|
Command and Data Management Subsystem
(CDMS) of the Rosetta
Lander (Philae)
The European Space
Agency’s Rosetta spacecraft was launched in March 2004 from Kourou,
French Guyana. It will rendezvous with a comet called
Churyumov-Gerasimenko beyond the Mars’s orbit, and its Lander will
descend onto the surface of the comet at 3 AU in 2014. The lifetime of
the Lander on the surface of the comet should be at least four days,
during which will be powered by nonchargeable primary batteries, and
solar panels will provide power even for several months afterwards by
charging secondary batteries.
Our team to the order of MPE has designed
the Command and Data Management Subsystem (CDMS) of the Rosetta Lander.
The engineering model was manufactured in Hungary and the flight model
was by the Max-Planck Institute. CDMS is in charge of controlling the
whole Lander operation, including preparations for separation from the
orbiter, thermal and power management, as well as separation, descent
and touch down. In addition to playing an essential role in controlling
the whole landing scenario, CDMS has the following tasks to perform on
the comet’s surface: to receive and execute telecommands coming from
Earth, to collect and send science and housekeeping information of
Lander’s subsystems and scientific experiments to Earth, and to control
the sequencing of science operations.
The structure of CDMS is modular. Its
functional sub-units, plugged into a common mother board, are as
follows: two Data Processor Unit (DPU) boards, two Real Time Clock
(RTC) boards, two Central Interface Unit (CIU) boards*1, two Mass
Memory boards*2 and a Power Distribution board. Manufacturing of the
flight unit was made in Germany but our engineers did its integration.
Due to the vital tasks to be performed by CDMS,
it has to have a fault tolerant architecture. The design baseline is
that CDMS should remain functioning in all conceivable working
combinations of its functional sub-units without any degradation in its
functionality. Since in most of the mission phases there is no
possibility for external intervention from Earth, CDMS should recognise
eventual faults and then recover autonomously by ruling out failed
functional sub-units and activating their redundant counterparts. The
basic core that will ensure fault tolerance is the two DPUs both
running in hot redundant mode. One of them, marked as the primary DPU
is in charge of performing actual payload control. The other one,
marked as the secondary DPU, keeps observing whether any change happens
in the actual DPU roles in order to be able to take over the primary
role at any time in case of a fault in the primary one.
Both hardware (watch-dog, Hamming coded
instruction and data protection all over the memory) and software means
are implemented to support fast fault recognition and then recovery.
DPU context data, a set of crucial data (variables, parameters,
references to buffers and parameter tables), considered to be
sufficient to reconstruct and restore a ceased Lander control process
possibly with the „highest fidelity”, are saved by the current primary
DPU into the secondary one in regular time intervals. This will then be
taken by the current secondary (future primary) DPU as a basis to
rebuild the operational environment in case of an eventual role change.
Harris RTX2010 processor has been selected for
the DPU boards because it is the lowest power consuming, space
qualified, radiation hardened, 16-bit processor with features to
provide so complicated functions as the CDMS has to perform. It is a
stack based, Forth language oriented processor with an exotic and
challenging instruction set. CDMS is a real-time control and data
acquisition system, and it has to process tasks in parallel. Therefore,
a real-time, pre-emptive multitasking operating system has been
developed to run application tasks executing the required functions in
parallel.
__________________________________________________________
*1 Developed by the KFKI Research Institute for Particle and Nuclear
Physics (from 2012
its name is Institute for Partic and Nuclear Phisics
of the Wigner Research Centre
for Physics - short name is WRCP)
*2 Developed by the Finnish Meteorological Institute
19
December 2014
|
Rosetta with Philae
Philae Integration
Philae Functional Block
Diagram
CDMS Funtional Block Diagram
CDMS
Software Load Sequences
|
