Ejemplos Numéricos, Modelos Saint Venant – Kirchhoff y Neo Hookean

Figure 2.4: Satellite reception in a particular environment.

2.3 RAMS Requirements for Mission Critical Space In-

dustry

Recently, there has been an increasing amount of research in the application of Re- liability, Availability, Maintainability, and Safety (RAMS) techniques to space and satellite industry. The key focus of RAMS research is to look at interactions between reliability, availability, maintainability, and safety.

RAMS studies provide system designers and satellite infrastructure engineers with the metrics to assess the impact of design and maintenance decisions over particular periods of time. As a result, modelling and analysis are able to help to determine whether changes in the resources allocated to achieve particular reliability or availabil- ity requirements will have significant knock-on effects for other operating parameters.

2.3.1 Failure Characteristics

As shown in Figure 2.5, satellite operation constitutes a cycle of information trans- mission between components. A satellite transmits a signal to the monitor station, the monitor station transmits the signal to the master control station, the master control station then transmits the signal to the ground antenna, and finally, the ground antenna uploads the information to the satellite.

Due to various factors, the monitor station, master control station, or ground an- tenna may fail during the operation of the system, resulting in a temporary interruption of the operation, which will resume after repair. Similarly, the satellite can also fail during operation and not transmit signals properly. In this thesis, failures due to satel-

2.3. RAMS REQUIREMENTS FOR MISSION CRITICAL SPACE INDUSTRY 23

Interruption Interruption Interruption

Monitor Station Master Control Station Ground Antenna User Transmission error of monitor station Transmission error of MCS Interruption Satellite Data error

Sending error data

Sending command

Repair Fail Repair Fail Repair Fail Repair Fail

Sending navigation

data

Sending error data

Data error

Correct error

Figure 2.5: Signal transmission in satellite systems.

lite ageing are considered in the satellite analysis. Once failure occurs, new satellites must be launched to replace the failed satellites.

During signal transmission from the monitor station to the master control station and from the master control station to the ground antenna, abnormal signal transmis- sion may occur, resulting in errors in information and corresponding anomalies in the subsequent update information for the satellites. This can affect the mission if the sit- uation is severe. If anomalies occur in signal transmission, the master control station can correct the signal after a certain period of time.

Based on a preliminary investigation, it is assumed in our analysis that the informa- tion exchange among the satellites, monitor station and ground antenna does not itself generate information anomalies, but its reliability is a direct consequence of the relia- bility of the satellites and ground antenna. It is additionally assumed that information anomalies can only occur in the signal transmission between the master control station and the monitor station.

2.3.2 RAMS Requirements

Over the past decade, Europe’s space and satellite industry is being challenged by in- creased competition and by the adjustments of EU rules and regulations to improve interoperability. The current situation forces developers to reduce costs, improve re-

2.3. RAMS REQUIREMENTS FOR MISSION CRITICAL SPACE INDUSTRY 24 liability, regularity, and maintain or improve operational safety. These developments brought an urgent need on the formal specification of RAMS requirements.

A host of standards and regulatory documents provide the background for the RAMS requirements in mission-critical applications. In Europe, they depend on the support and approval of the European Committee for Electrotechnical Standardisa- tion (CENELEC). In the United States, American National Standards Institute (ANSI) brought into correspondence the European CENELEC’s RAMS requirements by their own International Electrotechnical Commission (IEC) standards. Therefore, EN50126 has a counter-part IEC 62278 dealing with RAMS requirements while the specification requirements in EN50128 are parallelised in IEC 622279.

For instance, the standard EN 50126 defines RAMS in terms of long-term system characteristics as follows:

• Reliability: the probability that a system can perform a required function under given conditions for a given time interval.

• Availability: the ability of a system to be in a state to perform a required function under given conditions at a given instant of time or over a given time interval, assuming that the required external resources are provided.

• Maintainability: the probability that a given active maintenance action, for a system under given conditions of use, can be carried out within a stated time interval when the maintenance is performed under stated conditions and using stated procedures and resources.

• Safety: a system is said to have an adequate safety if does not cause harm to people, the environment, or any other assets during its life cycle - during normal use and also for foreseeable misuse.

In this thesis, we quantify these attributes and calculate them using probabilities. This integrated perspective is particularly important for satellite operations when, for example, reliability can typically be assured by maintaining the satellites but only at the cost of availability. Alternatively, pressure to increase availability through reduced maintenance cycles may reduce reliability and also undermine safety.

2.3.3 Relationship between RAMS Properties

Although the accuracy of satellite positioning in the aviation environment is in general sufficient, it is its availability that limits the system dependability and overall perfor-

2.3. RAMS REQUIREMENTS FOR MISSION CRITICAL SPACE INDUSTRY 25 mance. Availability properties relate to the reliability and maintainability of satellite systems. Traditionally, it is the probability that the system is operating at a satisfactory level and can be committed at the start of a navigation mission when the mission is called for at an unknown and random point in time.

Reliability Maintainability Availability reliability MTBF MTBM MTTR Safety

Figure 2.6: Overview of RAMS analysis.

The relationship between availability, reliability, maintainability, and safety is de- picted in Figure 2.6. In general, availability heavily depends on reliability and main- tainability. For repairable satellites, the term Mean Time between Failure (MTBF) has been commonly used. MTBF denotes the average length of time from one failure to the next, and also includes the repair time. The Mean Time To Repair (MTTR), is the average length of time taken to repair a failed satellite. System designers should aim to allow for a high MTTR value and still achieve the reliability requirements.

Availability is a mathematical function of MTBF and MTTR. We assume that there is negligible delay before the repair commences on a failed satellite begins. The avail- ability factor can be computed using the following formula, and clearly a satellite system that can offer high availability is more desirable than one that offers lower availability.

Availability = MT BF

MT BF + MT T R (2.1)

Availability can range from 0% (never available) to 100% (always available). Satel- lite systems that can offer high availability are more desirable than ones that offer lower availability. As a result, the availability requirement for a system is that it should pro- vide a sufficient guarantee that the system is in an operable state at any time. Infor- mally, availability properties can be classified as the following five types:

1. How often do failures occur that require corrective maintenance? 2. How often is preventative maintenance performed?

2.4. TOWARDS VERIFICATION OF SATELLITE AND SPACE SYSTEMS 26