Electrical, Electronic And Electromechanical (EEE) Parts .
Electrical, Electronic and Electromechanical(EEE) Parts in the New Space Paradigm:When is Better the Enemy of Good Enough?Kenneth A. LaBelMichael J. v301-286-9936301-614-6233Co- Managers, NEPP ProgramNASA/GSFChttp://nepp.nasa.govUnclassifiedTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.
AcronymsAcronymDefinitionADASAdvanced Driver Assistance SystemADCAESAMSARMCANCAN-FDanalog-to-digital converterAdvanced Encryption StandardAgile Mixed SignalARM Holdings Public Limited CompanyController Area NetworkController Area Network Flexible Data-RateCCI/SMMUCache Coherent Interconnect System Memory Management UnitCodeccompression/decompression - A codec is an algorithm, orspecialized computer program, that reduces the number of bytesconsumed by large files and programs.COTSCommercial off the ShelfCRCCSECUDCUCyclic Redundancy CheckComputer Science and EngineeringCu alloyDisplay Controller UnitDDRDouble Data RateDMADRAMDSPdSPIDual ChECCECCEEEEMACDirect Memory AccessDynamic Random Access MemoryDigital Signal ProcessingDynamic Signal Processing InstrumentDual ChannelError-Correcting CodeError-Correcting CodeElectrical, Electronic, and ElectromechanicalEquipment Monitor And ControleMMCembedded MultiMediaCardeTimersFCCUFlexRayEvent TimersFluidized Catalytic Cracking UnitFin Field Effect Transistor (the conducting channel is wrapped bya thin silicon "fin")FlexRay communications busGGigabitGb/sGICGICGPUgigabyte per secondGlobal Industry ClassificationGlobal Industry ClassificationGraphics Processing UnitGTHGTYtransceivers unique library nametransceivers unique library nameHDIOHDRHPIOHigh Density Digital Input/OutputHigh-Dynamic-RangeHigh Performance put Operating SystemInter-Integrated CircuitJPEGKBL2 CacheJoint Photographic Experts GroupKilobyteindependent caches organized as a hierarchy (L1, L2, etc.)LEOLow Earth OrbitL-memLong-MemoryLPDDRM/L BISTLow-Power Double Data RateMemory/Logic Built-In Self-TestMegabyteMBMIPIMobile Industry Processor InterfaceMPSoCMulti-Processor System on a ChipMPUNANDNORPCPCIePCIe Gen2PCIe Gen4Micro-Processor Unitnon-volatile computer memoryNot OR logic gatePOFPhysics of bal Regulation on Pedestrian SafetyResearch and DevelopmentRandom Access MemoryRed, Green, and BlueSuccessive-Approximation-RegisterSerial Advanced Technology AttachmentSecondary Control UnitSDSecure DigitalSD-HCSMMUSecure Digital High CapacitySystem Memory Management UnitSOCSystem on a ChipSPISerial Peripheral InterfaceSize, Weight, and PowerTightly Coupled MemorySwaPTCMTempT-SensorUARTUSBWDTPersonal ComputerPeripheral Component Interconnect ExpressPeripheral Component Interconnect Express Generation 2Peripheral Component Interconnect Express Generation 4TemperatureTemperature-SensorUniversal Asynchronous Receiver/TransmitterUniversal Serial BusWatchdog TimerTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.2
Abstract As the space business rapidly evolves to accommodate alower cost model of development and operation viaconcepts such as commercial space and small spacecraft(aka, CubeSats), traditional EEE parts screening andqualification methods are being scrutinized under a riskreward trade space. In this presentation, two basicconcepts will be discussed: The movement from complete risk aversion EEE parts methodsto managing and/or accepting risk via alternate approaches;and, A discussion of “over-design” focusing on both electrical designperformance and bounding margins. Example scenarios will be described as well asconsideration for trading traditional versus alternatemethods.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.3
Outline The Changing Space Market– Commercial Space and “Small” Space EEE Parts Assurance Modern Electronics– Magpie Syndrome Breaking Tradition: Alternate Approaches– Higher Assembly Level Tests– Use of Fault Tolerance Mission Risk and EEE Parts SummaryHubble Space Telescope courtesy NASATo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.4
Space Missions:How Our Frontiers Have Changed Cost constraints and cost “effectiveness” haveled to dramatic shifts away from traditional largescale missions (ex., Hubble Space Telescope). Two prime trends have surfaced:– Commercial space ventures where the procuring agent“buys” a service or data product and the implementer isresponsible for ensuring mission success with limitedagent oversight. And,– Small missions such as CubeSats that are allowed totake higher risks based on mission purpose and cost. These trends are driving the usage of nonMil/Aero parts such as Automotive grade (seeMike Sampson’s talk) and “architecturalreliability” approaches.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.5
To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.6
EEE Parts AssuranceTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.7
Assurance for EEE Parts Assurance is– Knowledge of The supply chain and manufacturer of the product, The manufacturing process and its controls, and, The physics of failure (POF) related to the technology.– Statistical process and inspection via Testing, inspection, physical analyses and modeling.– Understanding the application and environmentalconditions for device usage. This ture,Vacuum, etc., as well as,Device application and appropriate derating criteria.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.8
Reliability and Availability Reliability (Wikipedia)– The ability of a system or component to perform its requiredfunctions under stated conditions for a specified period oftime. Will it work for as long as you need? Availability (Wikipedia)– The degree to which a system, subsystem, or equipment is ina specified operable and committable state at the start of amission, when the mission is called for at an unknown, i.e., arandom, time. Simply put, availability is the proportion of timea system is in a functioning condition. This is often describedas a mission capable rate. Will it be available when you need it to work? Combining the two drives mission requirements:– Will it work for as long as and when you need it to?To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.9
What does this mean for EEE parts? The more understanding youhave of a device’s failure modesand causes, the higher theconfidence level that it willperform under missionenvironments and lifetime– High confidence “it has to work” High confidence in both reliabilityand availability.– Less confidence “it may to work” Less confidence in both reliabilityand availability. It may work, but prior to flight thereis less certainty.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.10
Traditional Approach to Confidence Part level qualification– Qualification processes are designed to statisticallyunderstand/remove known reliability risks and uncoverother unknown risks inherent in a part. Requires significant sample size and comprehensive suiteof piecepart testing (insight) – high confidence method Part level screening– Electronic component screening uses environmentalstressing and electrical testing to identify marginal anddefective components within a procured lot of EEE parts.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.11
However, tradition doesn’t match thechanging space market and alternate EEEparts approaches that may be“good enough”are being used.(Discussed later in presentation.)To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.12
Modern ElectronicsTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.13
The Magpie Syndrome:The Electrical Designer’s Dilemma Magpie’s are known for being attracted to bright,shiny things. In many ways, the modern electrical engineer is aMagpie:– They are attracted to the latest state-of-the-art devicesand EEE parts technologies. These can be any grade of EEE parts that aren’t qualifiedfor space nor radiation hardened.– These bright and shiny parts may have very attractiveperformance features that aren’t available in higherreliability parts: Size, weight, and power (SwaP),Integrated functionality,Speed of data collection/transfer,Processing capability, etc To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.14
Example Magpie EEE PartsAdvanced Driver Assistance System (ADAS)Sensor Fusion ProcessorXilinx Zynq UltraScale Multi-Processor System on a Chip (MPSoC) 16nm CMOS with Vertical FinFETSFreescale.comXilinx.comTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.15
Gartner Hype Cycle –Reality of Shiny New Thingshttp://www.gartner.comTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.16
When Should a Magpie Fly? While not designed for usage in the harsh environs ofspace, there are still multiple scenarios where usage ofMagpies may be considered:– Mil/Aero alternatives are not available, Ex., SWaP or functionality or procurement schedule,– A mission has a relatively short lifetime or benign spaceenvironment exposure, Ex., 6 month CubeSat mission in LEO,– A system can assume possible unknown risks, Ex., technology demonstration mission,– Device upscreening (per mission requirements) and systemvalidation are performed to obtain confidence in usage,– System level assurances based on fault tolerance and higherassembly level test and validation are deemed sufficient. This is a systems engineering trade that takes a multi-disciplinaryreview.– Or maybe as a pathfinder for future usage. Out of scope for this talk: use of flight data for “qualification”.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.17
Magpie Constraints But Magpies aren’t designed for space flight (justsome aviary aviation at best)! Sample differences include:–––––Temperature ranges,Vacuum performance,Shock and vibration,Lifetime, andRadiation tolerance. Traditionally, “upscreening” at the part level hasoccurred.– Definition: A means of assessing a portion of the inherentreliability of a device via test and analysis. Note: Discovery of a upscreened part failure occursregularly. The following charts discuss alternate approaches.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.18
Breaking Tradition: Alternate ApproachesTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.19
Assembly Testing:Can it Replace Testing at the Parts Level?We can test devices,but how do we testsystems?Or better yet, systems ofsystems on a chip (SOC)?To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.20
Not All Assemblies are Equal Consider assemblies having two distinct categories– Off the shelf (you get what you get) such as COTS, and,– Custom (possibility of having “design for test” included”) Still won’t be as complete as single part level testing, but itdoes reduce some challenges. For COTS assemblies, some of the specific concernsare:– Bill-of-materials may not include lot date codes or devicemanufacturer information.– Individual part application may not be known or datasheetunavailable.– The possible variances for “copies” of the “same” assembly: Form, fit, and function EEE parts may mean variousmanufacturers, or, Lot-to-lot and even device-to-device differences inreliability/availability.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.21
Sample Challenges forTesting Assemblies Limited statistics versus part level approaches due to sample size.Inspection constraints.Acceleration factors–– Temperature testing limited to “weakest” part.Voltage testing may be limited by on-board/on-chip power regulation.Limited test points and I/O challenge adequate stress data capture.Ensuring adequate fault coverage testing.Visibility of errors/failures/faults due to limited I/O availability.System operation.– Ex., Using nominal flight software versus a high stress test approach. Error propagation– An error occurs but does not propagate outward until some time laterdue to system operations such as those of an interrupt register. Fault masking during radiation exposure– Too high a particle rate or too many devices being exposedsimultaneously.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.22
Using Fault Tolerance Making a system more “reliable/available” can occur at manylevels– Operational Ex., no operation in the South Atlantic Anomaly (proton hazard)– System Ex., redundant boxes/busses or swarms of nanosats– Circuit/software Ex., error detection and correction (EDAC) scrubbing of memorydevices by an external device or processor– Device (part) Ex., triple-modular redundancy (TMR) of internal logic within the device– Transistor Ex., use of annular transistors for TID improvement– Material Ex., addition of an epi substrate to reduce SEE charge collection (orother substrate engineering)Good engineers can invent infinite solutions,but the solution used must be adequately validated.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.23
Example:Is Radiation Testing Always Required for COTS? Exceptions for testing may include– Operational Ex., The device is only powered on once per orbit and thesensitive time window for a single event effect is minimal– Acceptable data loss Ex., System level error rate (availability) may be set such thatdata is gathered 95% of the time.– Given physical device volume and assuming every ion causesan upset, this worst-case rate may be tractable.– Negligible effect Ex., A 2 week mission on a shuttle may have a very low TotalIonizing Dose (TID) requirement.Memory picture courtesyNASA/GSFC, Code 561A flash memory may be acceptablewithout testing if a low TIDrequirement exists or not powered onfor the large majority of time.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.24
Is knowledge of EEE Parts Failure ModesRequired To Build a Fault Tolerant System? The system may work, but do we have adequateconfidence in the system to have adequatereliability and availability prior to launch?– What are the “unknown unknowns”? Can we account for them?– How do you calculate risk with unscreened/untestedEEE parts?– Do you have a common mode failure potential in yourdesign? I.e., a design with identical redundant strings rather thanhaving independent redundant strings.– How do you adequately validate a fault tolerant systemfor space? This is a critical point.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.25
Bottom Line onAssembly Testing and Fault Tolerance While clearly ANY testing is betterthan none, assembly testing haslimitations compared to the individualEEE part level.– This is a risk-trade that’s still to beunderstood.– No definitive study exists comparing thisapproach versus traditional partsqualification and screening. Fault tolerance needs to be validated.– Understanding the fault and failuresignatures is required to designappropriate tolerance.– The more complex the system, the harderthe validation is.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.26
Mission Risk and EEE PartsTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.27
Understanding Risk The risk management requirementsmay be broken into threeconsiderations– Technical/Design – “The Good” Relate to the circuit designs not being able tomeet mission criteria such as jitter related to along dwell time of a telescope on an object– Programmatic – “The Bad” Relate to a mission missing a launch window orexceeding a budgetary cost cap which can lead tomission cancellation– Radiation/Reliability – “The Ugly” Relate to mission meeting its lifetime andperformance goals without premature failures orunexpected anomalies Each mission must determine its prioritiesamong the three risk typesTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.28
Background: Traditional Risk MatrixRisk Tolerance BoundaryPlaced on the profile to reflectCorporate “Risk Appetite”By adjusting the level ofcurrency hedging, resourcescan be released to help fundimprovements to protection ofthe production facility.Caution ZoneRisks in the “yellow” areaneed constant vigilanceand regular auditLikelihood Scale:Impact Scale:A: Very HighB: HighC: OccasionalI: Catastrophic II: Critical III: SignificantD: Low E: Very Low F: Almost ImpossibleIV: MarginalTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.29
Space Missions:EEE Parts and Risk The determination of acceptability for deviceusage is a complex trade space.– Every engineer will “solve” a problem differently: Ex., software versus hardware solutions. The following chart proposes an alternatemission risk matrix approach for EEE partsbased on:– Environment exposure,– Mission lifetime, and,– Criticality of implemented function. Notes:– “COTS” implies any grade that is not space qualifiedand radiation hardened.– Level 1 and 2 refer to traditional space qualified EEEparts.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.30
Notional EEE Parts Selection FactorsLevel 1 or 2suggested.COTS upscreening/testingrecommended.Fault tolerantdesigns for COTS.Level 1 or 2, rad hardsuggested.Full upscreening forCOTS.Fault tolerant designsfor COTS.Level 1 or 2, radhardrecommended.Full upscreeningfor COTS.Fault tolerantdesigns for COTS.MediumCOTS estedCOTS upscreening/testing recommended.Fault-tolerancerecommendedLevel 1 or 2, radhard suggested.Full upscreeningfor COTS.Fault tolerantdesigns for COTS.LowCOTS upscreening/testing optional.Do no harm (toothers)COTS upscreening/testing recommended.Fault-tolerancesuggested.Do no harm (to others)Rad hardsuggested.COTS upscreening/testingrecommended.Fault vironment/LifetimeTo be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.31
A Few Details on the “Matrix” When to test:– “Optional” Implies that you might get away without this, but there’s residual risk.– “Suggested” Implies that it is good idea to do this, and likely some risk if you don’t.– “Recommended” Implies that this really should be done or you’ll definitely have somerisk.– Where just the item is listed (like “full upscreening for COTS”) This should be done to meet the criticality and environment/lifetimeconcerns. The higher the level of risk acceptance by a mission, the higherthe consideration for performing alternate assembly level testingversus traditional part level. All fault tolerance must be validated.Good mission planning identifies where on the matrix a EEE part lies.To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.32
Summary In this talk, we have presented:– An overview of considerations for alternate EEE partsapproaches: Technical, programmatic, and risk-oriented– Every mission views the relative priorities differently. As seen below, every decision type may have aprocess.– It’s all in developing an appropriate one for yourapplication and avoiding “buyer’s remorse”!Five stages of Consumer Behaviorhttp://www-rohan.sdsu.edu/ renglish/370/notes/chapt05/To be presented by Kenneth A. LaBel at ESCCON 2016 European Space Components Coordination Conference (ESCCON),March 1-3, 2016, Noordwijk, Netherlands.33
and EEE parts technologies. These can be any grade of EEE parts that aren’t qualified for space nor radiation hardened. –These bright and shiny parts may have very attractive performance features that aren’t available in higher-reliability parts: Size, weight, and power (SwaP), Integrated functionality,
j e e e e e e e eee eee eee eee eee eee eee %e &o 6[ 6[ 7 6[ 7 6[ %e 7sw %e 7sw %e 7sw %e 7sw 7eq 7eq 7eq 7eq %dvv ' 6 3qr * e
Step 3: Switch/Router ports negotiate EEE capability via Clause 74 Auto-Neg Step 4: OTN is “EEE unaware”, so Switch/Router ports remain in “EEE OFF” * uPCS refers to PCS lane recovery and deskew based on Figures 82-10, 82-11 of approved IEEE Std 802.3-2012
Electromechanical Feeders The high-capacity performers Syntron MF Heavy-Duty Electromechanical Feeders are the heavy-weights of bulk material handling and are used for higher capacity requirements. The ten heavy-duty models handle capacities from 600 to 4,000 tons per hour.* Syntron Heavy-Duty Electromechanical Feeders combine
EEE compliance may not be required in your location for electrical & electronic equipment (EEE), nor may it be required for EEE designed and intended as fixed or temporary
MSFC Technical Standard ES43 Title: EEE Parts Management and Control Requirements for MSFC Space Flight Hardware Document No.: MSFC-STD-3012 Revision: A Effective Date: February 14, 2012 Page: 2of 188 CHECK THE MASTER LIST—VERIFY THAT THIS IS THE CORRECT VERSION BEFORE USE ATFile Size: 1MB
Electric Power and Machine department Ain Shams University. Cairo, Egypt Mahmoud M. Kashef Electric Power and Machine department Ain Shams University. Cairo, Egypt ABSTRACT Many type of electrical machine can be used as an electromechanical battery for low earth orbit satellite. Electromechanical battery is motor generator mode coupling
hand and electrical and electronic equipment (EEE) falling in the scope of the WEEE2 on the other. Furthermore, position papers subject to so called "installation equipment" have been published by associations that classify several products as EEE, which in fact can clearly be qualified as components.
API Recommended Practice 500, Classification of Locations for Electrical Installations at Petroleum Facilities Classified as Class 1, Division 1 and Division 2 API Recommended Practice 505, Classification of Locations for Electrical Installations at Petroleum Facilities Classified as Class 1, Zone 0, Zone 1 and Zone 2 ASSE Z359.1, The Fall Protection Code ASTM F2413, Standard Specification for .
