Section 10 Red Team Report

About This Presentation

Title:

Section 10 Red Team Report

Description:

NMP EO-1 MISSION READINESS REVIEW. EO-1 Project approved March 1996 ... the laminate repairs, the disassembly, cleaning, testing, and re-assembly ... – PowerPoint PPT presentation

Number of Views:221

Avg rating:3.0/5.0

Slides: 62

Provided by: ronlt

Category:

more less

Transcript and Presenter's Notes

Title: Section 10 Red Team Report

1
Section 10 Red Team Report
. . . Ronald L. Thomas EO-1 Red Team Review
Chairman
2
May 9, 2000
EO-1 RED TEAM REVIEW MRR Report to GSFC Program
Management Council
. . . Ronald L. Thomas EO-1 Red Team Review
Chairman
3
Background

EO-1 Project approved March 1996
EIRR formed to review EO-1 Project in June 1999
Participated in Orientation, Pre-Environmental,
SAC-C, Hyperion Pre-ship, and EO-1 Pre-ship
Reviews
Red Team formed to review the EO-1 Project in
March 2000
Initial Review held March 28-31, 2000
Red-Team met on April 11 to review findings
Red Team Summary Report presented to Bill
Townsend on May 9, 2000
Thermal Vacuum II Readiness Review held on June
11, 2000
Red Team meeting held on June 13, 2000 to
review
Probabilistic Risk Management
Failure Mode Effects Analysis
Fault Tree Analysis
Delta Pre-ship Review held August 9-10, 2000
Co-chaired by C. Vanek and R. Thomas

4
Team Membership
5
Specific EO-1 Red Team Tasks
The Red Team evaluated the 13 Project Specific
Areas below (as contained in the Charter) on a
scale of 1-10 (with 7 being nominal) for each of
the Major Project Elements

Technical Performance Reviews the level,
competence, and independence
System Level Reviews the performance, level,
and independence
Test and Verification Program the level and
thoroughness implemented include VV and IV V
used on software
Product Assurance level imposed on each project
element. Includes parts usage, workmanship
standards imposed, and software assurance
processes used
Systems Management level imposed on project.
Includes the performance and thoroughness of
analyses, requirements management, documentation
and technical-record keeping and workmanship and
test process management.
Verification Matrix that shows the verification
of the pre-launch requirements, and addresses the
fidelity and type of verification.

6
Specific EO-1 Red Team Tasks (continued)

13 Project Specific Areas (continued)
Staffing the experience of the implementing
organizations
Test and Integration all hardware and software
element results. Include information on review
and assessment of all failures and anomalies, and
their resolution
Failure-free and Total Operating Time consider
for all mission critical hardware and software
Technical Review Process consider the results,
and an assessment of all significant RFAs. Also
consider the Projects responses to these RFAs
Mission Simulations and Launch/Operations
consider the amount, level, and fidelity that has
been done, or planned to be done
FMEAs, Fault Tree Analysis, and Probabilistic
Risk Assessment Consider the use of these tools
in quantifying the residual risk of EO-1,
focusing on the Minimal Mission (as defined in
the EO-1Mission Success Criteria).
Single-point Failures consider all, and provide
a subjective assessment of the probability of
each such failure mode causing a mission failure.

7
Specific EO-1 Red Team Tasks (continued)

In evaluating these 13 items, the Red Team was
asked to do the following
Evaluate EO-1 in terms of the likelihood of it
completing the validation requirements for the
Minimal Mission
Document the 13 evaluation items for each Mission
Element on a score of 1-10 with 7 being nominal
Ascertain and document all residual risks, and
provide recommendations for mitigation
Assess all single-point failure mechanisms, and
provide recommendations on their acceptability or
non-acceptability, and the rationale for each
conclusion. The WARP is to be specifically
considered
Assess the FMEA, Fault Tree Analysis, and the
Probabilistic Risk Assessments
Provide a full Report of the above to the GSFC
PMC at the EO-1 MRR
Provide an overall mission risk statement, along
with justification for the statement.
Each member is to provide a written report to the
Chairman within 6 days after each review.
The Chairman is to provide a verbal report to the
GSFC Dep. Center Director within 10 days after
each review.

8
Red Team Findings for theEO-1 Project Specific
Assessments

GENERAL OBSERVATIONS
EO-1 Team is to be commended for excellent Red
Team Reviews
All information very well presented in the
required Red Team format
All speakers knew their subjects and were very
open and responsive to detailed questions
All Red Team RFAs were very well addressed and
documented Web-based responses were very
helpful.
EO-1 was implemented as a NMP Faster, Better,
Cheaper Technology Program
Few NASA standards imposed on the program
Primary focus to deliver the technology for the
cost and schedule proposed
Project not required to have an FMEA or Risk
Management
To reduce cost, S/C is single-string design and
has inherent risk.
EO-1 Project has had numerous Technical Peer
Reviews and Systems Level Reviews

9
Red Team Findings for theEO-1 Project Specific
Assessments

GENERAL OBSERVATIONS (continued)
Accelerated Minimal Mission has been baselined
and increases opportunity for mission success
(can be achieved in 120 days)
Combining high technology in the S/C subsystem
(WARP) to get large amounts of data from the
instruments, adds risk (WARP must work to get
data from instruments)
WARP has worked very well throughout all testing
with exception of a low-voltage power supply
failure (heritage hardware)
WARP operated flawlessly during the second T/V
observatory test.
MAP heritage was to be flowed into EO-1, but EO-1
overtook MAP
There appears to be an imbalance between the
completeness of the environmental test program
for the various components.
The 3 instruments, 2 of which are not mission
critical, were subjected to a more complete
environmental test program which included T/V and
sine vibration.
WARP, ACDS, and PSE (which are single-string, and
are critical to the success of the program) were
subjected to ONLY random vibration and thermal
cycling (but not T/V). These operated flawlessly
during a second T/V test.

10
General Observations

This is Swales first time as a S/C integrator
They have experienced staff
They appear to have done a good job.
Some of the GSFC supplied GFE (WARP) received
minimum QA processes
Resulted initially in a low program specific
assessment rating of 6 that the team believed
could not be rectified. (However, very few
failures occurred during subsequent observatory
level testing)
As the Red Team investigated the GSFC hardware,
particularly the WARP, it was found that the QA
was better than initially believed to be.
Note, the Red Team did not reach consensus on a
rating of 7, but most of the team believed a 7
more accurately represented the QA then the 6.
Although the FMEA, Fault Tree Analysis and
Probabilistic Analysis was done after S/C
development, they were done well and added value
Appropriate staffing of the EO-1 Project Office
(number and experience base) came on late in the
program.
No Chief Engineer function assigned continuously.
Continuity of personnel was an issue (Minimal
Mission helps this)

11
Red Team Rollup of Project Specific Assessments
for Each Element
12

WARP is required for mission success
Combining high technology in the WARP to obtain
large amounts of data from the instruments,
introduces risk.
WARP technology functions high data rate, high
density storage, working well
Only failure has been the 5-volt power supply
(random failure of a diode)
Lack of an ETU for WARP made troubleshooting very
difficult
Boards required much re-work, jumpers, etc.
Data Interface Board had to be replaced parts
unavailable to replace Data Boards
Red Team conducted an independent assessment of
the quality and analyses of the WARP Boards
The boards had been re-worked, but were found to
be in satisfactory condition
Parts Level Stress Analysis was assessed by Red
Team and found to be satisfactory.
Red Team requested Project provide thermal
analysis of the WARP hardware configuration to
determine thermal stresses of parts at their
maximum power operating mode. (Analysis was found
to be satisfactory).
Red Team endorsed Projects plan for proceeding
with a design for using empty board slot in WARP
to provide a backup WARP function for meeting the
minimal mission requirements.
With the additional T/V testing successfully
completed, Red Team agrees that project should
proceed with WARP as originally designed.

Red Team Findings for the EO-1 Project Specific
AssessmentsS/C Subsystems - WARP
13

Since Preliminary Red Team Report in May 2000,
the following work has been completed
All operations training
Technical Peer Review of safe mode on-orbit test
Security Review
Close out of critical and urgent discrepancy
reports
End-to-end test of flight S/W load /dump and
compare S/W
Installation of launch version of ground software
Spacecraft users guide and constraints and
restrictions document
All contingency procedures
Remaining work to be completed by launch
simulation on 10/11-12/00
Installation and verification of launch database
2.1
Final testing of launch version of ground S/W
Verification of all constraints and alerts
Completion of all end-to-end tests and
simulations
With successful completion of launch simulation
on 10/12/00 and planned freeze of software and
database, Red Team believes that operations is
ready to support launch.

Red Team Findings for the EO-1 Project Specific
AssessmentsSummary Findings for Operations
14
Red Team Findings for theEO-1 Project Specific
Assessments

Launch Vehicle Evaluation Factors
The launch vehicle was evaluated in the context
of a commercial launch services contract
Emphasis was placed on evaluating mission unique
and L/V to S/C interfaces the core vehicle was
reviewed to a lesser degree
Major mission-unique item (Dual Payload Attach
Fitting (DPAF)) was reviewed in detail
The Red Team assessment was based on a
presentation and action items answered by KSC no
contractor presentations were made
Observations
There is no integrated mission document signed by
the two flight projects attesting to their
concurrence that their respective interface
requirements have been met and verified
KSC signs Boeing Mission Specification for NASA
Although EO-1 depends on KSC to ensure correct
integration of all interface requirements with
other primary and secondary spacecraft, no signed
documentation exists which assigns clear
accountability for potential incompatibilities
between the two primary spacecraft
EO-1 dependent on KSC for updates
Compliance is heavily dependent on MIWG process

15
Red Team Findings for theEO-1 Project Specific
Assessments

Concern
The absence of S/C project signature gives the
impression of a lack of accountability by GSFC in
the verification of their payload requirement
interfaces
Recommendation
Require that the two spacecraft projects clearly
document their accountability for all interface
requirement verifications
KSC continues to authorize Mission Specification
with current signature process

16
Payload Fairing

Fairing collision with overpass
During transportation of the payload fairing from
Pueblo to VAFB, the fairing shipping container
was driven into an overpass, resulting in minor
damage to fairing
Fairing has been repaired
Fairing contamination concern
Review of Globalstars 5 and 7 post-flight video
indicated that some particulate debris had been
generated, most likely originating from the
Fluoroglide lubricant applied to the fairing
separation rail bellows
The EO-1 Project determined that this risk was
not acceptable because some spacecraft
instruments were located near the fairing split
line and were, therefore, potentially susceptible
to this contamination
The fairing contractor, Boeing, disassembled the
fairing and cleaned all the lubricate. GSFC
personnel inspected the cleaned parts and
confirmed that they satisfactorily met the EO-1
project requirements.
The fairing is being reassembled and will be
shipped to the launch site.
The Red Team will review the KSC ERB actions
concerning the laminate repairs, the disassembly,
cleaning, testing, and re-assembly of the fairing
in the very near future.

17
Red Team Findings for theEO-1 Launch Vehicle
Risk

Launch Vehicle Residual Risk for EO-1 Mission Is
Low

18
Red Team EO-1 Residual Risks Recommendations
for Mitigation
RESIDUAL RISK ORIGINALLY REPORTED BY RED TEAM
RISK MITIGATION

S/C is a single-string design
WARP is an advanced technology data processor and
storage device that is necessary for Minimal
Mission success

Obtain at least 300 hours of system failure-free
T/V operation
Successfully completed except for S-band
transponder
Implement around the clock, 3 shifts per day,
on-orbit operations this allows Minimal Mission
to be completed in about 120 days
Minimal mission has been base-lined
Probabilistic Risk Assessment shows probability
of success for the Minimal mission to be 0.9
Obtain at least 300 hours of WARP failure-free
operation
Successfully achieved in T/V II
Need Stress Analysis that shows acceptable parts
de-rating.
Stress Analysis completed acceptable parts
de-rating
Define backup solution that utilizes the empty
slot in the WARP, or a new box that matches the
baseplate footprint, to meet the requirements of
the ALI only
Design successfully completed, but not
implemented because of successful operation in
T/V II.

19
Red Team EO-1 Residual Risks Recommendations
for Mitigation

Conduct walk-throughs of all mission critical
ground and flight software, and freeze software
no later than start of baseline functional
testing for T/V exercise this software during
T/V
This was successfully implemented
Project should assess how they will conduct EO-1
operations utilizing the existing test bed with
an acceptable level of risk to the mission
Project successfully addressed this in the
Pre-ship Review Presentation.
Requires failure-free operating time on S/C and
accelerated operations plan
Failure-free operating time achieved (except for
S-band transponder), and Minimal-mission
base-lined.
Red Team members did review some GSFC supplied
hardware and QA paper work and found that they
were better than the Red Team originally thought
they were.

Flight software still undergoing change and has
minimal failure-free operation time
High fidelity hardware / software test bed does
not exist for supporting on-orbit operations
The QA process as chosen by the Project for the
Goddard GFE has resulted in a level of program
risk that cannot be quantified.

20
Red Team EO-1 Residual Risks Recommendations
for Mitigation

Require that a worst case analysis be done that
quantifies the amount of margin that may be used
before launch
Project determined margin and has taken steps to
insure that margin does not erode.
Perform thermal analyses of hardware to determine
thermal stresses at maximum power operating mode.
Evaluate performance in upcoming S/C T/V
testing.
Successfully completed
Problem could not be determined, but identical
unit from the TRIANA Mission is being
substituted. These transponders have a good
history and the TRIANA unit has completed
acceptance testing. Additional failure-free
hours will be put on the unit to achieve a total
500 hours of operation in TV and an additional
300 hours in ambient integrated with the S/C.

The amount of He required to use up the Gyro
margin is unknown. The concern is that the Gyro
margin may be exceeded before launch.
Critical S/C hardware, WARP, PSE ACDS, received
only thermal cycling (not T/V).
S-band transponder suffered an intermittent
failure during S/C TV II Testing

21
Red Team Assessment ofEO-1 Single-Point
Failures, FMEA, FTA, PRA

Red Team Charter focuses on single-point failure
mechanisms as a major source of residual risk.
Three system engineering tools have been used (at
the NASA Administrators request) to estimate the
likelihood of occurrence and overall mission risk
associated with the predominate failure modes
Failure Modes and Effects Analyses (FMEA)
Fault Tree Analysis (FTA)
Probabilistic Risk Analysis (PRA)
These tools were not used to develop the EO-1
design, but were performed as part of the Red
Team process after the design was completed
Single string design by policy (redundancy was
largely out-of-bounds)
Selective redundancy utilized where possible
These tools have been used in a complementary way
to evaluate the likelihood of successfully
completing the EO-1 Minimal Mission
Included the Flight, Ground System and Launch
(mission unique)
Utilizing these tools, the Probabilistic Risk
Assessment yielded a mission success probability
of 0.90 for the Minimal Mission (120 days)

22
Red Team Assessment ofEO-1 Single-Point
Failures, FMEA, FTA, PRA

EO-1 S/C does have selected redundancy and not
all hardware is required to meet the Minimal
Mission
Solar Array Loss of a string can be tolerated
Solar Array Drive Not required for Minimum
Mission
PSE some internal work-arounds available
1773 Data Bus Redundant fibers, Star Couplers,
and Transceivers
Propulsion Not required for Minimum Mission
WARP Some internal partial redundancies
X-Band Transmit Not required for Minimum
Mission
ALI Some internal partial redundancies
Not all instruments/hardware are required to meet
the Minimal Mission
Hyperion, LAC
X-Band Phased Array Antenna, Lightweight Flexible
SA, Pulse Plasma Thruster, GPS, Warp X-Band
Exciter
Launch Vehicle Mission-Unique FMEA
EO-1 Separation from DPAF Bolt Cutters and
Wiring are redundant
Ground System FMEA
Spares and alternative data paths
Safe Hold will keep EO-1 unharmed during Ground
System outages

23
Red Team Assessment ofEO-1 Single-Point
Failures, FMEA, FTA, PRA

WARP as a Single-Point Failure
Is a single string component
Has an S-Band back-up to the X-Band Channel
Memory chips can fail without any impact to the
WARPs operation
Can map around large areas of failed memory
Entire memory board can fail without impact to
the other memory board
WARP reliability prediction is 0.896 for one year
and 0.950 for 120 days
Red Team believes the WARP represents an
acceptable risk for EO-1
Received in-depth assessment from Red Team
(examination of boards, stress and thermal
analyses reviewed)
Red Team concerned there was no breadboard or
engineering model, but examination of boards
showed all re-work done well. (Memory Interface
Board was replaced)
Has never had a design failure and only one
hardware fix (defective part in LVPC)
Has had no software modifications
Over 2000 hours of operation, over 750 hours of
T/V operation, and over 500 hours since the
replacement of the LVPC regulator board

24
Red Team EO-1 Overall Mission Risk Statement
(with Justification)

The Red Team assessment is that EO-1 is a low
risk for achieving success for the Minimum
Mission
Major risk is the single string design
Power System, ACS, WARP, and ALI must operate
properly or mission is a complete loss
S/C systems and ALI instrument do have selected
redundancies
Mitigation
Selected redundancy and many operational
work-arounds do exist
Loss of Star Tracker can be mitigated by use of
three-axis magnetometer (TAM)
Loss of IRU can be mitigated by use of the Star
Tracker
S-Band transmitter can backup the X-Band
capability (not vice-versa)
Housekeeping RSN essential only through Solar
Array deployment
WARP can lose a whole memory board (or parts of
both boards) and still meet mission requirements.
Failure of one of the ALI SCA channels can be
tolerated.
The ALI and S/C systems have a high number of
operating hours
The Flight Operations Team participated fully in
all S/C testing
The Delta is a proven LV
Minimal Mission Success can be achieved in only
120 days at a probability of success of 0.90
(0.75 if spread over one year)

25
Back-Up Charts
26
Instruments ALI (Rating 7)

The ALI is necessary to meet the Minimal Mission
Lincoln Lab developed the instrument
Lincoln Lab had good management involvement and a
long history of building this type of hardware.
They also had good peer reviews.
They had a good test program with good factors of
safety.
The ALI has selective redundancies in the
mechanisms to reduce the possibility of failure
Red Team found all processes for the ALI to be a
7 (nominal) or above. However, the re-occurring
contamination that occurs in the focal plane
needed to be addressed. (Addressed at the Delta
Pre-Ship Review)
On-board reference lamp tracks contamination
Heating of focal plane drives off contamination
On-orbit decontamination process included in
mission planning
Failures in the ALI occurred early, were
successfully repaired, and were well documented.

27
Instruments Hyperion (Rating 7)

This is a TRW developed instrument
Not required to meet the Minimal Mission
Based on existing designs, good technical
reviews, and test and excellent calibration
processes.
Implemented excellent risk management and product
assurance program.
Built on schedule within 12 months and quality
was not cut or reduced.
Selected redundancies to increase probability of
success.

28
Instruments LAC (Rating 7)

This is a Goddard developed instrument which
implemented Goddard workmanship and quality
control standards.
They conducted all the appropriate environmental
testing, including T/V at the box level
LAC is not required for the Minimal Mission
There have been no residual problems noted on
this hardware

29
Spacecraft Subsystems

1. Technical Peer Reviews (Rating 7)
Hardware
All S/C Subsystems have documented peer reviews
Software
Some software was peer reviewed by the MAP
Project
RFAs submitted to identify all mission critical
software, and formal code walk-throughs have been
conducted for all critical software
Code walk-throughs completed for all critical
software

30
Spacecraft Subsystems (continued)

2. System Level Reviews (Rating 8)
Total of 32 Reviews completed between EO-1
Primary Configuration Review in May 1997 and Red
Team Preliminary Report in May 2000
403 RFAs assigned
6 Reviews to launch (including Red Team Reviews)
Review Sponsorship
20 Reviews for Office of Flight Assurance (code
300) conducted
17 External Reviews (EIRR, Littles Committee,
Senior Managers Review, Red Team)
2 Engineering Directorate Reviews (AETD, Code
500)
5 NMP/EO-1 Project Office Reviews
Cross-involvement of all review teams in many
reviews
Additional GSFC and Red Team Reviews held since
May 2000 include
Thermal Vacuum II Readiness Review
Red Team Review of RFAs and EO-1 Risk Analyses
Delta Pre-Ship Review

31
Spacecraft Subsystems (continued)

3. Test and Verification Program (Rating 7)
The observatory functional and environmental test
program was complete and included all the
appropriate testing required
The philosophy of the Project was to defer
testing (in some cases) to observatory level by
limiting the box level testing -- Red Team
believes that this has resulted in additional
risk
Lack of Engineering test units is a residual risk
to program, trouble shooting difficult on ground
and on orbit
Red Team recommended a min. of 300 hours of
failure-free operating hours be obtained in T/V
on all hardware to obtain sufficient hardware
confidence.
This was successfully achieved except for a
failure of the S-band transponder (heritage
hardware).
Project obtained a replacement transponder from
the Triana Program and will achieve sufficient
hours of operation on it and in the system prior
to launch.
Software project utilizes 7 RSNs and 2 Mongoose
V Processors
Software has some heritage from SAMPEX, XTE, TRMM
and MAP.
Part of the software had formal IVV
Software operated successfully during final 300
hour T/V testing of the observatory

32
Spacecraft Subsystems (continued)

4. Product Assurance (Rating 7)
The contractor elements ALI, Hyperion, etc.,
seemed to have a more rigorous quality process
than the GSFC elements.
Inconsistent across all of the hardware by the
Project / Institution. A serious consequence is
that it is difficult if not impossible to put
Product Assurance back into the hardware
Red Team initially concerned that a minimal
effort was performed on the GSFC hardware
regarding Product Assurance
Independent assessments of the GSFC hardware,
particularly the WARP, showed that the PA was
better then initially believed.
Successful completion of the 300 hour T/V testing
at the observatory level (except for the
transponder) adds confidence that the PA is
adequate

33
Spacecraft Subsystems (continued)

5. Systems Management (Swales) (Rating 8)
The Swales Systems Manager provided a good review
of their Systems management of the S/C
Good traceability of lowest level requirements
back to Level 1 (EO-1 Project Plan)
Each of the lowest level requirements, for a
given function, was verified by Analysis, or Test
and Evaluation
Critical S/C resources were well managed Mass,
Telemetry, Power, etc.
Configuration Management processes in place for
drawings and IT Procedures
Excellent work order process utilized
Excellent IT Management

34
Spacecraft Subsystems (continued)

6. Verification Matrix (Rating 7)
The Project provided a complete verification
matrix for all the elements/subsystems.
The Verification Matrix was reviewed by each
presenter for his particular subsystem/area
during all subsequent reviews and was found to be
adequate

35
Spacecraft Subsystems (continued)

7. Staffing (Rating 7)
Project staff which presented to the Red Team
were knowledgeable and competent.
Swales provided names/experience of their project
personnel
Swales has excellent subsystems experience, but
this was their first S/C integration
Swales key personnel had extensive S/C
integration experience
The present GSFC staff has extensive experience
in their respective areas. We were informed that
the project staffing did get off to a very slow
start and had a high turnover rate. In fact, B.
Cramer and D. Schulz are the only two remaining
from the original EO-1 Team.
The project manager has extensive S/C experience.
The current software manager has excellent
experience, but has only been on board since late
1999.
The GSFC supplied WARP, LAC, and Formation Flying
teams all appear to have well-qualified staff.

36
Spacecraft Subsystems (continued)

8. Integration and Test (Rating 8)
Technically sound Integration and Test program
CPT to test every function and to measure
performance of every subsystem.
Contains about 100 individual tests
All nominal and critical commands tested (about
500).
Performed non-CPT Performance Tests
End-to-End optical for instruments, X-Band
pointing tests, GPS Constellation Tests, Solar
Array mechanical deployment, Heater tests, etc.
MOC simulation tests
Thermal Vacuum Tests of complete S/C
Conducted CPT at both hot and cold plateaus
Functional tests conducted during pump-down and
at end before chamber break.
Conducted post-environmental CPT in Dec. 1999
Good procedures for checking out all systems and
for reporting problems (RFA submitted).
300 hour T/V test successfully completed at
observatory level prior to Delta Pre-Ship Review
(except for transponder)

37
Spacecraft Subsystems (continued)

9. Operating Time (Rating 7)
Red Team initially concerned that there was not
enough failure-free hours in T/V at the
observatory level due to
disassembly of S/C,
software not completed or frozen,
WARP power supply board had been changed, and
many mission critical boxes did not undergo T/V
after re-work
Project alleviated this concern by successfully
completing a 300 hr. T/V test (except for the
transponder) prior to the delta pre-ship review.
During these tests the observatory was exercised
through its thermal, power, and data handling
extremes.
New Transponder will have sufficient operating
time at the box level and system level prior to
launch.

38
Spacecraft Subsystems (continued)

10. Technical Review Process (Rating 7)
Project has initiated actions to close RFAs
generated by Red Team.
The project has addressed RFAs from all the
reviews and is close to having them all closed
out.
Web-based system for reviewing and closing out
RFAs worked well
Project presented many of the critical Subsystem
RFAs and how they were closed during the Red Team
Review.

39
Spacecraft Subsystems (continued)

11. Mission Simulations and Launch/Operations
(Rating 8)
Red Team has found the mission simulations plans
and implementation to be good.
Project has accomplished flight operations team
training using classroom techniques, the actual
vehicle, and training simulators. This training
plan is very thorough and complete.
ORR scheduled for October 3, 2000 and there are
still a number of actions that are not complete.
It is expected that the open actions will be
closed, but if not the rating of 8 will be
reduced.

40
Spacecraft Subsystems (continued)

12. FMEA, Fault Tree Analysis, and Probabilistic
Risk Assessment
The FME, FTA and PRA were completed after the
design and development of EO-1 was nearly
complete.
Project conducted a special review for the Red
Team to review these Risk Analyses
The Risk Analyses appear to have been done well
and have added confidence that EO-1 is a low risk
for meeting the minimal mission of 120 days.

41
Spacecraft Subsystems (continued)

13. Single-Point Failures (Rating 7)
Single string systems have a long successful
history at Goddard, but hardware must have a
robust design and good quality.
Red Team recommended a minimum of 300
failure-free operation hours in T/V to mitigate
the S/C changes and the single-string risk.
Red Team supports the Project recommendation to
accelerate Operations so the Minimal Mission can
be verified as quickly as possible (120 days).
EO-1 is single-string, but some hardware has
selected redundancies
Mechanisms for the solar array deployment,
ALI and Hyperion Instrument cover actuators
Solar array parallel strings
X-band antenna can fail gracefully due to
multiple SSPAs
X-band and S-band communication modes.
WARP has redundant memory boards, each of which
can fail gracefully
1773 data bus, and power harness
ACS Separate safehold processor, main computer
memory, and propulsion heater.
All non-essential loads have fuse protection

42
Spacecraft Technologies

The S/C technologies are all rated 7 or above in
all the specific assessment areas they are
Enhanced Formation Flying, EFF
Light-weight Flexible Solar Array, LFSA
Carbon-Carbon Radiator, CCR
X-band Phased Array Antenna, XPAA
Global Position System, GPS
Pulsed Plasma Thruster, PPT
The above technologies with the exception of EFF,
XPAA and PPT can not jeopardize the Minimum
Mission.
PPT will not be activated until after the Minimal
Mission requirements are satisfied.
EFF software can be changed from the ground if
problems arise.
XPAA has many redundant SSPAs, and is backed up
by S-band.

43
Spacecraft Technologies (continued)

XPAA is rated 7 or above in all the specific
assessment areas.
XPAA is not necessary to meet the Minimal Mission
(ALI data only and using the S-Band), but is to
communicate the large amount of data from the
three instruments.
The Red Team believes the XPAA has a low risk of
failure
Designed and built by Boeing under fixed-price
contract with GSFC
NASA GRC provided independent evaluation of RF
Modules, packaging and array communications
performance using Boeing EM hardware.
Three formal contract reviews conducted.
Experienced design / development team
Has more than 350 hrs. on-time since integrated
on S/C
No open items
Very redundant design except for the RSN

44
Operations

1. Technical Peer Reviews (Rating 7)
2. System Level Reviews (Rating 7)
Operations included in the Project system
reviews.
3. Test and Verification (Rating 7)
Test and Verification approach is sound.
Verification of the flight and ground database
expected before ORR
Implementation and verification of constraints
and restrictions (CR) are nearly complete (
Review at ORR on 10/3/00)
Project has limited test bed for on-orbit anomaly
investigation and for trouble- shooting problems
but by combining MAP and EO-1 hardware all the
software can be tested on the ground
4. Product Assurance (Rating 7)
Operations products (procedures, database, CR)
are now under CM

45
Operations (continued)

5. Systems Management (Rating 7)
Systems management approach and plans are sound
Team has done a good job of documenting problem
reports
Operations documentation is Web-based
6. Verification Matrix (Rating8)
Project provided an Operations testing matrix
showing status/plans for all operations tests.
7. Staffing and Experience (Rating 8)
Operations Team appears to be adequately staffed
with experienced personnel.
Team presented detail plans on how it would
implement 24 hour, 120 day Minimal Mission

46
Operations (continued)

8. Test and Integration (Rating 8)
Project uses same ground system for operations
training and IT
By launch, the operations ground software will
have 600 hours with the S/C
9. Failure Free and Total Operating Time (Rating
7)
Red Team recommended and EO-1 achieved a minimum
of 300 hrs. of failure-free S/C operation for T/V
tests prior to delta pre-ship review.
10. Technical Review Process (Rating 7)
Project has some open Operations RFAs assigned
by the Red Team (ORR item)
11. Mission Simulations Launch/Operations
(Rating 8)
Project has conducted many mission simulations to
date, final plans TBD for ORR
Most of the operations staff have participated in
IT
Contingency planning was well done and nearly
complete (ORR Review)

47
Operations (continued)

12. FMEA, FTA, PRA (Rating 7)
Appropriate documents were supplied to Red Team
for review
13. Single-Point Failures (Rating 7)
Both S-Band and X-Band communication available
from S/C to ground.
Ground can communicate through at least two
ground stations and through the TDRSS System

48
Launch Vehicle Evaluation Factors

Dual Payload Attach Fitting (DPAF)
DPAF comments based on review of documentation
and splinter meeting with DPAF program office
management team
DPAF documents reviewed
Design Certification Review (9/28/99)
Design Certification Review Update (3/7/00)
Delta L/V Design Certification Review (9/29/99)
Requirements Verification Matrix
Failure Modes and Effects Analysis
Specification Control Drawing (1D89290)

49
Launch Vehicle Evaluation Factors (continued)

Overall DPAF Observations
DPAF program was well planned and executed
Mission Success was top priority throughout
program (no cut corners)
DPAF design was heavily based on Ariane
4/MMS/SPELDA design and process heritage
Critical flight items were fully redundant and
thoroughly tested
Matra Marconi Space (MMS) and Boeing have
significant relevant flight experience
Very Low Residual Risk
Lack of modal survey prevents reduction of small
uncertainties in predicted loads
Load/deflection was used to verify structure and
interface stiffness
Modal survey is more rigorous

50
Launch Vehicle

1. Technical Peer Reviews - 8
DPAF (Dual Payload Attach Fitting)
DPAF major new development item
DPAF reviewed more extensively than the few other
mission unique elements
Several independent peer reviews held for DPAF
Independent reviews attended by relevant
subsystem experts (considerable breadth)
Other Mission Elements
Level, competence and independence of KSC
resident teams very good
Continuity of KSC review function stable
throughout transition of mission
KSC Delta specific depth limited

51
Launch Vehicle (continued)

2. System Level Reviews - 7
DPAF
Standard set of system level reviews
Additional Design Certification Review held
Many different organizations involved in reviews
NASA KSC, NASA OLS, Boeing,etc
Vested interest in mission success by all parties
(potential future capability)
Other Mission Elements
Standard set of system level reviews
Experienced background for MIT (mission
integration team)
limited experience in current roles
above average experience in other aspects or
other launch vehicles
For mission unique items, KSC conducts some
independent reviews
KSC has contractual right to approve/disapprove
or right to review all mission unique or mission
specific analyses, testing and reports
Heavy dependence, with KSC participation, on
Boeing review process for core vehicle items
Aerospace under contract for pedigree reviews

52
Launch Vehicle (continued)

3. Test and Verification Program (for mission
uniques) - 9
DPAF
DPAF Test and Verification very complete and
detailed very high standard
Although subcontractor had exceptional heritage
on SPELDA program, DPAF still re-tested as a new
design
LCCD systems subjected to both SPELDA and US
conventional Lot Acceptance Testing
DPAF LCCD gets the benefit of MMS standard
practices and US testing philosophy
LCCD Lot Acceptance Testing and Margin testing
performed
Second Proof Test after pathfinder activity
eliminates risks
Small residual risk due to lack of Modal Survey
Other Mission Elements
PAF Fit check and shock testing with flight PAF
GN2 purge standard mission specific item
numerous flights standard design
Independent KSC review of standard Boeing vehicle
testing

53
Launch Vehicle (continued)

4. Level of Mission Assurance - 8
DPAF
GSFC Code 300 performed DCRs and provided
important continuity
Experienced NASA FA individual continuous on DPAF
throughout program
Transitioned with program to KSC
Additional KSC mission assurance capability still
developing
Consistent NASA Project Office involvement
throughout DPAF program
Boeing and NASA mission assurance present
throughout development of DPAF
DPAF received greater scrutiny as a development
program
MMS quality control processes appear to be quite
thorough
Other Mission Elements
Boeing mission assurance processes above average
for DPAF, average in general
KSC mission assurance limited but growing

54
Launch Vehicle (continued)

5. Systems Management for Mission Uniques - 7
DPAF
NASA DPAF team constant throughout life of system
Minimum Boeing Personnel turnover
Minimal Boeing subcontractor personnel turnover
(MMS)
Detailed configuration control implemented by
Boeing through Specification Control Drawing
Process
Other Mission Elements
KSC focus on mission unique and integration items
Mission Specification (a.k.a. Interface Control)
Document not formally signed by spacecraft
projects (see special topic)

55
Launch Vehicle (continued)

6. Staffing - 8
DPAF
Experienced NASA project office personnel
Boeing and MMS team have considerable previous
experience
Other Mission Elements
Experienced KSC resident team at Boeing
Stable Boeing workforce reported by KSC
Limited Delta-specific contractor and civil
servant experience at KSC
Technical depth improving with experience

56
Launch Vehicle (continued)

7. Integration and Test - 9
DPAF
Thorough integration and test program for DPAF
Good waiver/nonconformance process
Rigorous tracking of non-conformances
Most waivers issued against documentation
corrections
Other Mission Elements
Strong ERB System review by KSC Systems
Engineering and Flight Assurance
Well defined system tests
Well defined PAF Fit and Shock Tests
NASA telemetry lab participates in Delta testing,
allowing detailed analysis

57
Launch Vehicle (continued)

8. Operating Time - 7
DPAF
DPAF does not contain any active electronic items
(i.e.. black boxes)
Other Mission Elements
No mission unique electronic configurations
required for mission..
9. Technical Review Process - RFAs - 8 (Above
Standard)
DPAF
All RFAs tracked and answered
All DPAF independent review team RFAs were
implemented
Other Mission Elements
RFAs tracked and answered

58
Launch Vehicle (continued)

10. Mission Simulations/Testing - 7
DPAF
S/C PAF Fit checks shock testing performed
Pathfinder activity performed
Prepared launch site personnel for DPAF
processing
Validated facility capabilities and
accommodations
Other Mission Elements
KSC Delta experience recently exercised on Image
launch campaign
Other recent DS-1, Landsat-7
Detailed mission dress rehearsal

59
Launch Vehicle (continued)

11. Assess FMEA, FTA and PRA for Completeness - 7
DPAF
FMECA and Separation Reliability Analysis
completed
Other Mission Elements
FMECA, FTA, PRA tools not formally used for
launch vehicle
FTA used for post-failure analysis
KSC active participant, with approval authority,
in all phases of mission unique development and
implementation
FMEA, PRA, FTA not required for vehicle mission
uniques

60
Launch Vehicle (continued)

12. Mission Requirements Verification Matrix - 8
DPAF
DPAF detailed verification matrix completed
Launch Vehicle specific requirements for DPAF
also tracked and documented
Other Mission Elements
Heritage GSFC and Boeing verification processes
The Boeing Mission Specification (nominal
interface control document) not signed by
spacecraft projects (see special topics)
Boeings formal verification process for their
mission specifications occurs very late in the
integration process
Not an early program process or document
(end-game process)
KSC developing independent verification database
EO-1/SAC-C first use
KSC process improvement