GLAST Proposal Review

1
GLAST Large Area Telescope Electronics, Data
Acquisition Flight Software System Engineering
Gunther Haller Stanford Linear Accelerator
Center Manager, Electronics, DAQ FSW LAT Chief
Electronics Engineer haller_at_slac.stanford.edu (65
0) 926-4257
2
System Engineering Outline

• System Overview
• Changes since PDR
• External Interfaces
• Internal Interfaces
• Technical Budget
• Verification Test
• Risk
• FMEA
• Reliability Allocations
• Parts and Spares Plan
• Drawing Tree

3
Data-Acquisition (DAQ) System Overview

• Configuration, triggering, event-flow control and
  readout, monitoring, and supply of power to
• 16 Calorimeter and Tracker towers with a total of
  850,000 tracker channels and 3,000 calorimeter
  channels
• 12 ACD front-ends with a total of 208 ACD
  channels
• Interface to spacecraft for control, data,
  monitoring, and power
• Trigger system (hardware selection of possibly
  interesting events)
• Event filtering
• Housekeeping
• Operational thermal control

4
LAT Electronics Hierarchy

• Tower Electronics Module
• Interface to calorimeter and tracker on each
  tower
• Monitoring
• Combination of sub-system trigger signals to
  primitives
• Event buffering
• GAS Unit
• Command-response unit receives and distributes
  command, clock, and data
• Global trigger unit generates LAT-wide readout
  decision signals based on trigger primitives from
  TEMs and ACD
• Event-builder unit builds complete LAT events out
  of asynchronous event-fragments Forward complete
  events to dynamically selected target EPUs or
  spacecraft
• ACD electronics module tasks much like TEM for
  TKR/CAL
• EPU Event processor unit runs filter algorithm
  to reduce 10kHz input event rate down to 30 Hz
  (with two EPUs)
• SIU Spacecraft interface unit controls LAT and
  interfaces to spacecraft
• Instrument software runs on EPU and SIU
  processors only
• Power system not shown

5
LAT Electronics Physical
TKR Front-End Electronics (MCM)
ACD Front-End Electronics (FREE)
TKR
CAL Front-End Electronics (AFEE)

• 16 Tower Electronics Modules
• DAQ electronics module (DAQ-EM)
• Power-supplies for tower electronics

CAL
Global-Trigger/ACD-EM/Signal-Distribution Unit

• 3 Event-Processor Units (21 spare)
• Event processing CPU
• LAT Communication Board
• SIB

• Spacecraft Interface Unit
• Spacecraft Interface Board (SIB) Spacecraft
  interface for MIL1553 control data
• LAT control CPU
• LAT Communication Board (LCB) LAT command and
  data interface

• Power-Distribution Unit (PDU)
• Spacecraft interface, power
• LAT power distribution
• LAT health monitoring

Primary Secondary Units shown in one chassis
6
Changes since PDR

• Spacecraft Selection and Meetings
• PDU was moved to opposite side of SIU to match SC
  power/CDH physical partitioning
• Signal levels (discretes, 1 PPS, Science
  Interface, GBM GRB signal) were officially
  changed to LVDS (before undefined or RS422),
  March 03
• Recently finalized power, analog monitoring, and
  discrete interface to SC
• Defined MIL1553 command set/interface
• Separated SIU prime and redundant into separate
  (and identical) crate assemblies since
  cross-connection to SC prime and redundant was
  solved on the SC-LAT interface level and lead to
  removal of direct SIU-SIU inter-connections

Before SC selection
After SC selection
7
Changes since PDR (Cont)

• Event-Builder was moved from CPU crates to GAS
  unit
• Reduced complexity of inter-connections
• Reduced hardware from 3 event-builder blocks to 2
  (1 prime, 1 redundant), and power dissipation
  from two event-builder blocks to one
• SIU crate was modified to be the same as EPU
  crate
• Removes mechanical, thermal, electrical design
  effort for one assembly
• Moved SC science interface from Spacecraft
  Interface Board in SIU to event-builder in GASU
• Additional benefit that SIB board is almost
  identical to existing SECCI version (both boards
  are designed by NRL/Silver Engineering), major
  simplification
• Science interface on GASU is small change since
  GASU already transmits event data to LAT CPUs,
  so additional target is incremental
• Added SIB board in each EPU crate to provide
  local EEPROM
• Simplification in software effort.
• No remote booting code development/testing
  required.

8
External Interfaces

• All external DAQ interfaces released with the
  exception of spacecraft interface and
  mechanical/thermal interface (mainly to X-LAT
  plate)

Interface Document Status
Calorimeter LAT-SS-00238 released
Tracker LAT-SS-00176 released
ACD LAT-SS-00363 released
Mechanical/Thermal LAT-SS-01794 in progress
Spacecraft GSFC-433-IRD in progress at GSFC but content stable
9
Internal Interfaces

• All internal interfaces are final, documents are
  being updated, release before CDR

Interface Document Status
Tower Electronics Module LAT-TD-00605 finalizing
TEM Power-Supply Unit LAT-SS-01281 finalizing
GAS Unit LAT-SS-01544 LAT-TD-00639 LAT-TD-01545 LAT-TD-01546 LAT-TD-01547 finalizing
SIU/EPU LAT-SS-01539 finalizing
PDU LAT-SS-01542 finalizing
VCHP Control Unit LAT-SS-00715 finalizing
10
DAQ Technical Budget Summary

• Technical Resources
• DAQ Mass
• Sub-system allocation 220 kg
• Detailed estimate 199.3 kg
• DAQ Power
• Subsystem allocation 318 W
• Detailed estimate 313.8 W
• CPU Cycles
• Allocation 2 CPUs
• Detailed estimate lt 1 CPU
• For detailed breakdown see Power/Mechanical/Softwa
  re presentations

11
Verification Test
Model Development
Design
Hardware
Fab
Test
Design/Develop
Develop/Test
Formal Test
Software
Release to IT

• Hardware and software development closely
  integrated
• Design of hardware versus software complexity
  optimized continuously
• Software runs with LAT engineering model
  electronics
• Continuous hardware versus software verification
• Full system including sub-system electronics from
  and at other institutions
• Independent verification process
• Exchange of hardware and software -gt
• ACD hardware, TKR hardware, CAL hardware
• DAQ hardware
• Flight software, IT software
• ACD Scripts, TKR scripts, CAL scripts, DAQ
  scripts
• No integration at flight- LAT integration stage
  of components which have not operating fully
  integrated in earlier stages
• Exception is spacecraft, since simulator is only
  simulating and is not real hardware/software

12
Verification Test (Cont)
Development Cycles
EM 1
Release to IT
Release to sub-systems
EM2
Release to IT
Release to sub-systems
Release to IT
FU

• Three development cycles
• Engineering Model 1
• Single tower, single CPU
• Engineering Model 2
• Multiple tower, single CPU
• Flight Model
• Multiple towers, multiple CPUs
• Peer-Reviews after end of each development cycle
• In addition regular LAT reviews (Manufacturing
  Readiness Review, etc)

13
Verification Matrix (Doors Example Page)
ID TDF L3 Performance Specification VM Verif.
TDF3-7 The Level 1 Trigger (L1T) system shall be used to detect an interesting event and provide a signal to the detector subsystems to capture and read out the event data. Demo  
TDF3-105 The trigger (TRG) system shall determine whether the event is interesting based on trigger input signals received from the detector systems. Demo  
TDF3-9 The L1 trigger system shall accept trigger inputs from the ACD, TKR, CAL and dataflow subsystems. Demo  
TDF3-11 The L1 trigger system shall time-align trigger inputs from the ACD, TKR, CAL and dataflow subsystems to a precision better than 100 ns. Test  
TDF3-13 The L1 trigger system shall implement multiple overlapping triggers to allow cross-trigger monitoring. Test  
TDF3-15 The L1 trigger logic shall generate a trigger acknowledge signal (L1TACK) and a trigger type (e.g. CNO) for distribution to the subsystems. Demo  
TDF3-17 The L1 trigger logic shall generate the Trigger Acknowledge output with a latency of less than 1.3 mus. Test  
TDF3-106 The latency from the time the particle traverses the LAT to when the input signals need to be recorded at the earliest shall be 2 ms. Test  
TDF3-19 The L1 trigger contribution to the overall trigger jitter shall be less than 50 ns. Test  
TDF3-107 The overall trigger jitter for the LAT shall be 200 ns. Test  
TDF3-51 The dataflow system shall reduce the event rate accepted by the L1T to an output rate commensurate with the spacecraft interface as specified in 433-IRD-0001, keeping events meeting the science objectives. Demo  
14
Test Matrix
Applies to each board and assembly. In this slide
the tests at each level are listed
15
Electrical Environmental Test Flow
LAT

• Qual
• LAT Test

• Accept
• LAT Test

TEM DAQ/PS

• Qual
• Elec

• Accept
• Elec

PDU
EPU
SIU
GASU
TEM DAQ
TEM PS

• Qual
• Elec
• Sine Vibe
• Random Vibe
• Thermal Vac
• EMI/EMC

• Accept
• Elec
• Static Load
• Random Vibe
• Thermal Vac

• Qual
• Elec
• Sine Vibe
• Random Vibe
• Thermal Vac
• EMI/EMC

• Accept
• Elec
• Static Load
• Random Vibe
• Thermal Vac

• Qual
• Elec
• Sine Vibe
• Random Vibe
• Thermal Vac
• EMI/EMC

• Accept
• Elec
• Static Load
• Random Vibe
• Thermal Vac

16
Risk

• No single DAQ system failure can degrade LAT
  Electronics capabilities below minimum science
  requirements
• Failure in SIU, PDU, or GASU can require use of
  the respective redundant unit
• Failure in one of the two EPUs can require use
  of the redundant EPU unit. A second failure will
  reduce the available EPU CPU power by a factor of
  2.
• Failure in TEM power-supply or TEM DAQ module can
  lead to
• Loss of a full tower (most of the assembly is
  single string)
• Loss of the calorimeter or parts of it
• Loss of the tracker or parts of it

17
Electronics Risk Summary
ID Risk Rank Risk Description Risk Mitigation
Elec/224 Moderate Flight-Software schedule is tight Depends on execution of LAT software development approach. Delays in incremental review process may impact cost schedule Detailed software development plan, schedule and review points established (3/24/03). Early integration of software to target hardware via EM plan (Sept 03) Extensive use of test bed (Feb 04 and beyond)
Elec/221 Moderate Tower Power Supplies Cost Schedule depend on bids received in response to RFP Proposals may exceed allocated schedule funding Bids expected 3/25/03 Assess schedule problem Determine cost impact to maintain schedule Negotiate with vendor to minimize impact Develop minimum impact re-plan pursue CCB approval
18
Electronics Risk Summary
ID Risk Rank Risk Description Risk Mitigation
Elec/223 Low Two types of Tower Electronics Module ASICs submitted 1/18/03. 3 month turn around results in late reaction required if flaw is found upon delivery and test resulting in schedule and cost impact Protect schedule for additional ASIC run. Evaluate work arounds to mitigate late delivery of flight ASICs and recover schedule margin. If untenable ASIC flaws occur, implement worst case backup (FPGAs)
Elec/222 Low Cost Schedule of CPU Board depend on bids received in response to RFP to be sent out end of Mar-03. Bidding cycle 4-weeks For now NRL CPU board effort is stopped. If there is a problem with the BAE board, would revive the effort
19
FMEA
Fault Tree Analysis LAT-TD-01757-01 (Draft)

• FTAs completed on EPUs, GASUs, PDUs, SIUs,
  TEMs, TEM/PSs
• No single point failures without ground
  contingency (Software)
• Most components multiply redundant (More than one
  redundant component)
• Non-redundant with in redundant systems
  identified.

Failure Mode Effects Analysis -
LAT-TD-00374-01 (Being Drafted)

• Failure modes identified
• Effects analysis underway
• Probability being linked to component failure
• No criticality 1, or 2 failures
• Few 2R failures, mostly 2MR thru 5 failures

20
Reliability Allocation
Mission 70 (Pf .3)
Observatory 85 (Pf .15)
LAT 85 (Pf .15)
DAQ 96 (Pf .04)
Tower Electronics
GASU
PDU
SIU
Harness
EPU
TEM DAQ
TEM PS
SIB
LCB
PSB
CPU incl FSW
Back Plane
21
Parts Lists

• Parts Lists
• Electrical component list for DAQ submitted to
  Electrical Parts Control Board and most parts are
  approved (see later presentation)
• Mechanical components list for DAQ submitted to
  Mechanical Parts Control Board

22
Spares Plan
Item Need for Flight Qual Flight Spares Spare PCI boards
Tower DAQ Module Assembly 16 1 2 n/a
Tower Power Supply Module Assembly 16 1 1 n/a
GASU Assembly (contains prime and redundant unit) 1 1 0 n/a
PDU Assembly (contains prime and redundant unit) 1 1 0 n/a
SIU Assembly 2 1 0 CPU/SIU-SIB/PSB/LCB
EPU Assembly 3 0 0 EPU-SIB
Qualification Models are flight spares EPU
does not have separate qualification since crate
is the same as SIU crate
23
Technical Issues and Status

• No known technical issues in respect to
  functionality and performance except potentially
• TEM GTCC and GCCC ASIC (back from fabrication end
  of 3/03)
• Reliability Analysis in progress

24
Drawing Tree (Example)
25
Summary

• Changes since PDR described
• Interfaces documents released and under change
  control
• Technical budget at CDR level with sufficient
  margin
• Verification and test plans documented
• Risks contained in LAT database with mitigations
• FMEA and reliability well under way
• Drawing tree well advanced
• System engineering will be at CDR level by CDR
  time
• Main remaining item is completion of reliability
  analysis