Bringing Paladin into the 21st Century

BRINGING PALADIN INTO THE
21st CENTURY
30 July 2014
Background
• Beyond the Paladin Digital Fire Control System, previous
upgrades hadn’t altered much of the M109’s 1950’s
chassis configuration
• To meet the present day performance requirements as
well as establishing a path to implementing future
capability and growth initiatives, it was clear that the
M109A6 needed to evolve from the heterogeneous
(legacy analog) to a digital implementation.
30 July 2014
2
Background
• M109A7 significantly enhances the reliability, mission
maintainability, sustainability, and responsiveness of the
M109A6 while establishing current and future
commonality within the US. Army Armored Brigade
Combat Team (ABCT)
• Platform needed to meet the following requirements
– Provide an open and scalable architecture that would network
various subsystems and Line Replaceable Units (LRUs)
– Seamlessly combine existing components with emerging
technologies
– Maintain a reduced lifecycle cost through logistics support
30 July 2014
3
Power Generation,
Distribution and Management
• Due to the howitzer’s vehicle maximum electrical load
dual 28Vdc generators would be necessary
• This required an innovative design to drive the dual
alternator configuration and increased volume to
accommodate the output cabling to the power
distribution subsystem
• These issues led the BAE Systems Land and
Armaments, York, PA electrical power generation and
management design team to establish a joint
interdivisional effort with BAE Systems, Hybrid-drive
Systems, Endicott, NY for a different technical approach
30 July 2014
4
Power Generation,
Distribution and Management
• BAE Systems, Electronic Systems, Endicott, NY was
manufacturing Hybrid Electric Drive (HED) power
electronic components for the transit bus market
– leveraging this technology to design/integrate a Common
Modular Power System (CMPS) onto a Stryker vehicle platform
– BAE Systems ES and TARDEC believed a CMPS was possible
where all combat vehicles could utilize a common power
architecture and common components where possible
• The M109A7 electrical power generation and
management design team recognized this as an
opportunity to integrate a proven CMPS on the M109A7
vehicle platform
30 July 2014
5
Power Generation,
Distribution and Management
SV-1 FUNCTIONAL PERSPECTIVE
Power Sources Sub-Systems
Integrated Starter
Generator
(ISG)
Vehicle Battery
System
Energy Storage
System
Auxiliary Power
Generation
Network/Data
28 V
Hi Voltage
Power Conversion Sub-Systems
Vehicle Power Manager
Hi Voltage
Power Manager Functions
Load Management
Energy Storage Ctrl
Power Control
Aux Pwr Ctrl
Fault Monitoring
Status Reporting
120V/208V 60Hz
Inverter(s)
Network/Data
DC-DC Converter(s)
28 V
Hi Voltage
28 V
To vehicle Mission & Weapons Computers
Network/Data
Network/Data
Loads & Distribution
Power Distribution
Controller(s)
Vehicle Battery
Charger
30 July 2014
Energy Storage Sys
Charger
28 V
To individual vehicle loads:
Vehicle Accessories - Lights, Motors, Fans
Mission Loads - Computers, Radios, Diplays
Weapson Loads - Computers, Fire Controllers, etc.
Thermal Management System
NBC System
etc.
6
Digital Backbone
• The M109A6 SPH’s automotive/auxiliary/electrical power
subsystems were analog providing discrete input/output
to the non-smart electrical Line Replaceable Units
(LRU)s
• The SOW required
– ‘a Vehicle Health Management System (VHMS) which monitors
and reports the health of the vehicle and its subsystems’
– ‘power management system shall manage electrical power
distribution and utilization, monitor and protect the power
system and loads, provide host vehicle electrical system status
information to the crew and maintenance personnel’
• These requirements resulted in the decision to
implement a vehicle platform with a digital backbone
30 July 2014
7
Electric replaces Hydraulic
• M109A7 replaces the M109A6’s legacy hydraulicallyoperated elevation and azimuth drives with electric drive
technology leveraged from the Future Combat Systems
155mm NLOS-C (Non-Line-of-Sight Cannon)
• Replacing the hydraulics with electrically operated drives
drastically reduces maintenance and eases the logistics
burden
– Manual backups mitigate loss of electrical power
• Additional maintainability and reliability improvements
were gained by the replacement of the slip ring with a
Cable Management System (CMS)
30 July 2014
8
ELECTRICAL/ELECTRONICS
EVOLUTION FROM THE
M109A6
• Electrical power is separated into two systems
30 July 2014
9
ELECTRICAL/ELECTRONICS
EVOLUTION FROM THE
M109A6
• High Voltage System Architecture
30 July 2014
10
ELECTRICAL/ELECTRONICS
EVOLUTION FROM THE
M109A6
• Generator
Hydraulic Pump
Generator
PTO Housing
30 July 2014
11
ELECTRICAL/ELECTRONICS
EVOLUTION FROM THE
M109A6
• Generator Inverter (GINV)
– converts the 3-Phase AC power from the generator to 610VDC
• High Voltage Distribution Box (HVDB)
– takes power from the Inverter and distributes it to the BiDi, the
PESA (SPH Only), and the MCS
• Bi-Directional Converter (BiDi)
– takes 610VDC power from the HVDB and converts it to 28V
power in order to supply the low voltage components
30 July 2014
12
ELECTRICAL/ELECTRONICS
EVOLUTION FROM THE
M109A6
• Cable Management System (CMS)
– electrically links the cab and hull
– allows the cab to rotate in relation to the hull
• Paladin Electric Servo Amplifier (PESA)
– distributes power to and controls the electric drives and rammer
subsystems
– interfaces with the vehicle’s fire control system
• Microclimate conditioning system (MCS)
– affects environmental temperature conditions by heat exchange
30 July 2014
13
High Voltage Safety
• High voltage systems of the SPH and CAT are capable
of mitigating hazardous situations and protecting
equipment and personnel from potential injury
• Safety feature capabilities include aspects of ground
fault protections, interlocks, high voltage/energy
discharge protection, awareness, and training
• HV components are designed to withstand partial and
total submersion
30 July 2014
14
Ground Fault Protections
• Ground fault protection systems have been designed
into the Generator Inverter (GINV) and PIM Electric
Servo Amplifier (PESA)
• Multiple layers of insulation, shielding and conduit if
compromised help trigger a ground fault condition and
safely shut down HV/HE in the system
• Upon detection of a ground fault the GINV will shut down
and disconnect from the 610VDC high voltage output
30 July 2014
15
High Voltage Safety
• Hazardous Voltage electrical circuits are provided with
an appropriate set of
– Automatic disconnects
– Manual disconnects
– Interlocks to prevent inadvertent contact with the hazardous
voltage
• High Voltage/Energy Discharge Protection
• Awareness
30 July 2014
16
Distributed vs. Federated
Architecture
• The M109 had evolved primarily in a bottom-up fashion
driven by the opportunities to bolt on new capability
• It was clear that a flexible architecture was needed
– primary design goal was to maintain high reliability and mission
readiness, limit variables included within the critical path of
mission critical capabilities
– secondary design goal was to leverage common components as
much as possible to reduce the logistic burdens on the battlefield
30 July 2014
17
Distributed vs. Federated
Architecture
Vetronics Control and Distribution Module (VCDM) Distributed Architecture vs. Digital Vehicle Distribution Box (DVDB)
Federated Architecture Comparison
Distributed Architecture (VCDM)
Federated Architecture (DVDB)
Modular and Flexible Design
Point and Vehicle Specific Design
Promotes Line Replaceable Unit (LRU) and
Shop Replaceable Unit (SRU) Commonality
and Building Block Design Approach
Does Not Promote LRU and SRU Commonality and Building Block Design
Approach
Cost is Dependent on System Architecture
Complexity and Partitioning of Functions
Routinely Less Expensive than Distributed Architecture
PIM – SPH/CAT Federated Architecture (DVDB) is more expensive than
Distributed Architecture (VCDM)
PIM-SPH/CAT Distributed Architecture
(VCDM) is less expensive than Federated
Architecture (DVDB)
Allows For Good Design Practices to be
Implemented (Example: Status and Control
Processing should be isolated from Low
Voltage High Power Distribution)
Designed to be interchangeable between
vehicle locations and vehicle(s)
30 July 2014
All functions are integrated into one LRU creating EMI/RFI, Thermal and
Reliability Design Challenges (DVDB consolidates status/control processing,
video processing, low voltage low power distribution and low voltage high
power distribution, NATO slave connector functions into one LRU)
Point solution does not require interchangeability
18
Distributed vs. Federated
Architecture
• It was concluded that a digital distributed architecture
was the right choice to meet the vehicle health
management and electrical power management
requirements
– The key Line Replaceable Unit (LRU) for meeting much of the
M109A7/M99A2A3 digital architectural requirements is the
Vetronics Control and Distribution Module (VCDM)
• Modular LRU that provides networked point-of-load power distribution and
management, serves as a digital bus gateway, and is a key enabler for
diagnostics, fault detection and fault isolation
– Smart Display Unit (SDU) is a 10.4” display and computer
integrated into one package
• Provides the driver with a virtual instrument cluster and serves as the main
diagnostics interface to support fault detection and isolation
30 July 2014
19
SOFTWARE ARCHITCTURE
• Legacy M109A6 contained some electronic components
that had software was limited to the components related
to the Fire Control System
DAGR
RS422
Dynamic Reference Unit Hybrid
(DRU-H)
RS232
MVRS
RS422
RS422
SDLC
PDFCS
PIK
RS422
Ethernet
`
AT System
(Off Board)
CoS Display
C
SINCGARS
INC
RS-232
Keypad
SINCGARS
TAC
M109A6 SW Architecture
30 July 2014
20
SOFTWARE ARCHITCTURE
• SW Phase 1 provided a significant increase in smart
LRU’s and provided the opportunity to allow the
components to share information as needed
M109A7 SW Architecture
30 July 2014
M992A3 SW Architecture
21
SOFTWARE ARCHITCTURE
• Two major focus areas of Software Phase II.
– Take the lessons learned from contractor and government
testing and introduce the Diagnostics and System Health
M109A7 SW Architecture
30 July 2014
M992A3 SW Architecture
22
SOFTWARE ARCHITCTURE
• Two major focus areas of Software Phase III.
– Support LRU hardware changes and build on DASH to provide
an interface to IETMs resulting in improvements in fault isolation
DAGR
RS-232
RS-422
Dynamic Reference Unit
Hybrid Replacement
(DRU-H-R)
SINCGARS
INC
Gun Drive &
Rammer (GDR)
TACKLINK
RS-422
PIK
RS-422
SDLC
RS-422
MVRS
Vetronics
Control &
Distribution
Module
(VCDM)
JV-5
Ethernet
Display Unit (DU) KVG Switch
Discrete
(CoS Display)
Dedicated
Ethernet
Vetronics
Control &
Distribution
Module
(VCDM)
Drivers Display UI
Dedicated Video Line
J-1939 CAN Bus
Dash
Display Unit (DU)
E-net Switch
J-1939 CAN Bus
SW Installer
C
RS-422
Smart Display Unit (SDU)
Ethernet
KGV-72
Ethernet
Smart Display Unit (SDU)
LVDS | USB
Dedicated
Ethernet
E-net Switch
PDCU-R
(PDFCS-R)
Dedicated
Ethernet
FBCB2
Transceiver
Ethernet
MSD
(DASH, IETMs,
Downloader)
Ethernet
FBCB2
FBCB2
AFATDS
SINCGARS
(Voice)
Keypad
Drivers Display UI
Vetronics
Control &
Distribution
Module
(VCDM)
JV-5
BFT2
Dash
Dedicated
Ethernet
SW Installer
Vetronics
Control &
Distribution
Module
(VCDM)
Electronics Cooling (WEG) Pump
Vetronics
Control &
Distribution
Module
(VCDM)
Electronics Cooling (WEG) Pump
KGV-72
Engine Control Module (ECM)
Engine Cooling (BODAS)
Engine Control Module (ECM)
MSD
(DASH, ITEMs,
Downloader)
Engine Cooling (BODAS)
Common Modular
Power System (CMPS)
Transmission Electronics
BFT2
Transceiver
Dedicated
Ethernet
Common Modular
Power System (CMPS)
Transmission Electronics
Automatic Fire Extinguishing System (AFES)
J-1939 CAN Bus
BiDi
BiDi
Automatic Fire Extinguishing System (AFES)
GINV
J-1939 CAN Bus
BiDi
MicroClimatic Conditioning System (MCS)
MicroClimatic Conditioning System (MCS)
GINV
M109A7 SW Architecture
30 July 2014
M992A3 SW Architecture
23
LESSONS LEARNED
• High Voltage Safety
– The USG and industry had to develop new infrastructure,
logistics and procedures to safely operate and maintain the
M109A7 High Voltage CMPS
• Grounding and Bonding
– Special attention is required to make sure electrical
bonds/grounds are properly installed to avoid DC and AC ground
faults
• High Voltage Maturity
– As a result of the addition of the new technology it was
necessary to convince USG that the High Voltage CMPS
electronic components were at a high enough readiness level
30 July 2014
24
LESSONS LEARNED
• Information Assurance
– Awareness of the threat due to computer security issues has
grown significantly since the fielding of the M109A6
– While the digital architecture provided a mechanism for the
communication of information between the various subsystems
and improved overall diagnostic capabilities it also then required
additional work to insure that the proper security measures were
satisfied
– Satisfying the Information Assurance requirements has proven to
be a significant effort in cost and schedule
– It would have been better to start this process as early as
possible during the initial system design discussions
30 July 2014
25
LESSONS LEARNED
• Commonality
– For each hardware commonality effort ensure that the LRU
requirements and qualification tests encompass all necessary
operational and environmental requirements (shock & vibration,
hot and cold operational temperatures, radiated emissions etc.)
for all vehicle types being considered
30 July 2014
26

Download Report