Design of More Electric Aircraft DC Power Distribution Architectures considering Reliability Performance

The More Electric Aircraft (MEA) concept has started to define the future of aircraft electrification. The electrical system will certainly play a crucial role in redefining energy utilization on-board. With the increasing demand of electrical energy, MEA power system architecture is a key enabler for the integration of future technologies. Nevertheless, newer designs must comply with the strictest safety and reliability specifications for successful adoption. This paper presents the design of a MEA DC power distribution system considering a set of reliability specifications. The novelty relies in the adoption of a network design-based model for MEA power system construction that allows explicit design formulations as Mixed Integer Linear Programming MILP problems. This approach will provide an effective way to comply with reliability specifications by introducing the concept of failure-resistance or survivability.


INTRODUCTION
The aircraft distribution system is a network that allows electric power flow from the engine-driven generators and back-up systems to the loads. These loads comprise all of the control systems to provide a convenient and safe flight from the source to the destination. It is expected that in future More Electric Aircraft (MEA) the majority of the aircraft loads will be fed completely by electrical power. Furthermore, electric propulsion is also being considered in hybrid designs; hence, the distribution system will play a vital role in the overall aircraft performance. Therefore, it is necessary to investigate the reliability of the aircraft distribution system. While it is crucial to provide redundant circuits to feed critical loads when highly probable failures occur, it is also decisive to present a cost-effective solution. This paper will address the investigation on reliable design of electrical DC distribution system alternatives for the future MEA in the context of costeffectiveness. DC systems are selected due to their capability in satisfying efficiency requirements in the MEA, such as the lack of reactive power presence. The paper has the following structure: The first section is a literature review that will revise past contributions of reliable MEA electrical network design. Then, the second section will propose a novel network model to design a MEA power system. In the third section, a case study will be used to analyse the proposed design model and assess its associated cost effectiveness.
The novelty of this paper consists in the adoption of a network design-based model for MEA power system topology optimisation and an effective way to comply with the reliability specification, introducing the concept of failure-resistance or survivability.

AIRCRAFT POWER SYSTEM DESIGN
Platform Based Design (PBD) approaches have been used to optimize power system topology in aircraft electrical design. There have been PBD-oriented methodologies such as Correct by Construction (CbC) [1], and Contract-based Design (CbD) [2]. CbD optimizes the topology through a two-step iterative algorithm where the number of reliability constraints increases on every iteration. On the other hand, based on the impact analysis of industry drivers in the design, CbC divides the design into a number of abstraction levels or refinement steps. In any case, the topology design requires the definition of a set of components and acceptable connections, i.e. a template. Depending on the reliability requirements, some connections are allowed to have alternate routes to deliver power in case of specific failures, e.g. bus interconnections under converter failures. It is also possible to improve reliability by considering disjoint-routes when delivering power, so that supply on critical loads is not interrupted after failures along a route. Therefore, it is crucial to understand the reliability specifications and define them into a set of constraints or failure scenarios to accomplish the expected performance. As future MEA will have to deliver a highly-reliable power system, especially in hybrid electric-propelled cases, the network design techniques could contribute enormously to define a topology optimization that manage the reliability performance adequately. In a previous investigation [3], a reliability approach for the MEA design is explicitly formulated into four types of optimization problems. Hence, network design can be expressed as one of these MEA optimization problems depending on the design task and objectives.

MODEL TO DESIGN AIRCRAFT DISTRIBUTION SYSTEM
A network design structure can be used in the MEA power system design. Electrical generators supply power to the loads through several electrical flows. The optimal architecture must be driven by weight, efficiency, cost, and reliability factors [4]. In the design of an aircraft electrical system, the number and rating of generators determines the system's cost and efficiency, and the system's reliability is driven by the number and allocation of generation [1]. Also, power conversion weight is driven by constant power density, and its costs depends directly on the arrangement of generators and loads [1]. Therefore, the aircraft topology design can be divided in two steps: generation selection and distribution design. The former solves for the number of generators, their ratings and their association to loads (generator-load pairing), while the latter builds the power conversion or distribution system with the previous result [1]. Then, to design the distribution system, a generator selection step precedes and provides a number of generator-load pairs. From a template of available components (buses, converters, etc.) and connections (cables), the design problem attempts in finding an optimal topology by selecting a group of connections, and a group of connected components at a minimum cost. A template is shown in Figure 1a. This template consists of a group of N components that allows a set of A connections to link them; a connection exists between components and at a fixed cost if selected by a binary variable . There is an amount of electrical flow from component to corresponding to each generator-load pair demand of the set . The cost includes cable installation between and and a fraction of the component cost, i.e. nodes are modular as shown in Figure 1b. This characteristic is valid because components are structured according to the number of incoming connections, similarly to bus-bar distribution systems and modular converters. According to [3], the design could optimize cost while maintaining a certain level of reliability; therefore, this approach will be used in the following model. In this case, the cost of an electrical system (Eq. 1a) has a fixed component ( ) and variable component ( (∑ ∈ )). Each connection can hold all the electrical flows, i.e. summation ∑ ∈ , and for every kW of power, cable is upgraded to a higher size at an additional cost of (£/kW). Then, (∑ ∈ ) is the variable cost and the objective is (Eq. 1a).
In order to ensure that the system's performance complies with the specifications, there are groups of constraints that enforce connectivity, power flow, and reliability requirements. Kirchhoff's law is enforced on every node for every existing flow between generator-load pairs, as in constraint (1b); is the group of generators and is the group of loads such that ( ) is the generator supplying ( ) load for the pair. Constraint (1c) limits electrical flow to existent connections. The reliability of a generator-load supply corridor must exceed some minimum reliability and can be calculated as the probability of success of a series system. Considering as the reliability of the connection and the reliability of the component, the generator-load corridor reliability is ∏ |( , )∈ ∏ ≥ , which is non-linear. After linearization, reliability specifications are enforced with (1d) constraints; for every generator-load corridor delivering demand, at least a reliability of is expected to be achieved. Lastly, constraints (1e) ensures a positive electrical flow for every connection existing in the template, and constraints (1f) imposes integrality {0,1} on the selection variable . This problem can be solved as a Mixed-Integer Linear Programming MILP problem. The constraints can be written as below.
Note that there are no conditions here restricting components' power or cable size, as in the un-capacitated network design formulations [5]. If there were, (1g) should be added to limit cable size (to maximum size ), and (1h) to restrain component power capacity ( as maximum size), e.g. limited converter capacity.
In formulation (1), electricity flow goes from generation to loads as allowed by the connection set A. However, it is possible to define two variables for the same connection such that power flow could be reversed, i.e. recovering energy in regeneration modes.

VARIATIONS TO THE MODEL NODE SELECTION
The design could consider non-modular components as in the case of unibody devices. Therefore, formulation (1) should support not only the selection of connections, but also the selection of components. This selection will be defined by a binary variable for every component of the group N. Hence, objective (1a) can be re-written to manage fixed cost for component . The connection cost in (1a) is now , and accounts for cable cost only. Additional constraints are introduced to ensure that if the node is not selected, no incoming or outgoing connection is permitted, as shown in (2a)-(2d).
Although designs based on formulation (1) could achieve the reliability level specified a priori, unexpected failures could occur, possibly leading to an outage on critical loads. For instance, a distribution system can be expected to fail once in 10 9 hours, but still could be prone to unexpected failures. For this reason, a set of failure scenarios could be introduced in previous formulations. It may be possible to add interconnections on topology candidates via a pre-defined set of constraints during the design process, e.g. robustness requirements placed manually. However, it can be time-consuming and some important failure-scenarios could be missed. Moreover, distribution system reliability calculation suffers from combinatorial explosion if multiple paths to deliver electrical power are available, even for small networks, as shown in Table 1 example. Therefore, a feasible failure-resistant distributed system design could be designed using (1) and (2). In fact, failure-resistance characteristic in network design is known as survivability [6].

FAILURE-RESISTANCE AND SURVIVABILITY
The purpose of survivability is to deliver a system that remains operational under partial damage to its infrastructure. There could be a set of failure scenarios and the system is expected to operate under their occurrence; consequently, reliability is increased. This concept is highly applicable to the MEA distribution system design. This problem has been studied to accommodate connection failures [7], but it is possible to model a node failure by including all of a component's incoming and outgoing connections [6]. The flow considered in (1) and (2)  Similarly, node cost can be included as in (2a). As in formulation (1), there are groups of constraints that satisfy connectivity, power flow, and reliability requirements; survivability characteristic will increase. Constraint (3b) ensures that for every failure scenario , flow balance is maintained on every node. To limit electrical flow to only the selected connections, constraint (3c) guarantees that when there is no failure ( = 0), electrical flows can exist (aggregated version of 1c), but for any failure case ( = 1), flow is 0. The number of flow-per-failure variables increases with the number of failure scenarios .

ADDITIONAL RELIABILITY REQUIREMENT
Although formulation (3a)-(3e) secures a survivable power distribution design, reliability is not explicitly evaluated. It is possible to achieve a certain reliability level in all cases of the failure set .
Considering the set of failure scenarios , a generator-load corridor supplying demand under a failure scenario of the set must at least produce a reliability level of or better. The reliability (as probability of failure) for a number of corridors delivering power on each generation-load pair is the parallel equivalent ∏ (1 − ∏ |( , )∈ ∏ ) =1 which has to be less than or equal to 1 − . This expression holds two nested product series and is highly non-linear. Defining as the reliability of a corridor delivering power under failure scenario , a linear reliability constraint can be written as below.
The failure set can account for failure scenarios where a single component fails; then, for a failed node, all connected to it will be unavailable ( = 1). The failure set can be defined such that for all single-node failures the system remains operational ( − 1 rule), or for all two-node failures the system remains operational ( − 2), etc., but there is a compromise the designer should make to avoid combinatorial explosion.

CASE STUDY
A system with the template and parameters shown in Table 2 will be solved using the formulation reviewed in this paper. Loads L1 to L3 are LV DC loads and L4 is the only HV DC load. In a previous generator selection step the generator-load pairs were defined considering power requirements, weight and efficiency. With this information, the distribution design is performed using formulation (1) only. This example was solved using CPLEX Studio IDE 12.8 [8] on an Intel i5 64-bit 2.2GHz machine.  Formulation (1) is un-capacitated (no upper limit in flow ) and its optimal solution is the simple system shown in Figure 2a. Although all the generator-load pairs are satisfied, it is clear that for an unexpected failure on any of its three components, the system is compromised. Even though reliability target is achieved, system reliability is limited by the component with the lower reliability (as in any series system). When including converter failures, the system gets the topology in Figure 2b. Both converters must be sized equally and one is the redundant pair of the other. When including a failure set that considers failures such that one component fail at a time (N-1 compliance), the system has the topology shown in Figure 2c. Although the system will have a higher cost, it is prepared to supply uninterrupted power to all loads in the case of failure in any component. The architecture in Figure 2c has its drawbacks compared to 2a. It doubles the number of components and connections and components are equally sized to manage the power flow required. If there are loads (not critical) that can be shed following a failure event, it is possible to reduce oversizing. In this case, the set of failure scenarios could be related to the generator-load pairs for critical loads only. Therefore, only critical loads would receive uninterrupted power supply under the occurrence of failures defined in the set. Future analysis will explore more complex architectures with energy storage and different levels of load criticality. It is also feasible to study the impact of efficiency and weight in the distribution architecture optimization.

CONCLUSION
The network design problem fits in the MEA power system design satisfactorily. A network design formulation has been proposed for the design of MEA power distribution system with reliability requirements. The distribution system topology can be constructed using an un-capacitated network design problem. This formulation has been adapted to include a failure-resistant or survivable characteristic and optimize the cost of the distribution architecture. A study case has shown that the survivable design doubles the number of connections and components with respect to the non-survivable if all loads are considered critical. Hence, it is important to determine which failure set applies to which critical load. Future research will account for efficiency and weight factors, as well as more complex architectures with energy storage.