- The Orion spacecraft uses eight processors running identical instructions simultaneously
- A fail-safe design prevents faulty computers from sending incorrect commands
- Triple redundant memory corrects single-bit errors automatically on access
The NASA Artemis II mission relies on a computing system built to remain operational under extreme conditions and hardware faults.
Unlike the Apollo program, where onboard computers handled limited functions, the Orion spacecraft manages life support, navigation, and communication through integrated flight software.
The Orion capsule carries one of the most fault-tolerant computer systems ever built for spaceflight, operating 250,000 miles from Earth, where no repairs are possible.
Article continues below
From Apollo’s limits to Orion’s full system control
Apollo astronauts relied on a 1MHz computer with just 4 kilobytes of memory, but today’s spacecrafts need much more, considering the distance.
The Orion spacecraft uses two vehicle management computers, each containing two flight control modules.
Each module consists of a pair of processors that continuously check each other’s outputs, resulting in 8 processors executing the same instructions simultaneously.
If a processor produces an incorrect result, the paired design detects the mismatch immediately and prevents the output from being used.
“We still architect to cover for hardware failures,” said Nate Uitenbroek, Software Integration and Verification Lead in NASA’s Orion Program.
“Along with physically redundant wires, we have logically redundant network planes. We have redundant flight computers.”
Instead of relying on majority voting, the system selects outputs from available modules based on a defined priority order.
The system is designed to tolerate rapid failures during flight. Uitenbroek stated, “We can lose three FCMs in 22 seconds and still ride through safely on the last FCM… A faulty computer will fail silently, rather than transmit the wrong answer.”
Failed modules are reset and re-synchronized, allowing them to rejoin the system during the mission.
Orion uses a time-triggered Ethernet network that distributes a shared time reference throughout the system – so if a module fails to meet its execution deadline, it is automatically isolated, reset, and re-synchronized before returning to operation.
The computing system includes triple-redundant memory capable of correcting single-bit errors during every read operation.
Network interfaces use dual communication lanes that are continuously compared to detect inconsistencies, while the overall network is replicated across three independent planes.
Orion carries a separate Backup Flight Software system that operates on different hardware and software, running continuously in the background.
“It is intentionally different to ensure that a common mode software failure in the primary flight software isn’t also implemented incorrectly on the backup,” Uitenbroek said.
The spacecraft also includes procedures for full power loss scenarios, allowing systems to restart, stabilize, and re-establish communication once power is restored.
The system is overengineered by any commercial standard, but deep space offers no second chances.
Whether all 8 processors will perform as designed under real radiation conditions remains untested, and the backup software has never faced an actual emergency.
Still, for a mission where the nearest hardware store is 250,000 miles away, this architecture makes a brutal kind of sense.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/3sMmsgSFFZtnv3EyJycGbC-1920-80.png
Source link
