TCS3 Electronics
Hazard Analysis and T3 Design
Sources of Hazards
Drive or feedback components: Motor, Amplifier, Tachometer, Encoder
Mechanical: Jammed telescope, Dome, Cooling
Loss of TCS3 Components: Computer, Motor controller, Electronics, Safety Switch
Operator error: Inadvertent movement, Platform or Crane not stowed, Slew speed near end of axis
Potential Hazards 1Hazard Telescope
ConditionTCS3 module(s) responding to
conditionLoss of MotorLoss of Motor AmplifierLoss of one Motor Amplifier Drive SignalLoss of Motor TachometerLoss of Encoder
Runaway Software, T3 over speed circuit, stop and emergency safety switches to software and T3 circuit
Potential Hazards 2Hazard Telescope Condition TCS3 module(s)
responding to condition
Jammed Telescope or dome
Slow or no movement, excessive amplifier current
Software, T3 over current and thermal disable circuit, amplifier thermal disable
Loss of TCS3 computer Runaway or no movement T3 watchdog circuit, over speed circuit, operator intervention
Loss of T3 electronics Loss of fault detection Software, operator intervention
Loss of motor controller card
Runaway or no movement T3 motor control signal, T3 over speed circuit, stop and emergency safety switches to software and T3 circuit
Potential Hazards 3Hazard Telescope Condition TCS3 module(s)
responding to condition
Inadvertent movement of telescope or dome while maintenance is being performed
Personnel safety T3 Keyed Lockout switch signal, software lockout signal
Platform not stowed Platform, telescope damage
Software, operator intervention
Crane not stowed Crane, telescope damage Software, operator intervention
Telescope in slew speed nearing the end of axis
Runaway? Software detection, slew safety switch to software
Response to Hazards
Disabled on Fault Condition: Motor and Dome amplifier drive input System Power Relay Brake Release Relay
Enabling the Telescope Dome Key Switch Enabled Telescope Key Switch Enabled Emergency Stop Button Released External Signals in Safe State TCS3 Computer issues Reset Pulse TCS3 Computer issues System Power
Enable TCS3 issues Brake Release Command
T3 Electronics Overview Tachometer
Adapted from TCS1 Used in Simulink model
Watchdog Timer Monitors TCS3 computer Timeout period is 150ms, can be changed to
600ms Over speed and Over current
Adapted from TCS1 Fault Logic
Implemented with CPLD
Over Speed and Over Current
312
148
9
U4CLM339AN
312
16
7
U5BLM339AN
-15V
+15V
+15V
-15V
-1V
10k
R46
Res1
10M
R49
Res1
1M
R66Res1
1M
R61
Res1
1M
R58
Res11V
Feedback
50k
R55RPot10k
R52
Res1
Fault Logic Overview
9 Safety Switch Inputs Can be overridden with key switch 3 Spares
15 Fault Inputs 5 Spares
Fault is latched TCS3 Computer applies Reset Pulse
Fault Logic
Override_Kswtch
E_Therm_DisW_Therm_DisN_Therm_DisS_Therm_Dis
Dm1_Therm_DisDm2_Therm_DisDm3_Therm_DisEmerg_StopMotor_Cntr_ErrorWatchdog_Timer
Spare4
Spare5Spare6
TCS_Lockout
Dome_Kswtch
I1
I0O
U3
OR2
OverspeedHA_OvercurrentDec_OvercurrentDome_Overcurrent
Horizon_Stop
Dec_Emerg_N
Dec_Stop_N
HA_Stop_EHA_Emerg_W
Spare1Spare2
Spare3
Dome_Enable
Dec_Emerg_S
Dec_Stop_S
HA_Stop_W
HA_Emerg_EO
I0I1I2I3I4I5I6I7I8
U2
AND9
Sys_Pwr_En_In
Brake_En_In
Sys_Pwr_En_Out
Brake_En_Out
OI1
I0
U12
NAND2B1
ResetQD
G
CLR
U8
LDC
U7
VCC
OI1
I0
U10
NAND2B1
O
I7I6I5I4
I3I2I1I0
U4
AND8
I0
I3I2
I1O
U1
AND4
I0I1I2I3
I4I5I6I7
O
U11
NAND8
Spare7Spare8
OI1
I0
U6
NAND2B1
OI1
I0
U5
NAND2B1
Tel_EnableTel_Kswtch
O
I6I5I4I3I2I1I0
U9
AND7
TCS_Enable
Sys_Pwr_En_Rly
Brake_En_RlyO
I1
I0
U?
NAND2B1
TO Panel Overview 24 Indicator LEDs 2 Axis Variable Joystick Dome Enable Key Switch Telescope Enable Key Switch Override Key switch
Overrides Safety Switches for Maintenance Emergency Stop Mushroom Switch Floor Light Switch
TO Panel Rough Layout
slew
stop
zenith Hor
brake slew
stopbrake
slew stop brake
slew stop brake
HA Dec
Slew Stop
N
S
EW
Telescope Enable
Dome Enable
W E
N
S
TCS3 JoystickEmergency
Floor Lights
TCS Enabled
System Power Enabled
Brakes Released
Limitoverride