building reliable and safe systems lessons learned
play

Building Reliable and Safe Systems - Lessons Learned Scott Torborg - PowerPoint PPT Presentation

Mar 29, 2023 •206 likes •686 views

Building Reliable and Safe Systems - Lessons Learned Scott Torborg storborg@mit.edu April 2009 The Right Way Failure Modes and Effects Analysis (FMEA) Root Cause Analysis (RCA) MTBF, FIT, etc. ...yeah, yeah Learn that at

  1. Building Reliable and Safe Systems - Lessons Learned Scott Torborg storborg@mit.edu April 2009

  2. The “Right” Way • Failure Modes and Effects Analysis (FMEA) • Root Cause Analysis (RCA) • MTBF, FIT, etc. ...yeah, yeah Learn that at engineering school.

  3. Design

  4. Standards • Might matter • EN 61508 = 10 9 hours MTBF for safety critical systems http://www.flickr.com/photos/lickyoats/2290383219/

  5. Redundancy http://www.flickr.com/photos/lickyoats/2290383219/

  6. Failure Isolation http://www.flickr.com/photos/metrix_feet/357018809/ Redundancy is no good if failures a fg ect everything at once.

  7. Heterogeneous Redundancy (this is just adding redundancy in design) ...this is impractical, because design is expensive Architecture of the space shuttle primary avionics software system - http://portal.acm.org/citation.cfm?id=358258 Space shuttle has 5x redundant computers, with di fg erent configurations. Akamai championed the “keep the systems heterogeneous” mentality, but that’s easier with open source/other platforms.

  8. Graceful Degradation

  9. Failures aren’t uniform or random ...don’t treat them like they are http://en.wikipedia.org/wiki/Bathtub_curve Don’t apply MTBF without considering product lifetime.

  10. Manufacturers Mislead You • “Typical”? Yeah, right. • Sometimes they just lie, or don’t know

  11. Humans • Least reliable part of most systems • Political challenges v. Technical challenges • Interfaces and feedback • ...get stupid when in immediate danger

  12. Look at the whole picture • Reliability doesn’t stop at the product • Training • Maintenance “Despite these efforts, the F-22A continues to operate below its expected reliability rates. A key reliability requirement for the F-22A is a 3-hour mean time • Support between maintenance intervals... Currently, the mean time between maintenance is less than 1 hour.” March 2008 GAO Congressional Report

  13. Testing

  14. Test it! • Do it yourself : putting your life on the line makes you very focused • Seeing field failures yourself helps • Have an answer for every “what if?” There’s a limit to this, because testing is often destructive... focus on common use scenarios and the most risky situations.

  15. Know what happens • Reliable == Deterministic • Test everything • Talk to users as much as possible • If there’s an incident (death or injury) everyone stop everything

  16. Some environments to test • Temp / humidity extremes • Rapid changes in temp / humidity • High vibration • EMI / ESD • Oxidation risk (high-O2 or corrosive env.)

  17. Build Awesome Fixtures (3000 feet!)

  18. Burn-in Automated burn-in testing reduces infant mortality

  19. Maintenance • Record everything • Infrastructure helps make it easy, identify trends - You wouldn’t try to write software without a bug tracker. - The better the tools you have for this, the more data you’ll get. - Keep the feedback loop between maintenance and design engineers tight.

  20. Tricks

  21. Generally • Use simpler, more reliable devices to supplement more complex devices • Voltage supervisors • Watchdog timers • Diagnostic sensors

  22. Logic is your friend Check Faults FAULT A FAULT FAULT B Logic gates are small and very reliable, e.g. TI “Little Logic”

  23. Logic is your friend Check Status OK A OK OK B

  24. Logic is your friend Share Outputs A CTL CTL CTL B Each independent system can override the other. Needs careful control algorithms!

  25. Do it with power too A POWER B Great chips for this, e.g. Linear PowerPath controllers - Can also be done with FETs, so don’t fret about power consumption.

  26. Voting Logic Flaky Sensor A OUTPUT Controller Flaky Sensor B Flaky Sensor C 3, 5, 7... inputs - Don’t use just voting logic, because it can make a bad problem really bad.

  27. Detect Failures with Internal Models • Sensor value can’t change faster than 10mV/sec • Limit switch A can’t be tripped at the same time as limit switch B Pick the simplest constraints (least amount of state required) and go up from there.

  28. I/O is like sex Use protection! resistors isolate short conditions / component ferrite beads failures, reduce max currents damp HF noise OUTSIDE (bad ESD, EMI) microcontroller small low-ESR caps (ceramic) ESD/TVS diodes clamp absorb power spikes, ESD over/under voltage Don’t use all of these! Just some. - Be mindful of slew rates, extra capacitance, etc. - Excess capacitance or resistance can increase power consumption, exacerbate loads, and make things worse. - Ceramic caps work best for absorbing pulses, and can be a cheap substitute for an ESD diode. - Especially protect things like reset, fault, shutdown lines.

  29. Mechanical • Don’t overconstrain or stress the board • Vibration is bad • Potting helps • Piezoceramic effects - Beware of pressure e fg ects with soft potting compounds at altitude and pressure

  30. Board Mounting Loosen up, it’s not going anywhere

  31. Components Large components are more vulnerable

  32. Piezoceramics (e.g. ceramic capacitor) = power supply noise

  33. Piezoceramics sometimes intentional

  34. Some things that suck

  35. Most capacitors • Tantalum especially • Electrolytic bad long-term because of leaking

  36. Electromechanical Devices • Mechanical Relays ➔ Solid-state Relays • Tilt Switches ➔ Accelerometers • Mechanical Switches ➔ Piezo, FETs • Connectors The least bad connectors are optical, or process control/instrumentation connectors (e.g. M8, M12).

  37. Tin Whiskers Until they’re dealt with, get an RoHS exemption http://nepp.nasa.gov/WHISKER/index.html Can also occur with other metals, e.g. zinc. The solution is to use leaded solder.

  38. Flux Residue Clean boards after assembly! http://glacier.lbl.gov/%7Egtp/DOM/MB/V5.0/206_ps4.JPG Often overlooked reliability issue, particularly for low-voltage analog circuits.

  39. ESD • Take it seriously! • Especially while potting and testing

  40. Some things that don’t suck Notice a trend? These things that don’t suck apply the same principles discussed earlier.

  41. PPTCs • Polymer Positive Temp Coefficient • Like a fuse, but resets

  42. TDK Capacitors - A fg ects MLCC (multilayer ceramic caps) - “Open Mode” - Fail open instead of fail short - Much more conservative ratings

  43. Hi-Rel • Only part of solution • Flight-grade, mil-spec, etc. • $$$ Expensive • Don’t go overboard

  44. Envirogel • Makes potting practical • Watch out for rapid pressure changes, behaves like lipid tissue http://www.kellerstudio.de/repairfaq/sam/ya234p1.jpg

  45. CAN Bus • Deterministic • Robust • Fault Tolerant

  46. Process Control Connectors • E.g. M8, M12 • Affordable and easy • Turck, Phoenix, Woodhead, Binder, Tyco

  47. In short... • Be paranoid • Test thoroughly • Analyze everything ...thanks!

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for

Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for

Building Software Systems at Google and Lessons Learned Jeff Dean jeff@google.com Plan for Today Evolution of various systems at Google computing hardware core search systems infrastructure software Techniques for building

1.25k views • 103 slides
Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the

Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the

Wh t h What have we learned from What have we learned from Wh t h l l d f d f building the LHC (CMS) DAQ building the LHC (CMS) DAQ systems. systems. S. Cittolin PH-CMD. CERN Openlab meeting. 3-4 March 2009 DAQ at LHC overview CMS

352 views • 33 slides
You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons

You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons

You did WHAT?!? What were you THINKING?!?!?!? Go on This is a safe place Lessons learned building a build system Cdric Beust cedric@beust.com VP of Engineering at Samsung SmartThings Table of contents 1. Why? WHY? 2. Whaaaaaat?

591 views • 45 slides
Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons

Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons

Tandy Assembly Springfield, OH 11/10/18 Building an Extension Card for the TRS Building an Extension Card for the TRS -80: 80: Lessons Learned from the Lessons Learned from the RetroStoreCard RetroStoreCard Arno Puder & Sascha

328 views • 30 slides
1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6.

1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6.

917 Dundas Street W, Whitby 2016 OMFPOA Symposium Fire Chief Dave Speed CFPO Nicholas Webb 1. Building Description and Background 2. Fire 3. Inquest 4. Challenges 5. Lessons Learned 6. Moving Forward 1) Building Description and Background

468 views • 15 slides
Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth

Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth

Todays Webinar: If I Knew ThenWhat I Know Now! Lessons Learned from Building a Telehealth Network from the Ground Up www. telehealthresourcecenters. org Your Presenter Brian Coltharp, MA Director of Innovation Health Resources of

522 views • 28 slides
Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of

Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of

Lessons Learned from and for Requirements Engineering and Building Construction: A Case Study of Requirements Engineering for a Synagogue Kitchen with Use Cases and Scenarios Daniel M. Berry Cheriton School of Computer Science University of

742 views • 56 slides
LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of

LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of

LET THE PROJECT FLOW Front end and PM Lessons learned from building a Drupal 8 website for one of the nations largest water utilities, Denver Water Presented by James David Saul Intro/About Civic Research Drupal 8: Modules The Way and Why

678 views • 47 slides
The Rural Opportunity Lessons learned in building strong financial services for rural and agri

The Rural Opportunity Lessons learned in building strong financial services for rural and agri

The Rural Opportunity Lessons learned in building strong financial services for rural and agri markets Congreso de acceso a servicios financieros y medios de pago Cali Colombia, 2019 Tom Gruintjes Gerente Planificacin Estratgica y

611 views • 39 slides
Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul

Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul

Data Council '19 Building a Lean AI Startup Lessons learned or How to start an ML company in your garage Paul Cothenet Co-founder & CTO MadKudu MadKudu is a Lead & Account Scoring platform that enables B2B companies to build relevant

543 views • 36 slides
Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were

Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were

UNCLASSIFIED Lessons learned from planning and preparing a distributed ISR LVC Environment - and there were lots John W. Diem Test Technology Director, US Army Operational Test Command ITEA Systems of Systems Engineering Workshop January

442 views • 15 slides
Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned

Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned

Ten Years of the National Safe and Healthy Housing Coalition in the United States: Lessons Learned David E. Jacobs, PhD, CIH Chief Scientist, National Center for Healthy Housing, USA Wellington, New Zealand November 4 2019 WHO Collaborating

625 views • 45 slides
Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes -

Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes -

Lessons Learned: Building Scalable & Elastic Akka Clusters on Google Managed Kubernetes - Timo Mechler & Charles Adetiloye About MavenCode MavenCode is a Data Analytics software company offering training, product development, and

426 views • 18 slides
Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella

Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella

Lessons Learned from Building a Large Multilingual, Multi-region Website in Drupal 8 Stella Power Photo credit: mumsabroad.com A bit about me Drupal hobbyist Founder of Annertech Backend developer

509 views • 38 slides
Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across industries (Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Weapon Systems, etc.)

245 views • 11 slides
Lessons Learned Building and Operating a Serverless Data Pipeline Will Norman Introduction

Lessons Learned Building and Operating a Serverless Data Pipeline Will Norman Introduction

Lessons Learned Building and Operating a Serverless Data Pipeline Will Norman Introduction Will Norman - Director of Engineering @ Intent FinTech and AdTech background Intent Data Science company for commerce sites Primary

703 views • 30 slides
More than 60,000 grid connected PV-Home- Storage systems in Germany Lessons Learned

More than 60,000 grid connected PV-Home- Storage systems in Germany Lessons Learned

More than 60,000 grid connected PV-Home- Storage systems in Germany Lessons Learned Kai-Philipp Kairies, Jan Figgener, Dirk Magnor, Hendrik Axelsen, Eberhard Waffenschmidt , Dirk Uwe Sauer IRENEC 2017 Conference, Istanbul, Turkey, 20. May

1.2k views • 23 slides
Systems that Work: Lessons learned from research and experience Patrick J. OConnor MD MA MPH

Systems that Work: Lessons learned from research and experience Patrick J. OConnor MD MA MPH

Outpatient Clinical Decision Systems that Work: Lessons learned from research and experience Patrick J. OConnor MD MA MPH JoAnn Sperl-Hillen MD Conflict of Interest Patrick OConnor reports no industry funding, travel/honoraria from

531 views • 28 slides
Building Scalable and Extendable Data Pipeline for Call of Duty Games: Lessons Learned Yaroslav

Building Scalable and Extendable Data Pipeline for Call of Duty Games: Lessons Learned Yaroslav

Building Scalable and Extendable Data Pipeline for Call of Duty Games: Lessons Learned Yaroslav Tkachenko Senior Data Engineer at Activision 1+ Data lake size (AWS S3) PB Number of topics in the biggest cluster 500+ (Apache Kafka)

548 views • 44 slides
systems on campuses and lessons learned Bob Lang LPC, LAC Disclaimer The views, opinions, and

systems on campuses and lessons learned Bob Lang LPC, LAC Disclaimer The views, opinions, and

Best practices in creating data and surveillance systems on campuses and lessons learned Bob Lang LPC, LAC Disclaimer The views, opinions, and content expressed in this publication do not necessarily reflect the views, opinions, or policies of

428 views • 8 slides
Building the Online Enterprise: Lessons Learned from the Formation of USCs Palmetto College

Building the Online Enterprise: Lessons Learned from the Formation of USCs Palmetto College

Kennedy & Company Kennedy & Company Building the Online Enterprise: Lessons Learned from the Formation of USCs Palmetto College ACHE South Presentation April 19, 2016 2015 Kennedy & Company Education Strategies LLC Starting

706 views • 28 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
Integration of Delivery Systems- Lessons learned from the BHN experience Francis J. Doyle, Esq.

Integration of Delivery Systems- Lessons learned from the BHN experience Francis J. Doyle, Esq.

Integration of Delivery Systems- Lessons learned from the BHN experience Francis J. Doyle, Esq. Executive Director of Boston HealthNet Agenda Introduction to BHN Lesson #1: Congruence Lesson #2: Shared Priorities Lesson #3:

256 views • 22 slides

More recommend