SAE ARP4900

Annotation of standard text SAE ARP4900 :

Current design and development practices leading to formal liquid rocket engine qualification (USAF) or certification (NASA) will not achieve the specific reliability objectives of future programs. New rocket engine programs are dictating quantified requirements for high reliability in parallel with a cost-constrained procurement environment. These specified reliability levels cannot be validated with the necessary confidence in a timely or cost-effective manner by present methods. Therefore, a new improved process is needed and has been developed. This new reliability certification methodology will be discussed in detail in the five sections that comprise this document. Primary purposes of this report are to:
a
Define and illustrate this process

b
Point out its strengths and weaknesses

c
Provide guidelines for its application on programs which have specified reliability requirements


Increased emphasis on rocket engine reliability and cost has prompted the Liquid Rocket Certification Subcommittee (Society of Automotive Engineers for Reliability, Maintainability, and Supportability) to thoroughly examine current methodologies to qualify or certify liquid rocket engine systems. For example, new liquid rocket engine programs, such as the joint NASA/Air Force effort for the National Launch System (NLS) or the Air Force XLR-132 storable propellant upper stage engine, include documented requirements for high levels of reliability. These new requirements exceed those historically demonstrated over the operational life of most current rocket propulsion systems. Certification of reliability was not required for past liquid rocket engines developed for the Air Force or NASA. The importance of demonstrated reliability was low, relative to such requirements as performance, schedule, and cost. Engines were formally qualified or certified by test programs aimed primarily at demonstrating design maturity and operational readiness in terms of performance and durability. In general, relatively little propulsion system testing, as distinguished from engine system testing, was implemented on past flight hardware for launch vehicles.

Reliability estimates prior to the first flight of a new engine historically have been based largely upon results from qualification or certification tests which formally declared the engine ready to fly. Many changes typically were made during the engine development period, until the engine was considered mature enough to qualify or certify. The process, therefore, precluded the gathering of test results applicable to reliability assessment during this development phase of a program. As a consequence, predicted reliability levels, at high confidence, prior to the first flight of a new engine have been consistently low. This was due to the small number of engines tested, especially identical units, and the limited number and type of tests performed on each engine during a typical qualification or certification test program. Reliability levels for current operational rocket engines are based upon a combination of ground test experience supplemented by the accumulation of data derived from actual flights. This process typically takes years and hundreds to perhaps thousands of tests to develop a satisfactory level of reliability and confidence for a particular engine system.

The Liquid Rocket Certification Subcommittee advocates a new approach to rocket engine reliability certification as a result of reviewing current methods to qualify or certify engines. It is felt that this new approach is an improvement over current qualification/certification methods. The recommended new approach, described in the following sections of this report, involves a judicious combination of analysis and test efforts that begin at an early stage of the design prior to formal certification. This methodology quantifies reliability estimates by focusing upon early identified weak links in the design and system reliability drivers. The recommended approach includes development tests that assist in establishing the necessary information base for probabilistic analyses and engine system certification testing to demonstrate structural, thermal, and dynamic capabilities, as well as the more typical performance and life requirements.

The new approach begins with a traditional deterministic preliminary design of the engine. A failure modes and effects analysis and a fault tree analysis are then conducted. At this point, the improved approach departs from typical methodology by screening engine components for criticality. A critical component has one or more critical failure modes. This screening is based upon the accumulated knowledge which impacts the design at this point. Critical components typically are complex in geometry, difficult to analyze, susceptible to catastrophic failure, and sensitive to such things as environments, loads, or material properties. Experience has shown that a majority (about 80 to 90%) of the components of a rocket engine can be classified as noncritical, and their reliability is essentially unity. Therefore, a conventional deterministic design approach is satisfactory for these components. However, probabilistic analysis may be desirable for these noncritical components to realize other benefits such as weight savings. The remaining engine components have a higher probability of failure as well as being engine system critical and require the more intensive probabilistic analysis. A probabilistic analysis recognizes dimensional tolerances, variability in material properties, inadequacies in modeling techniques, load distributions, manufacturing variabilities, and so forth, involved in each critical failure mode.

Components that utilize the more intensive probabilistic analysis techniques will yield quantified reliability estimates, while those designed deterministically are assessed only for serviceability. The process is iterative and continuous in