Payload/Platform Operations SOWG #9 – 25th January 2017

Slides:



Advertisements
Similar presentations
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. Cisco 7500 High Availability.
Advertisements

Status update of ASM on Swarm Charlie Swarm 4th DATA QUALITY WORKSHOP 2 December 2014 GFZ Potsdam Jean-Michel Léger.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
SpaceWire EGSE: Real-Time Simulation of SpaceWire Instruments in a Day 1 Stephen Mudie, Steve Parkes, Martin Dunstan.
PHEOS PSRR Concept of Operations. 2 Scope The purpose of the PCW-UVI Concept of Operations (ConOps) is to communicate how mission systems will operate,
Time correlation CHRIS WATSON ESAC.
Peter Chochula, January 31, 2006  Motivation for this meeting: Get together experts from different fields See what do we know See what is missing See.
ISUAL Long Functional Test H. Heetderks. TRR December, 20012NCKU UCB Tohoku ISUAL Long Functional Test Heetderks Basic DPU Function Verify Power on Reset.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
Event Management & ITIL V3
Computer Emergency Notification System (CENS)
PACS IBDR 27/28 Feb 2002 PACS Data Flow1 PACS Data Flow, Instrument Modes and Operations Helmut Feuchtgruber MPE.
Service Section Technical Training December 2005.
GLAST Large Area Telescope LAT Flight Software System Checkout TRR Systems Engineering Mike DeKlotz GSFC Stanford Linear Accelerator Center Gamma-ray Large.
GLAST Large Area Telescope LAT Flight Software System Checkout TRR Test Suites (Backup) Stanford Linear Accelerator Center Gamma-ray Large Area Space Telescope.
Test Plan: Introduction o Primary focus: developer testing –Implementation phase –Release testing –Maintenance and enhancement o Secondary focus: formal.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
Hardware, 010 – Revision notes Scales use Controller board O/Ps for Feed Control (FCE’s) Flow meters use their own on board O/Ps for Feed Control (FCE’s)
ESA UNCLASSIFIED – For Official Use HSO-OP - Solar and Planetary Missions Division Solar Orbiter Instrument Operations, Data Handling and FDIR Ignacio.
TRIO-CINEMA 1 UCB, 2/08/2010 Mission Design Dave Curtis UCB/SSL Space Sciences Laboratory University of California, Berkeley.
Exploration 3 Chapter 4. What is VTP? VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches.
PART1 Data collection methodology and NM paradigms 1.
Instructor Materials Chapter 2: Scaling VLANs
Real-time Software Design
Operational Flight Software
Deterministic Communication with SpaceWire
Adopting the Python language for On-board Programmable Payload Autonomy Steven Doran 2016 Flight Software Workshop 12/14/2016.
Transposition of European Network Codes
“COMMAND PARSE” - A STATUS REPORT - Matt Smith Pallavi Khandelwal
Prototyping of CCSDS SOIS services on 1553 Bus
CCNA Routing and Switching Routing and Switching Essentials v6.0
ASPOC Presentation for the CAA Operations Review-1 Klaus Torkar and Harald Jeszenszky IWF/OAW Graz ESTEC, May 2006.
Advisor Advanced Release FW120.
Fault Protection Techniques in JPL Spacecraft
CINEMA System Engineering
GLAST Large Area Telescope:
Wireless 4 Buttons Touch Panel
System Design and Modeling
Telemetry system The telemetry, tracking, and command (TT&C) subsystem performs several routine functions abroad a spacecraft. The telemetry or "telemetering"
IEEE Std 1074: Standard for Software Lifecycle
Process Description and Control
– Chapter 5 – Secure LAN Switching
Metis Calibration Workshop
Chapter 10: Device Discovery, Management, and Maintenance
CCNA Routing and Switching Routing and Switching Essentials v6.0
Metis On-Board SW overview
Chapter 2: Scaling VLANs
Capability reporting Francesco Schillirò INAF- OACT
CONTOUR NGIMS PRE-SHIP REVIEW
© 2002, Cisco Systems, Inc. All rights reserved.
Routing and Switching Essentials v6.0
Chapter 10: Device Discovery, Management, and Maintenance
Lecture 09:Software Testing
LCLS Event System - Software
Module 2: Computer-System Structures
Chapter 2: Scaling VLANs
CubeSat vs. Science Instrument Complexity
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
Module 2: Computer-System Structures
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
i2B LIMITED – i2B ERP Integration – 2019 Q1
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
GLAST Large Area Telescope
Distance Vector Routing Protocols
TPC Electronics Meeting, 13/01/05 Carmen González Gutiérrez
Module 2: Computer-System Structures
Module 2: Computer-System Structures
Error Checking continued
Month Year doc.: IEEE yy/xxxxr0 August 2019
and Forecasting Resources
Presentation transcript:

Payload/Platform Operations SOWG #9 – 25th January 2017 Claire McCrorie – Operations/FDIR Architect, Airbus DS

Introduction All operation of the payload instruments is performed via the platform OBC which is responsible for routing TCs from Ground (or any other on-board source, e.g. MTL, OBCP) to the instruments, via the SSMM routing network. Operation restricted solely to payload level (i.e. instrument configuration, science management) is transparent to the platform and therefore commands are routed directly to the instruments without platform interaction. Operations which involve payload/platform interaction have to be subject to platform operability/constraints which must be factored into the associated payload operational concept and flight procedures. This presentation is intended to address those operations.

Nominal Operations Payload Switch on including: Payload Switch off Service 9 (time synchronisation) Service 20 (Inter-instrument communication) Heartbeat monitor management FDIR management Payload Switch off Service 6 Usage (memory management) Heatshield Door Operation Thermal Operation

Contingency Operations Safe mode recovery Platform (SSMM/SpW/EPS) FDIR recovery Payload FDIR Recovery SpW Link Switch

Instrument Switch On – Power Up Instrument switch on performed via Instrument-provided FCP, solely under Ground control. FCP must specify sequence of actions necessary to place instrument in nominal operational state. This must include: 1) Use of a dedicated “power up” command (see command IDs in annex) “Power up” is a CSW (Central Software) function which, in response to a ground command, sends commands to the PCDU to switch on the necessary LCL(s), followed by a command (after an instrument defined delay) to the RIU/OBC to send the HPC to switch on the instrument. The Power Up function is defined for Side A or B – for some instruments this means switch on of a physical side A/B, for some it means application of power via the redundant interface.

Instrument Switch On – Time Synch 2) Time synchronisation (see command IDs in annex) As early as possible in the switch on sequence, TC (9,130) should be sent to ensure instrument time synchronisation. Receiving PID and period (=0) entered as parameters. Until this command is sent, any generated TM has an incorrect time stamp – making data retrieval on Ground difficult. Time synch is expected to be sent once at switch on (period = 0) and time consistency is subsequently maintained using SpW time code. Note that any drift of instrument time wrt OBT to be monitored on Ground. Acceptable limit to drift to be agreed between ESOC/AC and instrument community given impact on TM time-stamping and science data. TC (9,130) can be resent to re-synchronise as necessary, but this must be accounted for within the 150TC/day instrument commanding limit.

Instrument Switch On – Start S20 3) Start Service 20 distribution (see command IDs in annex) As soon as possible, once the instrument is in a mode that is able to receive and process S20, distribution should be started using TC (20,1). The period (in SW cycles) between received S20 packets is selected by the instrument via the TC(20,1). No instrument visibility of the spacecraft state is possible until this point. Each instrument must ensure that, if there are cases/modes/states in which the instrument does not receive or process S20, it is robust to the removal of power or the occurrence of thruster firing without notification.

Instrument Switch On – FDIR management 4) Instrument & Heartbeat FDIR management All instrument is FDIR disabled by default, therefore it must be enabled as part of instrument switch on. This includes enabling the instrument Heartbeat. Activation of S12 & S142 monitors is performed via TC (12,1) and TC (142,1) with the number of monitors and the monitoring IDs given as parameters. To be included as part of the instrument switch on procedure (see command IDs in annex). A procedure will be provided by Airbus to perform the enabling of the Heartbeat monitor, including 2 steps – reset of the Heartbeat counter to zero followed by activation of the associated SpW link monitor. To be ‘annexed’ to payload switch on procedure.

Example Switch On Procedure Initial conditions: SSMM On with memory modules configured, Nominal/redundant SpW interface selected according to intended switch on configuration. 1) Send Power Up Command 2) Verify Switch On (instrument on/off status, LCL status) 3) Verify receipt of boot report (noting that the packet timestamp will be incorrect) 4) Send time synchronisation 5) Verify receipt of TM (3,25) with correct time stamp 6) Start Service 20 at requested frequency 7) Perform instrument mode change/configuration 8) Enable instrument FDIR 9) Enable Heartbeat/SpW link monitor (platform procedure) Note that TM verification will not be performed real time.

Example Switch On Procedure cont. An instrument switch on procedure for both A side and B side has to be provided by the instrument teams SpW link selection to be considered - for switch on using the redundant link the instrument switch-on procedure must define the initial SpW condition that is expected in order to ensure necessary the necessary SSMM configuration can be performed before instrument switch on. See following slide for Thermal ops.

Instrument Switch Off Disable Heartbeat monitor (platform procedure) Disable instrument FDIR Perform ‘graceful’ shut down of instrument (i.e. mode changes) to point where power can be removed Send Power down command

Service 6 Dump Constraints Service 6 commanding performed directly to instrument, however traffic loading constraints must be met to prevent flooding of SpW link therefore: No more than 8 max size dump packets in one second No more than 2 max size dump packets in one cycle These constraints lead to the need for on ground coordination of operations across all the instruments.

Heatshield Door Operation At launch all doors are closed, with the pin-pullers in place. Airbus procedures are provided to release the pin-pullers and to open each individual door. Any requests for door open or closure, as part of planned operations, is expected to be indicated by instruments as part of planning and/or as operational constraints/initial conditions for particular operations. Any sequencing within operations must be clearly identified (i.e. dependency of instrument state on door state).

Thermal Operation Instrument heaters are controlled by the TCS and switched autonomously according to the measured temperature. No Ground interaction is therefore necessary. Any required change to the default temperature control range in operation (i.e. at switch On) will require new heater switching thresholds to be uploaded from ground. This update is performed using a platform procedure to be provided by Airbus. This must be clearly indicated as operational constraint/initial condition within the associated instrument procedure. Decontamination heaters are switched on via platform procedure at earliest possible stage after platform stabilisation in LEOP.

Reminder of platform FDIR impact on instruments Failure type Causes Observability Action Thruster fire Notes Failure leading to PM reboot SW (WD, task overrun …) or OBC HW failure Sub-system or system failure escalation Service 20 stopped LCL switch off after 60s wrt Service 20 stop Heatshield doors closed (all) METIS temp limits reset to default (non-op) Within 15s EIDA R-786 EIDA R-851   Failure leading to ‘deferred PM reboot’ AOCS sun protection monitors Thruster firing flag in Service 20, set upon detection Service 20 stopped at point of reboot Within 5s EIDA R-854 Sun protection monitors require fast transition to SASM to regain attitude, therefore PM reboot is ‘deferred’ until after attitude required. Thruster warning flag used to notify payloads of thruster fire performed to gain first SASM, then subsequent management as per nominal PM reboot and entry to safe mode Autonomous wheel off- load Increase in wheel momentum above limit None SPW link & SSMM Link or instrument failure SSMM SV/router/write controller failure All further nominal TCs stopped Power down (side A & B) after 60s by default but transition to safe-state also possible if requested METIS & SPICE heatshield doors closed METIS temp limits updated to non-op Battery UDV Loss of power from arrays, bus overload Power down (side A & B) after 60s Solar array over- temperature Error in steering profile - Set SA movement flag (SWA action to switch off HV sensors) Autonomous movement of arrays due to over- temp can occur without transition to survival mode

Contingency Operation – Safe Mode recovery Transition to spacecraft Safe Mode switches off the instruments via LCL (not via the instrument-specific power down function), however PM reboot ensures reset of instrument data to zero. Instrument switch on can then performed as per nominal switch on procedure (after platform recovery has been completed), noting that after Safe Mode, the Instrument FDIR is in its default disabled state. Note that all HS doors are closed during the safe mode transition, therefore recovery must also include Door reopening as requested by each instrument.

Contingency Operation – Platform FDIR (EPS/SSMM/SpW) Instruments are switched off via the Power Down functions, therefore instrument recovery can be performed as per the nominal switch on procedure. Note that instrument FDIR is not disabled during a platform FDIR triggered switch off, however monitored parameter values are ‘frozen’ at the last acquired values, therefore the Instrument monitors should not trigger. In order to ensure no trigger during instrument switch on, Instrument FDIR should be disabled as a pre-requisite to Switch On (expected to be performed via ESOC procedure). METIS & SPICE HS doors will be closed, so open door requests need to be considered in Switch on procedure.

Contingency Operation – Payload FDIR Recovery For those FDIR recoveries which switch the instrument Off, recovery (after investigation) is performed via the nominal Switch On procedure. Note that Instrument FDIR is assumed to be managed where necessary via the FDIR recovery action OBCP; if not, a clear statement on FDIR management during recovery need to be provided. For those FDIR recoveries which do not switch off the instrument, dedicated recovery procedures need to be provided by the instrument taking into account (via initial conditions/ constraints) platform operations/constraints as described within this presentation (and to be documented in the Instrument/Spacecraft User Manual.

Contingency Operation – SpW Link Switch No ‘on-line’ SpW link switch is performed as part of default contingency operations. Any interruption in data flow on the link leads to instrument switch off. Therefore any transition to the redundant link will be performed as part of a switch on and configuration sequence (starting with the instrument in the Off state) – the SSMM will be configured to use the redundant link, and then the instrument has to be configured similarly as part of switch on. A full set of constraints related to platform and SpW network operation will be provided by Airbus.

Command Identifiers – Power up/down ZCSD1152 EUI PowerUp Function PCSB0036 = UNIT_A or UNIT_B ZCSD1153 EUI PowerDown Function ZCSD1162 MAG PowerUp Function ZCSD1163 MAG PowerDown Function ZCSD1172 METIS PowerUp Function ZCSD1173 METIS PowerDown Function ZCSD1182 PHI PowerUp Function ZCSD1183 PHI PowerDown Function ZCSD1192 RPW PowerUp Function ZCSD1193 RPW PowerDown Function ZCSD11A2 SolOHI PowerUp Function ZCSD11A3 SolOHI PowerDown Function ZCSD11B2 SPICE PowerUp Function ZCSD11B3 SPICE PowerDown Function ZCSD11C2 STIX PowerUp Function ZCSD11C3 STIX PowerDown Function ZCSD11D2 SWA PowerUp Function ZCSD11D3 SWA PowerDown Function ZCSD11E2 EPD PowerUp Function ZCSD11E3 EPD PowerDown Function

Command Identifiers – Time synchronisation ZCD00982 Start Time Synchronisation to User PCD09821 = PID of user which is receiving the time PCD09822 = Period of time synch in secs (NB set to 0)

Command Identifiers – Start S20 ZCD2Z010 Start Information Distribution EPD PCD14011 = EPD_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z011 Start Information Distribution EUI PCD14011 = EUI_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z012 Start Information Distribution MAG PCD14011 = MAG_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z013 Start Information Distribution METIS PCD14011 = METIS_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z014 Start Information Distribution PHI PCD14011 = PHI_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z015 Start Information Distribution RPW PCD14011 = RPW_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z016 Start Information Distribution SoloHi PCD14011 = SHI_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z017 Start Information Distribution SPICE PCD14011 = SPICE_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z018 Start Information Distribution STIX PCD14011 = STIX_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot) ZCD2Z019 Start Information Distribution SWA PCD14011 = SWA_SPW_ADDR; PCD14012 = period in SW cycles (0 = one shot)

Command Identifiers – Service 12 Management ZCL00C01 Enable Monitoring of Parameters PCD0C011 = Number of monitors to be enabled PCD0C012 (repeated N times) = Monitoring IDs to be enabled ZCL00C02 Disable Monitoring of Parameters PCD0C011 = Number of monitors to be disabled PCD0C012 (repeated N times) = Monitoring IDs to be disabled

Service 12 – Monitoring IDs MID Monitor 21 SMON_SWA1 22 SMON_SWA2 23 SMON_SWA3 24 SMON_SWA4 25 SMON_SWA5 26 SMON_SWA6 27 SMON_SWA7 28 SMON_SWA8 29 SMON_SWA9 30 SMON_SWA10 31 SMON_SWA11 32 SWA Spare 33 SWA Spare 34 SWA Spare 35 SWA Spare 36 SWA Spare 37 SWA Spare 38 SWA Spare 39 SWA Spare 40 SWA Spare 41 SMON_EUI1 42 SMON_EUI2 43 SMON_EUI3 44 SMON_EUI4 45 SMON_EUI5 46 SMON_EUI6 47 SMON_EUI7 48 SMON_EUI8 49 SMON_EUI9 MID Monitor 50 SMON_EUI10 51 SMON_EUI11 52 SMON_EUI12 53 SMON_EUI13 54 SMON_EUI14 55 SMON_EUI15 56 SMON_EUI16 57 SMON_EUI17 58 SMON_EUI18 59 SMON_EUI19 60 SMON_EUI20 61 SMON_PHI1 62 SMON_PHI2 63 SMON_PHI3 64 SMON_PHI4 65 SMON_PHI5 66 SMON_PHI6 67 PHI Spare 68 PHI Spare 69 PHI Spare 70 PHI Spare 71 PHI Spare 72 PHI Spare 73 PHI Spare 74 PHI Spare 75 PHI Spare 76 PHI Spare 77 PHI Spare 78 PHI Spare MID Monitor 79 PHI Spare 80 PHI Spare 81 SMON_MAG1 82 SMON_MAG2 83 SMON_MAG3 84 SMON_MAG4 85 SMON_MAG5 86 SMON_MAG6 87 SMON_MAG7 88 SMON_MAG8 89 SMON_MAG9 90 SMON_MAG10 91 SMON_MAG11 92 MAG Spare 93 MAG Spare 94 MAG Spare 95 MAG Spare 96 MAG Spare 97 MAG Spare 98 MAG Spare 99 MAG Spare 100 MAG Spare 101 SMON_RPW1 102 SMON_RPW2 103 SMON_RPW3 104 SMON_RPW4 105 SMON_RPW5 106 SMON_RPW6 107 SMON_RPW7 MID Monitor 108 SMON_RPW8 109 SMON_RPW9 110 SMON_RPW10 111 SMON_RPW11 112 SMON_RPW12 113 SMON_RPW13 114 RPW Spare 115 RPW Spare 116 RPW Spare 117 RPW Spare 118 RPW Spare 119 RPW Spare 120 RPW Spare 121 SMON_SOLOHI1 122 SMON_SOLOHI2 123 SMON_SOLOHI3 124 SolOHi Spare 125 SolOHi Spare 126 SolOHi Spare 127 SolOHi Spare 128 SolOHi Spare 129 SolOHi Spare 130 SolOHi Spare 131 SolOHi Spare 132 SolOHi Spare 133 SolOHi Spare 134 SolOHi Spare 135 SolOHi Spare 136 SolOHi Spare

Service 12 – Monitoring IDs MID Monitor 136 SolOHi Spare 137 SolOHi Spare 138 SolOHi Spare 139 SolOHi Spare 140 SMON_SPICE1 141 SMON_SPICE2 142 SPICE Spare 143 SPICE Spare 144 SPICE Spare 145 SPICE Spare 146 SPICE Spare 147 SPICE Spare 148 SPICE Spare 149 SPICE Spare 150 SPICE Spare 151 SPICE Spare 152 SPICE Spare 153 SPICE Spare 154 SPICE Spare 155 SPICE Spare 156 SPICE Spare 157 SPICE Spare 158 SPICE Spare 159 SPICE Spare 160 SMON_METIS1 161 SMON_METIS2 162 SMON_METIS3 163 SMON_METIS4 MID Monitor 164 SMON_METIS5 165 SMON_METIS6 166 SMON_METIS7 167 SMON_METIS8 168 SMON_METIS9 169 SMON_METIS10 170 SMON_METIS11 171 SMON_METIS12 172 SMON_METIS13 173 SMON_METIS14 174 SMON_METIS15 175 SMON_METIS16 176 SMON_METIS17 177 SMON_METIS18 178 SMON_METIS19 179 SMON_METIS20 180 SMON_METIS21 181 SMON_METIS22 182 SMON_METIS23

Command Identifiers - Service 142 Management ZCL08E01 Enable Functional Monitoring PCD8E011 = Number of monitors to be enabled PCD8E012 (repeated N times) = Monitoring IDs to be enabled ZCL08E02 Disable Functional Monitoring PCD8E011 = Number of monitors to be disabled PCD8E012 (repeated N times) = Monitoring IDs to be disabled

Service 142 – Monitoring IDs MID Monitor 21 FMON_SWA1 22 FMON_SWA2 23 FMON_SWA3 24 FMON_SWA4 31 FMON_EUI1 32 FMON_EUI2 33 FMON_EUI3 41 FMON_PHI1 42 FMON_PHI2 51 FMON_MAG1 61 FMON_RPW1 71 FMON_SOLOHI1 81 FMON_SPICE1 82 FMON_SPICE2 91 FMON_METIS1 92 FMON_METIS2 93 FMON_METIS3 94 FMON_METIS4 95 FMON_METIS5 96 FMON_METIS6 97 FMON_METIS7