Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
30 Years of Space Debris Mitigation Guidelines in Europe Read chapter Read first chapter

2015 | OriginalPaper | Chapter

Resilient Redundancy: Design Study of the New HTV (H-II Transfer Vehicle)

Authors : Hideki Nomoto, Satoshi Ueda, Shinichi Takata, Toru Kasai, Tsutomu Fukatsu, Ryoji Kobayashi, Manami Nogami, Yasufumi Wakabayashi

Published in: Space Safety is No Accident

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

This work proposes a new "resilient redundancy" design.
While redundancy design is commonly believed to increase reliability of system, it could REDUCE it by the complexity and hidden common-mode errors introduced by the redundancy itself. [1][2]
Conventional "switch-over" redundancy management design inherently leads to discontinuity of control. Because of this discontinuity, system behavior could become unpredictable. Paradoxically, design efforts to prevent the discontinuity could make system even more unpredictable due to complexity introduced by "transient-special" control logic.
In this paper, we analyze the difference between conventional redundancy design and "nature's redundancy" such as the redundancy of right & left hands. Then a new redundancy design for the H-II Transfer Vehicle (HTV) is proposed. "Redundancy without backup string" concept will be described in detail. Although there are no backup strings, the system maintains mission capability against any combinations of two failures. The system redundancy is composed of non-identical triple strings all of which can operate either independently or jointly. The idea is based on Resilient Engineering. The goal is to realize a system to "adjust its functioning prior to, during, or following changes and disturbances" [3] in redundant manner, but without inviting unexpected behavior or control discontinuity.
Next, safety control architecture under the new redundancy design will be discussed. Conventional safety design often requires independent barriers in the system. Common implementation relies on multiple backup strings or independent safety devices. However, independent backup or safety devices can become a heavy load to the system because the unused backups will not contribute to the mission. As the result of it, safety and mission often conflict each other and it happens that mission capability needs to be compromised in order to protect safety and vice versa. By introducing the "redundancy without backup" policy, we propose to establish a new design paradigm where mission capability and safety can overcome that "zero-sum trade-off" relationship.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now
previous chapter The Failures of the Electronics of the Space Vehicles in the Conditions of Complex Influence of Space Factors
next chapter Flammability Test Plan for Fire Safety of KSLV-II
Literature
1.
S.D. Sagan "Learning from Normal Accidents" Organization and Environment, Vol. 17 January 2004
2.
N.C. Leveson "SAFEWARE" Addison-Wesley Publishing Company. Inc. 1995
3.
E. Hollnagel, D.D. Woods & N.C. Leveson "Resilient Engineering: Concepts and Precepts" Ashgate Pub Co, September 2006
4.
5.
E. Hollnagel, D.D. Woods "Joint Cognitive Systems: Foundations of Cognitive Systems Engineering" CRC Press 2005
6.
C. Perrow "Normal Accident: Living with high-risk technologies" Princeton University Press, September 1999
7.
W. Rogers "Report of the Presidential Commission on the Space Shuttle Challenger Accident" U.S. Government Office, Washington. D.C., 1986
8.
S. Matsuo, Y. Miki, T. Imada, S. Nakai "The Design Characteristics of the HTV Propulsion Module" IAC-05-C4.1.03, 2005
9.
S. Ueda, H. Nomoto, T. Kasai "A study on new GN&C and propulsion system architecture by resilience engineering approach" 9th International ESA Conference on Guidance, Navigation & Control Systems, June 2014
10.
Metadata
Title
Resilient Redundancy: Design Study of the New HTV (H-II Transfer Vehicle)
Authors
Hideki Nomoto
Satoshi Ueda
Shinichi Takata
Toru Kasai
Tsutomu Fukatsu
Ryoji Kobayashi
Manami Nogami
Yasufumi Wakabayashi
Copyright Year
2015
Book
Space Safety is No Accident

Print ISBN: 978-3-319-15981-2

Electronic ISBN: 978-3-319-15982-9

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-15982-9_61

Premium Partner

    Image Credits