cooling system reconfigurations (flight and ground) and man-in-the-loop
Design Objectives
- Automatic redundant power verification during vehicle power-up or system activation
- Continuos monitoring a goal
- Design out operating constraints to other systems or serial delays to the turnaround process
- Faults communicated and clearly isolated
- Reference also General 3, Avionics Cooling and General 7, Man-in-the-loop.
GENERAL 13.
SOFTWARE IN END-ITEM
Consideration
Software functions which are not embedded in the end item may result in added ground support personnel due to tendency to over-mange centralized software.
Impact
- Change of actuator initialization (AI Mode) software, e.g. today requires elaborate Flight Software change process. Many actuator initialization functions should be embedded in the flight control system.
Design Objectives
- Incorporate actuation functions, such as actuator initialization at the controller level, preferably by microcode so that software maintenance is contained and minimized and controlled by the end user.
GENERAL 14.
LOCAL OPF OPERATION
Consideration
Remote firing room control constrains OPF operations
Impact
- Tremendous infrastructure and time involved to perform simple vehicle power-on tasks. Requires mobilization of and maintenance of large remote firing room facilities.
Design Objectives
- Move Orbiter ground checkout functions into or towards the vehicle to facilitate vehicle autonomy from GSE/monitoring, etc. If attempted, it must eliminate infrastructure costs and not simply add to infrastructure that already exists
- Maximize use of BITE (General 9) in the vehicle architecture
GENERAL 15.
UNPLANNED WORK
Constraint
Unplanned troubleshooting, repair and retest are way too high : approx. 50 %
Impact
- Added work content, added time, task-to-task constraints, staff-hours, crew sizes, logistics support, etc.
Design Objectives
- Build and demonstrate dependability of systems/subsystems/components in all environments (flight/ground), such that the systems can be turned around repeatedly without unplanned maintenance actions
- Certify dependability of hardware through a rigorous flight test program and avoid putting immature hardware into an operational status (i.e., designs that perform well during flight, but then need a lot of maintenance every flight or two - a surprisingly large number of systems and technologies on the Shuttle fall into this category)
- .Maximize mean time between failure (MTBF).
- Minimize intrusive work (i.e., inspections and routine turnaround tasks that require deconfiguring from flight certified condition)
GENERAL 16.
VENDOR DRAWINGS
Constraint
Lack of Vendor drawings, specifications constrains testing and troubleshooting
Impact
- Unnecessary telecons/meetings with off-site personnel
Design Objectives
- Make all technical material available to launch site personnel
- Standardize documentation with regard to format and detail level.
- All technical material should be available on-line in standard formats. (Explore DOD CALS initiative, Boeing CATIA, etc.)
- Standardize all engineering documentation to open system COTS products
GENERAL 17.
HYDRAULICS
Constraint
Hydraulic systems cost enormous processing resources
Impact
- Large source of serial time impact waiting for hydraulics to come up
- Observers required anytime hydraulics activated
- Air content testing after any disconnect
- Present hydraulic actuation systems require extensive maintenance, ground pump units, etc.
- Present Flight hydraulic actuation systems require hazardous fuel systems
- Periodic desilting (hydraulic valve cycling) adds to processing burden
- Flight Hydraulics Fill and Bleed operations takes anywhere from 1 to 3 shifts
- Ground Support Equipment (GSE) power up and circulation required on a continual basis
- System design complicated by supporting thermal management systems:
- Fluid line, tank and actuator heaters (and the fuel cell power necessary to operate them) - extensive thermostatic control and sensors required
- On-board hydraulic fluid circulation systems, pumps, freon heat exchangers, etc. required for thermal conditioning on-orbit
- Entry thermal management technology for hydraulics includes steam boilers (which also need heaters, etc. for on-orbit survival)
- Ground equipment, electrical continuity problems and ground services (such as samplings) required to support the above hydraulics thermal management systems.
Design Objectives
- Develop a maintenance-free flight control/landing-deceleration actuation system and demonstrate maintenance-free characteristics from launch to launch.
- Replace hydraulic actuation with electric actuation
- If hydraulics must be designed into the system, it must remain completely sealed to remain maintenance-free and component replacement-free (i.e., dependable) on turnaround
- Provide adequate instrumentation for troubleshooting leaks, valve and regulator anomalies, etc. (See attached horror story on troubleshooting a hydraulic regulator in the Shuttle landing gear circuit)
Return to KSC Next Gen Site
Edgar Zapata, NASA Kennedy Space Center
Shuttle Process Engineering Directorate, Fluid Systems Division