[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

Design for failure?

As a bird builder AO-7 got me thinking about spacecraft failure. Most
spacecraft builders think about it, but never really design their system to
this. We know that in system failure, one likely mode - and the only one we
predict is the pack eventually running out of juice. For most spacecraft,
this would kill the primary mission, but on amateur birds, we rarely have a
primary mission. We usually have several secondary, or "nice to have"
gadgets. This might be a test beacon, FM repeater, some sort of telemetry
and more.
So, if we build to perform, why not build to fail? A dead pack could mean
non-eclipse operation only, what's wrong with that?
The kind of issues I can think of in order to support this are:
1. Can we cut our pack off, or prevent it from sinking our panels?
2. Can we design the spacecraft to init to a mode which provided utility
without operational OCB. For example, could ASUSat1 have the FM repeater
turn on by default? (it did not)
3. Can we have the spacecraft generate meaningful engineering telemetry by
default just like AO-7 is currently doing?
4. Can we design our back door state machines to give us some control over
5. Should we design our solar-array bus voltages to not rely on battery as a
panel clamp for safe operation?
6. Should we extend out power system design to enable long term brown-out
operation, so very low panel voltages do not put the spacecraft subsystems
in an undefined mode?
This is what I could come up with. Just throwing it out there :-)
Assi 4x1kx/kk7kx

Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org