I've been reading about the Voyager space probes and am very curious about how you design electronics and instrumentation for a very long life (40+ years) without any physical maintenance.
My guesses so far include:
- Physical protection for components (sturdy metal box and potting compound)
- environmental protection, keeping electronics warm and dry.
- Redundancy (i.e. duplicates) where possible.
But what about the individual components themselves? How do you ensure a diode/transistor/capacitor actually lasts for that long? Or even harder, what about the (albeit primitive) microprocessors?
I guess under-rating components might help (i.e. using a 12 V capacitor in a 5 V circuit, or running a 8 MHz processor at 4 MHz, or using a 100 mA cable for a 1 mA current).
But there's got to be more to it than that? Or is this all part of the miracle of the probes, the fact that they're still working now?
Answer
You asked about Space probes specifically, but your question also had a more general flavour. I've addressed "how to make things last" generally. In space the eg AC mains aspects is vanishingly unlikely to be relevant - but power supply issues still are.
This answer is necessarily incomplete and overlaps other comments and answers in some areas. These are "out of my head". I my come back and add more later. Or not :
Longish ago I set out to build portable solar lights, mass manufactured in China, with a target lifetime of 20 years. That's what the client wanted. The client, the manufacturers and Murphy conspired against me at every turn. I failed. But managed to make some seriously robust products in the process. One of these days ... :-).
Not all of the following derives from the above experience. But, a fair amount is "informed" by it.
Do not use wet Aluminum electrolytic caps.
Do not use Tantalum caps.
- OK - you CAN use Tantalum caps if you REALLY know what you are doing.
As a starting point, do not use Tantalum caps.
Look to see if Rad Hard is liable to help (even if not in a radiation intense environment).
Temperature derate to take advantage of (or avoid) Arrhenius multiplier.
Use a superb conformal coating.
A conformal coating MUST have low to no voids at PCBA surface, low dissolved water, low degradation in applicable environment, not produce damaging degradation products and/or scavenge degradation products.
ALL coatings pass water vapour - having an essentially void free surface against the PCBa and minimal water in the coating means that the concentration of water reaching the surface is very low and reaction rates are accordingly reduced.
As an example of degradation products and scavenging. Glass fronted PV (solar) panels have minimal water transmission through the glass (no surprise). The industry standard bonding material is EVA plastic which is heat and pressure polymerised to form an essentially clear void free adhesive layer between glass and PV cells. Over a decade plus gradual UV attack produces products which enhance cell corrosion. Modern glass front sheets contain scavengers to absorb these reaction products. Lifetimes of 30+ years are "easily enough" obtained. [I have an old tired but still operating BP 50 Watt PV panel more than 40 years old].
Parylene is king but not the only answer (See Here and Here ). Use the right PArylene - it's a family and some suit some areas better than others.
Dow Corning* 1-2577 and family are "pretty good".
Do not rely on bonding agents to hold things together or in place.
- Acid-free-cure Silicone Rubbers give 20+ years service if properly matched to surfaces. They may last 30 or 40 years, or more. Do you trust anyone to guarantee this to be the case.
Surface materials matter - experts will tell you what's needed for tricky surfaces.
But, not relying on binding agents is better.
Vibration protect appropriately.
- Be aware that while ferrous materials have a lower stress limit below which fatigue failure does not occur, non-ferrous metals have NO LOWER STRESS LIMIT below which fatigue failure will not ultimately occur. So eg an Aluminjum bracket that is stressed to well below its tensile limit may still fail after say 35 years if stressed repeatedly to some lower limit.
Voltage derate excessively in areas where appropriate.
DO NOT voltage derate where inappropriate.
- eg the wet Al ecaps that you are NOT using should not be run vastly below voltage spec.
Be aware of ceramic cap attributes that may hurt you.
eg voltage ringing on voltage steps, microphonic and major voltage spikes from apposite vibrations.
Be aware of corrosion mechanisms.
Some coatings provide electrochemical sacrificial protection of underlying metals.
Some don't.
Some are worse long term than no coating!. eg zinc "galvanised" coatings protect underlying iron/steel by being more active electrochemically.But eg Nickel (or the now far less often seen tin) do NOT provide electrochemical protection - rather just the opposite. These coatings provide mechanical barriers to corrosion products. If / once / when the coating is breached ober a small area an electochemical cell is formed that selectively targets the underlying layer and the small area exposed means the corrosion rate is higher than if the while item was NOT plated (!).
In any case - DO NOT USE TIN COATINGS - see below
Do not use Tin coatings
- Tin is nowadays renowned for growing whiskers on surfaces - sometimes at fast rates and sometimes with astounding lengths. In some cases whisker growth takes decades and is unimportant. In other cases failures can occur in very short periods (say under one year).
At least one communication satellite is believed to have been lost due to tin whiskers.- I have some extremely old relays. Some of their metal surfaces are smooth to the touch. Other portions are extremely rough and the sprouting tin whiskers are clearly visible.
Be aware that EMI matters.
- EMI (electromagnetic interference) at usual levels can be formally designed against. If you know with certainty that nobody is going to operate a 1 kW linear amplifier, unshielded Magnetron, high energy spark source, .... within a critical distance of your product for the next 40 or 50 years then you may decide to not protect against such. If you are not certain of this then protection may be in order.
Be aware of worst worst worst case mains and power supply issues.
A very long life device will usually have external energy supply. Typically mains AC, battery charged from some external source of maybe solar. Just maybe thermal, radioactive, ... .
If your mains input at eg 110 VAC oe 230 VAC will NEVER have an 11 kV line dropped onto its feeder in the next 40 years then you may not wish to protect against such a possibility. I occasionally hear of telephones leaping off walls or houses bursting into flames when this happens. It's rare. It happens. There is a limit to what you can choose to protect against. You have to choose what the limit is.
Lightning happens. In two years I lost 2 multifunction printers to lightning strike nearby in a residential area not known for overly much lightning activity. After the second I decided that having a fax line connected to my printer was overrated. No telephones were damaged.
- Mains energy spikes can be "very enthusiastic". There are standards to be met to protect against such. Murphy does not care about standards.
Use only utterly reliable suppliers and ensure provenance for all parts sources.
These overlap. In some cases you may be dealing directly with suppliers or middlemen.
Be sure you know the standing of the entity you are dealing with. In Asia a supplier purporting to be the manufacturer may in fact be reselling product from elsewhere.
Factory visits help, but, do not be fooled. (I have been). And ensure that products which come from a given source continue to come from that source.
Name brand products with a good reputation will often be counterfeited. Be sure that what you receive IS from the claimed manufacturer. [eg GP (Goldpeak) AA NiMH (and other) batteries are relatively unknown by that name in the est - but GP are one of the largest battery makers in China. So much so that pirate GP lookalikes abound.
You do not HAVE to buy from a supplier who jealously defends their reputation (Digikey, Mouser, ....) or products from manufacturers of impeccable standing, but it certainly helps.
If you have to source a product and do not have time for adequate due diligence or source checking, if Panasonic make it, buy Panasonic. (That's sort of with a :-) - but I'm also serious. I have zero financial or business links with Panasonic, but I don't recall them ever doing other than superbly in any area they choose to touch).
Learn how Murphy works.
- If something can go wrong it will.
If you know that something can't go wrong Murphy will do his utmost to prove that your knowledge is false. Look at every possible multi-factor failure mode, and as many impossible ones that you can manage.
Impossible series of faults or conditions are not as impossible as we'd like
- A large proportion of major disasters occur when 3 or 4 or 5 almost impossible events occur simultaneously. This happens often enough that 'you'd think that people may have noticed' - but people seem not to.
No comments:
Post a Comment