Versions Compared

Old Version 1

changes.mady.by.user Will Merges (RIT Student)

Saved on

compared with

New Version Current

changes.mady.by.user Will Merges (RIT Student)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The actions taken when safing goes active depends on the mode. In disabled mode, no action is taken because all the engine is already "safed" as all valves must be closed prior to entering disabled and must remain so. In cold mode, all valves are immediately closed as fast as possible. Safing in cold mode prioritizes the safety of people in proximity to the engine, albeit potentially damaging the system. In hot mode, there is no personnel allowed within the safe blast radius of the engine and fuel is assumed to be live in the system, for this reason the purge is run after closing fuel and oxidizer valves. This prioritizes making the engine safe to approach without damage to the system, but does leave introduce pressure in the line from purge purging so is not optimal if there are personnel nearby.

After To prevent an operator accidentally disabling safing, after the controller goes into active safing mode, the operator must perform two steps to set safing to lowinactive and continue testing:

  • Place the engine in disabled
  • Set safing to inactive

...

The engine has a 3 light tower (red, yellow, green) that is used to communicate mode and safing information visually. A green light indicates the engine is disabled and safe to approach, as the engine is unfueled in this mode. A yellow light indicates that the engine is in cold mode, and indicates that the only personnel near the engine should be the minimum required for the fill process. A red light indicates hot mode, and the engine should be approached under no circumstances whatsoever. Additionally, a loud buzzer will beep five times before initiating any engine testing test to warn all personnel that a test is beginningand provide feedback to the operator.

When the engine goes into active safing, all lights will be lit up and will blink until the safing procedure is complete. This provides feedback to the operator for when the network link goes down.


Nominal Usage

The following steps describe the engine mode during a nominal test:

  • The engine controller is connected and powered on, defaulting to disabled mode with all valves closed
  • All solenoids are electrically connected, but there is no fuel in the engine. The controller is placed in test mode and all valves, indicator lights, and igniters are tested.
  • The engine is placed into cold mode and the filling process begins. All personnel are evacuated except for the minimum needed for filling.
  • The engine is fueled and pressurized, then the controller is placed into hot mode. All personnel are evacuated.
  • The engine test is loaded in the ground station and the countdown clock is begun, a hold can be initiated for any pre-test checks as well.
  • The engine completes a test fire, the data is verified and the engine is placed into cold mode.
  • Any remaining fuel is emptied by the minimum personnel, then the engine is placed in disabled mode.
  • The engine controller is shutdown and disconnected.

Additional Precautions

Engine commands can only be sent physically from the ground station OR remotely from a password protected dashboard hosted over a standard web browser. Only the ground station operator and a single dashboard has access to manually commanding valves, while a second dashboard shows sensor data and has controls to set safing active or stop the countdown clock.