Channelization: the two-fault tolerant attitude control function for the Space Station Freedom

The Space Station Freedom was comprised of “utility” systems, such as power generation and distribution, thermal management, and data processing, and “user” systems such as communication and tracking; propulsion, payload support, and guidance, navigation, and control. These systems are required to work together to provide various station functions. To protect the lives onboard and the investment in the station, the systems and their connectivity had to be designed to continue to support critical functions after any single fault for early assembly stages, and after any two faults for later stages. Of these critical functions, attitude control was the most global, incorporating equipment from nearly all major systems. The challenge was to develop an architecture, or integration, of these systems that would achieve the specified level of fault tolerant attitude control and operate, autonomously, for the three-month unmanned periods during the assembly process. Additionally, this architecture had to maintain the desired utility of the station for each stage of the assembly process. This paper discusses the approach developed for integrating these systems such that the fault tolerance requirements were met for all stages of assembly. Some of the key integration issues will be examined and the role of analysis tools will be described. The resultant design was a highly channelized one, and the reasons and the benefits of this design will be explored. The final design was accepted by the Space Station Control Board as the design baseline in July, 1992