arissat-1 control panel and safety circuitry jerry zdenek [email protected]

ARISSat-1Control Panel and

Safety Circuitry

Jerry [email protected]

April 3, 2010 ARISSat-1 CDR 2

Introduction

• Provides the Control of the Satellite and indicate Satellite Status

• Scope– Requirements– Design– Safety Considerations– Verification– Operations


Requirements

• Compliant with all ISS safety requirements

• Provide an interface that an Astronaut or Cosmonaut in a pressure suit can control the satellite

• Indicate status of the Satellite

• Allow the system to be quickly shut down in case of a problem


Design• Provide all timer functions required

– One Power switch with LED status– Two Timer switches with LED status

• Same mechanical switch layout as Suitsat-1• Additional LEDs for Operational and Safety

Verification• Solve LED visibility problem reported by

Astronauts / Cosmonauts on Suitsat-1• Measure control panel temperature

Control Panel

ARISSat-1


Control Panel Front

Flight labels are slightly different


Control Panel Assembly

• Flight units will have wires strain relieved


Control Panel Flight Labeling


Design

• Interface Box– Switches and LEDs only– Nearly completely passive assembly

• Control circuitry on ICB

• Safety functions managed by ICB

• LED Brightness circuitry within Control Panel


LED Brightness

• Must balance two conflicting requirements– Minimize power usage– Good visibility to personnel, factoring in sun

visor

• Solution: two different brightness modes– LEDs always on dimly (room visible) – If the first timer has not expired, run extra

current through the LEDs for brightness– Using very high efficiency LEDs


Schematic – Timer Control


Schematic – Status LEDs


Safety Considerations

• Activation Switches – False activation due to switch contamination

could create a safety hazard– Using APEM 12000X778 Switches to insure

safety– Switches are designed for high-rel

applications and is QPL certified to MIL-DTL-83731 and MIL-DTL-3950


Safety Considerations

• Access to switches– Metal Finger guards provided so that only one

switch is activated at a time


Operations• Integral with ICB Safety Circuitry

– Further details in ICB design review

• To Deploy:– Turn on 28V Power switch

• Verify LEDs in correct state

– Turn on Timer 1 Switch• Verify LEDs in correct state

– Turn on Timer 2 State• Verify LEDs in correct state

• Launch the satellite!

Safety Interlocks

ARISSat-1


Hazards

• RF Transmission

• Battery Overcharging


Safety Interlocks

28VBattery

BatteryRelay Wiring

28V

28V RTN

SolarRelay Wiring

Solar Panel 1

Maximum Power Point

Converter #1

Solar Panel 2

Maximum Power Point

Converter #2

Solar Panel 3

Maximum Power Point

Converter #3

Solar Panel 4

Maximum Power Point

Converter #4

Solar Panel 5

Maximum Power Point

Converter #5

Solar Panel 6

Maximum Power Point

Converter #6

28V

28VRTN

28V

28VRTN

Switch 1:28V Power

RF Transmitter

28V to 8VSwitching

Supply

5V Safety Timer 1

Regulator

RF Receiver

28V to 5VSwitching

Supply

IHU

SDX

AND

5V

5V RTN

Command Decoder

5V

Switch 2:Timer 1

Switch 3:Timer 2

5V R

TN

Timer 1~7.7 min

Timer 2~7.7 min

Push to Talk

Timeout

Enable

Timeout

Enable

Enable

Enable

Command Decoder

Timer ~25sec

AND

Interlock

InterlockInterlock

Interlock

5V Safety Timer 2

Regulator

Interlock


Start up Timeline

~7.7 Minutes

~25 Sec

Off Stopped Timer 1 Running

Power SwitchOn

Timer 1 CompleteTimer 1

Timer 1Switch On

Timer 2Switch On

Timer 2

Off

Stopped Timer 2 Waiting Timer 2 Running

RF Power

Off

Powered

OffRF PTT Active

SafeTransmitter Transmitting

Timer 2 Complete

Timer 1Completed

Timer 2Completed

Solar Power Connected.Charging Possible

OffIHU &

Cameras Powered

Isolated

Not to scale ~7.7 Minutes

RF

Tra

nsm

itH

aza

rd C

ritic

al

Ba

ttery

O

verc

ha

rgin

gH

aza

rd C

ritic

al


RF Transmission Hazard

• Three Interlocks– Battery Relay / Solar Panel Relay

• Prevents any 28V Power from powering supplies

– Timer 1 / 8V Switching Supply– Timer 2 / Push to talk


RF Transmission Interlocks

28VBattery

BatteryRelay Wiring

28V

28V RTN

Solar Relay Wiring

Solar Panel 1

Maximum Power Point

Converter #1

Solar Panel 2

Maximum Power Point

Converter #2

Solar Panel 3

Maximum Power Point

Converter #3

Solar Panel 4

Maximum Power Point

Converter #4

Solar Panel 5

Maximum Power Point

Converter #5

Solar Panel 6

Maximum Power Point

Converter #6

28V

28VRTN

28V

28VRTN

Switch 1:28V Power

28V to 8VSwitching

Supply

Switch 2:Timer 1

Switch 3:Timer 2

Timer 1~7.7 min

Timer 2~7.7 min

Timeout

Enable

Timeout

Enable

Enable

Interlock #1A

Interlock #2

RF Transmitter

Interlock #3

Interlock #1B


Battery Overcharging Hazard

• Three Interlocks– Battery Relay – Solar Panel Relay– MPPT


Battery Overcharging Interlocks

28VBattery

BatteryRelay Wiring

28V

28V RTN

SolarRelay Wiring

Solar Panel 1

Maximum Power Point Converter #1

Solar Panel 2

Maximum Power Point

Converter #2

Solar Panel 3

Maximum Power Point

Converter #3

Solar Panel 4

Maximum Power Point

Converter #4

Solar Panel 5

Maximum Power Point

Converter #5

Solar Panel 6

Maximum Power Point

Converter #6

28V

28VRTN

28V

28VRTN

Switch 1:28V Power

28V to 8VSwitching

Supply

Switch 2:Timer 1

Switch 3:Timer 2

Timer 1~7.7 min

Timer 2~7.7 min

Timeout

Enable

Timeout

Enable

Enable

Interlock #1 Interlock #2

Interlock #3

RF Transmitter

Inter Connect Board

ARISSat-1


Inter Connect Board• Connects all PCB assemblies in the IHU stack to

the outside world• Provides Safety Circuitry

Scope– Requirements– Design– Safety Considerations– Operations – Verification– Status


Stack


Stack

SDX

IHU

PSU

ICB

CMD DEC


Interface Connectors


Safety Considerations• ICB is critical and integral to electrical

safety on the satellite– Isolates Battery– MPPT Isolation Relays– Prevents charging hazards– Inhibits RF transmission– Times events after switch changes to allow

Satellite to move away from personnel

• Connectors that provide power are sockets, not pins


Safety Schematics Relays


Safety Timers Power


Interlock 2

• Operator turns on Timer 1 Switch– Timer 1 begins counting– Timer 1 Counting LED starts blinking– ~20 seconds later, IHU powers up

• Takes a picture

– 7.5 minutes later, 8V switcher is enabled• Provides power to RF transmitter


Control Panel Timer 1 Switch Interface


Timer 1 Schematic


IHU Reset

PSU 5V

Switcher

ICB


RF Power Inhibit (Timer1)

ICB

PSU 8V

Switcher


Interlock 3

• Operator turns on Timer 2 Switch– Timer 2 begins oscillating

• Does not start counting time until Timer 1 is complete

– Timer 2 Enabled LED starts blinking– RF Push to Talk is still disabled

• Upon expiration of Timer 2 (~7.5 minutes)– MPPTs connected to 28V Bus– RF Push to talk is enabled


Control Panel Timer 2 Switch Interface


Timer 2 Schematic


Push To Talk Inhibit (Timer2)

Control Panel

Transmitter

ICB


Command Decoder Reset

• Command Decoder can drive a signal high to force the Satellite to reset

• Upon driving this line high– PSU +5V Switcher is shut down for ~20

seconds• Kills power to the IHU and SDX• Kills the microprocessor running on the PSU• Kills the Command Decoder

– PSU will cycle the RF power on restart


Command Decoder Interface


Control Panel LED interface


Verification

• Operating with both low and high voltage inputs

• Ran system at real time speed multiple times– Video Taped one run to verify specified

timings

• Measured current with system off

arissat-1 control panel and safety circuitry jerry zdenek [email protected]

Documents

control panel slide

control panel arissat

safety interlocks arissat

problem slide

different slide

relieved slide

timeline slide

time slide