4. the Art of Systems Engineering Rev 1 - John Muratore

8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore

1/36

1

The Art of Systems Engineering

John F. Muratore

University of Tennessee Space Institute

October 16-17, 2008


2/36

2

The State of Systems Engineering

Education Most of what we teach in Systems Engineering is process

Easy to understand why Engineers like process and find it easy to teach Can easily tell when weve accomplished the goal DOD/NASA contracts require it

These processes are good and are an important part of engineeringsystems

All systems engineering practitioners should be knowledgeable in them Good Systems Engineering consists of more than process

There is an art component to systems engineering But it is hard to define

Purpose of this talk is to discuss the characteristics of the art ofsystems engineering and how we might teach it

Im going to use a lot of aviation examples because there is morevolume in aviation than in space and so greater opportunity forexamples The concepts are all applicable to any kind of systems development

whether aviation, space, telecommunications, energy, etc.


3/36

3

Discussion today based on experience

with several NASA projects

New MCC X-38

Shuttle Return To Flight

First HubbleRepair Mission


4/36

4

Example Processes We Teach at UTSI

Requirements Development Functional Decomposition andAllocation

Requirements Traceability and Verification Design Review and RID processing Hazard Analysis Risk Management

Configuration Management and Change Control Mass Properties Management Interface Control Trade Studies Management and Analysis of Alternatives

Technical Performance Metrics and Key PerformanceParameters Architecture definition and frameworks Technology Readiness Levels Natural and Induced Environments definition


5/36

5

The two halves of systems

engineering

You need to use both halves of your brain to perform

systems engineering There is a left half brain part that is about being

compulsive about identifying requirements,decomposing them, tracking their verification, etc

The PROCESS of systems engineering There is a right half brain part that is about intuitively

inquiring about and understanding how all the parts of acomplex system interact and engineering them tointeract in desirable and predictable ways

This is the ART of systems engineering


6/36

6

Hygiene

I view the compulsive stuff as good hygiene it will keep

a healthy project healthy, but it cant really cure a projectthat is ill with real problems I call it my washing your hands after going to the

bathroom analogy Washing your hands after you go to the bathroom will

help keep you healthy But if you have cancer, you need more seriousintervention to fix fundamental issues

Similarly in projects, if you have a good engineeringapproach keeping track of all those processes will keep

things healthy But if you have a bad engineering approach, you can runprocesses all day long and it isnt going to fix thefundamental problems


7/36


8/36

8

X-32 versus X-35

Competition for the Joint Strike Fighter may represent a case studyin process versus art

As best I can piece together, both designs met all the requirementsand were well engineered X-32 was optimized to meet all the requirements with the

specified margins did not have additional potential Total execution of process to deliver the minimum cost

minimum risk vehicle to meet the requirements Direct lift was not the most efficient propulsion technique but itwas low cost/ low risk and other components engineered tomeet mission requirements

X-35 had significant additional growth capability over the requiredmargin but it required use of a new high risk technology (lift fan)

To some, X-35 was a more appealing mold line and representedmore of a fighter configuration In the end, the DOD selected X-35

I dont know if there were other overriding factors , but I wouldargue that it may have been a victory of art over process


9/36

9

How do we teach art ?

Elements of style

Reviewing the work of masters

Lots of practice and critique on smaller

scale projects Learn to develop techniques on small scalebefore going to larger scale

Remember this from grade school ?


10/36

10

Seven Elements of Style in Systems

Engineering

Robustness

Elegance

Balance

Growth Capability Visibility

Reasonableness

Complexity


11/36

11

Robustness

Sensitivity to the boundary conditions

Does the system gracefully degrade or is there nonlinearbehavior at the boundary conditions

Sensitivity analysis

Awareness of non-linear relationships

Characteristics that contribute to robustness Margin

Fault tolerance

We can teach robust design techniques

Cost

function

Operatingcondition

Cost

function

Operatingcondition

Less robustMore robust


12/36

12

Saturn V

Original Saturn V first and second

stage designs met all knownrequirements with four engines Von Brauns team at Marshall

Space Flight Center added a fifthengine to first and second stage for

margin Apollo would not have beenpossible if that performance had notbeen available as mass in thecommand/service module and lunarmodule grew Additional performance also

enabled more science content inthe later Apollo J missions


13/36

13

Robustness doesnt have to cost weight,

or large money investment The X-38 lifting body control system design was completely computer controlled

fly by wire

As initially designed, the zero voltage output from the aero surface commandelectronics resulted in the body flaps all the way down and the highest outputvoltage resulted in them all the way up.

We discovered that if the electronics lost power, that they would fail to a zero output

During the design, we asked what if we set up the actuator electronics so that theaero surface position for trim flight would result when receiving a zero output fromthe electronics

Needed to put some resistors in the interface between the command channel and theactuator

This would minimize the disturbing forces from a surface if the commandelectronics lost power

In simulation, we found that the vehicle could fly on one body flap if the other was intrim. It could not if the flap was ll the way hard down

We then channelized the left and right body flaps into different command electronicschannels we had to do this anyway because we had four surfaces and could onlyput two surfaces in each command channel electronics

We discovered that we could do the same thing with the rudders

Result was that a single string flight control system could withstand failure of anyone of its command electronics channels and still maintain stable flight

Single fault tolerance out of a non-redundant system !


14/36

14

Elegance

Does the design reflect simple unifying

solution OR

are there a series of special solutions

(kludges) which are required for special

conditions within the normal operating

envelope

Awareness and avoidance of singularities


15/36

15

Balance

Unbalanced designs rarely are world beaters

A balanced design is where all of the disciplines areconsidered and work together Even in balanced design, some disciplines are more important

than others

The nature of discipline engineering makes it a challengeto achieve balance (see cartoon next page)

This is why it is vitally important for systems engineers toknow what is important in a given design Not all elements of the design get the same attention or need the

same amount of rigor In a world of limited resources it is important to sharpen yourpencil only on the important areas of the design

However all elements must be considered to ensure that theyare working together instead of against each other


16/36

16I thought this was funny until we designed the X-38 and I saw it happen first hand


17/36

17

Supermarine Spitfire

Mission Fighter

Aircraft

Optimized foraerodynamic

performance

elliptical wing

Suboptimal stability

nasty spin mode,manufacturing, high

speed structure

GeeBee

Mission RacerOptimized for engine

and minimal drag

Suboptimal -

controllability

P-51 balanced

design with a

laminar wing of

rectangularplanform, low

drag, same engine

as Spitfire was a

superior aircraft

and faster than theGeeBee


18/36

18

Balance at the subsystem level

Glenn Bugos in his book Engineering the F-4 Phantom

II Parts into Systems talks about he need in subsystemdesign for continuing cycles of Aggregation finding the parts (often off the shelf) to make a

system function Disaggregation talking them apart to identify the pieces you

need

Re-aggregation putting them back together in a way that isoptimized for a given application

There is so much good off the shelf hardware out theretoday, and the desire to reduce development cost is soimportant, that we have trained a generation of

subsystem engineers to aggregate as much off the shelfequipment as they can We have not emphasized that for high performance applications

you may need to disaggregate and then re-aggregate


19/36

19

X-38 example

The X-38 was a prototype for the Crew Return Vehicle for theInternational Space Station An ambulance and a lifeboat for the station

It operated as a lifting body during entry and flew under a parafoilduring final descent and landing

During the initial X-38 test flights we used a separate Guidance,Navigation and Control system for two phases of flight lifting body

phase and parafoil phase of flight The parafoil GN&C was off the shelf and it allowed us to partitionour efforts

As the program progressed it was clear that the parafoil GN&C wasvery limited and that the weight of the separate system was notacceptable for the space test vehicle

We took apart the functions of the parafoil GN&C and integratedthem with the lifting body GN&C Lighter weight system Easier crew interfaces Much greater functionality


20/36


21/36

21

Balance also involves mutual support

between systems X-38 examples

During the design of the X-38 flight control system we

had initially a zero fault tolerant air data system forsensing angle of attack The flight mechanics community realized that based on the

command surface position, pitch attitude and rate that they couldestimate angle of attack sufficiently to maintain control

These parameters were available from the inertial measurement

system, a separate system from the air data system We built in a system using available inertial sensors to back up

the air data system

We used electromechanical actuators in the X-38 flightcontrol system

EMAs required power to hold loads but actually back generatedcurrent under certain conditions Initially we used current shunts to deal with the generated

power, but then we learned to put the re-generated power backinto the batteries

Significantly reduced battery requirements for spaceflight vehicle


22/36

22

Growth Capability - Scalability , and

Extensibility Scalability can the design be grown to handle larger

amounts of its current function Extensible can the design be grown to provide additional

functionality The difficulties of delivering designs on cost and schedule

results in a tendency towards closed designs which cannot

be grown or extended Techniques exists to help maintain scalability, extensibility

and growth capability Built on standards particularly on interfaces Monitoring and managing margins during development

Having growth targets Hooks and scars to extend capability Awareness of the physics based limitations

Usually through modeling


23/36

23

F-4 Phantom II F-4 Phantom II designed at the start as a multi-

mission aircraft even though the requirement was for

a carrier based day interceptor Twin engines, two crewmembers, structure and

systems sized for growth

In 1958 J.S. McDonnell wrote that

This airplane represents to me a combat weaponsystem designed not only for unsurpassedperformance, but with the same liberal allowancefor growth potential that kept the F2H Bansheein the Navy first line operational squadrons formany varied missions from 1949-1958

As a result the F-4 went into service in early1960s but as late as mid 1990s over 2000 werestill in service worldwide

Designed for the Navy, the Air Force eventuallybought three times as many aircraft


24/36

24

Visibility

Most systems are inherently invisible

Especially software intensive systems

Systems engineer must recognize this

nature and design in visibility

Instrumentation Alerts and warnings, displays and controls

Access points for viewing system internal

functioning during verification Models that predict system function that are

verified by test


25/36

25

Lack of Visibility Examples

At least two Airbus crashes have been blamed on confusion

between what the pilot thought the system was doing and what thesystem was actually doing

In one crash, the pilot thought the aircraft was in Takeoff GoAround mode (TOGA) and the aircraft crashed

In one crash, the pilot was attempting a landing and the systemwas accidentally switched to TOGA mode

Three Mile Island was also a case of system functioning beinginvisible to the operator

Operators thought water level high

In fact water level was so low that core was almost exposed

Learning how to make the system visible and building it so that its

behavior is natural and instinctive for humans is a critical part ofgood systems engineering


26/36

26

Reasonableness

Technology moves ahead both in gradual evolution and

rapid revolution Evolution involves design principles and technology withgood heritage

Revolution involves new design principles and technologies

When attempting both evolutionary and revolutionary

progress, it is really important to apply reasonableness tests For evolution can ask about design principles and heritage oftechnology

For revolution have to ask about experience in smaller scale andthe theoretical-model based analysis and predictions

The history of technological progress is littered with ideas

whose promise was so appealing that the analysis whichshowed that the idea was impractical was ignored


27/36

27

Reasonableness

By far the biggest airplane ever

built, the H-4, also known as theHercules, had a wingspan of 320

feet--20 feet longer than a

football field. It had enough

cargo space to carry two

railroad boxcars. It had eight

massive engines with 17-footpropellers. It weighed 300,000

pounds. And it was made of

wood

It only ever flew once at low

altitude for about a mile.

From www.straightdope.com

The Spruce Goose

R101

Crew: 45

Capacity: 100

Length: 777 ft in (237 m)

Diameter: 131 ft in (40 m)Volume: 5.5 million ft (160,000 m)

Useful lift: 100,000 lb (45,000 kg)

Powerplant: 5 Beardmore MkI Tornado 8 cylinder diesel 585 hp (436

kW) each

Hindenburg was eventually built larger but only after many several smaller

dirigibles. This was UKs first attempt


28/36

28

Nuclear powered airplane

pursued in the 1950s Prototype built idea was

unending flight

Never practical nuclear

reactors are nowhere near

the efficiency of aircraft

power plants and theshielding weight is

prohibitive

X-33

Idea was single stage to orbitRequired the structural

efficiency greater than that of a

soda can while subjected to

thermal, aerodynamic, inertial

and internal pressure loads


29/36

29

Complexity

Managing complexity is one of the key

aspects of the ART of systemsengineering

Understanding and avoiding overly

complex solutions is critical Establishing clean interfaces which

minimize interaction between componentsis a critical skill

Establishing layers in defining a system isone of our best techniques


30/36


31/36

D l t h i ll l


32/36

32

Develop techniques on small scale

projects

Artists dont start out creating a great masterpiece in

their first painting or sculpture Why do we think that systems engineers can start outsucceeding on large scale projects There is only so much that you can learn as an apprentice

carrying the masters paints Apprentice training is our major training technique when we

assign systems engineers to large projects Need to have projects where the skills and techniques

can be developed Big things can evolve out of this approach

New Mission Control Center with > 250 computers in a

distributed system grew out of a core set of software developedby a small number of young people working on 4 computers

Only requirement is that the problem contain the realissues


33/36


34/36

34


35/36

35


36/36

36

Conclusion

The ART is a key part of Systems Engineering

We can define the elements of style, masters to

follow and teach how to develop techniques in

the small

This briefing is an attempt to define some of the keyelements

We need to develop ways of teaching these elements

Learning how to teach and incorporate ART is

the key to improved systems engineeringpractice

4. the Art of Systems Engineering Rev 1 - John Muratore

Documents

Transcript of 4. the Art of Systems Engineering Rev 1 - John Muratore