1 00:00:00,120 --> 00:00:02,460 The following content is provided under a Creative 2 00:00:02,460 --> 00:00:03,880 Commons license. 3 00:00:03,880 --> 00:00:06,090 Your support will help MIT OpenCourseWare 4 00:00:06,090 --> 00:00:10,180 continue to offer high-quality educational resources for free. 5 00:00:10,180 --> 00:00:12,720 To make a donation or to view additional materials 6 00:00:12,720 --> 00:00:16,680 from hundreds of MIT courses, visit MIT OpenCourseWare 7 00:00:16,680 --> 00:00:17,880 at ocw.mit.edu. 8 00:00:24,770 --> 00:00:27,910 PROFESSOR: The engines, the aircraft engines, 9 00:00:27,910 --> 00:00:30,610 have a lot of sensors on them because the engines really 10 00:00:30,610 --> 00:00:31,720 need to work reliably. 11 00:00:31,720 --> 00:00:37,090 So it tends to be more sort of thermal structural components. 12 00:00:37,090 --> 00:00:41,470 And my sense is in cars, you monitor more electronics, 13 00:00:41,470 --> 00:00:42,655 how many-- 14 00:00:42,655 --> 00:00:43,650 AUDIENCE: Emissions. 15 00:00:43,650 --> 00:00:44,840 PROFESSOR: --certainly admissions. 16 00:00:44,840 --> 00:00:46,798 It's slightly different what's being monitored, 17 00:00:46,798 --> 00:00:48,520 and the sensors are different. 18 00:00:48,520 --> 00:00:50,770 Even the companies that provide these sensors 19 00:00:50,770 --> 00:00:54,574 and health-monitoring equipment tend to be different as well. 20 00:00:54,574 --> 00:00:55,990 I think, there are similar trends, 21 00:00:55,990 --> 00:00:57,400 but they're somewhat parallel. 22 00:00:57,400 --> 00:00:59,400 I don't think one came before the other. 23 00:00:59,400 --> 00:00:59,970 AUDIENCE: OK. 24 00:00:59,970 --> 00:01:01,350 Yeah. 25 00:01:01,350 --> 00:01:02,860 PROFESSOR: Hey, Volcker, do you want 26 00:01:02,860 --> 00:01:07,280 to mention something about health monitoring in general 27 00:01:07,280 --> 00:01:08,624 for operations? 28 00:01:08,624 --> 00:01:13,648 GUEST SPEAKER: I just sent you a link on your email 29 00:01:13,648 --> 00:01:17,160 because we've been for six years monitoring the health 30 00:01:17,160 --> 00:01:18,940 of [INAUDIBLE] that's up there. 31 00:01:18,940 --> 00:01:21,480 And it's live link, so I don't know 32 00:01:21,480 --> 00:01:24,633 if you are able from your computer to open it. 33 00:01:24,633 --> 00:01:27,880 I just sent you the link on your email. 34 00:01:27,880 --> 00:01:29,360 Right? 35 00:01:29,360 --> 00:01:31,610 So actually, into the first satellite 36 00:01:31,610 --> 00:01:35,240 that we both [INAUDIBLE] few years ago, 37 00:01:35,240 --> 00:01:36,890 we figured we want to know everything. 38 00:01:36,890 --> 00:01:40,970 So the primary [? dom ?] system were all 39 00:01:40,970 --> 00:01:46,210 sent on every telemetry data the same [? dom ?] at every path 40 00:01:46,210 --> 00:01:48,050 and kept actual. 41 00:01:48,050 --> 00:01:52,310 So maybe after break or whenever there's a chance, 42 00:01:52,310 --> 00:01:56,100 go to the link, and you can see the actual housekeeping data. 43 00:01:56,100 --> 00:01:59,660 And you'll see that the battery, the voltage, 44 00:01:59,660 --> 00:02:02,110 is the only one that's [INAUDIBLE].. 45 00:02:02,110 --> 00:02:05,790 Likely, [INAUDIBLE] of the six years, which 46 00:02:05,790 --> 00:02:08,300 is not bad for a VC system. 47 00:02:08,300 --> 00:02:10,850 PROFESSOR: Yup, OK, I'll pull it up during the break. 48 00:02:10,850 --> 00:02:12,110 Thanks for that. 49 00:02:12,110 --> 00:02:13,580 That'll be interesting. 50 00:02:13,580 --> 00:02:16,790 OK, let's move on. 51 00:02:16,790 --> 00:02:19,760 So unfortunately, I would say the F-18, 52 00:02:19,760 --> 00:02:22,350 and there's a lot of systems that were designed with 53 00:02:22,350 --> 00:02:25,280 operational excellence in mind-- 54 00:02:25,280 --> 00:02:27,860 maintainability, high reliability. 55 00:02:27,860 --> 00:02:30,110 That was a big thing. 56 00:02:30,110 --> 00:02:31,790 I did mention this before, I think, 57 00:02:31,790 --> 00:02:34,080 but I just want to say that it's not always the case. 58 00:02:34,080 --> 00:02:37,640 So this is one of the counter-examples, the space 59 00:02:37,640 --> 00:02:38,540 shuttle. 60 00:02:38,540 --> 00:02:39,850 And I have a lot of respect. 61 00:02:39,850 --> 00:02:41,420 Don't misunderstand me. 62 00:02:41,420 --> 00:02:44,360 I think people that worked on the shuttle did an amazing job. 63 00:02:44,360 --> 00:02:46,370 It was an amazing vehicle. 64 00:02:46,370 --> 00:02:48,590 But things turned out quite differently 65 00:02:48,590 --> 00:02:50,120 than what was promised. 66 00:02:50,120 --> 00:02:52,580 I think that everybody will agree with that. 67 00:02:52,580 --> 00:02:54,920 So this is a paper that was actually 68 00:02:54,920 --> 00:02:57,290 a very short paper published believe it or not 69 00:02:57,290 --> 00:03:01,550 in nature in 2011 right after the retirement of the shuttle 70 00:03:01,550 --> 00:03:05,184 and by Pilcke et al. 71 00:03:05,184 --> 00:03:07,100 And what they did is, they looked at the costs 72 00:03:07,100 --> 00:03:08,210 of the shuttle program. 73 00:03:08,210 --> 00:03:09,860 And the cost is well known because this 74 00:03:09,860 --> 00:03:10,970 is all public money. 75 00:03:10,970 --> 00:03:14,330 This is all money that was appropriated by Congress. 76 00:03:14,330 --> 00:03:16,160 And then the light blue bars are the number 77 00:03:16,160 --> 00:03:19,050 of launches that happen in a particular year. 78 00:03:19,050 --> 00:03:21,350 So you can see the maximum was nine-- 79 00:03:21,350 --> 00:03:24,690 nine launches in 1984-- 80 00:03:24,690 --> 00:03:29,660 not a launch a week that Congress had been told. 81 00:03:29,660 --> 00:03:35,200 And so we have about 10 years of design, 82 00:03:35,200 --> 00:03:39,780 build, test until initial operating capability. 83 00:03:39,780 --> 00:03:42,780 And then we have about 30 years of actually usage 84 00:03:42,780 --> 00:03:43,860 and operations. 85 00:03:43,860 --> 00:03:45,480 And this is true for any system. 86 00:03:45,480 --> 00:03:49,210 The operational phase is much longer than the design phase. 87 00:03:49,210 --> 00:03:51,030 So in this case, the operational phase 88 00:03:51,030 --> 00:03:55,260 was 30 years right, three times longer than the actual design 89 00:03:55,260 --> 00:03:57,660 phase, which was about a decade. 90 00:03:57,660 --> 00:04:00,660 The Vision was a partially reusable space vehicle, 91 00:04:00,660 --> 00:04:03,120 quick turnaround, high flight rate. 92 00:04:03,120 --> 00:04:06,600 What we actually got is a complex and fragile vehicle 93 00:04:06,600 --> 00:04:10,890 with an average cost of about $1.5 billion for flight 94 00:04:10,890 --> 00:04:13,740 and a workforce of about 20,000 people 95 00:04:13,740 --> 00:04:16,829 to keep the shuttle flying. 96 00:04:16,829 --> 00:04:19,740 And I think I've shown you this before, right? 97 00:04:19,740 --> 00:04:21,300 Did I show you this before? 98 00:04:21,300 --> 00:04:24,210 So this is an original illustration 99 00:04:24,210 --> 00:04:27,270 from the proposal to Congress. 100 00:04:27,270 --> 00:04:29,950 It kind of looks like the F-18 that I just showed you. 101 00:04:29,950 --> 00:04:35,070 It's a hangar, pristine, a few people, 102 00:04:35,070 --> 00:04:37,830 a couple of ground support equipment carts-- 103 00:04:37,830 --> 00:04:40,890 this is kind of like an airplane, like an airliner. 104 00:04:40,890 --> 00:04:43,080 And then this is what we actually got. 105 00:04:43,080 --> 00:04:46,080 This is a picture taken in the Orbiter Processing Facility 106 00:04:46,080 --> 00:04:47,790 at the Kennedy Space Center. 107 00:04:47,790 --> 00:04:50,220 And you can't even see the shuttle, right? 108 00:04:50,220 --> 00:04:53,360 It's hidden behind the scaffolding, 109 00:04:53,360 --> 00:04:55,560 and the main systems that required 110 00:04:55,560 --> 00:04:57,510 a lot of work between flights were the shuttle 111 00:04:57,510 --> 00:05:00,900 main engine and of course the TPS, the thermal protection 112 00:05:00,900 --> 00:05:01,770 system. 113 00:05:01,770 --> 00:05:05,460 Now, you can say, well why such a big discrepancy between what 114 00:05:05,460 --> 00:05:09,384 was promised, the Vision, and what's actually delivered? 115 00:05:09,384 --> 00:05:11,050 And people will have different opinions. 116 00:05:11,050 --> 00:05:14,920 My opinion is, certainly over-optimism was a part of it. 117 00:05:14,920 --> 00:05:19,540 But also Congress kept the research development 118 00:05:19,540 --> 00:05:23,330 costs for the Orbiter in particular to about 5.1, 119 00:05:23,330 --> 00:05:23,980 5 billion. 120 00:05:23,980 --> 00:05:25,660 There was actually an act of Congress 121 00:05:25,660 --> 00:05:30,040 that said those shall not spend more 5.1, 5 billion 122 00:05:30,040 --> 00:05:31,960 on development of the Orbiter. 123 00:05:31,960 --> 00:05:36,550 So then, when it was clear, 24 metric tons to low-earth orbit. 124 00:05:36,550 --> 00:05:40,970 If you can't achieve that, the system will not satisfy. 125 00:05:40,970 --> 00:05:44,620 So performance is king, and of course, this 126 00:05:44,620 --> 00:05:46,930 was also a politically challenging 127 00:05:46,930 --> 00:05:48,730 because there were military requirements 128 00:05:48,730 --> 00:05:51,100 and civilian requirements that had to be met. 129 00:05:51,100 --> 00:05:53,880 And then maintainability, like I said, 130 00:05:53,880 --> 00:05:56,120 just doesn't happen automatically. 131 00:05:56,120 --> 00:05:57,880 You have to actually write requirements 132 00:05:57,880 --> 00:05:59,140 for maintainability. 133 00:05:59,140 --> 00:06:00,590 How long should it take? 134 00:06:00,590 --> 00:06:02,410 How many hours of work? 135 00:06:02,410 --> 00:06:07,030 How many actions or procedures to do certain maintenance 136 00:06:07,030 --> 00:06:07,540 actions? 137 00:06:07,540 --> 00:06:10,480 It has to be designed into the system, therefore 138 00:06:10,480 --> 00:06:12,370 the need for requirements. 139 00:06:12,370 --> 00:06:17,320 And then no realistic lifecycle cost or value optimization. 140 00:06:17,320 --> 00:06:20,990 So that's, I think, the counter-example. 141 00:06:20,990 --> 00:06:23,950 But again, I am not blaming individuals for this. 142 00:06:23,950 --> 00:06:26,890 I'm blaming the system for this. 143 00:06:26,890 --> 00:06:28,159 Yes? 144 00:06:28,159 --> 00:06:29,700 AUDIENCE: To what extent do you think 145 00:06:29,700 --> 00:06:32,170 that kind of problems within shuttle 146 00:06:32,170 --> 00:06:36,250 can be traced to effectively a failure to stop 147 00:06:36,250 --> 00:06:37,780 defining the requirements? 148 00:06:37,780 --> 00:06:41,100 I feel like when you look at commercial launch systems 149 00:06:41,100 --> 00:06:42,350 kind of as a comparison point. 150 00:06:42,350 --> 00:06:45,100 And I understand they're not reusable. 151 00:06:45,100 --> 00:06:47,590 And they're not being designed to necessarily 152 00:06:47,590 --> 00:06:49,390 the same specifications as shuttle. 153 00:06:49,390 --> 00:06:52,870 But I feel like because the commercial launch industry 154 00:06:52,870 --> 00:06:55,450 has had standards set by NASA and the Air Force 155 00:06:55,450 --> 00:06:57,280 that they needed to meet, that they 156 00:06:57,280 --> 00:06:59,050 had a very clear set of requirements 157 00:06:59,050 --> 00:07:00,100 from the beginning. 158 00:07:00,100 --> 00:07:01,630 Whereas the development of shuttle, 159 00:07:01,630 --> 00:07:05,410 like the failure to design for maintainability, 160 00:07:05,410 --> 00:07:07,030 when I look at the development cycle, 161 00:07:07,030 --> 00:07:09,280 it looks like they continue to refine requirements 162 00:07:09,280 --> 00:07:11,730 as they went and kind of discovered new things. 163 00:07:11,730 --> 00:07:14,022 And then said, OK, so we need to do it this way instead 164 00:07:14,022 --> 00:07:16,104 of saying from the beginning, these departments we 165 00:07:16,104 --> 00:07:17,030 know we have to meet. 166 00:07:17,030 --> 00:07:17,924 Let's design to that. 167 00:07:17,924 --> 00:07:19,090 PROFESSOR: Right, though I-- 168 00:07:19,090 --> 00:07:19,690 AUDIENCE: It look like they kind of 169 00:07:19,690 --> 00:07:21,400 crept through the development phase 170 00:07:21,400 --> 00:07:23,295 to me, that there was no hard stop. 171 00:07:23,295 --> 00:07:25,921 So I was just wondering if you could comment on that kind of-- 172 00:07:25,921 --> 00:07:27,670 PROFESSOR: It's definitely true that there 173 00:07:27,670 --> 00:07:29,520 was sort of reacting to-- 174 00:07:29,520 --> 00:07:30,760 and after the first few-- 175 00:07:30,760 --> 00:07:34,930 so an interesting history there is the shuttle main engines. 176 00:07:34,930 --> 00:07:38,350 They were completely disassembled and inspected 177 00:07:38,350 --> 00:07:40,450 after the first couple of flights. 178 00:07:40,450 --> 00:07:42,660 But that wasn't supposed to be done every flight. 179 00:07:42,660 --> 00:07:44,784 It was supposed to be, you're going to launch them, 180 00:07:44,784 --> 00:07:47,380 I think, like five times before you actually 181 00:07:47,380 --> 00:07:49,240 do big inspections. 182 00:07:49,240 --> 00:07:50,980 But they had already done inspections 183 00:07:50,980 --> 00:07:52,600 after every test flight. 184 00:07:52,600 --> 00:07:54,670 And then they just kept doing it. 185 00:07:54,670 --> 00:07:59,500 So something that was supposed to be only a maintenance 186 00:07:59,500 --> 00:08:02,860 action or inspection during test flights 187 00:08:02,860 --> 00:08:06,390 became or crept into becoming an operational requirement. 188 00:08:06,390 --> 00:08:08,650 And of course, you have a big workforce 189 00:08:08,650 --> 00:08:10,910 and there's jobs and so forth. 190 00:08:10,910 --> 00:08:12,160 So there's that too. 191 00:08:12,160 --> 00:08:15,340 But it was never intended that the shuttle main engines 192 00:08:15,340 --> 00:08:18,370 would be disassembled and rebuilt after every flight. 193 00:08:18,370 --> 00:08:22,030 AUDIENCE: Why was that permitted? 194 00:08:22,030 --> 00:08:24,100 PROFESSOR: Well, I guess, the sense 195 00:08:24,100 --> 00:08:26,736 was that it would be safer to do that, 196 00:08:26,736 --> 00:08:28,360 and that you really want to know what's 197 00:08:28,360 --> 00:08:30,100 the state of these engines. 198 00:08:30,100 --> 00:08:34,030 And I will say this, I mean at the contractual, 199 00:08:34,030 --> 00:08:35,710 there's jobs there. 200 00:08:35,710 --> 00:08:36,970 There's money there. 201 00:08:36,970 --> 00:08:40,539 And so the more maintenance actions you can do, 202 00:08:40,539 --> 00:08:42,580 the more of a business this is. 203 00:08:42,580 --> 00:08:44,780 But of course, that's not what the Vision was. 204 00:08:44,780 --> 00:08:48,430 The Vision was a very lean, operations, few people. 205 00:08:48,430 --> 00:08:52,512 So there's a socioeconomic things tied up with it as well. 206 00:08:52,512 --> 00:08:54,720 AUDIENCE: Do you think that because that's inherently 207 00:08:54,720 --> 00:08:57,166 a government project that's part of the reason? 208 00:08:57,166 --> 00:08:58,540 Like whereas a commercial company 209 00:08:58,540 --> 00:09:00,520 is looking to cut as many employees as possible 210 00:09:00,520 --> 00:09:02,050 to increase profit margin? 211 00:09:02,050 --> 00:09:03,400 PROFESSOR: I think that that's a part of it. 212 00:09:03,400 --> 00:09:03,700 AUDIENCE: OK. 213 00:09:03,700 --> 00:09:05,700 PROFESSOR: Yeah, I do think that's a part of it. 214 00:09:07,870 --> 00:09:12,230 Yeah, absolutely, it's a really interesting history. 215 00:09:12,230 --> 00:09:14,290 There's a lot to be learned from this. 216 00:09:14,290 --> 00:09:16,960 OK, so let me move on. 217 00:09:16,960 --> 00:09:21,370 So this is kind of a list, not a checklist really, but a list 218 00:09:21,370 --> 00:09:23,560 of operational considerations that you should think 219 00:09:23,560 --> 00:09:25,570 about when you design a system. 220 00:09:25,570 --> 00:09:27,550 So how will it be operated? 221 00:09:27,550 --> 00:09:31,100 And of course, we've done the CONOPS a while ago, 222 00:09:31,100 --> 00:09:33,280 but this is sort of more detailed than the CONOPS. 223 00:09:33,280 --> 00:09:35,380 How will you inspect the system? 224 00:09:35,380 --> 00:09:38,140 How will you maintain it? 225 00:09:38,140 --> 00:09:41,920 What insights do the operators need into the system status? 226 00:09:41,920 --> 00:09:44,110 So when you are operating the system, 227 00:09:44,110 --> 00:09:46,270 how much about the internal workings 228 00:09:46,270 --> 00:09:47,530 do you really need to know? 229 00:09:47,530 --> 00:09:53,164 This is the internal telemetry temperatures, pressures, 230 00:09:53,164 --> 00:09:56,410 in the avionics, the electrical. 231 00:09:56,410 --> 00:09:58,630 I think the example of the electrical bus was good, 232 00:09:58,630 --> 00:10:04,180 the cryogenics system example, how much insight do you need? 233 00:10:04,180 --> 00:10:06,910 Before turning over to the operators, what checks do 234 00:10:06,910 --> 00:10:08,280 you need to perform? 235 00:10:08,280 --> 00:10:10,270 How might the system fail? 236 00:10:10,270 --> 00:10:13,030 Think about failure, and you of course 237 00:10:13,030 --> 00:10:15,670 need to think about that as early as possible. 238 00:10:15,670 --> 00:10:17,740 What are the options available to you 239 00:10:17,740 --> 00:10:19,180 in case you have failures? 240 00:10:19,180 --> 00:10:21,040 And you will have failures. 241 00:10:21,040 --> 00:10:23,830 What spares are needed to repair the system? 242 00:10:23,830 --> 00:10:27,190 Will this system still perform even under partial failure? 243 00:10:27,190 --> 00:10:29,950 So maybe something failed but not catastrophically. 244 00:10:29,950 --> 00:10:31,270 It's a partial failure. 245 00:10:31,270 --> 00:10:33,340 Can you keep going with the system? 246 00:10:33,340 --> 00:10:37,270 How far can you push the system? 247 00:10:37,270 --> 00:10:41,184 I think if you think about this is like five questions here, 248 00:10:41,184 --> 00:10:43,600 but I think, they are five of the most important questions 249 00:10:43,600 --> 00:10:46,400 for operations. 250 00:10:46,400 --> 00:10:49,340 Now in terms of the NASA lifecycle, 251 00:10:49,340 --> 00:10:51,800 we're talking Phase E here, just to be clear. 252 00:10:51,800 --> 00:10:55,460 So Phase E is called Operations and Sustainment. 253 00:10:55,460 --> 00:10:59,510 And depending on what mission you're talking about, 254 00:10:59,510 --> 00:11:01,970 this could be short-- 255 00:11:01,970 --> 00:11:06,170 like the Apollo missions, like two weeks and they're back 256 00:11:06,170 --> 00:11:07,940 home-- 257 00:11:07,940 --> 00:11:10,760 ISS, six months rotations. 258 00:11:10,760 --> 00:11:14,450 Or it could be something like Voyager. 259 00:11:14,450 --> 00:11:18,720 Voyager was launched when in '76? 260 00:11:18,720 --> 00:11:21,650 Voyager's been flying for 40 years, 261 00:11:21,650 --> 00:11:24,920 and we're still getting data and telemetry at very low data 262 00:11:24,920 --> 00:11:27,770 rates, like 100 bits per second or something like this. 263 00:11:27,770 --> 00:11:29,990 But still, that's remarkable, right? 264 00:11:29,990 --> 00:11:33,930 So Phase E, in that case, is very long. 265 00:11:33,930 --> 00:11:37,190 So it's worth really thinking about this. 266 00:11:37,190 --> 00:11:39,930 All right, let me talk about commissioning. 267 00:11:39,930 --> 00:11:42,870 So commissioning is essentially the transition 268 00:11:42,870 --> 00:11:45,360 from Phase D to Phase E. So Phase D 269 00:11:45,360 --> 00:11:49,290 is System Assembly, Integration, Test, and Launch, 270 00:11:49,290 --> 00:11:51,310 and Transition to Use. 271 00:11:51,310 --> 00:11:54,030 And Phase E is then Operations and Sustainment. 272 00:11:54,030 --> 00:11:57,420 So to conduct the mission, meet the initially-identified need, 273 00:11:57,420 --> 00:11:59,640 maintain support, and then implement 274 00:11:59,640 --> 00:12:01,500 your mission operations plan. 275 00:12:01,500 --> 00:12:04,590 So commissioning, essentially, is transitioning 276 00:12:04,590 --> 00:12:08,130 from Phase D to Phase E. And usually, 277 00:12:08,130 --> 00:12:11,580 the people that will operate the system day in, day out, 278 00:12:11,580 --> 00:12:14,790 tend to be different people than the people who 279 00:12:14,790 --> 00:12:18,330 design the system, who build the system, who launch the system. 280 00:12:18,330 --> 00:12:21,630 So usually, you have some kind of a handoff or handover 281 00:12:21,630 --> 00:12:25,830 of the system from the designers, builders 282 00:12:25,830 --> 00:12:27,240 to the operators. 283 00:12:27,240 --> 00:12:31,050 And that handover is very important that it be done well. 284 00:12:31,050 --> 00:12:34,580 And that's what we call commissioning. 285 00:12:34,580 --> 00:12:37,820 Or in this case, this is the-- do you remember this? 286 00:12:37,820 --> 00:12:39,800 We haven't shown this for a while. 287 00:12:39,800 --> 00:12:43,340 Remember what do we call this, this thing here? 288 00:12:43,340 --> 00:12:44,150 The engine, right? 289 00:12:44,150 --> 00:12:47,320 The system's engineering engine at every level. 290 00:12:47,320 --> 00:12:51,770 So this is Step 9, Product Transitioning Process. 291 00:12:51,770 --> 00:12:55,040 And then there has to be a flow chart, right? 292 00:12:55,040 --> 00:12:57,410 Can't do without a flow chart. 293 00:12:57,410 --> 00:13:00,680 It's not particularly fancy or anything, 294 00:13:00,680 --> 00:13:03,710 but the idea is that you have inputs, 295 00:13:03,710 --> 00:13:07,880 which are the end product, ready to be used, documentation. 296 00:13:07,880 --> 00:13:12,140 So when I ask you about the cryogenic system-- 297 00:13:12,140 --> 00:13:13,970 you mentioned the cryogenic system-- 298 00:13:13,970 --> 00:13:16,970 I ask you, do you have a user manual for it? 299 00:13:16,970 --> 00:13:19,640 So that would be here, in this box here, on the left side-- 300 00:13:19,640 --> 00:13:22,880 the documentation that goes with the end product. 301 00:13:22,880 --> 00:13:25,647 And then any product transition-enabling products, 302 00:13:25,647 --> 00:13:27,230 so those would be things that you only 303 00:13:27,230 --> 00:13:31,940 use during the transition, like equipment or facilities 304 00:13:31,940 --> 00:13:35,750 that you just use for this transitioning process. 305 00:13:35,750 --> 00:13:39,330 And then you don't use them during operations. 306 00:13:39,330 --> 00:13:41,760 You can think of examples of that. 307 00:13:41,760 --> 00:13:44,820 And then you go through this multiple steps. 308 00:13:44,820 --> 00:13:47,390 There may be multiple sites that you have to prepare, 309 00:13:47,390 --> 00:13:49,310 multiple locations. 310 00:13:49,310 --> 00:13:53,120 And at the end of it, you've delivered the end product. 311 00:13:53,120 --> 00:13:56,900 It's operational, transition work products, 312 00:13:56,900 --> 00:14:00,500 and you're essentially operational. 313 00:14:00,500 --> 00:14:04,190 So what it means in practice is deploying 314 00:14:04,190 --> 00:14:07,820 the system in the field, transitioning to the operators, 315 00:14:07,820 --> 00:14:09,890 physically and legally also-- 316 00:14:09,890 --> 00:14:11,040 I should point this out. 317 00:14:11,040 --> 00:14:12,710 This is really important. 318 00:14:12,710 --> 00:14:18,020 So usually, in this commissioning phase, 319 00:14:18,020 --> 00:14:20,510 the legal ownership of the product or the asset 320 00:14:20,510 --> 00:14:23,360 is transferred from one organization to the other. 321 00:14:23,360 --> 00:14:26,180 So if it breaks now, it's your problem. 322 00:14:26,180 --> 00:14:27,230 It's not my problem. 323 00:14:27,230 --> 00:14:28,770 You've already taken ownership. 324 00:14:28,770 --> 00:14:30,195 You've signed off on it. 325 00:14:30,195 --> 00:14:33,920 And for insurance purposes, this is a very big deal. 326 00:14:33,920 --> 00:14:36,830 So at what point does legal ownership 327 00:14:36,830 --> 00:14:38,380 of the asset transition? 328 00:14:38,380 --> 00:14:40,680 You really have to know that. 329 00:14:40,680 --> 00:14:42,920 And then, of course, the training. 330 00:14:42,920 --> 00:14:46,730 Checkout-- checkout means turning on all your systems 331 00:14:46,730 --> 00:14:50,090 and subsystems, making sure everything works, 332 00:14:50,090 --> 00:14:53,210 making sure there's no emergent behaviors, weird behaviors, 333 00:14:53,210 --> 00:14:54,950 unexpected behaviors. 334 00:14:54,950 --> 00:14:57,740 Comparing the predicted parameters 335 00:14:57,740 --> 00:14:59,300 against the actual behaviors. 336 00:14:59,300 --> 00:15:02,140 Does the system behave as we had predicted, 337 00:15:02,140 --> 00:15:04,280 based on calculations? 338 00:15:04,280 --> 00:15:07,250 These days, we usually build simulations. 339 00:15:07,250 --> 00:15:10,550 We build a pretty realistic simulation of the system, 340 00:15:10,550 --> 00:15:14,990 and there's the concept of digital twin. 341 00:15:14,990 --> 00:15:16,060 Who's heard this before? 342 00:15:16,060 --> 00:15:17,360 Digital twin. 343 00:15:17,360 --> 00:15:18,680 Who's heard this before? 344 00:15:18,680 --> 00:15:20,300 Oh, nobody, OK. 345 00:15:20,300 --> 00:15:23,270 So the idea of a digital twin is that here's 346 00:15:23,270 --> 00:15:27,770 your physical system, airplane, satellite, cube sat, 347 00:15:27,770 --> 00:15:30,470 whatever it is, medical device. 348 00:15:30,470 --> 00:15:33,080 And there's a digital twin of it. 349 00:15:33,080 --> 00:15:38,720 There's a in silico version, a simulated twin, 350 00:15:38,720 --> 00:15:41,810 of that system that exists somewhere. 351 00:15:41,810 --> 00:15:45,320 And before you turn the system on and do operations on it, 352 00:15:45,320 --> 00:15:48,110 you do it on the digital twin to see 353 00:15:48,110 --> 00:15:50,330 what will happen and predict everything-- 354 00:15:50,330 --> 00:15:53,300 all the parameters, the position, velocity, 355 00:15:53,300 --> 00:15:56,460 accelerations, temperatures, pressures. 356 00:15:56,460 --> 00:15:59,270 So if things look good in the digital twin, 357 00:15:59,270 --> 00:16:01,320 then you actually do it in the real system. 358 00:16:01,320 --> 00:16:05,550 So for example, JPL with their Mars rovers, they will do that. 359 00:16:05,550 --> 00:16:08,000 They have a digital twin, they have a digital version. 360 00:16:08,000 --> 00:16:10,760 They actually have a physical twin too. 361 00:16:10,760 --> 00:16:13,310 But they typically only use that if there's problems, 362 00:16:13,310 --> 00:16:15,640 like stuck in a sand dune or something like that. 363 00:16:15,640 --> 00:16:19,670 So you actually simulate commands 364 00:16:19,670 --> 00:16:21,530 that you're going to send to the spacecraft 365 00:16:21,530 --> 00:16:25,310 on your digital twin, make sure that the command sequence is 366 00:16:25,310 --> 00:16:28,790 correct, that things will-- 367 00:16:28,790 --> 00:16:31,250 and then you do it on the real system. 368 00:16:31,250 --> 00:16:33,080 That's what we mean here. 369 00:16:33,080 --> 00:16:35,267 And during checkout, you do it initially. 370 00:16:35,267 --> 00:16:37,100 But actually, if it's a very complex system, 371 00:16:37,100 --> 00:16:40,760 you might do this as a matter of routine. 372 00:16:40,760 --> 00:16:43,790 And then sustainment is the third thing here. 373 00:16:43,790 --> 00:16:46,940 So sustainment means maintenance, both preventative 374 00:16:46,940 --> 00:16:48,176 and corrective. 375 00:16:48,176 --> 00:16:49,550 So preventative maintenance means 376 00:16:49,550 --> 00:16:52,340 you're taking actions before the system breaks. 377 00:16:52,340 --> 00:16:55,610 Corrective action means you're taking maintenance actions 378 00:16:55,610 --> 00:16:59,720 after you have failures of different kind-- spare parts 379 00:16:59,720 --> 00:17:03,680 management, reconfiguring system during use 380 00:17:03,680 --> 00:17:06,079 for different purposes, upgrading system, 381 00:17:06,079 --> 00:17:07,730 and then retrofits. 382 00:17:07,730 --> 00:17:11,540 So what is a retrofit? 383 00:17:11,540 --> 00:17:12,990 Anybody know? 384 00:17:12,990 --> 00:17:15,736 At EPFL, are you familiar with the term retrofit? 385 00:17:15,736 --> 00:17:17,069 Have you heard this word before? 386 00:17:19,609 --> 00:17:23,030 Volcker, do you want to explain what it means? 387 00:17:23,030 --> 00:17:24,461 GUEST SPEAKER: Absolutely. 388 00:17:24,461 --> 00:17:28,810 So for example, let's take your [INAUDIBLE] system, the system 389 00:17:28,810 --> 00:17:30,600 volt's M109. 390 00:17:30,600 --> 00:17:32,970 Ours says from USA. 391 00:17:32,970 --> 00:17:37,634 Back in the '60s, '70s, then these things are aluminum, 392 00:17:37,634 --> 00:17:40,130 launch self-propelled. 393 00:17:40,130 --> 00:17:44,470 And in the '80s, '90s, they decided to not throw them away. 394 00:17:44,470 --> 00:17:45,890 They don't rust. 395 00:17:45,890 --> 00:17:49,570 But to retrofit them, to put guidance navigation 396 00:17:49,570 --> 00:17:51,022 system, new cam. 397 00:17:51,022 --> 00:17:52,740 So waiting through a retrofit program, 398 00:17:52,740 --> 00:17:55,856 meaning you sort of break down everything, 399 00:17:55,856 --> 00:17:59,690 down to the lowest elements, you decide what you can keep. 400 00:17:59,690 --> 00:18:03,080 You throw away the obsolete stuff. 401 00:18:03,080 --> 00:18:04,905 You buy new things, and you try to make it. 402 00:18:04,905 --> 00:18:05,530 PROFESSOR: Yup. 403 00:18:05,530 --> 00:18:07,290 GUEST SPEAKER: And then you reconfigure. 404 00:18:07,290 --> 00:18:09,510 PROFESSOR: So retrofit typically means 405 00:18:09,510 --> 00:18:11,640 you physically go out in the field, 406 00:18:11,640 --> 00:18:14,760 and you physically change the system. 407 00:18:14,760 --> 00:18:16,530 Like Volcker said, you remove things, 408 00:18:16,530 --> 00:18:18,540 you typically add new things. 409 00:18:18,540 --> 00:18:21,480 So now you have like old generation and new generation 410 00:18:21,480 --> 00:18:23,760 stuff mixed up in the system. 411 00:18:23,760 --> 00:18:27,330 Retrofitting is a huge deal, particularly in the military, 412 00:18:27,330 --> 00:18:34,110 but in other domains as well, like hospitals, infrastructure, 413 00:18:34,110 --> 00:18:35,910 train systems. 414 00:18:35,910 --> 00:18:41,269 You go there, and you see a mix of old stuff 415 00:18:41,269 --> 00:18:43,560 from when the system was originally built and deployed, 416 00:18:43,560 --> 00:18:47,040 and then new stuff layered on top of it through retrofits. 417 00:18:47,040 --> 00:18:50,910 And the key question, of course, when you do a retrofit is, 418 00:18:50,910 --> 00:18:53,720 you want the retrofit not to interfere. 419 00:18:53,720 --> 00:18:56,100 You want it to actually be value added as opposed 420 00:18:56,100 --> 00:18:57,740 to causing more problems. 421 00:18:57,740 --> 00:18:59,040 Yeah, go ahead. 422 00:18:59,040 --> 00:19:03,720 AUDIENCE: Is retrofit the same as medium-life up grade? 423 00:19:03,720 --> 00:19:05,220 PROFESSOR: I would say it this way-- 424 00:19:05,220 --> 00:19:10,170 a medium-life or middle-of-the-life upgrade is 425 00:19:10,170 --> 00:19:13,800 a particular type of retrofit that you do roughly halfway 426 00:19:13,800 --> 00:19:15,830 through the nominal mission life. 427 00:19:15,830 --> 00:19:21,510 Yes, and do you have experience with such upgrade? 428 00:19:21,510 --> 00:19:25,800 AUDIENCE: Yes, actually we have both F-5 and AMX in Brazil. 429 00:19:25,800 --> 00:19:29,897 We have the medium-life upgrade and both performed by Embraer. 430 00:19:29,897 --> 00:19:30,480 PROFESSOR: OK. 431 00:19:30,480 --> 00:19:32,938 AUDIENCE: So it's interesting because the F-5, for example, 432 00:19:32,938 --> 00:19:33,480 is Northrop. 433 00:19:33,480 --> 00:19:36,150 And the medium-life upgrade was performed by Embraer. 434 00:19:36,150 --> 00:19:38,520 And we had lots of issues about it. 435 00:19:38,520 --> 00:19:41,230 PROFESSOR: So what was done to the airplane? 436 00:19:41,230 --> 00:19:45,120 AUDIENCE: Completely change of the dashboard panels 437 00:19:45,120 --> 00:19:48,855 and new electronic warfare equipment. 438 00:19:48,855 --> 00:19:54,450 But they kept the old hydraulics engine and-- 439 00:19:54,450 --> 00:19:55,950 actually, hydraulics and engine. 440 00:19:55,950 --> 00:19:58,269 The electrical system was changed as well. 441 00:19:58,269 --> 00:19:59,560 PROFESSOR: Was changed as well. 442 00:19:59,560 --> 00:20:02,190 So you keep the frame, the engine-- 443 00:20:02,190 --> 00:20:04,290 AUDIENCE: And you change the radar, the antennas, 444 00:20:04,290 --> 00:20:05,494 and lots of different stuff. 445 00:20:05,494 --> 00:20:06,660 PROFESSOR: That makes sense. 446 00:20:06,660 --> 00:20:07,368 That makes sense. 447 00:20:07,368 --> 00:20:11,100 AUDIENCE: A new head-up display, a new helmet, stuff like that. 448 00:20:11,100 --> 00:20:12,880 PROFESSOR: The interesting discussion, 449 00:20:12,880 --> 00:20:15,880 which I think in the US for much equipment, 450 00:20:15,880 --> 00:20:17,520 and Switzerland same discussions, 451 00:20:17,520 --> 00:20:22,020 is by the time you start adding up the cost of a midlife 452 00:20:22,020 --> 00:20:25,890 upgrade or retrofit, you start adding all these things up, 453 00:20:25,890 --> 00:20:27,690 pretty quickly you come to the question, 454 00:20:27,690 --> 00:20:29,670 well, wow that's pretty expensive. 455 00:20:29,670 --> 00:20:34,080 Is it really worth it, investing x millions or billions 456 00:20:34,080 --> 00:20:39,200 to squeeze another 10, 15 years out of this platform? 457 00:20:39,200 --> 00:20:42,740 Or should we just buy a new one and retire this one? 458 00:20:42,740 --> 00:20:45,330 And you'll have very vigorous debates about that. 459 00:20:45,330 --> 00:20:46,417 Yeah? 460 00:20:46,417 --> 00:20:48,500 AUDIENCE: Just how does the funding structure ever 461 00:20:48,500 --> 00:20:51,380 come into play when determining how sustainable, 462 00:20:51,380 --> 00:20:53,170 or how you're going to retrofit something? 463 00:20:53,170 --> 00:20:55,790 I know sometimes, where you worked 464 00:20:55,790 --> 00:20:57,830 funding ends this time and something else 465 00:20:57,830 --> 00:20:58,840 starts up this time. 466 00:20:58,840 --> 00:21:00,230 So sometimes, you kind of design a little bit 467 00:21:00,230 --> 00:21:01,063 around those things. 468 00:21:01,063 --> 00:21:03,070 Is that ever taken into consideration? 469 00:21:03,070 --> 00:21:05,810 PROFESSOR: Well, I think enlightened companies, 470 00:21:05,810 --> 00:21:11,030 enlightened organizations will actually build in retrofit 471 00:21:11,030 --> 00:21:14,390 and upgrade costs into their original budgets. 472 00:21:14,390 --> 00:21:19,190 But does it happen often? 473 00:21:19,190 --> 00:21:21,680 I think it's a minority of organizations who really 474 00:21:21,680 --> 00:21:25,170 are honest to think about the full lifecycle cost, 475 00:21:25,170 --> 00:21:27,170 including upgrades and retrofits. 476 00:21:27,170 --> 00:21:30,410 And to be honest, sometimes, these retrofits, 477 00:21:30,410 --> 00:21:32,360 it's hard to know about them ahead of time. 478 00:21:32,360 --> 00:21:36,260 In some cases you can predict them, but in many cases, 479 00:21:36,260 --> 00:21:37,460 it's more reactive. 480 00:21:37,460 --> 00:21:43,370 In fact, I'll tell you a story about the F-18. 481 00:21:43,370 --> 00:21:46,640 These retrofits often come in bundles or packages 482 00:21:46,640 --> 00:21:51,830 called ECPs, Engineering Change Proposals. 483 00:21:51,830 --> 00:21:54,200 They're sort of packages of changes. 484 00:21:54,200 --> 00:21:57,920 And it's almost blackmail, but it's 485 00:21:57,920 --> 00:22:03,110 like, here's a bundle of changes that is x million dollars. 486 00:22:03,110 --> 00:22:07,890 And it's up to you whether you want to implement that or not. 487 00:22:07,890 --> 00:22:09,630 But if you choose not to implement, 488 00:22:09,630 --> 00:22:12,870 then the warranty is void. 489 00:22:12,870 --> 00:22:18,390 Or you're losing compatibility with any future upgrades. 490 00:22:18,390 --> 00:22:19,950 Do you see what I'm saying? 491 00:22:19,950 --> 00:22:23,400 So the configurations then start to diverge. 492 00:22:23,400 --> 00:22:26,830 And then you have to make a tough decision. 493 00:22:26,830 --> 00:22:30,690 Do you spend money on an upgrade that maybe you don't absolutely 494 00:22:30,690 --> 00:22:34,770 need, but some other customers wanted? 495 00:22:34,770 --> 00:22:36,780 And if you say no, we don't want this. 496 00:22:36,780 --> 00:22:38,460 We're going to freeze the configuration 497 00:22:38,460 --> 00:22:39,870 where we are today. 498 00:22:39,870 --> 00:22:43,260 Then, you might lose the option for future upgrades. 499 00:22:43,260 --> 00:22:45,090 And if you then choose to upgrade later, 500 00:22:45,090 --> 00:22:46,960 it could be much more expensive. 501 00:22:46,960 --> 00:22:52,650 And that's systems engineering too. 502 00:22:52,650 --> 00:22:55,800 And it gets into technical issue, financial issues, 503 00:22:55,800 --> 00:22:57,540 strategic issues. 504 00:22:57,540 --> 00:23:02,040 So I hope you're getting a sense here that this is all 505 00:23:02,040 --> 00:23:03,300 happening during operations. 506 00:23:03,300 --> 00:23:04,890 This is fascinating stuff. 507 00:23:04,890 --> 00:23:06,180 This is not boring. 508 00:23:06,180 --> 00:23:09,260 This is not just routine operations. 509 00:23:09,260 --> 00:23:16,700 OK, so in operations, we have launch for spacecraft science 510 00:23:16,700 --> 00:23:21,230 operations, safehold, anomaly resolution, and so forth. 511 00:23:21,230 --> 00:23:24,110 And I just want to show you a quick video here 512 00:23:24,110 --> 00:23:28,280 about the James Webb-- this is a one-minute video 513 00:23:28,280 --> 00:23:31,520 about the anticipated deployment of the James Webb Space 514 00:23:31,520 --> 00:23:32,484 Telescope. 515 00:23:32,484 --> 00:23:33,650 I think, I mentioned to you. 516 00:23:33,650 --> 00:23:37,550 I've worked on this as a Master's student. 517 00:23:37,550 --> 00:23:40,020 This is supposed to happen in 2018, 518 00:23:40,020 --> 00:23:42,410 launch from Kourou on an Ariane rocket. 519 00:23:42,410 --> 00:23:48,380 This is a NASA-ISA collaboration. 520 00:23:48,380 --> 00:23:51,540 You can see right now, the spacecraft has been launched. 521 00:23:51,540 --> 00:23:54,710 It's deploying its sunshield. 522 00:23:54,710 --> 00:23:56,630 These are very thin membranes. 523 00:23:56,630 --> 00:23:59,720 The purpose of the sunshield is to keep the optics cold. 524 00:23:59,720 --> 00:24:01,910 The optics are on the top here. 525 00:24:01,910 --> 00:24:06,920 And there's spreaders, and there shouldn't be any wrinkles. 526 00:24:06,920 --> 00:24:08,280 And there's multiple layers. 527 00:24:08,280 --> 00:24:09,360 You can see the layers. 528 00:24:09,360 --> 00:24:11,940 Now, first you spread it out horizontally. 529 00:24:11,940 --> 00:24:14,060 Now, the layers are being spread to be 530 00:24:14,060 --> 00:24:16,490 right at the right angles. 531 00:24:16,490 --> 00:24:20,430 And I don't know what's happening right now. 532 00:24:20,430 --> 00:24:30,170 But the last step that should happen-- 533 00:24:30,170 --> 00:24:32,510 I guess it didn't quite play until the end. 534 00:24:32,510 --> 00:24:33,980 But the last thing that happens is 535 00:24:33,980 --> 00:24:35,660 the optics are then deployed. 536 00:24:35,660 --> 00:24:40,580 And the optical deployment is also very, very involved 537 00:24:40,580 --> 00:24:43,250 and has to be very precise. 538 00:24:43,250 --> 00:24:47,410 So let me just minimize this. 539 00:24:47,410 --> 00:24:51,250 So and then after that, you have a commissioning. 540 00:24:51,250 --> 00:24:53,530 I should also mention that the James Webb State, 541 00:24:53,530 --> 00:24:56,500 when I worked on it, it was a $500-million mission. 542 00:24:56,500 --> 00:24:59,900 It's now become an $8-billion mission. 543 00:24:59,900 --> 00:25:01,520 But the purpose of this instrument 544 00:25:01,520 --> 00:25:06,050 is to look back in time to what's known as the dark ages. 545 00:25:06,050 --> 00:25:10,370 It's basically like 300,000 years to about 100 million 546 00:25:10,370 --> 00:25:12,140 years after the Big Bang. 547 00:25:12,140 --> 00:25:15,080 The formation of the very first Pluto galaxies. 548 00:25:15,080 --> 00:25:18,350 We can't observe that right now with Hubble or from the ground, 549 00:25:18,350 --> 00:25:20,930 mainly because these are so far away because 550 00:25:20,930 --> 00:25:24,380 of the expansion of the universe that the radiation is 551 00:25:24,380 --> 00:25:25,400 redshifted. 552 00:25:25,400 --> 00:25:27,300 And this is all in the infrared. 553 00:25:27,300 --> 00:25:30,560 So you to have a very quiet, very cold instrument to 554 00:25:30,560 --> 00:25:33,480 see these first proto-galaxies being formed. 555 00:25:33,480 --> 00:25:37,040 So I know we can argue, is it worth spending 8 billion 556 00:25:37,040 --> 00:25:39,410 to see the very first galaxy being formed or not? 557 00:25:39,410 --> 00:25:40,360 People will debate it. 558 00:25:40,360 --> 00:25:43,520 But the fact is, it's happening. 559 00:25:43,520 --> 00:25:45,225 James Webb will launch. 560 00:25:45,225 --> 00:25:47,600 And then, it's going to go through a commissioning phase, 561 00:25:47,600 --> 00:25:49,290 like I just talked about. 562 00:25:49,290 --> 00:25:52,910 So I want you to answer this question here. 563 00:25:52,910 --> 00:25:55,190 How long do you think the commissioning 564 00:25:55,190 --> 00:25:58,750 phase of the James Webb Space Telescope will take? 565 00:25:58,750 --> 00:26:00,070 Three days, a week-- 566 00:26:00,070 --> 00:26:02,140 in orbit that is. 567 00:26:02,140 --> 00:26:05,270 Three days, a week, three weeks, a month, three months, 568 00:26:05,270 --> 00:26:07,180 six months, or you're not sure. 569 00:26:07,180 --> 00:26:09,850 So answer that question, and then we'll take a short break, 570 00:26:09,850 --> 00:26:15,272 like five minutes, and look at the answer. 571 00:26:15,272 --> 00:26:16,706 Yup? 572 00:26:16,706 --> 00:26:21,180 AUDIENCE: Are they still on schedule with the telescope? 573 00:26:21,180 --> 00:26:22,870 Or do you have any idea on whether that 574 00:26:22,870 --> 00:26:24,314 will slip some more? 575 00:26:24,314 --> 00:26:25,730 PROFESSOR: When I worked on it, it 576 00:26:25,730 --> 00:26:32,450 was supposed to launch in 2008. 577 00:26:32,450 --> 00:26:33,380 But I do think-- 578 00:26:33,380 --> 00:26:36,080 I mean, the spacecraft is being integrated right now 579 00:26:36,080 --> 00:26:37,970 at Northrop Grumman. 580 00:26:37,970 --> 00:26:39,980 We saw it in January. 581 00:26:39,980 --> 00:26:42,440 So they're not lying to us, I think. 582 00:26:42,440 --> 00:26:44,900 They're actually putting things together. 583 00:26:44,900 --> 00:26:50,180 And I think, it's going to launch in 20-- 584 00:26:50,180 --> 00:26:52,190 maybe slip by another six months, or maybe 585 00:26:52,190 --> 00:26:53,630 a year but not more. 586 00:26:53,630 --> 00:26:55,280 I don't think so. 587 00:26:55,280 --> 00:26:58,430 Basically, how long does it take from what you just 588 00:26:58,430 --> 00:27:03,255 saw in the video until PIs, Principal Investigator 589 00:27:03,255 --> 00:27:03,755 scientists-- 590 00:27:03,755 --> 00:27:04,100 [INTERPOSING VOICES] 591 00:27:04,100 --> 00:27:05,330 AUDIENCE: Can start using it. 592 00:27:05,330 --> 00:27:07,610 PROFESSOR: --can start using it for real science. 593 00:27:07,610 --> 00:27:09,440 How long will that take? 594 00:27:09,440 --> 00:27:12,160 So who wants to respond? 595 00:27:12,160 --> 00:27:16,400 Who thinks it's like a month, three weeks, a week? 596 00:27:16,400 --> 00:27:17,620 A month or less? 597 00:27:17,620 --> 00:27:20,020 Who responded to that, a month or less. 598 00:27:20,020 --> 00:27:21,810 Go ahead. 599 00:27:21,810 --> 00:27:22,910 What were you thinking? 600 00:27:25,790 --> 00:27:27,344 AUDIENCE: No specific idea. 601 00:27:27,344 --> 00:27:28,760 PROFESSOR: What were you imagining 602 00:27:28,760 --> 00:27:29,759 would happen in a month? 603 00:27:29,759 --> 00:27:32,060 AUDIENCE: I thought that it couldn't be very, very 604 00:27:32,060 --> 00:27:38,880 long because if the objective is to collect the data, 605 00:27:38,880 --> 00:27:41,750 you can't wait that much before you start using it. 606 00:27:41,750 --> 00:27:44,360 But I had no specific ideas. 607 00:27:44,360 --> 00:27:46,730 PROFESSOR: No, I think that's a good answer. 608 00:27:46,730 --> 00:27:53,210 You deploy the solar panels, the sunshield, the optics, 609 00:27:53,210 --> 00:27:54,710 the spacecraft's at the right place. 610 00:27:54,710 --> 00:27:56,580 By the way, this is going to launch too 611 00:27:56,580 --> 00:28:00,020 in Earth-trailing orbit, like Earth-Sun L2, kind 612 00:28:00,020 --> 00:28:01,220 of trailing orbit. 613 00:28:01,220 --> 00:28:05,000 So it's kind of away from the Earth, from albedo, all that. 614 00:28:05,000 --> 00:28:07,640 So you deployed it, let's get on with it. 615 00:28:07,640 --> 00:28:08,540 [LAUGHTER] 616 00:28:08,540 --> 00:28:11,360 Yeah, I agree. 617 00:28:11,360 --> 00:28:14,120 And then I think, 37% of you, a third of you 618 00:28:14,120 --> 00:28:18,590 thought maybe three months, and then 40% about six months. 619 00:28:18,590 --> 00:28:22,480 All right, so let's look at the current plans. 620 00:28:22,480 --> 00:28:25,280 And I took some slides here-- 621 00:28:25,280 --> 00:28:27,770 I referenced it-- from a lady that 622 00:28:27,770 --> 00:28:30,920 works at the Space Telescope Science Institute that's 623 00:28:30,920 --> 00:28:34,460 located in Baltimore, the NASA's Goddard Space 624 00:28:34,460 --> 00:28:35,480 Center of Baltimore. 625 00:28:35,480 --> 00:28:37,410 This is from last year. 626 00:28:37,410 --> 00:28:41,180 So here's the plan to launch in October of 2018, 627 00:28:41,180 --> 00:28:42,500 and then do the deployment. 628 00:28:42,500 --> 00:28:45,440 And the answer is right now six months. 629 00:28:45,440 --> 00:28:47,940 Six months commissioning phase-- 630 00:28:47,940 --> 00:28:50,080 and then, there's different cycles 631 00:28:50,080 --> 00:28:53,300 of-- so GO stands for guest observer. 632 00:28:53,300 --> 00:28:55,260 So you have primary PIs. 633 00:28:55,260 --> 00:28:56,990 They usually get first dibs. 634 00:28:56,990 --> 00:29:02,390 And then you have observing time for guest observers. 635 00:29:02,390 --> 00:29:04,310 Here's another little bit more detail. 636 00:29:04,310 --> 00:29:07,730 So full schedule of deployment and check-out activities, 637 00:29:07,730 --> 00:29:09,960 a limited set of science calibration 638 00:29:09,960 --> 00:29:13,340 ops possible, science observations highly unlikely 639 00:29:13,340 --> 00:29:15,230 during this six-months phase. 640 00:29:15,230 --> 00:29:18,040 And then, you have this Guest Observer Program, 641 00:29:18,040 --> 00:29:22,430 and there's a budget, actually, Guaranteed Time Observation 642 00:29:22,430 --> 00:29:26,070 Program from April of 2019-- 643 00:29:26,070 --> 00:29:31,460 a total of 3,960 hours allocated in the first 30 months 644 00:29:31,460 --> 00:29:34,230 after commissioning, OK? 645 00:29:34,230 --> 00:29:38,810 And so those 3,960 hours are-- 646 00:29:38,810 --> 00:29:40,160 people will fight over this. 647 00:29:40,160 --> 00:29:41,900 And there's a very detailed process 648 00:29:41,900 --> 00:29:46,280 for how to allocate and compete for that observation time. 649 00:29:46,280 --> 00:29:47,870 But the answer here is six months. 650 00:29:47,870 --> 00:29:50,780 And it really surprised me too that it's 651 00:29:50,780 --> 00:29:56,660 going to take this long but the reason it takes so long 652 00:29:56,660 --> 00:29:59,030 is mainly calibration. 653 00:29:59,030 --> 00:30:00,650 Calibration is a big thing. 654 00:30:00,650 --> 00:30:03,770 You want to make sure that all the observations you're 655 00:30:03,770 --> 00:30:05,840 going to take are correct. 656 00:30:05,840 --> 00:30:08,180 And in order to do a proper calibration, 657 00:30:08,180 --> 00:30:11,870 you have to essentially image things that have already 658 00:30:11,870 --> 00:30:15,050 been imaged before by other instruments that were also 659 00:30:15,050 --> 00:30:16,640 properly calibrated. 660 00:30:16,640 --> 00:30:19,310 So that for a known set of targets, 661 00:30:19,310 --> 00:30:21,350 you know you're getting the same answer. 662 00:30:21,350 --> 00:30:23,510 And that just takes time. 663 00:30:23,510 --> 00:30:25,700 I think, in a nutshell, that's the main reason it 664 00:30:25,700 --> 00:30:27,070 takes so long. 665 00:30:27,070 --> 00:30:28,130 GUEST SPEAKER: Pardon me? 666 00:30:28,130 --> 00:30:30,021 PROFESSOR: Yup, go ahead. 667 00:30:30,021 --> 00:30:31,770 GUEST SPEAKER: There's also the one aspect 668 00:30:31,770 --> 00:30:35,620 with this observatory is that you have to be stabilized. 669 00:30:35,620 --> 00:30:39,050 And as you get to bring it up from Earth, even though it 670 00:30:39,050 --> 00:30:42,194 was pulled together in a clean, very high [INAUDIBLE],, 671 00:30:42,194 --> 00:30:43,402 it's going to have to deploy. 672 00:30:43,402 --> 00:30:46,250 And then, just to get to the chemical stabilization, 673 00:30:46,250 --> 00:30:49,740 it's going to spend weeks before they even can start 674 00:30:49,740 --> 00:30:51,346 to calibrate the instruments. 675 00:30:51,346 --> 00:30:52,820 So for you to get the outgassing, 676 00:30:52,820 --> 00:30:55,170 the whole volatile substances and get 677 00:30:55,170 --> 00:30:58,232 that they move far away, not from the spacecraft, that they 678 00:30:58,232 --> 00:31:02,035 dilute in space, get stabilization of temperature, 679 00:31:02,035 --> 00:31:04,512 and then you can only start checking instruments. 680 00:31:04,512 --> 00:31:05,470 PROFESSOR: Great point. 681 00:31:05,470 --> 00:31:08,070 So thermal stability, outgassing-- 682 00:31:08,070 --> 00:31:10,100 so really everything is very stable. 683 00:31:10,100 --> 00:31:12,060 Yeah, very good point. 684 00:31:12,060 --> 00:31:15,280 OK, so let me talk briefly. 685 00:31:15,280 --> 00:31:17,580 I'm going to go through two examples of research 686 00:31:17,580 --> 00:31:18,540 in operations. 687 00:31:18,540 --> 00:31:22,190 And then, we'll talk about the post-flight review. 688 00:31:22,190 --> 00:31:26,060 All right, so the first thing is, each of these two examples 689 00:31:26,060 --> 00:31:26,980 are based on papers. 690 00:31:26,980 --> 00:31:29,900 So "Spare parts requirements for space missions 691 00:31:29,900 --> 00:31:32,570 with reconfigurability and commonality." 692 00:31:32,570 --> 00:31:35,880 This is based on a paper in Journal of Spacecraft 693 00:31:35,880 --> 00:31:37,910 and Rockets, 2007. 694 00:31:37,910 --> 00:31:43,190 So and this work was done during the Constellation Program which 695 00:31:43,190 --> 00:31:46,760 was, we're going to go back to the moon. 696 00:31:46,760 --> 00:31:49,850 We will re-establish a human presence on the moon. 697 00:31:49,850 --> 00:31:52,400 And we're going to bring a whole bunch of stuff 698 00:31:52,400 --> 00:31:54,800 with us, more than we did during Apollo to do this. 699 00:31:54,800 --> 00:31:56,720 So the picture on the upper-right, 700 00:31:56,720 --> 00:32:00,290 you see a habitat on top of a Lander stage. 701 00:32:00,290 --> 00:32:03,020 You see an Ascent Vehicle with a Lander stage. 702 00:32:03,020 --> 00:32:06,480 You see a Rover that looks kind of similar to the Lunar Rover, 703 00:32:06,480 --> 00:32:08,990 but there's also a pressurized version of it. 704 00:32:08,990 --> 00:32:11,640 So we're going to bring a whole bunch of stuff. 705 00:32:11,640 --> 00:32:16,370 And the challenge is during operations, things will break. 706 00:32:16,370 --> 00:32:19,070 So you need to bring spare parts to support all this. 707 00:32:19,070 --> 00:32:21,800 And some recent research we've done in my group 708 00:32:21,800 --> 00:32:24,560 shows that for Mars, it's the same problem. 709 00:32:24,560 --> 00:32:26,570 You're going to stay there a long time. 710 00:32:26,570 --> 00:32:28,320 You don't know exactly what will break. 711 00:32:28,320 --> 00:32:30,470 But if you want a high probability 712 00:32:30,470 --> 00:32:33,110 of being able to successfully operate, 713 00:32:33,110 --> 00:32:35,120 you do need to bring spares. 714 00:32:35,120 --> 00:32:39,260 So the idea that was explored here is, what if those spares 715 00:32:39,260 --> 00:32:41,180 could be common or reconfigurable 716 00:32:41,180 --> 00:32:43,310 and you can do scavenging? 717 00:32:43,310 --> 00:32:46,850 So the idea is that, instead of bringing a dedicated spare-- 718 00:32:46,850 --> 00:32:48,560 if you give these three systems that 719 00:32:48,560 --> 00:32:51,760 are shown here, The Habitat, the Ascent Vehicle, and the Rover, 720 00:32:51,760 --> 00:32:54,260 to three different companies to build, 721 00:32:54,260 --> 00:32:55,940 and they don't talk to each other, 722 00:32:55,940 --> 00:32:58,400 and you don't impose any commonality requirements, 723 00:32:58,400 --> 00:33:01,410 you're going to get very different solutions. 724 00:33:01,410 --> 00:33:03,320 What's the classic example of this 725 00:33:03,320 --> 00:33:06,460 in spaceflight, human spaceflight? 726 00:33:06,460 --> 00:33:07,330 Apollo 13. 727 00:33:07,330 --> 00:33:08,730 What happened in Apollo 13? 728 00:33:11,430 --> 00:33:14,320 The cartridges for the CO2 scrubbing, 729 00:33:14,320 --> 00:33:16,470 square cartridges versus round cartridges. 730 00:33:16,470 --> 00:33:19,457 The two different contractors, they didn't talk to each other. 731 00:33:19,457 --> 00:33:21,790 The government didn't say you have to make these common, 732 00:33:21,790 --> 00:33:23,290 so they weren't common. 733 00:33:23,290 --> 00:33:25,630 So the idea here is, what is the effect 734 00:33:25,630 --> 00:33:30,710 of reconfigurable and common spares on system availability 735 00:33:30,710 --> 00:33:34,670 if you allow temporary scavenging and cannibalization 736 00:33:34,670 --> 00:33:36,550 of systems that aren't used? 737 00:33:36,550 --> 00:33:40,930 And so one thing you need for that is an operational profile 738 00:33:40,930 --> 00:33:42,280 for each element. 739 00:33:42,280 --> 00:33:44,200 And that's shown in the lower left. 740 00:33:44,200 --> 00:33:46,510 So this is essentially a binary. 741 00:33:46,510 --> 00:33:50,860 Zero means that particular element is dormant 742 00:33:50,860 --> 00:33:52,320 or not being used. 743 00:33:52,320 --> 00:33:54,280 It's kind of in slumber mode. 744 00:33:54,280 --> 00:33:57,310 And 1 means it's actively being used. 745 00:33:57,310 --> 00:34:01,720 And so then we have at each of these time periods, T1, T2, 746 00:34:01,720 --> 00:34:03,310 T3-- 747 00:34:03,310 --> 00:34:05,200 our time periods where there is a change 748 00:34:05,200 --> 00:34:07,750 in the operational status of a particular element. 749 00:34:07,750 --> 00:34:11,530 Either it goes from sleeping mode to active mode, 750 00:34:11,530 --> 00:34:14,650 or from active mode to inactive mode. 751 00:34:14,650 --> 00:34:17,620 And so knowing these cycles' operational profiles 752 00:34:17,620 --> 00:34:19,510 is very important to do the analysis. 753 00:34:22,710 --> 00:34:24,519 So this is a little bit of math here. 754 00:34:24,519 --> 00:34:26,310 I'm not going to go through this in detail. 755 00:34:26,310 --> 00:34:30,960 But basically, when you do classical sparing, 756 00:34:30,960 --> 00:34:33,150 and maintainability, and failure analysis, 757 00:34:33,150 --> 00:34:38,080 you assume that failures arrive according to a Poisson process. 758 00:34:38,080 --> 00:34:43,480 So this is the equation for a Poisson distribution. 759 00:34:43,480 --> 00:34:46,540 And then you can see the various variables that are used here. 760 00:34:46,540 --> 00:34:51,070 So your lambda is your failure rate. 761 00:34:51,070 --> 00:34:56,850 P of n is the probability they have exactly n failures. 762 00:34:56,850 --> 00:35:01,080 And then, down here, we have the spares 763 00:35:01,080 --> 00:35:02,190 that are available to you. 764 00:35:02,190 --> 00:35:09,070 And really spares can come from two different sources. 765 00:35:09,070 --> 00:35:12,180 One is, you bring spares with you from Earth. 766 00:35:12,180 --> 00:35:15,570 So this is a spares from repository, s sub i. 767 00:35:15,570 --> 00:35:19,620 These are spares you brought with you as a pool of spares. 768 00:35:19,620 --> 00:35:23,400 And then s sub e are spares that you take out of elements 769 00:35:23,400 --> 00:35:25,140 that are not being used. 770 00:35:25,140 --> 00:35:28,380 So these are spares that are scavenged temporarily 771 00:35:28,380 --> 00:35:29,580 from inactive elements. 772 00:35:29,580 --> 00:35:33,210 That's s sub e minus n sub f, which 773 00:35:33,210 --> 00:35:37,970 is the number of failures that have occurred up to that point. 774 00:35:37,970 --> 00:35:40,570 So the total number of spares available at any given 775 00:35:40,570 --> 00:35:43,870 point in time is your initial spares pool 776 00:35:43,870 --> 00:35:46,720 plus spares you can scavenge from other inactive 777 00:35:46,720 --> 00:35:51,520 elements in the system, minus elements 778 00:35:51,520 --> 00:35:53,410 that have already failed. 779 00:35:53,410 --> 00:35:58,840 And this is assuming no repair, so you can't repair. 780 00:35:58,840 --> 00:36:01,240 And it assumes that you know ahead of time what 781 00:36:01,240 --> 00:36:03,110 the operational profile is. 782 00:36:03,110 --> 00:36:05,170 So there's spares available from elements 783 00:36:05,170 --> 00:36:07,940 from scavenging is this equation here. 784 00:36:07,940 --> 00:36:11,500 It's essentially the sum over all the elements, 785 00:36:11,500 --> 00:36:16,390 E. E is the number of elements in your architecture. 786 00:36:16,390 --> 00:36:20,650 Q sub E is something known as quantity per application, QPA 787 00:36:20,650 --> 00:36:21,880 also. 788 00:36:21,880 --> 00:36:25,570 So basically, if you have like a mission computer 789 00:36:25,570 --> 00:36:30,130 or in like UAVs, we have servos. 790 00:36:30,130 --> 00:36:31,900 Like, this particular element has 791 00:36:31,900 --> 00:36:34,340 six servos, identical servos. 792 00:36:34,340 --> 00:36:36,110 They're used on the vehicle. 793 00:36:36,110 --> 00:36:40,520 So QPA, this QE would be 6. 794 00:36:40,520 --> 00:36:42,610 So if that element isn't used, we 795 00:36:42,610 --> 00:36:46,090 could go in, take out a servo, put it in somewhere else. 796 00:36:46,090 --> 00:36:48,580 And so we can treat that as a spare, at least 797 00:36:48,580 --> 00:36:51,130 during the period where that UAV isn't used. 798 00:36:51,130 --> 00:36:53,230 Does that make sense? 799 00:36:53,230 --> 00:36:56,650 OK, so the difference then is that in the kind 800 00:36:56,650 --> 00:36:59,980 of classic way of doing it, we have dedicated spares. 801 00:36:59,980 --> 00:37:04,300 Each element, one element 1, element i, element E, 802 00:37:04,300 --> 00:37:08,095 has dedicated spares that only work on that vehicle. 803 00:37:11,050 --> 00:37:13,240 There's no swapping, there's no scavenging, 804 00:37:13,240 --> 00:37:15,040 there's no communality. 805 00:37:15,040 --> 00:37:18,490 And therefore, your spares repository, s sub i, 806 00:37:18,490 --> 00:37:20,290 is going to be pretty big because there's 807 00:37:20,290 --> 00:37:22,550 no commonality, no sparing. 808 00:37:22,550 --> 00:37:27,520 In this new situation, you have reconfigurable or common parts. 809 00:37:27,520 --> 00:37:29,950 So we still have a spares repository. 810 00:37:29,950 --> 00:37:33,970 But now those spares can be deployed across all or a subset 811 00:37:33,970 --> 00:37:37,190 of the elements, plus we can treat-- 812 00:37:37,190 --> 00:37:39,280 and this is this dashed line here-- 813 00:37:39,280 --> 00:37:44,840 we can treat elements that are part of idle elements. 814 00:37:44,840 --> 00:37:47,060 We can treat them temporarily as being 815 00:37:47,060 --> 00:37:49,070 part of the spares repository. 816 00:37:49,070 --> 00:37:51,140 Does that make sense? 817 00:37:51,140 --> 00:37:55,970 So that's a much more, in a sense, smarter way to do. 818 00:37:55,970 --> 00:38:00,020 And the question is, what's the benefit of this? 819 00:38:00,020 --> 00:38:05,750 So in order to calculate the benefits for this, 820 00:38:05,750 --> 00:38:07,410 we essentially-- 821 00:38:07,410 --> 00:38:08,660 we have some constraints. 822 00:38:08,660 --> 00:38:11,480 So for example, the number of failures that you can have 823 00:38:11,480 --> 00:38:12,680 is between-- 824 00:38:12,680 --> 00:38:14,570 if you have zero failures, that's great. 825 00:38:14,570 --> 00:38:16,160 That's your lower floor. 826 00:38:16,160 --> 00:38:19,040 And then N is the total number of units 827 00:38:19,040 --> 00:38:21,590 you have in your architecture, including 828 00:38:21,590 --> 00:38:24,890 the ones in the inventory, in the initial inventory, 829 00:38:24,890 --> 00:38:28,190 and plus the ones that are built into all the vehicles. 830 00:38:28,190 --> 00:38:31,370 And then, the key here is what's known as back-order level. 831 00:38:31,370 --> 00:38:36,260 So back-order essentially is the number of spares 832 00:38:36,260 --> 00:38:40,130 that you would need but may not-- 833 00:38:40,130 --> 00:38:43,700 so when the back-order level becomes larger than zero, 834 00:38:43,700 --> 00:38:47,690 it essentially means that your number of failures 835 00:38:47,690 --> 00:38:51,620 have exceeded the number of spares that you have. 836 00:38:51,620 --> 00:38:53,840 You don't have enough spares to satisfy 837 00:38:53,840 --> 00:38:55,520 all your operational needs. 838 00:38:55,520 --> 00:39:00,920 So this is this conditional back-order at spares level s. 839 00:39:00,920 --> 00:39:03,140 And you sum that essentially then 840 00:39:03,140 --> 00:39:06,770 over all the possible failure states that you could see. 841 00:39:06,770 --> 00:39:07,880 And why is that useful? 842 00:39:07,880 --> 00:39:10,250 Because you can then calculate essentially 843 00:39:10,250 --> 00:39:12,120 your element availability. 844 00:39:12,120 --> 00:39:16,640 So a is your availability of at time ti. 845 00:39:16,640 --> 00:39:19,610 And then your probability of the whole system 846 00:39:19,610 --> 00:39:23,720 is the minimum of your system availability at any time 847 00:39:23,720 --> 00:39:26,930 and point during your mission horizon, your mission time, 848 00:39:26,930 --> 00:39:29,510 T. Do you see how that works? 849 00:39:29,510 --> 00:39:32,570 So you have your spares. 850 00:39:32,570 --> 00:39:36,230 You have failures of the spares, which are random. 851 00:39:36,230 --> 00:39:37,880 And then you can calculate, are you 852 00:39:37,880 --> 00:39:41,120 going to have enough spares to operate every element that you 853 00:39:41,120 --> 00:39:45,410 need to operate when it's supposed to be operational? 854 00:39:45,410 --> 00:39:50,090 And the back-order level, this number b here, is what you use. 855 00:39:50,090 --> 00:39:52,950 You look at your back-order level across the whole mission 856 00:39:52,950 --> 00:39:57,930 timeline to see what your system availability will be. 857 00:39:57,930 --> 00:40:04,320 And there's a closed form approximation of this. 858 00:40:04,320 --> 00:40:08,660 And then for a larger number of elements and different QPAs 859 00:40:08,660 --> 00:40:11,790 and so forth, you typically then have to switch to simulation, 860 00:40:11,790 --> 00:40:14,100 like Monte Carlo simulations. 861 00:40:14,100 --> 00:40:17,200 So what are the results here? 862 00:40:17,200 --> 00:40:19,320 So this was applied to-- 863 00:40:19,320 --> 00:40:23,130 the example here is a co-located mission elements. 864 00:40:23,130 --> 00:40:26,130 This is for, I think, it was a lunar mission. 865 00:40:26,130 --> 00:40:30,430 And you define essentially the operational time profile, 866 00:40:30,430 --> 00:40:32,590 quantity per application, and so forth. 867 00:40:32,590 --> 00:40:35,520 And the example that was used was an electronic control unit, 868 00:40:35,520 --> 00:40:40,560 and ECU, with a meantime to failure of 100,000 hours. 869 00:40:40,560 --> 00:40:43,440 So failure rate is 1 over meantime to failure. 870 00:40:43,440 --> 00:40:46,020 Lambda is the expected failure rate 871 00:40:46,020 --> 00:40:48,370 is 1 over meantime to failure. 872 00:40:48,370 --> 00:40:50,700 So pretty reliable, 100,000 hours 873 00:40:50,700 --> 00:40:55,590 of operation meantime to failure is pretty reliable. 874 00:40:55,590 --> 00:40:57,850 But of course, you're far from Earth. 875 00:40:57,850 --> 00:41:01,140 This is a 600-day timeline, and you 876 00:41:01,140 --> 00:41:03,330 can see here the operational profiles 877 00:41:03,330 --> 00:41:04,760 for your various mission elements. 878 00:41:04,760 --> 00:41:07,590 So this is actually kind of reminds you of The Martian, 879 00:41:07,590 --> 00:41:08,500 right? 880 00:41:08,500 --> 00:41:11,342 Anybody seen the movie The Martian recently? 881 00:41:11,342 --> 00:41:12,300 Who's seen The Martian? 882 00:41:12,300 --> 00:41:15,030 Who's not seen The Martian? 883 00:41:15,030 --> 00:41:16,230 You've got to go. 884 00:41:16,230 --> 00:41:17,850 You're the only one in the room. 885 00:41:17,850 --> 00:41:19,080 It's a great movie. 886 00:41:19,080 --> 00:41:24,720 So he does scavenging and even things 887 00:41:24,720 --> 00:41:26,830 that weren't supposed to be scavenged. 888 00:41:26,830 --> 00:41:30,240 And so we have four elements here. 889 00:41:30,240 --> 00:41:35,220 We have the PR, which is the Pressurized Rover, the Habitat, 890 00:41:35,220 --> 00:41:39,780 the All-Terrain Vehicle, and then 891 00:41:39,780 --> 00:41:42,660 the ATV, which is the Ascent-Descent Vehicle. 892 00:41:42,660 --> 00:41:45,720 In this case, it's the same vehicle for ascent and descent. 893 00:41:45,720 --> 00:41:47,850 And so the Ascent-Descent Vehicle, 894 00:41:47,850 --> 00:41:51,000 you only need it when you land and when you depart. 895 00:41:51,000 --> 00:41:53,170 The rest of the time it's dormant. 896 00:41:53,170 --> 00:41:55,470 The Habitat is used while you're on the surface. 897 00:41:55,470 --> 00:41:57,840 The ATV is used while you're on the surface. 898 00:41:57,840 --> 00:42:00,372 And then, the Pressurized Rover is used-- 899 00:42:00,372 --> 00:42:01,830 the assumption here is you're going 900 00:42:01,830 --> 00:42:05,550 to operate for like 100 days very close to the base. 901 00:42:05,550 --> 00:42:07,470 And only after 100 days are you going 902 00:42:07,470 --> 00:42:11,490 to start going further away with the Pressurized Rover. 903 00:42:11,490 --> 00:42:13,340 So those are the operational profiles. 904 00:42:13,340 --> 00:42:14,140 Yeah? 905 00:42:14,140 --> 00:42:16,140 AUDIENCE: Is there an argument that you wouldn't 906 00:42:16,140 --> 00:42:19,325 want to be scavenging parts from your Ascent-Descent Vehicle 907 00:42:19,325 --> 00:42:20,490 at all? 908 00:42:20,490 --> 00:42:22,010 PROFESSOR: That's a good point. 909 00:42:22,010 --> 00:42:25,230 So if basically, your back-order level is too high, 910 00:42:25,230 --> 00:42:28,020 and you run out of your last spare the day 911 00:42:28,020 --> 00:42:32,280 before you're supposed to launch on the ADV, you're in trouble. 912 00:42:32,280 --> 00:42:36,990 But if that's the case, then what you have to do 913 00:42:36,990 --> 00:42:42,180 is you have to exclude the minimum-- 914 00:42:42,180 --> 00:42:45,150 and there may be redundancy in that Ascent Vehicle. 915 00:42:45,150 --> 00:42:47,490 And you may or may not be willing to sacrifice 916 00:42:47,490 --> 00:42:49,210 the redundancy. 917 00:42:49,210 --> 00:42:51,240 I mean, this is all about risk, right? 918 00:42:51,240 --> 00:42:55,650 And exclude those or keep out spares that you cannot touch 919 00:42:55,650 --> 00:42:59,520 because if you can't, then you can't get back home. 920 00:42:59,520 --> 00:43:02,460 So you just don't count those in your spares pool 921 00:43:02,460 --> 00:43:03,870 if that's the case. 922 00:43:03,870 --> 00:43:06,840 But you can still do the whole analysis. 923 00:43:06,840 --> 00:43:10,250 OK, so what's the bottom line here? 924 00:43:10,250 --> 00:43:12,660 What's the punch line here? 925 00:43:12,660 --> 00:43:18,953 So the punch line is that if you have a-- 926 00:43:18,953 --> 00:43:22,530 the D case here is the dedicated case, OK? 927 00:43:22,530 --> 00:43:25,290 So this is where there's no scavenging, 928 00:43:25,290 --> 00:43:28,200 there's no commonality of spares among these elements. 929 00:43:28,200 --> 00:43:30,240 You have to have dedicated spares. 930 00:43:30,240 --> 00:43:34,290 And let's assume you want a 90% availability, which 931 00:43:34,290 --> 00:43:37,290 is not that high. 932 00:43:37,290 --> 00:43:40,480 That's a relatively modest requirement. 933 00:43:40,480 --> 00:43:42,510 You want 90% availability. 934 00:43:42,510 --> 00:43:46,420 What it means is you need to have in this case, 935 00:43:46,420 --> 00:43:49,860 you can see the line just crosses 936 00:43:49,860 --> 00:43:51,910 below here, this crossover. 937 00:43:51,910 --> 00:43:56,340 You need four spares in your initial spares pool 938 00:43:56,340 --> 00:43:58,530 for this electronic control unit. 939 00:43:58,530 --> 00:44:02,190 You have to have at least four spares, dedicated spares, 940 00:44:02,190 --> 00:44:06,320 for that electronic control unit for a 600-day mission 941 00:44:06,320 --> 00:44:12,800 for a unit that has 100,000 MTTF or MTBF 942 00:44:12,800 --> 00:44:16,460 to guarantee at least 90% availability. 943 00:44:16,460 --> 00:44:18,240 And you say, oh, that's not a big deal. 944 00:44:18,240 --> 00:44:19,400 That's just four spares. 945 00:44:19,400 --> 00:44:21,230 Well, that's just one unit. 946 00:44:21,230 --> 00:44:23,180 That's just one box, right? 947 00:44:23,180 --> 00:44:24,890 You probably have dozens of boxes, 948 00:44:24,890 --> 00:44:27,920 or even hundreds across all these elements. 949 00:44:27,920 --> 00:44:31,010 And so that could be a lot of spares. 950 00:44:31,010 --> 00:44:35,300 You translate that to mass and volume, that's a big deal. 951 00:44:35,300 --> 00:44:43,460 So using closed-form analytics to calculate the minimum number 952 00:44:43,460 --> 00:44:45,770 of spares you need, this is the R case, 953 00:44:45,770 --> 00:44:47,480 the reconfigurable case. 954 00:44:47,480 --> 00:44:50,840 You can see that you can achieve that same requirement 955 00:44:50,840 --> 00:44:53,089 with two spares. 956 00:44:53,089 --> 00:44:53,630 You see that? 957 00:44:53,630 --> 00:44:55,950 That's this line here. 958 00:44:55,950 --> 00:44:58,700 It's this line here, and this is a conservative model. 959 00:44:58,700 --> 00:45:00,590 This is a conservative model. 960 00:45:00,590 --> 00:45:05,930 So by doing reconfigurable and common spares and scavenging, 961 00:45:05,930 --> 00:45:09,780 you can cut your number of spares in half. 962 00:45:09,780 --> 00:45:11,490 You can cut your number of spares in half 963 00:45:11,490 --> 00:45:15,560 and still achieve a 90% system availability. 964 00:45:15,560 --> 00:45:18,320 And then you multiply that across all the elements 965 00:45:18,320 --> 00:45:20,180 in your architecture. 966 00:45:20,180 --> 00:45:22,280 And that's a big deal. 967 00:45:22,280 --> 00:45:24,690 And then this result here-- 968 00:45:24,690 --> 00:45:28,040 so this is a rigorous bound because it 969 00:45:28,040 --> 00:45:29,780 makes some conservative assumptions, 970 00:45:29,780 --> 00:45:32,780 and it uses closed-form equations to calculate this. 971 00:45:32,780 --> 00:45:35,070 And the details are in the paper. 972 00:45:35,070 --> 00:45:37,520 And then this curve here is the simulated. 973 00:45:37,520 --> 00:45:41,660 So if you simulate this using essentially a discrete event 974 00:45:41,660 --> 00:45:44,480 simulation several times, and then you take averages, 975 00:45:44,480 --> 00:45:46,160 it's actually even a little better. 976 00:45:46,160 --> 00:45:48,930 This suggests you could even get away with one spare. 977 00:45:48,930 --> 00:45:55,080 But it's not as conservative as the closed-form solution. 978 00:45:55,080 --> 00:45:57,530 OK, so the bottom line is reconfigurable parts 979 00:45:57,530 --> 00:46:01,880 allow for 33% to 50% reduction in the number of required 980 00:46:01,880 --> 00:46:05,280 spares for 90% availability level. 981 00:46:05,280 --> 00:46:08,090 But if you think about what that means operationally, 982 00:46:08,090 --> 00:46:10,490 it means that you really have to know ahead 983 00:46:10,490 --> 00:46:13,400 of time what's going to be operational when, you have 984 00:46:13,400 --> 00:46:16,910 to have the crew trained to be able to actually go 985 00:46:16,910 --> 00:46:18,290 in and scavenge. 986 00:46:18,290 --> 00:46:20,000 And the equipment, the vehicles, have 987 00:46:20,000 --> 00:46:22,760 to be designed such that you can actually remove this stuff 988 00:46:22,760 --> 00:46:25,470 and put it back in relatively easily. 989 00:46:25,470 --> 00:46:28,370 So that would impose some accessibility, 990 00:46:28,370 --> 00:46:32,180 and replaceability, and maintainability requirements. 991 00:46:32,180 --> 00:46:34,854 The other option is you say, we don't want spares. 992 00:46:34,854 --> 00:46:36,770 Well, then you need to do a lot of redundancy. 993 00:46:36,770 --> 00:46:38,145 And then, your vehicles are going 994 00:46:38,145 --> 00:46:39,547 to get heavy and more complex. 995 00:46:39,547 --> 00:46:41,380 I mean, those are the real world trade-offs. 996 00:46:41,380 --> 00:46:42,950 Yup, Sam? 997 00:46:42,950 --> 00:46:45,050 AUDIENCE: Does this potentially increase 998 00:46:45,050 --> 00:46:47,900 the risk for the crew of the mission 999 00:46:47,900 --> 00:46:52,630 if there's some sort of inherent failure in the particular part 1000 00:46:52,630 --> 00:46:54,290 that is being used everywhere? 1001 00:46:54,290 --> 00:46:57,670 PROFESSOR: So I don't know if you looked ahead or you just-- 1002 00:46:57,670 --> 00:46:59,090 I know you're a smart guy, Sam. 1003 00:46:59,090 --> 00:47:05,270 So this is the answer to your question right here. 1004 00:47:05,270 --> 00:47:11,360 So this is great. 1005 00:47:11,360 --> 00:47:14,187 OK, we like the fact that we can cut down 1006 00:47:14,187 --> 00:47:15,770 on the number of spares and still meet 1007 00:47:15,770 --> 00:47:17,600 the same availability. 1008 00:47:17,600 --> 00:47:20,540 But you can ask the question in different ways. 1009 00:47:20,540 --> 00:47:24,470 So on the left side is a kind of sensitivity analysis 1010 00:47:24,470 --> 00:47:28,110 that says, well, maybe we're not so mass constrained. 1011 00:47:28,110 --> 00:47:30,830 We have plenty of transportation capacity. 1012 00:47:30,830 --> 00:47:33,260 So we're not really mass constrained. 1013 00:47:33,260 --> 00:47:38,600 But we know that designing ultra-reliable electronic boxes 1014 00:47:38,600 --> 00:47:41,790 or whatever components is very expensive, right? 1015 00:47:41,790 --> 00:47:48,820 So can we decrease the requirement 1016 00:47:48,820 --> 00:47:50,740 on the manufacturer of these boxes? 1017 00:47:50,740 --> 00:47:56,230 And can we go from, say, 100,000 to 75,000 MTTF? 1018 00:47:56,230 --> 00:48:00,290 So we're decreasing the nominal reliability of the equipment 1019 00:48:00,290 --> 00:48:02,080 by a fourth. 1020 00:48:02,080 --> 00:48:05,980 We're making the job easier for the supplier of that box. 1021 00:48:05,980 --> 00:48:08,940 Presumably, that should be cheaper. 1022 00:48:08,940 --> 00:48:11,890 That should be a cheaper box to design and build. 1023 00:48:11,890 --> 00:48:15,370 So what will happen if we drop the reliability requirement 1024 00:48:15,370 --> 00:48:17,060 by 25%? 1025 00:48:17,060 --> 00:48:19,000 And then you can see the impact here. 1026 00:48:19,000 --> 00:48:21,280 So the blue curve is essentially what 1027 00:48:21,280 --> 00:48:24,340 you get for the less reliable equipment. 1028 00:48:24,340 --> 00:48:28,920 And then the black was the original. 1029 00:48:28,920 --> 00:48:31,830 So now, Sam's question. 1030 00:48:31,830 --> 00:48:36,490 So this is basically-- so here's your failure rate. 1031 00:48:36,490 --> 00:48:39,640 OK, this is your failure rate, 10 to the minus 3. 1032 00:48:39,640 --> 00:48:42,644 And we're varying the failure rate over a large range. 1033 00:48:42,644 --> 00:48:44,560 And then we're looking at system availability. 1034 00:48:44,560 --> 00:48:47,890 This is for a fixed number of spares. 1035 00:48:47,890 --> 00:48:54,690 And what's really interesting-- so when your failure rate is 1036 00:48:54,690 --> 00:48:55,560 low-- 1037 00:48:55,560 --> 00:48:59,400 so we're on the left side-- 1038 00:48:59,400 --> 00:49:01,800 then the blue curve is lower, the dedicated case. 1039 00:49:01,800 --> 00:49:05,760 So for a fixed number of spares, for relatively reliable 1040 00:49:05,760 --> 00:49:09,330 equipment, you're better off going with the reconfigurable 1041 00:49:09,330 --> 00:49:10,155 or common spares. 1042 00:49:13,270 --> 00:49:15,910 This is logarithmic, so it's a little tricky. 1043 00:49:15,910 --> 00:49:18,360 So system availability is higher when 1044 00:49:18,360 --> 00:49:21,970 you have common and reconfigurable spares, 1045 00:49:21,970 --> 00:49:25,250 relatively reliable equipment. 1046 00:49:25,250 --> 00:49:26,780 But there's a crossover point. 1047 00:49:26,780 --> 00:49:30,920 If your boxes, your elements, your components, 1048 00:49:30,920 --> 00:49:33,740 are very unreliable, which is on the right side, 1049 00:49:33,740 --> 00:49:36,090 there's actually a crossover point. 1050 00:49:36,090 --> 00:49:39,140 And the idea is that, well, now because it's 1051 00:49:39,140 --> 00:49:41,960 common and reconfigurable across all the vehicles, 1052 00:49:41,960 --> 00:49:45,560 you have this really bad box that breaks all the time. 1053 00:49:45,560 --> 00:49:47,810 Now, the problem is everywhere. 1054 00:49:47,810 --> 00:49:49,970 Every vehicle, everything is affected by it. 1055 00:49:49,970 --> 00:49:53,930 Whereas before, it was kind of more contained, right? 1056 00:49:53,930 --> 00:49:56,210 And so that's what that crossover is. 1057 00:49:56,210 --> 00:50:00,080 So if you're in a situation with very unreliable equipment, 1058 00:50:00,080 --> 00:50:02,240 unreliable components, you're actually 1059 00:50:02,240 --> 00:50:06,110 worse off making them common or reconfigurable. 1060 00:50:06,110 --> 00:50:10,400 And you can now calculate where that crossover point is. 1061 00:50:10,400 --> 00:50:12,860 That's pretty cool, don't you think? 1062 00:50:12,860 --> 00:50:15,170 I get excited about this stuff. 1063 00:50:15,170 --> 00:50:17,960 I don't know about you guys, but this is real. 1064 00:50:17,960 --> 00:50:21,290 This is what you care-- in operations, this is-- 1065 00:50:21,290 --> 00:50:23,810 how many spares of each kind, can we 1066 00:50:23,810 --> 00:50:26,660 guarantee that we can successfully 1067 00:50:26,660 --> 00:50:29,600 do this campaign, whether it's a military campaign, 1068 00:50:29,600 --> 00:50:31,580 or you go to Antarctica. 1069 00:50:31,580 --> 00:50:33,830 And we heard about the Octanus Rover. 1070 00:50:33,830 --> 00:50:36,159 And it's just one Rover, but what's 1071 00:50:36,159 --> 00:50:38,450 all this stuff that you need to bring with you in terms 1072 00:50:38,450 --> 00:50:40,700 of spares to make sure you can actually 1073 00:50:40,700 --> 00:50:44,740 have a successful campaign and have a guarantee of that? 1074 00:50:44,740 --> 00:50:46,550 Yeah? 1075 00:50:46,550 --> 00:50:50,390 AUDIENCE: I'm wondering if the reconfigurability argument also 1076 00:50:50,390 --> 00:50:53,930 has some sort of impact on the kind of finances 1077 00:50:53,930 --> 00:50:55,820 and manufacturability-- in terms of if you're 1078 00:50:55,820 --> 00:50:58,460 making reconfigurable parts for different things, 1079 00:50:58,460 --> 00:51:01,220 they may be more similarly manufactured, 1080 00:51:01,220 --> 00:51:04,820 and therefore may represent a decrease in cost 1081 00:51:04,820 --> 00:51:05,960 on the manufacturing side? 1082 00:51:05,960 --> 00:51:08,030 If that's another motivation. 1083 00:51:08,030 --> 00:51:09,750 PROFESSOR: That's a great point. 1084 00:51:09,750 --> 00:51:11,930 What I will say about that is that 1085 00:51:11,930 --> 00:51:13,550 in order to capture that benefit, 1086 00:51:13,550 --> 00:51:15,860 you need to lock that in contractually. 1087 00:51:15,860 --> 00:51:19,370 So either you give all this work to the same manufacturer 1088 00:51:19,370 --> 00:51:24,170 and say, OK, you're now making 50 boxes instead of just five. 1089 00:51:24,170 --> 00:51:28,430 There has to be a discount on a per-unit basis for that. 1090 00:51:28,430 --> 00:51:30,140 Or if it's different manufacturers, 1091 00:51:30,140 --> 00:51:31,640 then it gets hard. 1092 00:51:31,640 --> 00:51:35,750 So yes, but you have to have the kind of business arrangements 1093 00:51:35,750 --> 00:51:38,530 that will allow you to capture that value. 1094 00:51:38,530 --> 00:51:41,840 EPFL-- were you able to follow this? 1095 00:51:41,840 --> 00:51:43,730 I know this is pretty detailed discussion 1096 00:51:43,730 --> 00:51:45,200 here on these curves. 1097 00:51:45,200 --> 00:51:49,140 Is it-- Maxim, you're sort of shaking your head. 1098 00:51:49,140 --> 00:51:50,140 Is it clear? 1099 00:51:53,510 --> 00:51:55,360 GUEST SPEAKER: [INAUDIBLE]-- 1100 00:51:55,360 --> 00:51:58,030 I can give you a concrete practical about everyday life 1101 00:51:58,030 --> 00:52:03,405 example that you probably know about in this particular view 1102 00:52:03,405 --> 00:52:04,540 of [INAUDIBLE]. 1103 00:52:04,540 --> 00:52:09,180 But imagine you go with your car on vacation for two weeks, 1104 00:52:09,180 --> 00:52:14,230 and your children all need Pampers [INAUDIBLE].. 1105 00:52:14,230 --> 00:52:16,350 And you can take them with you from your store. 1106 00:52:16,350 --> 00:52:17,516 Well, you know how they are. 1107 00:52:17,516 --> 00:52:19,824 They are more expensive but reliable. 1108 00:52:19,824 --> 00:52:21,990 But you don't know how many you're going to consume. 1109 00:52:21,990 --> 00:52:24,450 But you get a certain minimum amount per day, 1110 00:52:24,450 --> 00:52:26,940 and you hope you don't go over the limit. 1111 00:52:26,940 --> 00:52:28,200 Now, it takes lots of volume. 1112 00:52:28,200 --> 00:52:30,690 So you have to trade off your space because you 1113 00:52:30,690 --> 00:52:32,480 have fixed space in your car. 1114 00:52:32,480 --> 00:52:35,970 You cannot take more than the volume available. 1115 00:52:35,970 --> 00:52:39,665 And so this is exactly the kind of reliability curve you have. 1116 00:52:39,665 --> 00:52:41,040 You can take too little with you. 1117 00:52:41,040 --> 00:52:43,780 You have to buy the wrong stuff when you get there, 1118 00:52:43,780 --> 00:52:44,810 wherever you are. 1119 00:52:44,810 --> 00:52:49,414 And then it might have leaks and failures and not worth it. 1120 00:52:49,414 --> 00:52:52,160 So you'll need more than what you thought initially 1121 00:52:52,160 --> 00:52:53,752 and cost more as well. 1122 00:52:53,752 --> 00:52:56,225 So actually, this is extremely important in everyday life. 1123 00:52:56,225 --> 00:52:59,230 PROFESSOR: OK, so I like your-- 1124 00:52:59,230 --> 00:53:01,844 I'm past that stage with my kids several years. 1125 00:53:01,844 --> 00:53:02,760 GUEST SPEAKER: Me too. 1126 00:53:02,760 --> 00:53:04,740 PROFESSOR: But I'm going to amend your example 1127 00:53:04,740 --> 00:53:06,240 in the following way. 1128 00:53:06,240 --> 00:53:09,300 Basically, if you had two kids, and they're very different, 1129 00:53:09,300 --> 00:53:12,930 like one is really tall, and their same diapers will not 1130 00:53:12,930 --> 00:53:15,690 fit, then you have a problem, right? 1131 00:53:15,690 --> 00:53:19,260 But if they're twins, or if you buy stretchable diapers that 1132 00:53:19,260 --> 00:53:22,650 have a huge range, then you can cut down, right? 1133 00:53:22,650 --> 00:53:26,380 So you have to have like different kids in the car. 1134 00:53:26,380 --> 00:53:27,720 Then it works. 1135 00:53:27,720 --> 00:53:30,200 I think then the example works. 1136 00:53:30,200 --> 00:53:31,650 OK, let's see. 1137 00:53:31,650 --> 00:53:33,570 We're kind of running short on time. 1138 00:53:33,570 --> 00:53:34,920 So one more example. 1139 00:53:34,920 --> 00:53:39,120 This is based on the doctoral thesis of Jeremy [? Oktay. ?] 1140 00:53:39,120 --> 00:53:42,030 He's a flight test engineer. 1141 00:53:42,030 --> 00:53:44,430 And the question that he looked at 1142 00:53:44,430 --> 00:53:47,430 was robustness of degraded airplanes. 1143 00:53:47,430 --> 00:53:51,150 So the idea here is that some systems 1144 00:53:51,150 --> 00:53:54,450 are going to be used longer in long, ultra-endurance kind 1145 00:53:54,450 --> 00:53:58,950 of systems where you do not have the option of repair. 1146 00:53:58,950 --> 00:54:02,790 You don't have the option to land, repair, and fix 1147 00:54:02,790 --> 00:54:05,940 the system, and bring it back to its pristine 1148 00:54:05,940 --> 00:54:08,190 everything-is-working state. 1149 00:54:08,190 --> 00:54:11,190 And on the right side here, you see some examples of-- these 1150 00:54:11,190 --> 00:54:13,524 are real systems that people have worked on, 1151 00:54:13,524 --> 00:54:14,940 or are working on, or are thinking 1152 00:54:14,940 --> 00:54:16,830 about that have this situation. 1153 00:54:16,830 --> 00:54:21,450 The DARPA Vulture is a program where a UAV would stay aloft 1154 00:54:21,450 --> 00:54:25,080 for five years with no landing and a repair allowed. 1155 00:54:25,080 --> 00:54:27,450 So you can obviously see it's got solar panels, 1156 00:54:27,450 --> 00:54:31,860 and I think it has fuel cells as well, if I'm not mistaken. 1157 00:54:31,860 --> 00:54:34,440 So how do you achieve that? 1158 00:54:34,440 --> 00:54:39,000 This is an example from Antarctica flying several UAVs 1159 00:54:39,000 --> 00:54:40,770 to map the ice sheets. 1160 00:54:40,770 --> 00:54:44,280 This was a gap solution while the iSat satellite 1161 00:54:44,280 --> 00:54:47,790 between iSat I and iSat II. 1162 00:54:47,790 --> 00:54:52,170 And then here's a human colony maybe on the moon 1163 00:54:52,170 --> 00:54:54,510 or looks like the moon. 1164 00:54:54,510 --> 00:54:56,010 So we have this dome here. 1165 00:54:56,010 --> 00:54:57,900 This crater has been covered with a dome, 1166 00:54:57,900 --> 00:55:00,090 and we have a greenhouse inside. 1167 00:55:00,090 --> 00:55:02,010 So life support systems that have 1168 00:55:02,010 --> 00:55:05,470 to be super reliable for a very long amount of time. 1169 00:55:05,470 --> 00:55:08,940 And so the question that Jeremy looked at 1170 00:55:08,940 --> 00:55:11,040 is, how do we design and optimize 1171 00:55:11,040 --> 00:55:14,730 systems that have ultra-long endurance, where you know ahead 1172 00:55:14,730 --> 00:55:18,610 of time that failures will occur? 1173 00:55:18,610 --> 00:55:22,060 Failures will occur, and you can't repair the failures 1174 00:55:22,060 --> 00:55:23,080 easily. 1175 00:55:23,080 --> 00:55:25,540 So you have to design the system apriori, 1176 00:55:25,540 --> 00:55:29,050 such that in those partially-failed states, 1177 00:55:29,050 --> 00:55:31,980 it will give you the maximum residual performance 1178 00:55:31,980 --> 00:55:34,060 that it possibly could. 1179 00:55:34,060 --> 00:55:37,150 And it turns out, when that's your objective function, 1180 00:55:37,150 --> 00:55:39,340 you design the systems differently 1181 00:55:39,340 --> 00:55:41,830 than if you just optimize nominal performance 1182 00:55:41,830 --> 00:55:47,470 and then worry about what happens if there's failures. 1183 00:55:47,470 --> 00:55:51,220 And this is the second paper that I uploaded for you. 1184 00:55:51,220 --> 00:55:55,480 So both of these papers "The Reconfigurable Spares" 1185 00:55:55,480 --> 00:55:58,810 and then this one are uploaded both on Moodle and Stellar 1186 00:55:58,810 --> 00:56:00,640 if you want to take a deeper look. 1187 00:56:00,640 --> 00:56:03,310 So the case study here is the C-12-- 1188 00:56:03,310 --> 00:56:05,350 this is the King Air airplane. 1189 00:56:05,350 --> 00:56:08,210 This is the military version of it 1190 00:56:08,210 --> 00:56:12,430 and typically flies out of Edwards Air Force base. 1191 00:56:12,430 --> 00:56:15,480 And the idea is that there can be different failures 1192 00:56:15,480 --> 00:56:16,320 on this airplane. 1193 00:56:16,320 --> 00:56:20,790 So this diagram, this is a so-called Markov chain 1194 00:56:20,790 --> 00:56:22,860 where n means nominal. 1195 00:56:22,860 --> 00:56:24,940 And you can see the table that goes with this. 1196 00:56:24,940 --> 00:56:27,840 Nominal means nothing has failed, 1197 00:56:27,840 --> 00:56:29,460 and you just do turn control. 1198 00:56:29,460 --> 00:56:33,120 This is climbing, left-turn climbing. 1199 00:56:33,120 --> 00:56:35,160 You just turn control with your ailerons, 1200 00:56:35,160 --> 00:56:37,350 which is just standard flying. 1201 00:56:37,350 --> 00:56:39,030 And then different failures could 1202 00:56:39,030 --> 00:56:40,430 occur of different elements. 1203 00:56:40,430 --> 00:56:44,070 So the left engine, the rudder, and the aileron could fail. 1204 00:56:44,070 --> 00:56:45,540 Of course, a lot more can fail. 1205 00:56:45,540 --> 00:56:47,760 But in this case study, those are the elements 1206 00:56:47,760 --> 00:56:50,060 that are allowed to fail. 1207 00:56:50,060 --> 00:56:53,340 And so 1 means the left engine has failed, 1208 00:56:53,340 --> 00:56:56,250 2 means the rudder has failed, and 3 1209 00:56:56,250 --> 00:56:58,950 means the ailerons have failed. 1210 00:56:58,950 --> 00:57:02,340 And then as you move to the right, it gets worse and worse. 1211 00:57:02,340 --> 00:57:07,050 So state 4 means you lost your left engine and the aileron, 1212 00:57:07,050 --> 00:57:09,060 but you still have your rudder. 1213 00:57:09,060 --> 00:57:12,300 And then, the worst is state 7, where everything's failed. 1214 00:57:12,300 --> 00:57:14,250 The left engine's failed, the rudder, 1215 00:57:14,250 --> 00:57:16,110 and the aileron has failed. 1216 00:57:16,110 --> 00:57:20,070 And what you worry about is what we call availability. 1217 00:57:20,070 --> 00:57:24,300 Expected availability is what's the probability or fraction 1218 00:57:24,300 --> 00:57:26,430 of probability that the system will 1219 00:57:26,430 --> 00:57:30,210 perform above some minimum threshold, which in this case 1220 00:57:30,210 --> 00:57:31,800 we call WM. 1221 00:57:31,800 --> 00:57:35,310 And then expected performance is the probability of each 1222 00:57:35,310 --> 00:57:38,670 of these failure states multiplied by the performance 1223 00:57:38,670 --> 00:57:42,280 that you're still getting in that failure state, OK? 1224 00:57:42,280 --> 00:57:45,610 And what was done here is to say, OK, 1225 00:57:45,610 --> 00:57:47,670 we know what the C-12 airplane looks 1226 00:57:47,670 --> 00:57:49,590 like the way it exists today. 1227 00:57:49,590 --> 00:57:51,090 But what if that airplane had been 1228 00:57:51,090 --> 00:57:53,400 designed slightly differently? 1229 00:57:53,400 --> 00:57:55,620 Low value and high value around the baseline, 1230 00:57:55,620 --> 00:57:57,765 a little bit bigger wing, bigger tail-- 1231 00:58:00,690 --> 00:58:02,670 how would it impact the performance, not just 1232 00:58:02,670 --> 00:58:06,330 the nominal, but the off-nominal performance in these failed 1233 00:58:06,330 --> 00:58:07,770 states? 1234 00:58:07,770 --> 00:58:12,300 So just to show you why this is interesting or relevant-- 1235 00:58:12,300 --> 00:58:15,180 I picked out the most interesting failure 1236 00:58:15,180 --> 00:58:17,430 states are the intermediate ones here, 1237 00:58:17,430 --> 00:58:19,500 these partially-failed states. 1238 00:58:19,500 --> 00:58:21,750 And so on this picture, you can see 1239 00:58:21,750 --> 00:58:24,330 in red what's failed on the aircraft, 1240 00:58:24,330 --> 00:58:29,280 and then plotting bank angle versus specific excess power, 1241 00:58:29,280 --> 00:58:30,660 which is essentially your ability 1242 00:58:30,660 --> 00:58:32,850 to climb in feet per minute. 1243 00:58:32,850 --> 00:58:36,060 And this is all calculated through a simulator, 1244 00:58:36,060 --> 00:58:39,150 a pretty accurate six degree of freedom simulator, where 1245 00:58:39,150 --> 00:58:41,460 you can actually modify the airplane. 1246 00:58:41,460 --> 00:58:43,860 It's a very cool open-source simulator 1247 00:58:43,860 --> 00:58:48,210 that Jeremy modified where you can actually fly the airplane 1248 00:58:48,210 --> 00:58:52,290 simulated, and you can change the plane during flight. 1249 00:58:52,290 --> 00:58:56,000 Like you could grow the wings as the plane 1250 00:58:56,000 --> 00:58:59,100 is flying-- like morphing wings and things like this. 1251 00:58:59,100 --> 00:59:02,880 And of course here, you fail parts of the airplane 1252 00:59:02,880 --> 00:59:03,660 during flight. 1253 00:59:03,660 --> 00:59:07,230 And then, the flight dynamics are automatically the physics, 1254 00:59:07,230 --> 00:59:10,500 automatically you have to adjust to that failure. 1255 00:59:10,500 --> 00:59:13,290 So this is not like spreadsheet-type analysis, 1256 00:59:13,290 --> 00:59:15,240 just so you know. 1257 00:59:15,240 --> 00:59:18,390 So if you're inside the safe region here, 1258 00:59:18,390 --> 00:59:22,890 then you can keep the bank angle between-- 1259 00:59:22,890 --> 00:59:26,070 we defined it between 25 and 35 degrees-- 1260 00:59:26,070 --> 00:59:29,010 and you have positive rate of climb. 1261 00:59:29,010 --> 00:59:31,350 Then you're still in the safe region. 1262 00:59:31,350 --> 00:59:35,130 And each of these points here is a slightly tweaked version 1263 00:59:35,130 --> 00:59:37,740 of the baseline airplane. 1264 00:59:37,740 --> 00:59:42,270 So what's interesting here is in some of these states, 1265 00:59:42,270 --> 00:59:44,430 you're outside of the safe region. 1266 00:59:44,430 --> 00:59:48,270 So a small difference in the design of the nominal airplane 1267 00:59:48,270 --> 00:59:51,540 will mean the difference between losing the plane 1268 00:59:51,540 --> 00:59:53,310 or still being able to fly. 1269 00:59:53,310 --> 00:59:55,785 So these points that are out here, 1270 00:59:55,785 --> 00:59:57,660 these are the interesting points because they 1271 00:59:57,660 --> 01:00:00,570 fall outside the safe region. 1272 01:00:00,570 --> 01:00:03,240 And the points inside are inside the safe region. 1273 01:00:03,240 --> 01:00:06,600 Everything is the same except the airplane geometry 1274 01:00:06,600 --> 01:00:07,350 has been tweaked. 1275 01:00:10,740 --> 01:00:13,360 And then of course, state 7 everything has failed. 1276 01:00:13,360 --> 01:00:14,400 You lose the airplane. 1277 01:00:14,400 --> 01:00:16,200 There's no way to recover the airplane. 1278 01:00:16,200 --> 01:00:18,160 So in some cases, it's very clean. 1279 01:00:18,160 --> 01:00:20,160 It's very clear what will happen. 1280 01:00:20,160 --> 01:00:22,770 And these intermediate failure states 1281 01:00:22,770 --> 01:00:25,770 are the interesting ones because small changes 1282 01:00:25,770 --> 01:00:29,370 in the upfront design make a big difference in how 1283 01:00:29,370 --> 01:00:32,910 the airplane will perform in a partially-degraded state 1284 01:00:32,910 --> 01:00:34,920 or partially-failed state. 1285 01:00:34,920 --> 01:00:36,450 So the other thing you can do then 1286 01:00:36,450 --> 01:00:39,820 is you can do a sensitivity analysis and say, well, 1287 01:00:39,820 --> 01:00:43,680 how sensitive is, for example, expected performance 1288 01:00:43,680 --> 01:00:46,800 to the various design variables in the airplane? 1289 01:00:46,800 --> 01:00:50,640 Like rudder cord, and I'll talk about vertical tail here, 1290 01:00:50,640 --> 01:00:53,170 and the engine failure rate, and so forth. 1291 01:00:53,170 --> 01:00:56,460 And the difference between the yellow and the green 1292 01:00:56,460 --> 01:00:59,280 is yellow is an eight-hour mission. 1293 01:00:59,280 --> 01:01:01,080 So this is a typical eight-hour mission. 1294 01:01:01,080 --> 01:01:02,550 You fly, you come back. 1295 01:01:02,550 --> 01:01:05,100 And if something's failed, you just repair it. 1296 01:01:05,100 --> 01:01:08,700 In the 20,000 mission, 20,000-hour mission, 1297 01:01:08,700 --> 01:01:11,320 you can't come back and repair. 1298 01:01:11,320 --> 01:01:14,280 So what you see here is interesting. 1299 01:01:14,280 --> 01:01:21,870 It means the sensitivity of performance to these design 1300 01:01:21,870 --> 01:01:26,320 decisions depends on how long you will operate the system. 1301 01:01:26,320 --> 01:01:28,710 And because the longer you operate it, the more likely 1302 01:01:28,710 --> 01:01:32,310 is that it will see these partial failure modes, which 1303 01:01:32,310 --> 01:01:35,190 will then influence the degraded or the residual performance 1304 01:01:35,190 --> 01:01:36,780 of the airplane. 1305 01:01:36,780 --> 01:01:39,360 And the most interesting parameter here, 1306 01:01:39,360 --> 01:01:43,680 if you just look at this diagram beside the engine failure 1307 01:01:43,680 --> 01:01:47,970 rate-- so the engine failure rate matters a lot when you fly 1308 01:01:47,970 --> 01:01:49,740 a 20,000-hour mission. 1309 01:01:49,740 --> 01:01:52,260 But if you look at the cross these parameters, 1310 01:01:52,260 --> 01:01:56,620 which one of these is the most interesting? 1311 01:01:56,620 --> 01:02:01,660 Which one of these is the most interesting parameter? 1312 01:02:01,660 --> 01:02:02,620 Let's see at EPFL. 1313 01:02:02,620 --> 01:02:04,340 Can you see this diagram? 1314 01:02:04,340 --> 01:02:07,356 Which one of these parameters is the most interesting? 1315 01:02:14,170 --> 01:02:15,464 Go ahead. 1316 01:02:15,464 --> 01:02:16,630 AUDIENCE: The vertical tail? 1317 01:02:16,630 --> 01:02:17,620 PROFESSOR: Why? 1318 01:02:17,620 --> 01:02:20,290 AUDIENCE: Because it has different behavior 1319 01:02:20,290 --> 01:02:22,960 for the lifecycle and just for the single mission. 1320 01:02:22,960 --> 01:02:24,010 PROFESSOR: Yes. 1321 01:02:24,010 --> 01:02:27,580 So if you're only going to fly short missions with it 1322 01:02:27,580 --> 01:02:29,410 and then land and repair, you see 1323 01:02:29,410 --> 01:02:32,410 the sensitivity is off to the left, slightly 1324 01:02:32,410 --> 01:02:34,330 negative sensitivity. 1325 01:02:34,330 --> 01:02:37,330 So you could actually make it just a little bit smaller. 1326 01:02:37,330 --> 01:02:38,890 But if you're going to fly very long, 1327 01:02:38,890 --> 01:02:41,110 you should actually make it bigger. 1328 01:02:41,110 --> 01:02:46,320 And this particular airplane has an undersized vertical tail. 1329 01:02:46,320 --> 01:02:49,390 It has a Dutch roll mode, where it has a yaw 1330 01:02:49,390 --> 01:02:51,710 damper that was added later. 1331 01:02:51,710 --> 01:02:58,180 And so if you're going to fly for a long time period, 1332 01:02:58,180 --> 01:03:00,820 you're going to see a failure mode that will then exasperate 1333 01:03:00,820 --> 01:03:02,050 that particular failure mode. 1334 01:03:05,600 --> 01:03:08,770 So what it means is that if you're actually going to design 1335 01:03:08,770 --> 01:03:14,770 this airplane for a 20,000-hour mission that you would design 1336 01:03:14,770 --> 01:03:17,590 a much larger vertical tail which penalizes you 1337 01:03:17,590 --> 01:03:19,960 in the nominal. 1338 01:03:19,960 --> 01:03:22,600 It penalizes you in nominal operations, 1339 01:03:22,600 --> 01:03:28,206 but it will benefit you in these partially-failed states. 1340 01:03:28,206 --> 01:03:29,580 Does that make sense to you guys? 1341 01:03:29,580 --> 01:03:32,430 You guys were laughing, or smiling, 1342 01:03:32,430 --> 01:03:33,610 or thinking about this. 1343 01:03:33,610 --> 01:03:34,140 AUDIENCE: Yeah, it does. 1344 01:03:34,140 --> 01:03:35,931 PROFESSOR: So have you flown this airplane? 1345 01:03:35,931 --> 01:03:37,590 Or do you have experience in it? 1346 01:03:37,590 --> 01:03:39,180 AUDIENCE: We did a flight test course, 1347 01:03:39,180 --> 01:03:42,330 and we tested that troll. 1348 01:03:42,330 --> 01:03:46,685 PROFESSOR: OK, so this brought up some fuzzy memories or-- 1349 01:03:46,685 --> 01:03:47,310 AUDIENCE: Yeah. 1350 01:03:47,310 --> 01:03:48,960 PROFESSOR: I mean, it's basically the wing tip 1351 01:03:48,960 --> 01:03:50,252 does like a figure eight. 1352 01:03:50,252 --> 01:03:51,210 That's sort of classic. 1353 01:03:51,210 --> 01:03:51,876 AUDIENCE: Right. 1354 01:03:51,876 --> 01:03:54,330 PROFESSOR: That's the classic manifestation of Dutch roll. 1355 01:03:54,330 --> 01:03:55,390 AUDIENCE: Yeah. 1356 01:03:55,390 --> 01:03:57,270 PROFESSOR: But if the Dutch roll is too big, 1357 01:03:57,270 --> 01:03:58,870 you can actually lose the airplane. 1358 01:03:58,870 --> 01:04:00,720 You can induce an instability. 1359 01:04:00,720 --> 01:04:01,975 So this is a big deal. 1360 01:04:01,975 --> 01:04:02,951 Yeah? 1361 01:04:02,951 --> 01:04:04,950 AUDIENCE: Would that mean that the vertical tail 1362 01:04:04,950 --> 01:04:06,600 is sized properly then? 1363 01:04:06,600 --> 01:04:09,109 Because you can make it smaller and get a little better 1364 01:04:09,109 --> 01:04:11,400 in this area, or make it bigger and get a little better 1365 01:04:11,400 --> 01:04:11,850 in this area. 1366 01:04:11,850 --> 01:04:13,710 Because It seems like the vertical, like, other things-- 1367 01:04:13,710 --> 01:04:15,630 PROFESSOR: It's fine with the yaw damper. 1368 01:04:15,630 --> 01:04:17,070 It's fine with the yaw damper. 1369 01:04:17,070 --> 01:04:21,910 But actually, there has been an airplane lost. 1370 01:04:21,910 --> 01:04:24,510 There has been an airplane lost in flight. 1371 01:04:24,510 --> 01:04:27,060 And the accident investigation showed 1372 01:04:27,060 --> 01:04:32,790 that it was basically a Dutch roll mode that became unstable. 1373 01:04:32,790 --> 01:04:36,300 And so the point here is, if you have a failure, 1374 01:04:36,300 --> 01:04:38,820 then you're in trouble with the small vertical tail. 1375 01:04:38,820 --> 01:04:42,440 But if you don't have a failure, then you're probably OK. 1376 01:04:42,440 --> 01:04:45,110 And that's the whole point of me showing you this-- 1377 01:04:45,110 --> 01:04:50,660 is to make the point that if you are going to deal with a system 1378 01:04:50,660 --> 01:04:53,660 or operate a system that is going to have a very long 1379 01:04:53,660 --> 01:04:56,360 operational life, long endurance, 1380 01:04:56,360 --> 01:05:01,140 without the possibility to land, repair, and send it back out-- 1381 01:05:01,140 --> 01:05:04,430 so it's going to be perfect and pristine on day one. 1382 01:05:04,430 --> 01:05:06,320 And then gradually, stuff will fail, 1383 01:05:06,320 --> 01:05:09,830 and that's the case for infrastructure, bridges, 1384 01:05:09,830 --> 01:05:14,360 spacecraft past Neptune, airplanes that are going 1385 01:05:14,360 --> 01:05:16,910 to be aloft for five years. 1386 01:05:16,910 --> 01:05:19,550 You just have to design them differently. 1387 01:05:19,550 --> 01:05:21,950 You just have to design-- and this is hard for engineers 1388 01:05:21,950 --> 01:05:27,280 to think about-- that I'm actually designing for failure. 1389 01:05:27,280 --> 01:05:29,770 I am designing a system expecting 1390 01:05:29,770 --> 01:05:33,800 that it will partially fail, not completely, but partially fail. 1391 01:05:33,800 --> 01:05:38,060 And by taking that into account, the design looks different. 1392 01:05:38,060 --> 01:05:40,640 This is kind of non-conventional. 1393 01:05:40,640 --> 01:05:43,010 OK, final thing, post-flight review-- 1394 01:05:43,010 --> 01:05:46,130 what happens at the post-flight or post-launch review? 1395 01:05:46,130 --> 01:05:48,080 PLR, PFR. 1396 01:05:48,080 --> 01:05:51,620 So essentially, what you do is you review the telemetry 1397 01:05:51,620 --> 01:05:52,830 from flight. 1398 01:05:52,830 --> 01:05:54,530 You compare against your predictions. 1399 01:05:54,530 --> 01:05:56,480 You find repair any failures. 1400 01:05:56,480 --> 01:05:58,940 You secure the data for later use. 1401 01:05:58,940 --> 01:06:01,370 And then you initiate the detailed commissioning and 1402 01:06:01,370 --> 01:06:03,380 hand-over to Operations. 1403 01:06:03,380 --> 01:06:07,400 And here's a detailed list of entrance and success criteria 1404 01:06:07,400 --> 01:06:09,200 for post-flight review. 1405 01:06:09,200 --> 01:06:12,170 And I put this up here because those of you that will actually 1406 01:06:12,170 --> 01:06:16,610 go to the CanSat competition, this is part of the package. 1407 01:06:16,610 --> 01:06:20,690 You are expected to launch your payload, do the flight, 1408 01:06:20,690 --> 01:06:24,470 and if something goes wrong, you can maybe have a backup flight. 1409 01:06:24,470 --> 01:06:27,890 And then after the flight, you do a post-flight review. 1410 01:06:27,890 --> 01:06:31,520 And good post-flight reviews are planned ahead. 1411 01:06:31,520 --> 01:06:34,586 You already know what data you're going to analyze, 1412 01:06:34,586 --> 01:06:35,960 if you already have your software 1413 01:06:35,960 --> 01:06:38,900 ready to suck in the data after the flight 1414 01:06:38,900 --> 01:06:42,460 and really get insights out of it. 1415 01:06:42,460 --> 01:06:45,430 Summary here-- this is just kind of a checklist 1416 01:06:45,430 --> 01:06:48,700 for thinking about operations. 1417 01:06:48,700 --> 01:06:50,920 System check-out and the lab, hangar, field-- 1418 01:06:50,920 --> 01:06:52,300 is everything working OK? 1419 01:06:52,300 --> 01:06:55,630 Bring sufficient consumables, spare parts, tools, 1420 01:06:55,630 --> 01:06:59,800 support equipment, remote control, telemetry, cameras. 1421 01:06:59,800 --> 01:07:03,010 Train the operators and support personnel. 1422 01:07:03,010 --> 01:07:04,930 Checklists for nominal operations 1423 01:07:04,930 --> 01:07:07,960 and routine emergency and contingencies. 1424 01:07:07,960 --> 01:07:10,360 Think about your transportation logistics 1425 01:07:10,360 --> 01:07:13,360 and plan enough time for a ramp-up for commissioning 1426 01:07:13,360 --> 01:07:15,810 before operations. 1427 01:07:15,810 --> 01:07:19,210 OK, so that was all I wanted to cover today. 1428 01:07:19,210 --> 01:07:22,730 Any questions about commissioning and operations? 1429 01:07:22,730 --> 01:07:25,250 My main point in this lecture today 1430 01:07:25,250 --> 01:07:29,600 was to kind of get you excited about operations 1431 01:07:29,600 --> 01:07:32,960 and to highlight that there's a lot here. 1432 01:07:32,960 --> 01:07:34,970 System engineers are not done. 1433 01:07:34,970 --> 01:07:38,600 After CDR or PDR, you say, oh, I did my job 1434 01:07:38,600 --> 01:07:39,650 as a system engineer. 1435 01:07:39,650 --> 01:07:41,580 It's up to you guys, the operators. 1436 01:07:41,580 --> 01:07:47,480 No, no, this is territory for system engineering as well. 1437 01:07:47,480 --> 01:07:52,650 And in the end, you just have to get operational experience. 1438 01:07:52,650 --> 01:07:54,650 There's no substitute for actually being out 1439 01:07:54,650 --> 01:08:01,160 in the field operating systems and getting that experience. 1440 01:08:01,160 --> 01:08:05,210 Any questions or comments about this? 1441 01:08:05,210 --> 01:08:09,230 OK, so a quick reminder, a quick reminder, 1442 01:08:09,230 --> 01:08:11,390 we're going to have our PDR. 1443 01:08:11,390 --> 01:08:12,410 You saw the schedule. 1444 01:08:12,410 --> 01:08:15,380 Monday, Tuesday, Wednesday, please log 1445 01:08:15,380 --> 01:08:16,910 in five minutes before. 1446 01:08:16,910 --> 01:08:20,000 We're going to be using my WebEx Personal Room. 1447 01:08:20,000 --> 01:08:21,260 The link is here. 1448 01:08:21,260 --> 01:08:22,700 Upload your slide deck. 1449 01:08:22,700 --> 01:08:24,590 30 minutes presentation, and then we 1450 01:08:24,590 --> 01:08:28,790 have up to 30 minutes of Q&A. All right? 1451 01:08:28,790 --> 01:08:30,640 Questions?