1、Best Practices Entry: Best Practice Info:a71 Committee Approval Date: 2000-04-19a71 Center Point of Contact: JSCa71 Submitted by: Wil HarkinsSubject: System Reliabilty Assessment Using Block Diagraming Methods Practice: Use reliability predictions derived from block diagram analyses during the desig
2、n phase of the hardware development life cycle to analyze design reliability; perform sensitivity analyses; investigate design trade-offs; verify compliance with system-level requirements; and make design and operations decisions based on reliability analysis outputs, ground rules, and assumptions.P
3、rograms that Certify Usage: This practice has been used on the Orbiter Project and Space Station ProgramCenter to Contact for Information: JSCImplementation Method: This Lesson Learned is based on Reliability Practice number PD-AP-1313, from NASA Technical Memorandum 4322A, Reliability Preferred Pra
4、ctices for Design and Test.Benefit:Reliability block diagram (RBD) analyses enable design and product assurance engineers to (1) quantify the reliability of a system or function, (2) assess the level of failure tolerance achieved, (3) identify intersystem disconnects as well as areas of incomplete d
5、esign definition, and (4) perform trade-off studies to optimize reliability and cost within a program. Commercially available software tools can be used to automate the RBD assessment process, especially for reliability sensitivity Provided by IHSNot for ResaleNo reproduction or networking permitted
6、 without license from IHS-,-,-analyses, thus allowing analyses to be performed more effectively and timely. These assessment methods can also pinpoint areas of concern within a system that might not be obvious otherwise and can aid the design activity in improving overall system performance.Implemen
7、tation Method:Analysis methods described below make use of RBD analyses and commercially available software tools to analyze NASA space system designs. They are equally useful for analyzing mechanical and electrical systems and identifying potential deficiencies in system redundancy and/or reliabili
8、ty performance based on RBD assessments derived from drawings, schematics, and system specifications and documentation.A detailed understanding of system architecture and functionality is necessary to assess system reliability using these types of quantitative analyses. The output of this analysis i
9、s valuable to the design and engineering functions on a program. It is more useful if a concurrent relationship exists between the product assurance team activity performing the analysis and the engineering design team, since design alterations and improvements can be made in near real time. These m
10、ethods combine research, drawing review, reliability analyses, and the use of software automation.When this approach is taken, it is recommended that a team of individuals be involved to bring the necessary skills to the analysis, to share the workload, and to ensure that all technical areas of the
11、analysis are covered.The RBD Technique:The RBD process involves developing block diagrams of a system or of a systems function (tasks for which hardware/software systems were designed). JSC analysis personnel have developed both system and system function models. Experience shows that more benefits
12、are realized from the system function models. When a function is represented as a block diagram, the models should include all operational components of the systems that are involved in the function and reflect component redundancy and subsystem-to-subsystem connectivity. The models are developed wi
13、th a commercially available software tool and, with the proper inputs, are assessed for overall system reliability and design reliability concerns.Software analysis tools are an essential part of the JSC RBD analysis process. For these analyses, JSC personnel use commercially developed software for
14、a personal computer. As with any analysis, it is critical that all involved parties understand (1) what items were used for input and what assumptions were made, (2) what calculations were performed, and (3) what interpretations can be made from the outputs.1. Inputs. To create an RBD, it is necessa
15、ry to collect three types of information about the system being studied: functional systems architecture data, component reliability data, and Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-mission times. Architecture defines the redundancy interrel
16、ationships between items within a system or function. These relationships are used by the RBD process in determining serial, parallel, and m of n relationships (out of n components, m are required for success). The architecture of the RBD is attained from a study of the schematics and other diagrams
17、 of the hardware, as well as the ground rules and survival assumptions that dictate which subset of that hardware is to be used. This information is entered into the block diagram editor of the software and is linked to the failure rate data base (into which data must also be hand entered).The secon
18、d type of essential information includes failure rates of the equipment of interest to the lowest modeled level of detail (i.e., piece part, etc.). The third type of essential data is the mission time of each modeled component. The last two pieces of data are used to calculate the reliability for ea
19、ch item in the RBD over the mission time specified and is part of the overall function probability of success.2. Numeric Operations. The core of the RBD analysis is the calculation of the model reliability, usually done with a software tool. The functional relationships, failure data, and mission ti
20、mes are input to the tool and, using user-defined methods, the reliability of the model is calculated. Any number of probability distributions can be used for calculation, with the most common method being the constant failure rate assumption using the exponential distribution. Other distributions c
21、an be used, and currently JSC is working to understand early failure phenomena and how an early failure model can be used in the reliability calculations. The software calculates reliability (or unreliability) using the block relationships of the block diagram (interdependencies), the failure rates
22、provided by the user, the mission time, and the user-defined calculation method. Probabilities are output in tabular form by a block, higher level function or nested block for the entire model, allowing the analyst to visualize where the reliability is being affected. There are other outputs as well
23、, and they are described below.3. Outputs. Using the software tools for evaluating the RBD model, a point estimate or numerical calculation for the unreliability of the system or function being studied for the mission time specified will be provided in the form of the tables described above. The RBD
24、 analysis tools will also provide a cutset “min-cut upper bound“ approximation, which is a list of the failure events ordered in descending probability of occurrence. A failure event is the minimum combination of failures that would result in loss of the modeled function. The most useful features of
25、 the cutsets are their ability to conspicuously display the most unreliable characteristics of the design (weak links), areas of incomplete design, and interfaces between two systems within the design which might exhibit low reliability. These concerns are easily identified within a cutset at the to
26、p of the listing. The cutset listings are helpful in assessing the failure tolerance of a system and can be used as an indicator of where further study is warranted.Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Typically, those components, which ap
27、pear in the top cutsets, are investigated further by changing the failure rates of these components and observing the effects on the overall reliability number. This is known as a sensitivity analysis. If failure rate changes in one component have a significant effect on the overall result, then it
28、is worthwhile to study the possibility of changing this component so that its actual failure rate becomes lower. Other sensitivity analyses are often performed as well, including changes in mission times and actual architectural variations.Utilization of Output:Interpretation and use of the output d
29、ata are probably the most important parts of the analysis process. The data have been used for verifying quantitative reliability requirements when maintenance of a certain reliability level over a certain mission time is contractually required and this type of prediction is necessary for the verifi
30、cation. The results of RBD analyses can lead to further studies of functional availability, maintenance actions, maintenance times, fault tolerance, spares necessity, etc. The cutsets can be formatted for use by other software tools as input data to a much larger realm of functional simulation.Anoth
31、er type of analysis known as a trade-off study can easily be done with RBD analyses. Trade-off studies are performed by “trading“ different system architectures for the architecture of the baseline design of the system and noting the results. This method allows the results of adding redundancy or re
32、moving hardware from the system to be quickly identified.To facilitate the analysis process, JSC Safety, Reliability, and Quality Assurance (SR e.g., critical spares list development, maintenance times and mean number of actions, and expected systems availability on a stage-by-stage basis. This type
33、 of analysis has been and will continue to be very useful to program management in defining and managing program risk factors.RBD analyses have also been performed on the Orbiter Project. The Orbiter autoland function was assessed to discern the reliability of the associated hardware/software config
34、uration over a long-duration Orbiter (LDO) mission. The autoland function was to be a requirement for LDO because of ill effects on the Orbiter crew during extended stays in zerogravity. The analysis showed a high reliability during the 90-minute mission time window in which the autoland equipment w
35、as used. Over a 30-day LDO mission, however, reliability decreased substantially, possibly requiring future on-orbit maintenance of Orbiter systems. Other Orbiter Project analyses have proved the reliability assessments to be a valuable design and management decision-making tool.JSCs RBD analysis pr
36、ocess has repeatedly identified weak design points that were not identified during qualitative reviews of the Space Station design. Results of computer-aided RBD analyses performed by JSC SR&QA were used by the Station Redesign Team (SRT) to make recommendations to the President about the merit of d
37、ifferent redesign options. The SRT requested that JSC SR&QA investigate the reliability of the Lockheed Bus-1 attitude control system using computer-aided RBD analyses. The results of that effort weighed heavily in the early decision to use the Bus-1 on the “Alpha“ Option in place of the “Freedom“ b
38、aseline propulsion modules (Bus-1 is no longer in the design, since the Russian segment is providing that functionality). Such quantitative approaches as RBD analyses lend a heightened completeness, efficiency, and accuracy to any Provided by IHSNot for ResaleNo reproduction or networking permitted
39、without license from IHS-,-,-reliability design analysis.References:1. RBD Analysis Users Manual (Los Altos California: Science Applications International Corporation, 1992), p. 3-11.Impact of Non-Practice: In cases where computer-aided RBD analyses are not performed, personnel may evaluate the reli
40、ability merits of the design using a more qualitative approach or pursuing a hand calculation method. The qualitative or manual methods may require more time than is available to influence the programs design decision processes. Rigorous hand calculations also leave room for error or incompleteness.
41、 In either of these cases, reliability and maintainability disciplines could prove to be relatively ineffective.Related Practices: N/AAdditional Info: Approval Info: a71 Approval Date: 2000-04-19a71 Approval Name: Eric Raynora71 Approval Organization: QSa71 Approval Phone Number: 202-358-4738Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
