A robust autonomous fault management system is a typical and desirable feature in spacecraft design. When developing system requirements and designing the spacecraft, specific hardware and software elements are incorporated to protect the spacecraft from life-threatening situations on-orbit. Characteristics such as attitude control and angular momentum management, power generation and management, and an evolving thermal environment could all require a timely response to correct anomalous conditions. Operational procedures and ground support products must also be ready to diagnose and respond to on-board faults and return the spacecraft to nominal mission operations. During pre-launch and early mission activities, program resource limitations, design trade-offs, and assumptions made in establishing the mission operations concept may constrain the fault management features that are actually implemented. As mission operations stretch out well beyond the initial expected lifetime, a number of challenges are possible. Degradation of on-orbit equipment; changes in the use of the spacecraft, its orbit and its environment, ground system advancement, changes in flight team personnel, changes to mission goals, and other unanticipated factors can all come into play to potentially make the in-place fault management features obsolete, outdated, or even dangerous. In order to address these concerns and continue to execute a safe and effective mission, the flight team must regularly assess the capability and flexibility of the spacecraft and ground system components, potentially beyond what was originally in the design specifications, so that appropriate hardware, software, and procedural adjustments can be made in the areas of autonomous fault management and anomaly response/recovery. In addition to lessons learned from actual on-orbit anomalies, this can be done through creative and challenging exercises involving a spacecraft ground simulator as well as group-level anomaly response planning exercises. Through these techniques the Chandra X-Ray Observatory flight team has built an engineering and operations "tool box" that has useful, flexible, and effective products for dealing with the more complex and multi-level fault scenarios to be expected over a 20-30 year mission. This paper discusses the evolution of the Chandra X-Ray Observatory fault management philosophy and capabilities, including the history and rationale behind a number of spacecraft, ground system, and operations concept changes that have been made to improve system robustness and reduce program risk towards achieving the extended mission goals.
展开▼
