Friday, July 10, 2015

Power System Reliability Considerations Part 2

F16 Aerobatic maneuver, Thunderbirds Aerobatic Team

This article is a follow-up on the previously presented results. We will examine the power system of a model airplane from the aspect of reliability. Common equipment configurations will be used as examples.

In a vehicle where the primary power source are electric batteries, the most crucial power consumers are the motor, the avionics and the servos. From now on, for the sake of simplicity, we will refer to the powerplant of the aircraft (which is tasked with producing thrust) as the “thrust” system, whereas the rest of the electric power consumers on the aircraft will be called the “control” system. We will carry out a high level analysis, since too much detail would eventually distract the reader from the most relevant factors.

Refer to Figure 1: our first layout consists of a single battery pack connected to the ESC. Control and thrust are powered by the ESC. Our working hypothesis is that the different failures modes can be considered independent.

Figure 1. Single battery system

Let's select the battery pack reliability value at $$R_p=0.96$$ and the reliability value of the ESC at $$R_{ESC}=0.98$$. The battery and the ESC should be working at the same time, so for the first layout, the reliability is $$R_{l1}=R_p \cdot R_{ESC}=0.940$$. We notice that the overall reliability is lower than the reliability values of each single component. Moreover, our system is not redundant, since the failure of each component causes the failure of the overall system.

Our second layout consists of two independent batteries, one for thrust and one for control. One battery is physically connected to the motor's ESC and the other is connected to a BEC circuit that supplies the control module. Usually, the power related to the thrust system has more capacity and nominal voltage than the control battery.
Figure 2. One battery for thrust, one battery for control

Let's set the reliability value of the battery packs to $$R_p=R_c=0.96$$, the reliability value of the ESC to $$R_{ESC}=0.98$$ and the reliability of the BEC to $$R_{BEC}=0.98$$.

Under nominal system operation, the two batteries, the ESC and the BEC should be operational at the same time. From this aspect, the reliability of the second layout is $$R_{l2}=R_p\cdot R_{ESC}\cdot R_c\cdot R_{BEC}=0.885$$. At first, this result seems wrong: Despite having used more equipment, the overall reliability is now lower than the initial 0.940 value from Layout 1. Until now we haven't considered in detail what happens when a part of our system fails and that led us to non-comparable results. In fact, under careful examination, the second layout has extended capabilities. In layout 1 we have a probability $$1-R_{l1}=0.06=6\%$$ of a total power loss, and if this unfortunate event happens then we will lose control of the vehicle as well as any ability to safely (crash) land the unit. Revisiting layout 2, we calculate the probability to lose completely the vehicle control. The cases that lead to a catastrophic failure are those that include a simultaneous failure of both the batteries or both the ESC and BEC. The following table presents all such failure cases.

Case #Battery P Battery C ESC BEC
1failfailfailfail
2failfailokfail
3failfailfailok
4failfailokok

5okfailfailfail
6failokfailfail
7okokfailfail

Table 1. Failure modes that lead to total power loss equivalent to Layout 1

Combining the probabilities of the cases indicated in the table, we get the following expression for reliability $$R_{l2flat}=1-((1-R_p)\cdot(1-R_c)+(1-R_{ESC})\cdot(1-R_{BEC}))=1-(0.0016+0.0004)=0.998=99.8\%$$. Now the odds changed to being favorable to Layout 2. However from a user's point of view, it is more interesting to know the value of the probability that the vehicle is still controllable (at least to some degree) after a failure. The necessary condition for controllability is that the BEC and its battery are still working properly.
Refer to the next table. In cases 8 to 11 the pilot will have a chance to land the aircraft safely.

Case #Battery P Battery C ESC BEC
8
fail
ok
fail
ok
9
ok
ok
fail
ok
10
fail
ok
ok
ok
11
ok
ok
ok
ok

Table 2. Failure modes that lead to a controllable (crash) land.

The reliability related to this minimum guaranteed performance is $$R_{l2user}=R_c\cdot R_{BEC}=0.940$$. This value is the same as the value of the first layout. With this method of analysis, the advantage of layout 2 over layout 1 not so clear anymore. However, the situation can be radically different if there is a relationship between the reliability of batteries/ESC/BEC and the corresponding capacity/max-current/etc or there is a dependency among the reliabilities of single items.
All things said, however, by inspection of layout 2, it is evident that it does not offer any physical redundancy, so statistics apart, it's wise to not expect any sudden reliability increase.
Figure 3. One battery for thrust, dual batteries for control

In this layout number 3, we have a battery that goes straight to the ESC and a redundant voltage regulator, powered by two separated batteries, which feed the control system. The working hypothesis is that the redundant voltage regulator will continue to work even if one battery fails. The most tricky failure to handle for the voltage regulator is a battery cell short. Fortunately even regulators at RC grade can handle this condition [1].

Back to the math, this layout is more reliable as the system composed by voltage regulator with $$R_v=0.98$$ and two batteries with $$R_c=0.96$$.
$$R_{l3}=1-((1-R_c\cdot R_v)(1-R_c\cdot R_v))=1-0.0035=0.996=99,6\%$$ [2]

Using the same battery pack type, layout 3 offers augmented reliability, and that result was reached by means of physical components redundancy.

Typically, the weakest link in the chain affects the system reliability the most, so prior to purchasing or building an expensive or complex reliable thrust system, an analysis of the reliability of the whole aircraft system should be performed. It will be useless to have an amazing thrust system with undersized servos.

References

[1]
For example
Smart-Fly - PowerSystem Eq6 Turbo Plus- Battery input protected
[2]
Mc Dowall (2005), Lies Damned Lies and Statistics: The Statistical treatment of Battery Failures , Retrieved 09/07/2015