Chapter IV: Large Scale Flexible Arrays

A.4 Electrical Design

provides the first opportunity for verification of components and performance and allows software development to begin, it should be completed as early in the schedule as is feasible. If the core technology is starting at 4+ TRL, previously constructed subsystems may be able to be re-used as part of the bench top model. Even if it differs partially in form and functionality from the later models, early warning of incorrect footprints, misread datasheets, or more serious issues are critical. Once a prospective component is confirmed, a quantity sufficient for the EM, FM, and back-ups should be purchased. This avoids delays from long lead times and the unfortunate scenario of a forced switch of components because the part used for the benchtop or EM is out of stock. The EM which follows the benchtop must be similar enough in form and function to the FM such the environmental testing results are compelling. The schedule should have sufficient slack such that if the EM fails during testing there is sufficient time for revision and re-testing. The board designer should purchase components and boards for at least one “extra” copy of the EM. If the EM passes all environmental testing than the copy becomes the FM. If the EM fails environmental testing than the copy can be modified and used as the new EM.

The FM delivery date to the launch provider provides the point around which the schedule should be anchored.

Figure A.6: (a) MAPLE bench top model. Electrically functional but not ready for environmental testing. (b) Electrically functional MAPLE engineering model which has been successfully environmentally tested. FM assembly is in progress as this document is being prepared.

temperature ranges and radiation environment of space. Heritage components can be identified by a patchwork of individual publications, published databases, and word of mouth. While it is difficult to construct an academic payload entirely from components with heritage, identifying digital or mixed mode components with successful flight or radiation testing histories will significantly reduce risk. After components are selected there are several design principles and techniques which should be employed.

1. Redundancy

Properly implemented redundancy at either the component or subsystem level significantly reduces risk of component failure. While systematic design issues are not solved by redundancy, radiation events and thermal/mechanical failures can be survived if appropriate redundancy is present. Redundancy does add complexity to board designs and adds time to development and testing, which should be taken into account as a trade-off.

2. Modularity

Initial circuit board designs should allow for components to be swapped and or added/removed based on needs emerging from testing or evolving requirements. The cost and time saved by not having design, fabricate, and populate a new board can save a project with a tight schedule. The follow list is MAPLE specific but is likely relevant to other systems.

• Pi or T networks instead of resistive dividers, in the event a filter is needed later.

• Additional heater location and heater lines.

• Unused digital IO lines from microcontroller taken to headers or wire mounting locations.

• Hardware designed to keep software programmable as late into the as- sembly process as possible.

3. Plentiful Health Sensing

While temperature and supply voltage/current sensing may not be part of the primary scientific mission, they provide critical information for fault assess- ment and testing. Once the payload is deployed, these sensors may provide the only information that can be used to assess and alleviate issues that arise.

On a more practical note, integrated temperature, current, and voltage sensing save significant time and complexity during radiation, thermal, and vacuum testing by avoiding additional external sensing hardware.

4. Upset/Fault Tolerance

When possible, components and subsystems should be designed to fail grace- fully. Several examples of such are listed below

• If digital communication to a subcomponent fails it should place itself into a non-destructive configuration. Additionally, other subcomponents attempting to communicate with it should not hang. If necessary a component may need to be able to be un-powered by the flight computer or other processor.

• Digital control lines should have the appropriate pull-up or pull-down resistors to minimize loss of functionality in the event of digital controller failure.

• Regulators and components with over current protection or shutdown should be used when possible. A component failing as a short should not be able to pull a shared supply low enough to effect other components.

• When using linear regulators, placing two in series can prevent upsets from radiation events from being fatal to components down stream.

• Ensure that redundancy does not add additional failure modes. MAPLE uses 4 digitally enabled redundant reference oscillators for the phased array. As shown in Fig. A.7, the oscillators are AC coupled together in the event that one fails and does not exhibit high-Z DC behavior.

5. Conservative Design

Secondary circuitry which supports the primary experiment of the mission should be designed conservatively as there is little to gain for use low margin, complicated, or unproven techniques to push performance outside of the purview of scientific interest. While this philosophical approach is situational, it should be consistently applied when de-rating components. While a general rule of 0.5 de-rating factor for peak currents and voltages likely safe, NASA’s de-rating guide [171] provides more specific guidelines. Voltage regulators used for MAPLE’s RFIC power amplifier supplies were not sufficiently de-

Figure A.7: (a) Sources representing MAPLE reference oscillators are DC-coupled, risking complete system failure if one fails such that its enable/disable digital pin no longer works. (b) Sources representing MAPLE reference oscillators are AC- coupled, allowing individual oscillators to fail as shorts to VDD or GND without effecting the other oscillators.

rated from their current limit, creating concern and a time-sink that could have been avoided.