AOCS FDIR: Concept and its concurrent Satellite Design Implementation
- Paper number
IAC-12,D1,3,11,x14812
- Author
Dr. Bernard Lübke-Ossenbeck, OHB System AG, Germany
- Author
Mr. Ilario Cantiello, OHB System AG, Germany
- Author
Dr. Matthias Hoping, OHB System AG, Germany
- Year
2012
- Abstract
Autonomous Management of failures is a necessary and generally applied technique for all kinds of spacecraft. Particularly in Europe, this technique is called “FDIR“ (i.e. Failure Detection, Isolation and Recovery). Its primary purpose is -- analogue to an immune system -- ”safety of live”. Its secondary purpose is “improvement of functional availability”. According to its purposes, FDIR was often assigned as belonging to Product Assurance or to RAMS. Correspondingly its development and implementation typically comes late, as a kind of “add on“ to an existing design. Thus in the most part a spacecraft design is handled by FDIR --- but the design itself is not necessarily suitable for fault management processes. Such system shortcomings can be avoided by involving FDIR from the very beginning, parallel to subsystems and software development. This paper addresses a method of developing, implementation and integration of FDIR into the satellite software, so that fault management becomes an integral part of the development process. The AOCS Subsystem, as one of the most critical and most complex aboard a satellite, is taken as an example, to illustrate the architecture, the principles and the advantages of this approach. A methodology for failure detection for the AOCS units and processes is also presented. Further on the connected aspects for interfaces, organization and responsibilities are shortly addressed.
- Abstract document
- Manuscript document
IAC-12,D1,3,11,x14812.pdf (🔒 authorized access only).
To get the manuscript, please contact IAF Secretariat.