## Info

Perpendicular to Array Face

lax

= (La2 + Aa/12)Ma

Perpendicular to Array Axis

1ay

= (La2 + Aa/24)Ma

'aa

= (Aa / 24) Mg

Reliability is a parameter under the designer's control. We should consider its potential effect on spacecraft sizing during conceptual design by examining failures from wear-out and random causes. In other words, we should identify the ways in which the spacecraft may fail and tailor the design to eliminate or limit failures to acceptable levels. This implies identifying components or functions which can wear out and designing the system so that they meet the mission's lifetime requirements. Propellant supply and battery-cycle life are examples of these components. If equipment does not wear out, we must evaluate how each part's failure affects the mission and modify the design to eliminate any single-point failures. Then, we use statistics to compute the probability of mission success and tailor the design to acceptable levels. This process is not exact, but careful attention to reliability gives us the most balanced and able system possible.

To design for reliability, we must understand what constitutes success. The more specifically and numerically we can state the success criteria, the easier we can translate these criteria into design requirements. After defining success, we should list the smallest amount of equipment or number of functions that will provide it. We can begin by placing these functions in a signal flow or block diagram. In this basic form, most functions involve only one path or set of equipment For this reason, we sometimes call it a single-string reliability model. Later in the design process, we can add multiple paths or backup modes to improve the probability of success, taking care to understand both the reliability enhancement and the cost

By understanding the functions needed for a successful mission, we understand the factors which limit mission life or threaten that success. Often a new mission depends on developing or exploiting new technology, so we need to know the technology and the factors that stress the componente of our system. By reducing our knowledge to a set of specifications and applying the stresses to our design, we improve our ability to produce reliable hardware.

One of the key steps in design for reliability is to numerically predict the probability of success. To do so, we must differentiate failures from wear-out and failures from random causes. Classic reliability models depict the rate of failure when plotted against time as a "bathtub"-shaped curve. Early on, systems fail at high rates because of infant mortality, late in life, they fail because of wear-out We can eliminate failures from infant mortality with careful construction, testing, and burn-in. We can avoid wear-out by understanding and eliminating the factors that cause it or by providing enough hardware to replace worn-out equipment Between the extremes of infant mortality and wear-out the failure rate is more or less uniform and attributed to random effects.

Wear-out shortens a mission. Random failures kill a spacecraft with accumulated effects. A successful design copes with them by providing enough backup components to cover them. Because we cannot determine when they will occur, our design must allow us to detect and correct them. Also, a good design tolerates some failures and remains useful in a degraded mode.

Searching for and identifying the ways in which equipment can fail is a basic part of design for reliability. This process, called Failure Modes Effects and Criticality Analysis (FMECA) assumes that we can identify the ways in which equipment can fail and analyze the effect Key to this process is identifying and eliminating single-point failure modes—failures that by themselves can kill the mission. If we cannot eliminate them, we must control their probability of occurrence.

We can analyze the failure modes of our equipment in several ways. For example, the all-part method simply analyzes each of the spacecraft's parts to determine the effect of its failure. On a large spacecraft this method is a lot of work but is straightforward and easy to do. Hie all-part method requires us to analyze shorts and opens

_systematically searching for wires or printed traces on circuit boards that can cause failure if opened or shorted together. We can also use scenarios to find potential failure modes. To do so, we simulate the spacecraft's launch, deployment, and operation to ensure that telemetry can detect failures and that the command system can correct them. This simulation normally occurs when operational procedures are being prepared, but it can more effectively detect design flaws if done earlier.

Another way to identify failure modes is the jury method. In many cases new designs do not have a lot of experience behind them, but people have had experience with similar equipment We can poll them as part of a formal design review or in a separate meeting, thus using their experience to identify likely failure modes and probable effects.

### 10.6 Examples

In this section, we discuss three examples of spacecraft sizing. First we develop a preliminary estimate of the FireS at spacecraft and then review two actual systems —FLTSATCOM and HEAO-B.

Hie drivers for the FireSat spacecraft design are the FireS at payload design (Sec. 9-7, Table 9-15) and the oibit and AV requirements (Table 7-3). We will use these to get a broad estimate of the overall size, weight, and power for FireSat and then to break this down into approximate subsystem allocations. The results of the top-level process are summarized in Table 10-30. Keep in mind that these are crude estimates that allow us to begin the process of spacecraft design. We must continually evaluate and refine the requirements and resulting design and perform a variety of system trades to arrive at an acceptable, consistent design.

Our first estimate of the spacecraft mass and power come directly from the payload estimates of Sec. 9-7 (Table 9-15). As given in Table 10-5, the payload mass is between 17% and 50% of the spacecraft dry weight with an average of 30% (see also Appendix A). We know very little about FireSat at this time, so we will add margin by estimating the payload at 20% of the spacecraft mass, well below the average percentage. However, FireSat was scaled down from a flight unit This implies that the bus will probably be a larger fraction of the spacecraft dry weight Our knowledge of the weight is poor at this time because we have not yet done a preliminary weight budget When we allocate the mass to subsystems below we will hold the margin at the system level to allow us to apply it as needed to various subsystems.

Similarly, our initial power estimate is based on the payload power of 32 W and the estimate from Table 10-9 that for moderate size spacecraft, the payload represents 40% of the spacecraft power. Our spacecraft is small with significant control and processing requirements. Therefore, we will again be conservative and assume that the payload represents only 30% of the power requirement for FireSat Here the knowledge is very poor, because we have not yet budgeted the power and have not determined what payload duty cycle should be used—that is, should we turn the pay-load off over the poles and oceans? Because we will have to contend with eclipses (Sec. 5.1, Example 1), the solar array output will be estimated at 170 W to provide 110 W to the spacecraft which then provides 32 W to the payload.

TABLE 10-30. Preliminary Estimate of Fire Sat Spacecraft Parameters. See text for discussion. These parameters are based primarily on the payload parameters defined in Sec. 9.6.

Parameter

FireSat Estimate

Notes and References