Astrium supplies fault-tolerant computer system for the Russian service module (Forwarded)
Andrew Yee
Bremen, Germany
Contact:
Mrs. Kirsten Leung
Phone: +49-421-539-5326
Fax: +49-421-539-4534
2000/07/11
Astrium supplies fault-tolerant computer system for the Russian service
module
Byzantine algorithm controls the space station
Bremen/Moscow -- The launch of the Russian service module Zvezda (star),
scheduled for 12 July 2000, will also include the delivery of Europe's first
space station element into space. Under contract to the European Space
Agency ESA, the Data Management System Russia (DMS-R) was developed
by Astrium, a joint venture of the European Aeronautic Defence and Space
Company (EADS) and BAe Systems. DMS-R will form the basis for the
further assembly of the space station.
Being a core element of the whole space station, DMS-R and Russian system
software will control the attitude of the 110 m x 88 m complex. It will also
ensure precise orbiting at a distance of about 450 kilometers away from
Earth as well as correct alignment of solar cells and communication
systems. During the assembly phase (to be completed by 2004), DMS-R will
assume important guidance and control functions in the Russian service
module as well as in the other station elements. DMS-R development was
started in 1995 and funded by the ESA member countries Belgium, France,
the Netherlands and Germany. ESA provides the system to the Russian
module in return for the Russian Space Agency Rosaviakosmos supplying
the system required for docking the future transport vehicle ATV to the
Zvezda module.
Innovative computer technology
DMS-R consists of two Fault Tolerant Computers (FTCs) for attitude
control and guidance of the Zvezda module. It also comprises two Control
Post Computers (CPCs) serving the astronauts to control and monitor
experiments, the future European Robotic Arm ERA as well as the docking
of supply vehicles. Each FTC comprises up to four Fault Containment
Regions (FCRs), three in the case of DMS-R, with each FCR having the size
of a shoebox to allow fast exchange if required.
With DMS-R, Astrium's Space Infrastructure business division has realized
an innovative computer concept that ensures the highest safety possible
with respect to space station operation. System architecture is based
on the so-called Byzantine algorithm, which was formulated by
mathematicians in 1982 and which is now applied in industrial technology
control for the first time. In contrast to conventional algorithms which
unequivocally predetermine the sequence of computer procedures and which
do not allow any alternatives, the Byzantine algorithm is very flexible in
use. For DMS-R this means the following: Under normal conditions, all the
computer units of a FTC are working in parallel. If a fault is detected --
for example unusual values in the oxygen supply system -- the FTC will
mask this fault by majority voting first. If the same fault appears
repeatedly in the same computer unit within a certain period of time,
usually only a few thousandths of a second, the computer affected will
disconnect without interrupting running processes. Before disconnecting,
it will inform its "colleagues" about the unexpected event. In addition to
their guidance and control functions, the other computers will immediately
determine if the fault detected is a tolerable malfunction or if a specific
system or device needs to be shut down automatically and has to be
repaired immediately to not endanger space station operation. In a
self-test, the disconnected computer checks if the fault detected is a
temporary failure caused, for instance, by cosmic radiation or if it is a
permanent damage. In the case of a temporary failure, the computer unit
affected will be again connected to the other FTCs. In the case of
permanent damage, the unit affected will be exchanged and all this
without interrupting running processes.
The reliability of DMS-R was demonstrated by Astrium in cooperation
with Bremen Institut für Sichere Systeme BISS. In a four-week continuous
service test, the fault tolerant computers were "fed" with different
malfunctions to demonstrate safe identification of "real" faults. The
system was also exposed to overload conditions which exceeded the
limits specified for space station operation by far. To sum it up, DMS-R
can be considered as the most reliable control system for space application
to date.
Disadvantages of conventional systems
Usually, computer systems used for the control of complex systems are
working according to the redundancy principle. If a fault is detected in
one of the linked computers during data processing, the computer is shut
off automatically to identify the source of error; the parallely running,
identical computers will continue operation. Disadvantage: If a fault
appears, data processing will be interrupted for a short period of time
to allow "transfer" to the backup system. Usually, these systems only
consider so-called deterministic faults, i.e. malfunctions the possible
appearance of which has been clearly defined and embodied in the
computer software. Non-deterministic faults, i.e. malfunctions which
cannot be foreseen despite excellent preparation, can lead to complete
system shutdown when conventional computer configurations are used,
which in turn would endanger the safety of the space station. In contrast
to these systems, DMS-R and its FTCs ensure best possible reliability of
all the onboard systems.
DMS-R: Development for different applications
To reduce development time and cost, Astrium did not develop the fault
tolerant computer systems to only use them for controlling the Russian
Zvezda module. DMS-R will also be used in the transport vehicle ATV. The
computer configuration is also suitable for application on Earth: In all
sectors where the control of complex industrial processes is required,
for example in the chemical industry, the functional principle of the FTC
will increase fail-safety of plants and reduce maintenance costs because
individual processes need not be interrupted during fault analysis.
The Control Post Computer system, which was also developed by Astrium,
will also be used in the European station module Columbus to control the
Columbus system and the payloads operated there.
Following the launch of Zvezda on 12 July 2000, comprehensive system
tests will be carried out in orbit before module docking to the space
station will be tested eleven days later and finally be carried out after
a further one to three days.
--
Andrew Yee
ay...@nova.astro.utoronto.ca