Astrium Space Infrastructure
Bremen, Germany
 
Contact:
Mrs. Kirsten Leung
Phone: +49-421-539-5326
Fax: +49-421-539-4534
 
2000/07/11
 
Astrium supplies fault-tolerant computer system for the Russian service module
 
Byzantine algorithm controls the space station
 
Bremen/Moscow — The launch of the Russian service module Zvezda (star), scheduled for 12 July 2000, will also include the delivery of Europe’s first space station element into space. Under contract to the European Space Agency ESA, the Data Management System Russia (DMS-R) was developed by Astrium, a joint venture of the European Aeronautic Defence and Space Company (EADS) and BAe Systems. DMS-R will form the basis for the further assembly of the space station.
 
Being a core element of the whole space station, DMS-R and Russian system software will control the attitude of the 110 m x 88 m complex. It will also ensure precise orbiting at a distance of about 450 kilometers away from Earth as well as correct alignment of solar cells and communication systems. During the assembly phase (to be completed by 2004), DMS-R will assume important guidance and control functions in the Russian service module as well as in the other station elements. DMS-R development was started in 1995 and funded by the ESA member countries Belgium, France, the Netherlands and Germany. ESA provides the system to the Russian module in return for the Russian Space Agency Rosaviakosmos supplying the system required for docking the future transport vehicle ATV to the Zvezda module.
 
Innovative computer technology
 
DMS-R consists of two Fault Tolerant Computers (FTCs) for attitude control and guidance of the Zvezda module. It also comprises two Control Post Computers (CPCs) serving the astronauts to control and monitor experiments, the future European Robotic Arm ERA as well as the docking of supply vehicles. Each FTC comprises up to four Fault Containment Regions (FCRs), three in the case of DMS-R, with each FCR having the size of a shoebox to allow fast exchange if required.
 
With DMS-R, Astrium’s Space Infrastructure business division has realized an innovative computer concept that ensures the highest safety possible with respect to space station operation. System architecture is based on the so-called Byzantine algorithm, which was formulated by
mathematicians in 1982 and which is now applied in industrial technology control for the first time. In contrast to conventional algorithms which unequivocally predetermine the sequence of computer procedures and which do not allow any alternatives, the Byzantine algorithm is very flexible in use. For DMS-R this means the following: Under normal conditions, all the computer units of a FTC are working in parallel. If a fault is detected — for example unusual values in the oxygen supply system — the FTC will mask this fault by majority voting first. If the same fault appears repeatedly in the same computer unit within a certain period of time, usually only a few thousandths of a second, the computer affected will disconnect without interrupting running processes. Before disconnecting, it will inform its "colleagues" about the unexpected event. In addition to their guidance and control functions, the other computers will immediately determine if the fault detected is a tolerable malfunction or if a specific system or device needs to be shut down automatically and has to be repaired immediately to not endanger space station operation. In a self-test, the disconnected computer checks if the fault detected is a temporary failure caused, for instance, by cosmic radiation or if it is a permanent damage. In the case of a temporary failure, the computer unit affected will be again connected to the other FTCs. In the case of permanent damage, the unit affected will be exchanged and all this without interrupting running processes.
 
The reliability of DMS-R was demonstrated by Astrium in cooperation with Bremen Institut f¸r Sichere Systeme BISS. In a four-week continuous service test, the fault tolerant computers were "fed" with different malfunctions to demonstrate safe identification of "real" faults. The system was also exposed to overload conditions which exceeded the limits specified for space station operation by far. To sum it up, DMS-R can be considered as the most reliable control system for space application to date.
 
Disadvantages of conventional systems
 
Usually, computer systems used for the control of complex systems are working according to the redundancy principle. If a fault is detected in one of the linked computers during data processing, the computer is shut off automatically to identify the source of error; the parallely running, identical computers will continue operation. Disadvantage: If a fault appears, data processing will be interrupted for a short period of time to allow "transfer" to the backup system. Usually, these systems only consider so-called deterministic faults, i.e. malfunctions the possible appearance of which has been clearly defined and embodied in the computer software. Non-deterministic faults, i.e. malfunctions which cannot be foreseen despite excellent preparation, can lead to complete system shutdown when conventional computer configurations are used, which in turn would endanger the safety of the space station. In contrast to these systems, DMS-R and its FTCs ensure best possible reliability of all the onboard systems.
 
DMS-R: Development for different applications
 
To reduce development time and cost, Astrium did not develop the fault tolerant computer systems to only use them for controlling the Russian Zvezda module. DMS-R will also be used in the transport vehicle ATV. The computer configuration is also suitable for application on Earth: In all sectors where the control of complex industrial processes is required, for example in the chemical industry, the functional principle of the FTC will increase fail-safety of plants and reduce maintenance costs because individual processes need not be interrupted during fault analysis.
 
The Control Post Computer system, which was also developed by Astrium, will also be used in the European station module Columbus to control the Columbus system and the payloads operated there.
 
Following the launch of Zvezda on 12 July 2000, comprehensive system tests will be carried out in orbit before module docking to the space station will be tested eleven days later and finally be carried out after a further one to three days.