140 likes | 282 Views
TECHNISCHE. UNIVERSITÄT. DRESDEN. Onboard Computer and Data Handling of MultiSat Peter M. Behr Fraunhofer Institute for Computer Architecture and Software Technology (FIRST). International Workshop on Satellite Based Traffic Measurement Berlin, Germany September 9th and 10th 2002.
E N D
TECHNISCHE UNIVERSITÄT DRESDEN Onboard Computer and Data Handling of MultiSat Peter M. Behr Fraunhofer Institute for Computer Architecture and Software Technology (FIRST) International Workshop on Satellite Based Traffic Measurement Berlin, Germany September 9th and 10th 2002
System Architecture Computing Node Communication, I/O Software Structure Content:
System Architecture Hardware Software I/O-Devices Uplink Manager Receivers Downlink Manager Wheels & IMU Command Bus Housekeeping Bus Senders Intrinsic Applications Analogue Devices User Applications Star Sensors Cameras & Others Inter-Application Bus GPS IO Managers Scalable, homogeneous, symmetric, distributed, fault tolerant multi computer system
System Architecture • scalable: additional nodes increase the performance and also extend the total lifetime (graceful degradation), spare nodes may further increase life time. • homogeneous: identical node computers (3-16), connected by redundant communication system • symmetric: each node is able to execute all tasks • distributed: nodes are separate units - control is distributed among the nodes (no single point of failure) • fault tolerant: based on redundancy (hardware and software); minimum three nodes for TMR • multi computer system: nodes are self contained computers (processor, memory, I/O)
fail safe communication interface 2 x Ethernet MPC82xx CPU CPM memory bus EDC DRAM serial I/O FLASH parallel I/O fail safe device interfaces local bus serial I/O FPGA ADC analog MUX latch up monitor digital I/O IP IP IP fail safe analog input interface Computing Node Block Diagram of one Node of the Onboard Computer System
Computing Node • Embedded processor and memory and control functions based on newest VLSI technology • Small number of parts, low power dissipation, no cooling problems, low weight and space requirements • Industrial versions of COTS components conform to the conditions on satellites – except for the radiation problems • SEU: EDC memory, multiple copies of the software in FLASH memory, self checking design of FPGA logic. • SEL: radiation tolerant components and latch-up protection for endangered parts • Total dose: pre-qualification includes radiation test to ensure that the selected components fulfill the requirements according to the expected lifetime of the satellite
Computing Node • Further self-test and diagnosis features in each node: • extensive self-test after power-on and reset • boundary scan interface for detailed remote diagnoses • maintenance by updating firmware and software of a node • monitoring of the temperature of critical components • alive monitors for hardware and software functions (watch-dog)
Computing Node • EC603eTM PPC Core • 280.0 MIPS @ 200 MHz • MMU, FPU, 32 KB Cache, power management • SDRAM Controller, RTC, Timer, Watchdog, COP, JTAG • Communication processor supports a variety of serial and parallel I/0 Protocols • 2.0V internal and 3.3V I/O only 2.5 W Block Diagram of Embedded PowerPC Processor (MPC8260)
UART parallel Debug Port ModemInterface 64 Analog Input 64 x Analog Input Ethernet Power PC MPC 8260 (200 MHz) Ethernet Flash 4-64 MByte I2C UART 8 X RS 485 COBT Timer Memory EDC DRAM 32-1000 MByte UART 8 x serial Serial I/O Interface FPGA Telemetry I/O Interface (Downlink) Modem Input Down Link Latch-up Monitor Image Data Computing Node Prototype of the MultiSat Node Computer
Inter Node Interface Communication Subsystem Memory Processor Satellite Bus Device Interface Payload Analog Control FPGA Analog Interface Survival Subsystem Communication and I/O Structure • redundant bus system for inter node communication • each node interfaces to the main I/O devices • fail safe communication and I/O interfaces • faulty nodes can be isolated from the busses (even in the case of a stuck-at error)
Uplink Manager Downlink Manager Status/Result Bus Command Bus User Appl. Comm. Interface Satellite Control Task Java Virtual Machine Comm. Interface Inter Application Bus I/O Manager Real Time Operating System SoftwareStructure • Linux based operating system kernel provides pre-emptive multi tasking, priority and real time based scheduling, memory management, and communication • Three software busses across node boundaries provide secured, fault tolerant and and location independent communication among the tasks
SoftwareStructure • Except of the basic operating system, all functions of the satellite are implemented by dedicated tasks that have unified interfaces to the busses of the software back-plane. • I/O manager tasks and the up-link and down-link managers provide location transparent access to the I/O devices. • I/O manager tasks also handle the problems of replicated tasks and physical I/O interfaces: Inputs are accessible by all nodes, only the I/O manager task of the active nodes will drive the physical output lines. All nodes can read-back the output lines. • Highly modular and configurable design by simply plugging software components in and out of the back plane.
SoftwareStructure • Satellite control tasks access the operating functions directly via the dedicated software busses. • A Java Virtual Machine (JVM) provides an encapsulated execution environment for user specific applications. • The vital control functions of the satellite are protected from the user applications and are scheduled with higher priority than the task implementing the JVM. • Applications can be dynamically loaded and executed based on Java ‘applet’ or ‘servlet’ mechanisms. • Java2 provides internet based communication services (including security), and hardware independence of the applications.
SoftwareStructure • To implement fault tolerance, mission critical tasks are replicated and executed in different nodes to allow for voting or monitoring of actions. • Tasks with high performance requirements can be executed on several nodes by means of parallel processing. • To handle the dynamically changing mission requirements for performance, memory space, and dependability it is possible to switch nodes on and off and redistribute the control and applications tasks. • Unification of the different computing functions of a satellite into a single highly redundant system allows for a close cooperation between the different tasks and optimizes the flexible utilization of the redundant computing resources.