- The Orion spacecraft uses eight processors that execute identical instructions simultaneously
- A fail-safe design prevents faulty computers from sending incorrect commands
- Triple redundant memory automatically corrects single bit errors when accessing
NASA’s Artemis II mission relies on a computer system built to remain operational under extreme conditions and hardware failures.
Unlike the Apollo program, where onboard computers handled limited functions, the Orion spacecraft manages life support, navigation and communication through integrated flight software.
The Orion capsule carries one of the most fault-tolerant computer systems ever built for space flight and operates 400,000 kilometers from Earth, where repairs are not possible.
Article continues below.
From the limits of Apollo to total control of the Orion system
The Apollo astronauts relied on a 1 MHz computer with only 4 kilobytes of memory, but today’s spacecraft need much more, considering the distance.
The Orion spacecraft uses two vehicle management computers, each containing two flight control modules.
Each module consists of a pair of processors that continuously check each other’s outputs, resulting in 8 processors executing the same instructions simultaneously.
If a processor produces an incorrect result, the matched design detects the mismatch immediately and prevents the output from being used.
“We continue to design to cover hardware failures,” said Nate Uitenbroek, software integration and verification leader at NASA’s Orion Program.
“In addition to physically redundant cables, we have logically redundant network aircraft. We have redundant flight computers.”
Instead of relying on majority voting, the system selects results from available modules based on a defined order of priority.
The system is designed to tolerate rapid failures during flight. Uitenbroek stated: “We can lose three FCMs in 22 seconds and still safely move forward with the last FCM… A faulty computer will fail silently, rather than transmitting the wrong answer.”
Failed modules are rebooted and resynchronized, allowing them to rejoin the system during the mission.
Orion uses a time-triggered Ethernet network that distributes a shared time reference throughout the system, so if a module misses its execution deadline, it is automatically isolated, rebooted, and resynchronized before returning to service.
The computer system includes triple redundant memory capable of correcting single-bit errors during each read operation.
Network interfaces use dual communication lanes that are continually compared for inconsistencies, while the overall network is replicated across three independent planes.
Orion carries a standalone Backup Flight software system that operates on different hardware and software, running continuously in the background.
“It is intentionally different to ensure that a common mode software fault in the primary flight software is not incorrectly implemented in the backup,” Uitenbroek said.
The spacecraft also includes procedures for complete power loss scenarios, allowing systems to reboot, stabilize, and reestablish communication once power is restored.
The system is over-engineered by any commercial standard, but deep space offers no second chances.
Whether the 8 processors will perform as designed under real radiation conditions has yet to be tested, and the supporting software has never faced a real emergency.
Still, for a mission where the nearest hardware store is 400,000 kilometers away, this architecture makes brutal sense.
Via ACM Communications
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
