mbse on nasa's proposed europa mission

Jet Propulsion Laboratory California Institute of Technology

MBSE on NASA’s Proposed Europa Mission

Maddalena Jackson Flight System Requirements Team Model System Engineering Team

Agenda

•  Introduction •  Europa? •  MBSE on the Europa Project? •  How’s that going? •  Recommendations


INTRODUCTION

Introduction

•  Me: Europa Project for ~2 years •  MBSE for 7 •  Roles: – Practitioner –  Systems Engineer on FS requirements team

•  Do requirements engineering, happen to use MBSE as tool of choice

•  SW developer for query, automation, tool, visualization, and any other as-need infrastructure

– Model System Engineer for PSE •  One interface between SEs with more traditional

skill sets and system model •  My particular role is software management


EUROPA?

Europa

“Europa, with its probable vast subsurface ocean sandwiched between a potentially active silicate interior and a highly dynamic surface ice shell, offers one of the most promising extraterrestrial habitable environments, and a plausible model for habitable environments beyond our solar system”

“Visions and Voyages”, 2011 Planetary Decadal Survey

•  How do we solve Europa’s mysteries? By potentially sending a spacecraft and instruments to collect data for our investigation!

•  Europa Project: –  Early phase –  Dual focus on system/design architecture and closing big trades and

requirements derivation, analysis, and flow-down.


MBSE… ON EUROPA (not literally)

MBSE on the Europa Project

•  Europa is fully MBSE mission concept – We use MBSE to do our SE – MBSE is not the product

•  Specifically, for our phase: – MELs, PELs, resource allocation and analysis,

system decomposition, etc – All systems engineering activities

•  Requirements (derivation, justification, traceability, analysis, maturity, history, verification, document generation, metrics, etc.)

•  This talk will focus on the SE aspects

What can you do with MBSE?

•  Single Source of Truth –  Multiple interfaces (tailored), no confusion –  Living, interlinked, customized views of data

•  Automated generation of traditional and non-traditional documents –  Gate products –  Release documents –  Analysis products, spreadsheets, visualizations,

etc.

•  Semantically rich (and rigorous) patterns for expressing SE knowledge –  Reduces interpretation confusion –  Forces clarity, completeness, correctness –  Machine analyzable and queryable

What does the Europa Project do with that?

Model validation: completeness & correctness reports; metrics

Modeli(read-write)

ng client

Gate Products for Release (read-only)

Web Portal (read-write)

Other engineering analysis tools

Constraint AllocationSankey Data Generated on Mon Oct 05, 2015 at 11:02 AM by mjackson

Information System

Fault Management

Radio

Mission AssurancePartnershipsScience Data Set Distribution

Configuration

Electrical

Navigation

Accessibility

Delta-VFlyby Campaign Approach

Motion

Time ManagementMechanical

Business

emote Imaging

econnaissance Payload

Plasma Instrument for Magnetic Sounding (PIMS)

g and Altimetry

Radar for Europa Assessment and Sounding: Ocean to Near Surface (REASON)

Europa Imaging System (EIS)

Risk Management

Operations Strategy

Launch Vehicle Trajectory

Project Organization

Mass Spectrometry

Fields & Particles Sampling

Verification & Validation

Interior Characterization of Europa using Magnetometry (ICEMAG)

Electrical Power

Propulsion

Risk

Biological Cleanliness

Infrared Spectroscopy

Mapping-Imaging Spectrometer for Europa (MISE)

Short Wavelength Infrared Spectrometer

Environmental Approach

Observation Strategy

Trajectory Approach

Topographic Imager

Control Coordination

Dynamics

Launch Services

Volumetric Considerations

Project Phases

Technical Margins

Thermal Imager

Technical Resources

Checkout & Calibration Opportunities

Work Breakdown Structure

Mechanisms

Electronics Parts

Trajectory Design

Langmuir ProbesReconnaissance Camera

Fault Tolerance

Mass Spectrometer for Planetary Exploration

Observing Opportunities

Magnetometer

Ground Data System

External Communications

Delta-V Estimates Support EquipmentMassOrganization Conflict of Interest

Project/Institutional InteractionProject Schedule and Schedule ReservesEducation and Public Outreach

GDS Integration and Test Flow

Modules

Pointing ContrContamination

Schedule

Orbital Debris

Europa Thermal Emission Imaging System (THEMIS)

Radiation Effects

Susceptibility/Compatibility Control

Safety

Layout

Space Asset ProtectionMonitoring and Estimation

Flight System Pointing

Flyby Robustness

Mission Operations System

Operations Approach

Measurements

Data Transport and Management

Integration and Test System

Jupiter Trajectory

tary Protection

Launch

Energy

Environment Compatibility

Software Architecture

Project Implementation

Operability

Mission Concept

Ground System

Flight System

Telecom Strategy & Opportunities

Interplanetary TrajectoryRedundancy

Policies and Guiding PracticeFinancial

Temperature

Operability

Flyby Robustness

Space Asset Protection


Redundancy

PayloaFault Management

ansport and Management

Flight System

Ground Data System



Ground System

Configuration

Information System

Plane

straint (Proxy Concept)

d and Inferred

Operations Approach Data Tr

Time Management

R

R

Project Implementation sion Objective (Proxy Concept)

Soundin

System Model

Spreadsheets Custom visualizations

on Con

Line Color Key:Asserted Only Inferred Only Asserte

Resources and Margins MEL

PEL

Spacecraft and Project Requirements

Documents

Automation and query plugins and

libraries

Burndown, work to go, quality, and other metrics

What have we done with MBSE?

•  Requirements à documents •  Requirements à traceability


•  Requirements context, rationale, justification, narrative

•  “Functional” decomposition


•  Traceability Concept Hierarchy

Sankey Data Generated on Mon Oct 05, 2015 at 11:06 AM by mjackson

Concept Maturities: Identified Draft Prelim Baseline Final

Pointing Control

Biological CleanlinessSusceptibility/Compatibility Control

Software ArchitectureFlight Data Processing, Management, and Transport

Ground Data SystemNavigation Operations

Materials and ProcessesQuality

Integration and Test ProcessTechnical Resources

Support FacilitiesDSN Services

Project/Institutional InteractionScience Data Set Distribution

Computing Infrastructure

Ground Data Processing, Management, and


Safety

Electronics PartsConfiguration Management

Reliability

Mission Assurance

Required VariationsMajor Trades

System Evolution

System Lifetime MarginPropellant Tank Capacity MarginPower MarginsMass MarginsEnergy MarginDownlink Margin

Compliance with Export RestrictionsEducation and Public Outreach

Launch Services

Institutional Mandates


PartnershipsProject Organization


Organization Conflict of Interest


Project Schedule and Schedule ReservesProject Phases Project Phases and Key Milestones

Schedule Margin Management

Science SystemSpace Asset ProtectionMission Phases and Events

Planning and Sequence Development

Cost Estimation & Reserves

Schedule

Acquisition

Procurements

Business

Environment

Contamination

Europa Imaging System (EIS)Mass Spectrometer for Planetary ExplorationMapping-Imaging Spectrometer for Europa (MISE)Radar for Europa Assessment and Sounding: Ocean to Near Surface (REASON)Plasma Instrument for Magnetic Sounding (PIMS)Interior Characterization of Europa using Magnetometry (ICEMAG)

Navigation SystemMission Operations Engineering


Spacecraft OperationsScience and Instrument OperationsMission Control

Selected PayloadSurface Dust Mass Analyzer (SUDA)

Notional Payload Science Resource AllocationsPayload


Checkout & Calibration OpportunitiesObserving Opportunities

ReconnaissanceSounding and Altimetry

Mass SpectrometryRemote Imaging

Plume ScienceFields & Particles Sampling



Europa-UVS (Ultra-Violet Spectrograph)

Orbital Debris


PropulsionAllocations

Angular Momentum ManagementDelta-V

DynamicsMechanisms

Motion

Force-torque Decoupling

ConfigurationAccessibilityLayoutModules


Nuclear MaterialsElectrical Power

Power & Energy Allocations (PEL)Generation and Distribution

Computing, Data storage, and Networks

Information System

Fault Tolerance

Fault ManagementRedundancy

Monitoring and EstimationControl Coordination

ElectricalCablingEMI/EMCGrounding and Isolation

Radio

Tracking and Radio ScienceTelecommunications

Vibration

Structure Electronics Packaging

Mechanical

sion Concept

MeasurementsObservation Strategy

Radiation Characterization Strategy

MassRadiation EffectsRadiation Monitoring

Planetary Protection

Operations Strategy

Ground System

Flyby Campaign Approach

Environmental Effects MitigationEnvironmental Vulnerabilities

Operations ApproachOperability

Delta-V Estimates

Telecom Strategy & OpportunitiesFlyby Robustness

Navigation

Radiation Measurement

Integrated Targeting

Trajectory ApproachTime Management

Data Transport and ManagementRadio/Gravity Science Mission Operations System

Integrated Planning and Sequence ProcessData Processing, Analysis and ArchivingDistributed Science OperationsGDS Integration and Test Flow

Integration Approach and Test ConfigurationsFacilitiesSupport Equipment

RiskMission Category & Risk Classification

Risk ManagementRisk Reduction

Payload Delivery

Project Lifecycle CostPayload Acquisition Support

Financial

Requirements AuthorityOrganization

Management Structure

Policies and Guiding Practice

Technical Margins

Flight System

Trajectory Design

Launch Vehicle TrajectoryInterplanetary Trajectory

TemperatureEnergy

Jupiter Trajectory

Concept HierarchySankey Data Generated on Mon Oct 05, 2015 at 11:06 AM by mjackson

Concept Maturities: Identified Draft Prelim Baseline Final

Constraint AllocationSankey Data Generated on Mon Oct 05, 2015 at 11:02 AM by mjackson

Information System

Fault Management

Radio

Mission AssurancePartnershipsScience Data Set Distribution

Configuration

Electrical

Navigation

Accessibility

Delta-VFlyby Campaign Approach

Motion

Time ManagementMechanical

Business

Remote Imaging

Reconnaissance Payload

Plasma Instrument for Magnetic Sounding (PIMS)

Sounding and Altimetry

Radar for Europa Assessment and Sounding: Ocean to Near Surface (REASON)

Europa Imaging System (EIS)

Risk Management

Operations Strategy

Launch Vehicle Trajectory

Project Organization

Mass Spectrometry

Fields & Particles Sampling


Interior Characterization of Europa using Magnetometry (ICEMAG)

Electrical Power

Propulsion

Risk

Biological Cleanliness


Mapping-Imaging Spectrometer for Europa (MISE)

Short Wavelength Infrared Spectrometer


Observation Strategy

Trajectory Approach

Topographic Imager


Dynamics

Launch Services


Project Phases

Technical Margins

Thermal Imager

Technical Resources

Checkout & Calibration Opportunities


Mechanisms

Electronics Parts

Trajectory Design

Langmuir ProbesReconnaissance Camera

Fault Tolerance

Mass Spectrometer for Planetary Exploration

Observing Opportunities

Magnetometer

Ground Data System


Delta-V Estimates Support EquipmentMassOrganization Conflict of Interest

Project/Institutional InteractionProject Schedule and Schedule ReservesEducation and Public Outreach

GDS Integration and Test Flow

Modules

Pointing ContContamination

Schedule

Orbital Debris


Radiation Effects

Susceptibility/Compatibility Control

Safety

Layout

Space Asset ProtectionMonitoring and Estimation

Flight System Pointing

Flyby Robustness


Operations Approach

Measurements

Data Transport and Management


Jupiter Trajectory

on Objective (Proxy Concept)

on Constraint (Proxy Concept)

Planetary Protection

Launch

Energy


Software Architecture


Operability

Mission Concept

Ground System

Flight System

Telecom Strategy & Opportunities

Interplanetary TrajectoryRedundancy

Policies and Guiding PracticeFinancial

Temperature

Ins shutdown cmd

No S/C Safing for Instrument Failure

Telemetry Following Fault Responses

Immediately telemeter current status

Payload Average Power Consumption

Backup Date

Launch Vehicle Options

Recoverability of AFT limits

Thermal Protection of Adjacent Assemblies

fmc_204

Latch valve driver behavior in the absence of Avionics control

Special Data Capture

Simultaneous Downlink and Storage of Data

Redundant handling of critical data

Command loss

Minimum FS distance from the Sun

FS Environments - Pre Launch

Risk Classification

Casualty Probability

Galilean moons minimum first flyby altitudeShort-term probability of Earth impactLong-term probability of Earth impactAvailability of Maneuver CapabilityOTM timing before encounterMinimum Earth flyby distanceTrajectory Design ModelingOTM timing after encounterNavigation Modeling

Survival in the atomic Oxygen environmentEnergy Balance

Power-positive safe mode

Star tracker swap

Amplifier Fault Set

RF isolation devices fault set

Analog or high level discretes interface fault set

Attain inertial control from scratch

Ungrounded conductors

Charge Bleed Path

Surface charging environment

Project Support of Mission Telecommunication Needs

DSN Tracking Pass Utilization: Flight System

Tolerance to loss of flight-ground DSN pass

Flight System Robustness to DSN Outages

Short-term Europa Impact Probability

No Impact C/A - 5 days

Minimum Venus flyby altitude

Sensor Fault Set

fmc_203

Cross-strapping vital components

Powering redundant unit

Off-line Testability of Redundant Components

Recon Mass

Non-operating temperature extremes

Comply with Thermal Interface Temperatures

Temperature Table constraint

Design margin under nominal conditionsDesign margin under anomalous conditions

Spacecraft Thermal Survival

FS Environments - Mission

Motors fault set

Sun Cone Angle for Inner Cruise

Survival in the high-energy particle fluence environmental constraint

Environment Within Radiation Vault

Flight System dose

Instrument Fault Containment

Temperatures maintained during Test

Vibration environments constraint

Latch and Solenoid Valve Fault Set

Constraint on the thermal control within AFT limits

Payload Data Generation

NMS Data Rate

Fault Data Retention

Cadence of magnetic field acquisition near closest approach

Public Availability of Data Products

Science Dataset Robustness to Loss of Data

Memory Fault SetRF Switches Fault Set

SWIRS Mass

Simultaneous Observations

Energy available to payload during flyby

Temperature Control Limits during Faults

Temperature Limits during Faults with Abnormal Power Dissipations

X-Band Uplink

X-Band Uplink: Flight SideX-Band Uplink: Ground Side

Europa will use X-band uplink and X and Ka downlink (not simultaneously)

Spacecraft uplink RF carrier

Langmuir Probe Data RateRecon Data Rate

fmc_205

CDH reset

Prioritization of data

Minimum Nominal Uplink Rate During Jupiter Approach

Minimum Nominal Uplink Rate During Jupiter Approach: Flight System

Magnetic field sensitivity

Magnetic field sensitivity

Record response actions


Minimum Nominal Uplink Rate During Outer Cruise

Minimum Nominal Uplink Rate During Outer Cruise: Ground System

Mass resolution

NMS Mass Resolution

CDH swap

Mission Delta-V

Cadence of plasma electric field acquisition near closest approach

LP Cadence of plasma electric field acquisition near closest approach

Shallow sounding profile penetration depth

IPR Shallow Sounding Penetration Depth

Launch AFT limits

Communication During Key Events - Mission Activities

Critical/Significant Activities during Solar conjunctions, Eclipses, and Earth Occultations

CDH healthCDH power cycle

Pointing stability of SWIRS at 66,000 km altitude above Europa

SWIRS Stability to Boresight for Global-Scale ObservationsSWIRS Stability about Boresight for Global-Scale Observations

Convergence Angle

Angular Separation of Stereo Images

Sustainable duration

Safe Mode Communications

Visibility to reconstruct faults

Minimum Nominal Uplink Rate During Jupiter Orbit Insertion

Minimum Nominal Uplink Rate During Jupiter Orbit Insertion: Flight SystemMinimum Nominal Uplink Rate During Jupiter Orbit Insertion: Ground System

Payload Average Power Allocation

Langmuir Probe Power

Downlink bandwidth margin to account for retransmission

T-0 umbilical connection

Lightning Supression

Ins abort cmd

Power Supply/Converter/Regulator Fault Set

Accelerometer swapSun point and roll capability

Qualification by Heritage or by Similarity Policy

SWIRS Avg Power

Minimum Nominal Uplink Rate During Outer Cruise: Flight System

Visibility of spacecraft state

High-priority engineering downlink

Visibility for performance analysis

Albedo Accuracy

Th-I Albedo Accuracy

IMU swap and resume maneuver

Types of hardware to be included in the TAM

Payload High Temperature Response

Redundant DSN passes for selected Activities

Completion of EACS and RACS Policy

Visibility into fault response activity

Duplex CapabilityTemperature Limits during Faults in Adverse Environments

Expected engineering data production rate

Handling, Transportation and Storage Constraint

Existence of Radiation Vault

Max Uplink Undetected Frame Error Rate

Flight System Contributions to Uplink Undetected Frame Error RateEMI/EMC Self-compatibility constraint

Antenna Fault SetRedundant sensing components for vital flight system functions

Electrical Element Redundancy

Interface Fault SetContext Spatial Resolution

Topo Context Spatial Resolution

Instrument Mount

Vibration accommodationPayload instrument off-pointing

Spatial Resolution of Landforms

Reconnaissance Spatial Resolution

SWIRS Max Data RateTh-I Data RateTopo Data RateIPR Data RateMag Data Rate

Test as You Fly configuration test Policy

Solar Array Fault Set

RWA swap to thruster control

Switch Fault SetRestraint/Deployment Mechanism Fault Set

Load removal

Balanced Switching

Chemical Propulsion

Reaction wheel control behavior in the absence of Avionics controlRFS switch driver behavior in the absence of Avionics controlSolar array gimbal behavior in the absence of Avionics controlThruster behavior in the absence of Avionics control or power

Restore antenna pointing

Bus protection

Load Inrush

Plasma temperature range

LP Plasma temperature range

Mag Power

6.3.7.b

Communication Link Margin

Detumble without inertial knowledge capablity

Backup Maneuver Planning

JOI Max Delay

Survival in the solar irradiance environment constraint

Tolerance to magnetic field levels during all mission phases

Launch Data Retention

Constraint on Transportation and Handling Environments

Minimum Nominal Uplink Rate During Inner Cruise

Minimum Nominal Uplink Rate During Inner Cruise: Flight SystemMinimum Nominal Uplink Rate During Inner Cruise: Ground System

Single Point Failure PolicyCharacteristics of Mission-Critical project elements

Protection for multiple faults

Multiple Fault Tolerance

Subsystems and redundant units

Expected SRU outagesDon't be fooled by bright bodies

Launch environment survival constraint

Gyro Fault Set

Don't look for the sun during eclipses

Telecom equipment swap

Regional-scale stereoscopic imaging resolution

Topo Regional-Scale Stereoscopic Imaging Resolution

Spectral Channel

Th-I Spectral Channel

X-Band and Ka-Band Downlink

Spacecraft downlink RF carrier

Uplink bandwidth volume to account for retransmission

Mass range

NMS Detection Range

RWA swap

Transponder Fault Set

Restore solar array pointing

Downlink Frame Error Rate (FER)

Flight System Contributions to Downlink Frame Error Rate (FER)

Maximum Eclipse Duration - Sub Jovian and Disposal

Minimum Nominal Uplink Rate During Orbital Tour

Minimum Nominal Uplink Rate During Orbital Tour: Flight System

Actuator/Motor Fault Set

Power system grounding/fault tolerance

Balanced Bus Grounding Implementation

Shallow sounding profile vertical resolution

IPR Shallow sounding profile vertical resolutionMinimum Nominal Uplink Rate During Orbital Tour: Ground System

Backup Oppurtunities

Europa's magnetic field measurement accuracy

Europa's magnetic field measurement accuracy

Transient Fault Recovery During Flybys

Faults During Encounter/FlybyTransient Fault recovery

Disable FS autonomy

Overridable FS autonomy

High voltage breakdown

Minimum Nominal Uplink Rate During Jupiter Approach: Ground System

IPR Power

Thermal Emission Contrast Measurement

Th-I Thermal Emission Contrast Measurement

Spectral Resolution below 2500nm

SWIRS Spectral Resolution below 2500nm

fmc_206

Undervoltage Response

6.3.7.a

Thermal operating zone usage

Maximum Eclipse Duration - Sub Jovian and DisposalSurvival in micrometeoroid environmental constraint

fmc_208

DSN Tracking Pass Scheduling: Ground System

Electron & ion densities

LP Electron & Ion Densities

NMS Power

Operate fluid pumps during dynamic/shock events

Maximum Eclipse Duration - Anti-Jovian

Launch timing toleranceMonotonically increasing time

Digital interface fault set

Data retention

Altimetric profile relative height accuracy

IPR Altimetry relative height accuracy

Auxiliary circuits

Auxiliary Circuitry

Paired Stereo Monochromatic Imaging Areal Coverage Overlap

Reconnaissance Stereo Image FootprintReconnaissance Stereo Image Overlap

Launch vehicle and site emission compatibility

Disable autonomous reactions

Powering off the RF Receiver

Telecom Receiver Always On

Pump/Filter Fault Set

Thermal Pump protection

Th-I Power

Data compression

Excess Energy

Data Return Margin accounting for lost DSN pass

Data from backup devicesCommanding backup devices

Maximum FS distance from the sun

Maximum distance from the sun

Sunfind and point without inertial knowledge

Continuation of Data Collection

Maintain time through CDH reset

Clock/Timer Fault Set

Sinusoidal Microphonic Environment

Microphonics & Jitter Environments constraintAssembly/Instrument testing

Point arrays without inertial knowledge capability

Mechanical shock environment constraint

Minimum distance from the sun

Immediately telemeter symptoms and responses

Recorded engineering telemetry duration

Accelerometer Fault Set

Flyby Success Probability

Mission Total Delta-V

Sun sensor fault set

Engine injector temperature

Flight System structural loads constraint

Star Tracker/Optics Fault Set

Using Tones for State Information

Max Thermal Internal Dissipation

Heater Fault Set

Maintain time through CDH swap

Microphonic/Jitter Emission

Langmuir Probe Mass

Test & Verification Margins Policy

Th-I Mass

Survival in the high-energy SEE flux environment constraint

Digital Equipment Fault Set

Redundant ground station passes/complexes for Critical Events

Motor Controller/Driver Fault Set

Flight System Health Assessment

Battery Fault Set

Adherence to ETAS process Policy

Ins FCR

Topo Power

Maximum Eclipse Duration - Anti Jovian

Clock impervious to UV

Simultaneous sequencing of D/L and Storage of Data during special events

Inhibit or Reset Function Fault Set

IPR Mass

Solar Panel EoM Max Power Generation

Thruster swap during maneuver

Data compression services to payload

Recon Power

Provide Temperatures at AFT Interfaces during Nominal Modes

Survival in the high-energy peak flux environment

Delivery of Data ProductsAligned Boresights

Thruster swap for RCS control

Availability of Data Products

Comply with PEL

Electrical Power Balance

Supplementary Heater Power on Off Hardware

Launch vehicle and site RS103 compliance

Sunfind and point without absolute time capability

Acoustic environment constraint

FS Single Point Failure Policy

FS SFT Timing

Characteristics of Mission-Critical FS Elements

Environmental Compatibility Constraint

Self-Compatibility Constraint


•  Maturity Evolution

Constraint Maturities: Identified Draft Prelim Baseline Final

Self-Compatibility ConstraintFS Environments - Pre Launch

Environmental Compatibility Constraint



Energy Balance

ign margin under anomalous conditions

Design margin under nominal conditions

Risk Classification

Non-operating temperature extremes

Temperature Table constraint

Spacecraft Thermal Survival

Temperature Limits during Faults in Advers

Temperature Control Limits during Faults

Requirement Derivation Process & Maturity Flow

«RequirementMaturityState»Candidate

«RequirementMaturityState»Reconciliation & Negotiation

«RequirementMaturityState»Provisional

«RequirementMaturityState»Reconciled

Requirement Development

«RequirementMaturityState»Elevator

«RequirementMaturityState»Baselined

«RequirementMaturityState»Dumpster

«RequirementMaturityState»Deep Freeze

Design Change

Design Change

Author Asserts Requirement Justified

[Requirement has supporting text (not just dumped into a section)]

Significant Discrepancy in

Meaning

View Author Rejects Ownership / FSRQTRemoveAlignment

Narrative Does Not Justify Requirement [concur(FS Reqt

Team && View Author)]Design Change

Internal Acceptance Criteria Met [concur(FS Req

Team)concur(View Author)]

Stakeholders Concur on Reconciliation [concur(FS Reqt Team && Technical

Stakeholders && View Author)]

Published In Requirements Document

Work Complete

Freeze

Thaw

Deprecate

Dumpster Dive

Requirement Coarsely Linked To View In Model / notify

DeprecateFreeze

++

REQ

. QU

ALITY &

REV

IEW LEV

EL


•  Metrics! Validation! History!

???

Was this supposed to have one of those?

Rule 2

Rule 1

Set of elements to

check

pass

fail

skip e3

e2

e4 e1

e3 e2

e4

e1

pass

fail

skip e3

e2

e4

e1

Also: store records in model; generate metrics

What else (if only there was more time…)

•  Requirements à documents •  Requirements à traceability •  Requirements context, rationale,

justification, narrative •  “Functional” decomposition •  Maturity Evolution •  Metrics! Validation! History! •  MEL, PEL, resources, margin •  Point design •  Instrument fact sheets •  System block diagrams

Intangibles

•  MBSE is not a product •  Intangible benefits: –  Information consistency: reduced

overhead, increased confidence – No “where’s the latest” confusion – Propagation of changes – Drives out assumptions (and forces clarity) – Changes tracked and versioned – Ease of communicating and maintaining

current project baseline – Cross-training/experience for earlier-

career engineers

Reality check

•  MBSE is not trivial –  Efforts require systems engineering,

management, planning, discipline

•  “Modeling” is not a data entry job –  MBSE is simply a way of doing systems

engineering. –  People who become skilled at modeling are still

primarily systems engineers (with a different tool of choice)

•  There are growing pains and upfront engineering costs

•  Do we think it’s worth it? Yes!


LET’S TALK LOGISTICS

Unique Europa challenges:

•  Scope: trying to capture information from across the project, content from >40 people who need to interact with the environment in some way. 10-15 people working in the modeling tool.

•  Tooling: Needed to build infrastructure (automation, web interfaces, query and analysis, etc.) –  Challenge: it is being developed as MBSE

approach is applied.

•  Architecture Framework: project chose to use an approach to architecting and requirements development that is new to many on project.

20

Focus areas

•  Staffing for operation, training, and development of new tools

•  Knowledge representation – Need precise semantics in order to model

•  Information organization and storage

•  Process

People

Teams

Tools

Repository

Process

Large one-time investment in modeling patterns, ontologies, frameworks

Systems Engineering Ontologies, Architecture Frameworks, Patterns

System Model

Whether your SEs work in model directly or you have a team of superusers…

Modeling team is not data entry Is actual SE job

Teams, Tools, Process

Teams

Tools

Repository

Process

•  Staffing of teams –  Mix of career levels –  Mix of skills (traditional SE vs software)

•  Selection/development of tools –  Leverage OTS when possible –  …but we have significant and ongoing development of

supporting infrastructure •  Good: all projects can re-use •  Bad: can be frustrating, incur all of one-time expense

•  Process –  Have had to do a lot of process engineering

•  Good: clarity, formality, automation •  Bad: “well this will be easy!” => unpleasant surprises


RECOMMENDATIONS

Recommendations

•  Apply SE and actively manage MBSE – You should have modeling requirements –  Success criteria for modeling effort –  Specific products (documents, analyses, etc.) – Do not model for the sake of modeling

•  Before you model… – Agree on information model (knowledge

representation) – Use cases, scenarios (drive out unknown

unknowns in knowledge representation) – What can you do with “vanilla” tools? What

additional features do you want/need?

Recommendations

•  Choosing your team – Do you want your SEs to be modelers? •  Do you want to train them? •  Do they want to learn? •  SE çè modeler:

– Good: cross-training, exposure, target skills –  Bad: bottlenecks, lag

– SE/Software combination is very effective •  Do you need something beyond your MBSE

tool? Then you will need developers •  Personal bias: SEs who code J

–  I’ve seen what people do with excel…

•  Get everyone talking algorithms

Final Recommendations

•  MBSE is not a product

•  MBSE efforts need to be scoped and managed as real projects – Because they are

•  Decide what success looks like before you start

•  Enjoy!

Acknowledgements

•  Alek Kerzhner, Todd Bayer, Brian Cooke, Marcus Wilkerson – slide cannibalism inspiration

•  MSET and FSRQT for hard work and support in making MBSE viable

•  PSE and FSE •  JPL Integrated Model Centric Engineering (IMCE) •  JPL Computer-Aided Engineering (CAE)


BACKUP

What is the System Model?

Framework

Architecture

Design Capture

A

C

B

V&V

Basic information about the model and project

Concepts, Requirements, Elements, Functions

Block Diagrams, MEL, PEL, Mission Data

Currently under construction

“Model” is a very broad term

System Model: Model of the system to support systems engineering

Refers to

Refers to

Refers to

Not only this

What is MSET?

Mo

de

l-Ba

sed

Sy

ste

ms

Eng

ine

erin

g

Tea

m

(MSE

T)

Mo

de

l En

viro

nm

en

t D

eve

lop

me

nt

Tea

m (

MD

EV)

Pro

jec

t Sy

ste

m

Eng

ine

erin

g

An

aly

sis

(PSE

A)

Pro

jec

t Sy

ste

m

Eng

ine

erin

g

•  Responsible for capturing architecture and baseline design systematically

•  Responsible for integrity of the system model content and analysis results

•  Responsible for developing requirements on modeling environment

•  Responsible for delivery of analysis framework elements

•  Responsible for delivery of EMS & View Editor Viewpoint)3+

View)3+

Viewpoint)2+

View)2+

Viewpoint)1+

View)1+

Viewpoint)n"

View)n"

Models+System,(Programma.c,(etc.(

What problems does MBSE try to address?

•  Gaps and issues in project design because of implicit assumptions

•  Inconsistency between information sources (project documents, etc.): –  Disconnected tools with their own data store:

inconsistent or incorrect analysis results •  Communicating and maintaining current project

baseline •  Common changes need to be made separately

to all information sources –  Bigger issue when you have multiple variants –  Bigger issue when you have a large # of information

sources •  Tracking changes to the project baseline over

time •  What to do with our early career hires & interns?

Value Proposition

•  Better Products delivered More Efficiently: –  Model repository can act as a single source of

truth –  By providing a structured and interconnected

representation, consistency can be maintained –  Capturing information in a structured way can

reduce implicit assumptions –  Validation of model structure can identify gaps

and inconsistencies –  Common changes can be made in one place

and propagated to various products via automated transformations

–  The impact of changes can be identified by tracing relationships

–  System level analyses can utilize the model to produce consistent results

Conclusion – From Brian Cooke (PSE)

•  The Europa Project concept has embraced MBSE as core to our formulation effort

•  Product development and release efficiency improvement realized (and getting better)

•  Some SE process improvement realized with much more to come

•  Shift from document-based to model-based culture is slow but progressing

MBSE is ready to support flagship class mission formulation

What MBSE is NOT!

•  SysML & MagicDraw – These are just tools that allow us to implement MBSE

•  A particular toolset or methodology •  The solution to all our problems

Single source of truth

delta-V control shared

attitude control shared

The same piece of underlying information will show up in multiple views. •  Which is the one to edit? •  Which one is the source of truth? •  Who can edit what? •  What happens if someone else edits it?

Heterogeneity of Stakeholders

Project Management

Systems

MDNav

System Model

Spacecraft Subsystems •  Avionics •  GNC •  Power

Many stakeholders with different backgrounds, perspectives, use cases, and work styles

MOS/GDS

Case Study: “Automatic Document Generation”

•  Often, gate products need to be delivered in a particular format and signed by the appropriate parties

•  For MBSE to be successful, the information in the repository needs to be easily translated into this

This is often thought of as

“push button”


LESSONS LEARNED

Keep it Super Simple

•  Patterns (aka Data Structures): –  Identify an approach for what needs to be

captured, and try to maintain that scope. – Keep it flexible but remember diminishing

returns. Refactoring can always be done later.

–  Flight the urge to make “rapid” changes when unexpected corner cases arise -> need to keep whole team on the same page.

•  Communicating with the Project: – Keep terminology consistent, avoid jargon. – Make sure value is clearly communicated, be

upfront about gaps.

Conclusions

•  The MBSE effort combining people, processes, & software tools is it’s own system.

•  The value of employing an MBSE effort depends strongly on the particular implementation.

•  Consistency matters but need to be flexible.

•  MBSE is not a magical solution: the effort needs to be considered in staffing, resources, and schedule.