4. the art of systems engineering rev 1 - john muratore
TRANSCRIPT
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
1/36
1
The Art of Systems Engineering
John F. Muratore
University of Tennessee Space Institute
October 16-17, 2008
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
2/36
2
The State of Systems Engineering
Education Most of what we teach in Systems Engineering is process
Easy to understand why Engineers like process and find it easy to teach Can easily tell when weve accomplished the goal DOD/NASA contracts require it
These processes are good and are an important part of engineeringsystems
All systems engineering practitioners should be knowledgeable in them Good Systems Engineering consists of more than process
There is an art component to systems engineering But it is hard to define
Purpose of this talk is to discuss the characteristics of the art ofsystems engineering and how we might teach it
Im going to use a lot of aviation examples because there is morevolume in aviation than in space and so greater opportunity forexamples The concepts are all applicable to any kind of systems development
whether aviation, space, telecommunications, energy, etc.
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
3/36
3
Discussion today based on experience
with several NASA projects
New MCC X-38
Shuttle Return To Flight
First HubbleRepair Mission
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
4/36
4
Example Processes We Teach at UTSI
Requirements Development Functional Decomposition andAllocation
Requirements Traceability and Verification Design Review and RID processing Hazard Analysis Risk Management
Configuration Management and Change Control Mass Properties Management Interface Control Trade Studies Management and Analysis of Alternatives
Technical Performance Metrics and Key PerformanceParameters Architecture definition and frameworks Technology Readiness Levels Natural and Induced Environments definition
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
5/36
5
The two halves of systems
engineering
You need to use both halves of your brain to perform
systems engineering There is a left half brain part that is about being
compulsive about identifying requirements,decomposing them, tracking their verification, etc
The PROCESS of systems engineering There is a right half brain part that is about intuitively
inquiring about and understanding how all the parts of acomplex system interact and engineering them tointeract in desirable and predictable ways
This is the ART of systems engineering
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
6/36
6
Hygiene
I view the compulsive stuff as good hygiene it will keep
a healthy project healthy, but it cant really cure a projectthat is ill with real problems I call it my washing your hands after going to the
bathroom analogy Washing your hands after you go to the bathroom will
help keep you healthy But if you have cancer, you need more seriousintervention to fix fundamental issues
Similarly in projects, if you have a good engineeringapproach keeping track of all those processes will keep
things healthy But if you have a bad engineering approach, you can runprocesses all day long and it isnt going to fix thefundamental problems
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
7/36
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
8/36
8
X-32 versus X-35
Competition for the Joint Strike Fighter may represent a case studyin process versus art
As best I can piece together, both designs met all the requirementsand were well engineered X-32 was optimized to meet all the requirements with the
specified margins did not have additional potential Total execution of process to deliver the minimum cost
minimum risk vehicle to meet the requirements Direct lift was not the most efficient propulsion technique but itwas low cost/ low risk and other components engineered tomeet mission requirements
X-35 had significant additional growth capability over the requiredmargin but it required use of a new high risk technology (lift fan)
To some, X-35 was a more appealing mold line and representedmore of a fighter configuration In the end, the DOD selected X-35
I dont know if there were other overriding factors , but I wouldargue that it may have been a victory of art over process
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
9/36
9
How do we teach art ?
Elements of style
Reviewing the work of masters
Lots of practice and critique on smaller
scale projects Learn to develop techniques on small scalebefore going to larger scale
Remember this from grade school ?
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
10/36
10
Seven Elements of Style in Systems
Engineering
Robustness
Elegance
Balance
Growth Capability Visibility
Reasonableness
Complexity
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
11/36
11
Robustness
Sensitivity to the boundary conditions
Does the system gracefully degrade or is there nonlinearbehavior at the boundary conditions
Sensitivity analysis
Awareness of non-linear relationships
Characteristics that contribute to robustness Margin
Fault tolerance
We can teach robust design techniques
Cost
function
Operatingcondition
Cost
function
Operatingcondition
Less robustMore robust
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
12/36
12
Saturn V
Original Saturn V first and second
stage designs met all knownrequirements with four engines Von Brauns team at Marshall
Space Flight Center added a fifthengine to first and second stage for
margin Apollo would not have beenpossible if that performance had notbeen available as mass in thecommand/service module and lunarmodule grew Additional performance also
enabled more science content inthe later Apollo J missions
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
13/36
13
Robustness doesnt have to cost weight,
or large money investment The X-38 lifting body control system design was completely computer controlled
fly by wire
As initially designed, the zero voltage output from the aero surface commandelectronics resulted in the body flaps all the way down and the highest outputvoltage resulted in them all the way up.
We discovered that if the electronics lost power, that they would fail to a zero output
During the design, we asked what if we set up the actuator electronics so that theaero surface position for trim flight would result when receiving a zero output fromthe electronics
Needed to put some resistors in the interface between the command channel and theactuator
This would minimize the disturbing forces from a surface if the commandelectronics lost power
In simulation, we found that the vehicle could fly on one body flap if the other was intrim. It could not if the flap was ll the way hard down
We then channelized the left and right body flaps into different command electronicschannels we had to do this anyway because we had four surfaces and could onlyput two surfaces in each command channel electronics
We discovered that we could do the same thing with the rudders
Result was that a single string flight control system could withstand failure of anyone of its command electronics channels and still maintain stable flight
Single fault tolerance out of a non-redundant system !
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
14/36
14
Elegance
Does the design reflect simple unifying
solution OR
are there a series of special solutions
(kludges) which are required for special
conditions within the normal operating
envelope
Awareness and avoidance of singularities
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
15/36
15
Balance
Unbalanced designs rarely are world beaters
A balanced design is where all of the disciplines areconsidered and work together Even in balanced design, some disciplines are more important
than others
The nature of discipline engineering makes it a challengeto achieve balance (see cartoon next page)
This is why it is vitally important for systems engineers toknow what is important in a given design Not all elements of the design get the same attention or need the
same amount of rigor In a world of limited resources it is important to sharpen yourpencil only on the important areas of the design
However all elements must be considered to ensure that theyare working together instead of against each other
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
16/36
16I thought this was funny until we designed the X-38 and I saw it happen first hand
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
17/36
17
Supermarine Spitfire
Mission Fighter
Aircraft
Optimized foraerodynamic
performance
elliptical wing
Suboptimal stability
nasty spin mode,manufacturing, high
speed structure
GeeBee
Mission RacerOptimized for engine
and minimal drag
Suboptimal -
controllability
P-51 balanced
design with a
laminar wing of
rectangularplanform, low
drag, same engine
as Spitfire was a
superior aircraft
and faster than theGeeBee
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
18/36
18
Balance at the subsystem level
Glenn Bugos in his book Engineering the F-4 Phantom
II Parts into Systems talks about he need in subsystemdesign for continuing cycles of Aggregation finding the parts (often off the shelf) to make a
system function Disaggregation talking them apart to identify the pieces you
need
Re-aggregation putting them back together in a way that isoptimized for a given application
There is so much good off the shelf hardware out theretoday, and the desire to reduce development cost is soimportant, that we have trained a generation of
subsystem engineers to aggregate as much off the shelfequipment as they can We have not emphasized that for high performance applications
you may need to disaggregate and then re-aggregate
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
19/36
19
X-38 example
The X-38 was a prototype for the Crew Return Vehicle for theInternational Space Station An ambulance and a lifeboat for the station
It operated as a lifting body during entry and flew under a parafoilduring final descent and landing
During the initial X-38 test flights we used a separate Guidance,Navigation and Control system for two phases of flight lifting body
phase and parafoil phase of flight The parafoil GN&C was off the shelf and it allowed us to partitionour efforts
As the program progressed it was clear that the parafoil GN&C wasvery limited and that the weight of the separate system was notacceptable for the space test vehicle
We took apart the functions of the parafoil GN&C and integratedthem with the lifting body GN&C Lighter weight system Easier crew interfaces Much greater functionality
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
20/36
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
21/36
21
Balance also involves mutual support
between systems X-38 examples
During the design of the X-38 flight control system we
had initially a zero fault tolerant air data system forsensing angle of attack The flight mechanics community realized that based on the
command surface position, pitch attitude and rate that they couldestimate angle of attack sufficiently to maintain control
These parameters were available from the inertial measurement
system, a separate system from the air data system We built in a system using available inertial sensors to back up
the air data system
We used electromechanical actuators in the X-38 flightcontrol system
EMAs required power to hold loads but actually back generatedcurrent under certain conditions Initially we used current shunts to deal with the generated
power, but then we learned to put the re-generated power backinto the batteries
Significantly reduced battery requirements for spaceflight vehicle
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
22/36
22
Growth Capability - Scalability , and
Extensibility Scalability can the design be grown to handle larger
amounts of its current function Extensible can the design be grown to provide additional
functionality The difficulties of delivering designs on cost and schedule
results in a tendency towards closed designs which cannot
be grown or extended Techniques exists to help maintain scalability, extensibility
and growth capability Built on standards particularly on interfaces Monitoring and managing margins during development
Having growth targets Hooks and scars to extend capability Awareness of the physics based limitations
Usually through modeling
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
23/36
23
F-4 Phantom II F-4 Phantom II designed at the start as a multi-
mission aircraft even though the requirement was for
a carrier based day interceptor Twin engines, two crewmembers, structure and
systems sized for growth
In 1958 J.S. McDonnell wrote that
This airplane represents to me a combat weaponsystem designed not only for unsurpassedperformance, but with the same liberal allowancefor growth potential that kept the F2H Bansheein the Navy first line operational squadrons formany varied missions from 1949-1958
As a result the F-4 went into service in early1960s but as late as mid 1990s over 2000 werestill in service worldwide
Designed for the Navy, the Air Force eventuallybought three times as many aircraft
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
24/36
24
Visibility
Most systems are inherently invisible
Especially software intensive systems
Systems engineer must recognize this
nature and design in visibility
Instrumentation Alerts and warnings, displays and controls
Access points for viewing system internal
functioning during verification Models that predict system function that are
verified by test
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
25/36
25
Lack of Visibility Examples
At least two Airbus crashes have been blamed on confusion
between what the pilot thought the system was doing and what thesystem was actually doing
In one crash, the pilot thought the aircraft was in Takeoff GoAround mode (TOGA) and the aircraft crashed
In one crash, the pilot was attempting a landing and the systemwas accidentally switched to TOGA mode
Three Mile Island was also a case of system functioning beinginvisible to the operator
Operators thought water level high
In fact water level was so low that core was almost exposed
Learning how to make the system visible and building it so that its
behavior is natural and instinctive for humans is a critical part ofgood systems engineering
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
26/36
26
Reasonableness
Technology moves ahead both in gradual evolution and
rapid revolution Evolution involves design principles and technology withgood heritage
Revolution involves new design principles and technologies
When attempting both evolutionary and revolutionary
progress, it is really important to apply reasonableness tests For evolution can ask about design principles and heritage oftechnology
For revolution have to ask about experience in smaller scale andthe theoretical-model based analysis and predictions
The history of technological progress is littered with ideas
whose promise was so appealing that the analysis whichshowed that the idea was impractical was ignored
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
27/36
27
Reasonableness
By far the biggest airplane ever
built, the H-4, also known as theHercules, had a wingspan of 320
feet--20 feet longer than a
football field. It had enough
cargo space to carry two
railroad boxcars. It had eight
massive engines with 17-footpropellers. It weighed 300,000
pounds. And it was made of
wood
It only ever flew once at low
altitude for about a mile.
From www.straightdope.com
The Spruce Goose
R101
Crew: 45
Capacity: 100
Length: 777 ft in (237 m)
Diameter: 131 ft in (40 m)Volume: 5.5 million ft (160,000 m)
Useful lift: 100,000 lb (45,000 kg)
Powerplant: 5 Beardmore MkI Tornado 8 cylinder diesel 585 hp (436
kW) each
Hindenburg was eventually built larger but only after many several smaller
dirigibles. This was UKs first attempt
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
28/36
28
Nuclear powered airplane
pursued in the 1950s Prototype built idea was
unending flight
Never practical nuclear
reactors are nowhere near
the efficiency of aircraft
power plants and theshielding weight is
prohibitive
X-33
Idea was single stage to orbitRequired the structural
efficiency greater than that of a
soda can while subjected to
thermal, aerodynamic, inertial
and internal pressure loads
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
29/36
29
Complexity
Managing complexity is one of the key
aspects of the ART of systemsengineering
Understanding and avoiding overly
complex solutions is critical Establishing clean interfaces which
minimize interaction between componentsis a critical skill
Establishing layers in defining a system isone of our best techniques
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
30/36
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
31/36
D l t h i ll l
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
32/36
32
Develop techniques on small scale
projects
Artists dont start out creating a great masterpiece in
their first painting or sculpture Why do we think that systems engineers can start outsucceeding on large scale projects There is only so much that you can learn as an apprentice
carrying the masters paints Apprentice training is our major training technique when we
assign systems engineers to large projects Need to have projects where the skills and techniques
can be developed Big things can evolve out of this approach
New Mission Control Center with > 250 computers in a
distributed system grew out of a core set of software developedby a small number of young people working on 4 computers
Only requirement is that the problem contain the realissues
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
33/36
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
34/36
34
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
35/36
35
-
8/14/2019 4. the Art of Systems Engineering Rev 1 - John Muratore
36/36
36
Conclusion
The ART is a key part of Systems Engineering
We can define the elements of style, masters to
follow and teach how to develop techniques in
the small
This briefing is an attempt to define some of the keyelements
We need to develop ways of teaching these elements
Learning how to teach and incorporate ART is
the key to improved systems engineeringpractice