• Home
  • Current congress
  • Public Website
  • My papers
  • root
  • browse
  • IAC-12
  • D1
  • 5
  • paper

    • Innovative Failure Recovery made possible by the flexible architecture of SumbandilaSat

    Paper number

    IAC-12,D1,5,4,x15750

    Author

    Mr. Nicolaas Steenkamp, Sun Space & Information Systems (Pty) Ltd., South Africa

    Year

    2012

    Abstract
    SumbandilaSat (South Africa’s second orbiting satellite) was developed and built in a record time of less than one year and at a cost of less than \$3M.  As a technology demonstrator, the satellite was built around a new modular architecture utilizing the CAN bus an intra-satellite communications bus.  The short development cycle and low cost necessitated the use of COTS components with little or no space heritage.  The resulting risk was acceptable for the mission and was partly mitigated by redundancy and the flexible architecture.
  
The architecture makes use of distributed processing with the dual-redundant CAN bus as the exclusive command and control interface for all electronic equipment.  All nodes on the bus have a stand-alone processor with in-flight firmware update capability.  This provides for an extremely flexible system where processing tasks can easily be move from one node to another while the functionality provided by a single node can be updated or modified to compensate for changing hardware behaviour or system failures.

Once in orbit, failures did occur, but innovative recovery procedures that are typically not possible with the more traditional space systems were made possible through the unique architecture of the satellite.  This paper presents failures and recovery procedures that allowed the satellite to continue performing its mission.  These include: The porting, and integration, of the attitude control software from the attitude control processor to the main on-board computer (which is a completely different hardware and software platform) in less than two weeks.  Firmware updates to the power switches and on-board computers were made to mitigate a unique memory latch-up condition that defeated the existing latch-up detection mechanisms.  Additional firmware updates were made to prevent physical damage to the power switches in certain failure scenarios.  The attitude control algorithms were updated to allow continued imaging after the loss of one of the reaction wheels.  This was further extended after the loss of another reaction wheel to still provide a stable imaging platform using only Y-Thomson spin magnetic control.

Although any failure in space is always a disappointment, the flexible architecture of the SumbandilaSat satellite made it possible to not only maintain control of the satellite, but to continue operating the main imager payload.  The lessons learnt, not only from the failures, but also from the recovery efforts and the continued operation of the satellite will be an immense benefit to any future South African satellite development.
    Abstract document

    IAC-12,D1,5,4,x15750.brief.pdf

    Manuscript document

    (absent)