6.3 MMVS Failure Tolerance/Safety

Failure  Modes and Effects Analysis (FMEA)

Below is a list and meanings of the NASA standard criticality. These  rates are determined from experimentation and/or experience.

Critical Items List (CIL)

The critical item list is made up of items that are seen to have a  criticality of 1, 1R, 2 or 2R.

Main  Propulsion: Fuel Tanks: Major Leak: 1

The fuel tanks are designed in such a way that a minor leak will be  contained. A major leak would be catastrophic.

Main  Propulsion: Oxidizer Tanks: Major Leak: 1

The oxidizer tanks are designed in such a way that a minor leak will be  contained. A major leak would be catastrophic.

Main  Propulsion: Engine: Insufficient Thrust: 1

This condition would likely result from insufficient fuel supply. If one  of the tanks is causing the problem, it can be switched offline until the  problem can be repaired. Some extra fuel will be taken along in case of  unexpected burn requirements.

Main  Propulsion: Engine: Doesn??t Stop Firing: 1

The engine will be defined so that the default condition is off.  Mechanically, this will eliminate any possibility for a continual firing  condition that is not requested.

Main  Propulsion and MML retro-rockets: Cryogenic: Cryogenic state not maintained: 1

This system is critical to the operation of the system. It will make use  of the very low ambient temperature that is experienced by objects kept out of  the sun in space. In addition, each tank will be cooled by its own system so  that failure in one tank does not lead to failure in all tanks.

Main  Propulsion: Fuel Pump System: Insufficient Fuel: 1

This condition will lead to insufficient thrust which is deal with under  that item.

Close  Maneuvering Propulsion System: Fuel System: Containment Breach: 1R

This system should be designed with redundancy built in. Such redundancy  ?V for example double lining ?V should come at a very low cost in terms of  mass and can help to avoid a major failure in the system.

Close  Maneuvering Propulsion System: Fuel System: Insufficient Fuel: 1R

This will lead to insufficient thrust. As this is clearly not  acceptable, the MMVS will be equipped with a great deal of extra close  maneuvering fuel. This is necessary, as close maneuvering fuel requirements are  not easy to assess.

Close  Maneuvering Propulsion System: Fuel System: Doesn't stop firing: 1R

Similar to the main propulsion system, the close maneuvering system will  be designed with the firing default set to off. This will minimize the  probability of this failure.

Electrical  Power: Solar Cell Failure: Solar Cells fail: 1R

The solar cells are the principal source of electrical power generation.  Redundancy is provided by onboard fuel cells.

Electrical  Power: Fuel Cell Failure: Fuel Cells fail: 1R

The fuel cells provide a backup to the solar cells for power generation.  Onboard batteries provide redundancy.

Electrical  Power: Battery Failure: Battery fails: 1

The batteries are the final level of redundancy in the electrical  generation system. They will provide enough power to complete necessary solar  cell or fuel cell repair cycles.

Electrical  Power: Power Conditioning: Power not properly conditioned: 1R

The power conditioning will ensure that power provided is at the  appropriate voltages and currents. Redundancy will be provided by triply  redundant architecture.

Electrical  Power: Wiring failure: Connection lost: 1R

Triply redundant wiring architecture and multiple routing schemes will  guard against failures in the wiring system.

Communications:  Earth to MMVS ?V Voice/Data: System offline: 1R

This system will be supported by a low gain/high gain antenna  configuration. Equipping the MMVS with three separate and distinct low gain  antenna systems as well as a high gain antenna will provide redundancy. They  will not be collocated so as to minimize the threat of damage from contact with  space debris.

Computing:  Flight Control: System unavailable: 1R

Redundancy for this computing application is provided by the general  processing unit (GPU) architecture of the MMVS computing facilities. Under this  scheme, each GPU is capable of handling three times is design computing capacity  with sufficient network redundancy.

Life  Support: Air Supply: Insufficient Air Supply: 1R

This is a critical system and will be supported by both air scrubbing  systems and emergency oxygen supplies in case of failure. The air scrubbing  system will be triply redundant allowing for multiple failures.

Miscellaneous:  Nuclear Payload: Accidental Detonation: 1

Designing the nuclear devices to undergo final assembly upon arrival at  the PHA will minimize this problem.

Miscellaneous:  Nuclear Payload: Crew Contamination: 1R

The crew area of the MMVS will be isolated from the nuclear payload  storage portion of the ship. The radioactive materials will be well insulated so  as to contain any potential leaks.

Miscellaneous:  Remote Command: MMVS to MMVS components unavailable: 1R

Remote command connections between MMVS components will be triply  redundant providing a great deal of safety for these systems with minimal  additional mass.