4.3.3.1 Number of failures per unit time, failure rate, and failure intensity

Let N(t) denote the number of failures that occur between time 0 and time t, that is, in the time interval [0, t]. Then N(t) = max{n : S_n ≤ t}, that is, the number of failures that occur before or at t is the index of the largest failure time that takes place before or at t. N(t) is a random variable depending on t because the system history is a stochastic process, the system reliability process. So N(t) is a stochastic process also. It is an example of a point process, a stochastic process having a continuum parameter space (in reliability applications this is usually the positive half-line [0, ∞) representing time) and a discrete state space (in this case, the nonnegative integers) [7]. Figure 4.1 shows a basic fact about all point processes, namely that for all positive integers k,

That is, at least k events (in our model, system failures) take place before time t if and only if the kth event takes place before t. This is a basic tool that relates the count description of a point process (the left-hand side of the equation above) with the time description of the process (the right-hand side of the equation above).

To be consistent with the usual engineering interpretation of “rate,” we would like to define failure rate¹ for a point process {N(t)} to be something like failures per unit time. Let 0 ≤ t₁ < t₂ denote two points on the time axis. Then the failure rate for the process over the interval [t₁, t₂] is

Note that this is a random variable because {N(t)} is a stochastic process. So failure rate is a reliability effectiveness criterion. For each point process model discussed in the following text as a model for the reliability of a repairable system, we will list the properties of the failure rate as defined here.

While the equation above is the most general definition of failure rate, it is a random quantity, and many applications are better served by a figure of merit than by an effectiveness criterion. Several reasonable possibilities exist:

• Number of failures per unit time: Whatever the units measuring time may be, the interval [t, t + 1] is a time interval of unit length. The number of failures occurring in this interval is given by N(t + 1) − N(t), and this, too, is a stochastic process (the same as setting t₂ = t₁ + 1 in the equation above). N(t + 1) − N(t) is the number of failures per unit time at time t; note that this need not be a constant as it may vary with t. We may also consider the expected number of failures per unit time, E[N(t + 1) − N(t)] = EN(t + 1) − EN(t).
• Overall failure rate: If t₁ = 0, then this version of failure rate is N(t)/t, also a random quantity. This is the quotient of the total number of failures during the entire time of system operation divided by that amount of time. When used in this fashion, N(t)/t will be called the overall failure rate. We may also consider the expected value of this measure, EN(t)/t. Formally, this should be called the expected overall failure rate.

Requirements tip: Systems engineers and reliability engineers frequently talk of failure rate. Apart from the confusing use of “failure rate” when referring to the hazard rate of the life distribution of a population of non-repairable items (see the “Language tip” in Section 3.3.3.5), one would expect that failure rate would have something to do with the frequency at which failures occur, or accumulate, per unit time. When used in this way, the phrase “failure rate” seems to imply that whatever it is referring to is a constant, because no reference to (absolute) time is made in this usage. Because of the stochastic nature of N(t), we cannot expect N(t + 1) − N(t) to be constant, so for many purposes it’s useful to have a definition for “failure rate” that at least has a chance of being constant in some circumstances. To do this, we first consider the expected value of the number of failures in [0, t], namely EN(t). In all the models we study in this book, this function of t is smooth and well-behaved (i.e., differentiable). There are now two reasonable possibilities for a definition of failure rate:

1. Define r(t) = (d/dt)[EN(t)], that is, the time derivative of the function E[N(t)]. If this derivative is constant (does not depend on t), call r the failure rate of the system reliability process. In some, but not all, of the commonly used models for the system reliability process, (d/dt)[EN(t)] is constant, and the phrase “system failure rate” makes sense without further explanation. Note that as N(t) is nondecreasing, so is EN(t), and so r(t) ≥ 0 (even if it is not constant).
2. Define if the limit exists (and in all the models we study in this book, the limit does exist), and, as r_∞ is just a number, we call it the asymptotic failure rate of the system reliability process. Again, r_∞ ≥ 0.

For requirements pertaining to “failure rate,” be sure that all stakeholders interpret the phrase the same way. In particular, reliability engineers should advise the system engineer as to constancy of the “failure rate” in whatever model they use for the system reliability process.

Language tip: For a point process, “failure rate” as defined in item 1 is also referred to as “failure intensity.” This is particularly prevalent in the software reliability field. Consistently using “failure intensity” for the concept defined in item 1, above, avoids the use of “failure rate” altogether in any facet of reliability engineering or modeling. Some may consider this desirable, but it by no means universally accepted as a common practice even though a strong case could be made for it as a best practice because it avoids any confusion about the varying interpretations of “failure rate” that plague this field.

Modeling tip: Much of the reliability engineering community uses “failure rate” for the concept we have labeled “hazard rate” or “force of mortality” in Section 3.3.3.4. Note in fact that we are now dealing with a completely different situation, namely, the system reliability process model for a repairable system, rather than the single failure that can occur for a non-repairable system, as dealt with in Chapter 3. In a field that has numerous opportunities for confusion because of reuse of terms in different contexts, this is perhaps the most vexing. Ascher and Feingold [1] finesse this issue by avoiding “failure rate” altogether; for nonmaintained systems, they use the terminology “hazard rate” and “force of mortality” as we do, and for maintainable systems they use “rate of occurrence of failures (ROCOFs)” for “failure intensity” as defined in this section. Possibly, the best way to keep all this straight is to recall that to engineers, “rate” usually means “count per unit time” and that is what the definitions in the list given earlier encapsulate (use of the derivative means we are really looking at an “instantaneous” rate, as explained in elementary calculus, but it is an honest engineering interpretation of rate as usually understood). Be alert for this potential confusion whenever you encounter “failure rate.” In this book, whenever we use “failure rate,” it will always pertain to a maintainable system, and be defined as in item 1 in the above list. Item 2 will always be referred to as “asymptotic failure rate.”

Using the notation of Figure 4.1, the system failure rate refers to how rapidly the S_k are accruing on average. If the failure rate is small, the failure times tend to occur rather infrequently; while if the failure rate is large, the failure times tend to be denser on the time axis.

There are many system models in which the failure rate, as defined in item 1 of the above list, is not constant. One such, in very common use, is the revival model described in Section 4.4.3. In the revival model, the system failure rate (system failure intensity) may be decreasing, increasing, or variable. If the system failure rate is decreasing, then on average, failures are occurring less frequently and the times between outages tend to increase. If the system failure rate is increasing, then on average, failures are occurring more often and the times between outages tend to decrease. Ascher and Feingold [1] refer to the former as “happy systems” and the latter as “sad systems.” It is possible that the system failure rate may fluctuate, that is, be neither increasing nor decreasing throughout; models exhibiting this behavior are unusual in practice, but there is no theoretical reason why they cannot be used.

4.3.3.2 Operating times, times between outages, and times between failures

In Figure 4.1, the operating times are the intervals U₁, U₂, . . . ; during these time intervals, the system is operating without violation of any requirements (i.e., without any failures). The sequence U₁, U₂, . . . of operating time random variables constitutes a stochastic process.

Language tip: The operating time random variables are sometimes (usually!) called times between failures. This would be appropriate if we were to consider “failure” to refer to an entire outage interval instead of the instant at which the violation of a system requirement happens. This is the interpretation that commonly prevails even though it is an inconsistent use of terminology because a “failure” is something that takes place at a particular instant (the S_n in the system history diagram) whereas the “outage” is the period of time following a failure during which the failure condition (requirements violation(s)) persists. That the times between failures are in fact S₂ – S₁, S₃ – S₂, . . . has the perverse consequence that one may increase the times between failures by increasing the outage times while leaving the operating times alone. When you need to talk about the time periods during which the system operates properly, it is best to use the U₁, U₂, . . . as “operating times” or “times between outages.” See Exercise 1.

As they are random variables, we may consider the sequence of their expected values EU₁, EU₂, . . . . In some reliability models (see especially Section 4.4.2), these expected values are all the same. In such cases, it makes sense to define the mean time between outages as this common value. This is often (usually!) called the “mean time between failures.” Refer to the previous “Language tip” to clear up any ambiguity. In addition, specification of a single number for “mean time between outages” implies that there is a single mean time between outages, namely, that it is a constant. Be aware that many studies of repairable systems do not take pains to assure that this mean time between outages (MTBO) is a constant even though only a single number may be quoted. This is of some importance for systems engineers because a good grasp of potential system behaviors is required for effective design for reliability.

4.3.3.3 Outage times

In the system history diagram (Figure 4.1), the outage times are the intervals D₁, D₂, . . . ; during these time intervals, one or more system requirements are being violated (i.e., one or more system failures have taken place and have not yet been remediated). The sequence D₁, D₂, . . . of outage time random variables constitutes a stochastic process. As they are random variables, we may consider the sequence of their expected values ED₁, ED₂, . . . . In some reliability models, these expected values are all the same. In such cases, it makes sense to define the mean outage time as this common value.

4.3.3.4 Availability

Availability, denoted A(t), is an important concept and is widely used as a reliability figure of merit in requirements. A(t) is defined as the probability that the system reliability process is in the up state at time t. If we let Z(t) = 1 when the system is in the up state and Z(t) = 0 when the system is in the down state, then the stochastic process {Z(t): t ≥ 0} is the system reliability process. At each t, the value Z(t) is a reliability effectiveness criterion and its expected value A(t) = EZ(t) is called the system availability, or simply availability. When the system reliability process starts in the up state, A(0) = 1 and A(t) decreases from there. As a rule, in most systems of practical interest to systems engineers, availability will vary up and down for a while but eventually settle down to a limiting value (t → ∞) (further discussed in Sections 4.4.2 and 4.4.3); see also Refs. 12, 22. Methods for computing availability are discussed in Sections 4.4.2 and 4.4.3. In considering maintainability and supportability, special kinds of “availability” are defined by eliminating from consideration certain of the outage times that may stem from preventive maintenance, logistics delays, and other actions not having to do with correction of a failure. See Section 10.6.4.

It can be shown that the total time during the interval [0, t] that the system spends in the “up” state is given by

and the total time during [0, t] that the system spends in the “down” state is

from which it follows that the expected system downtime in [0, t] is given by

This vital connection was used in the example in Section 3.4.2.2.

Common practice distinguishes three different availability figures of merit, inherent, operational, and achieved availability. These differ in what components of outage times are counted in the downtime for each type. See Section 10.6.4 for the details (we have not yet discussed the corrective and preventive maintenance and supportability times that enter into these definitions).

4.4.2.1 Renewal models with instantaneous repair

In models in which the replacement by a new unit is assumed to consume no time, all the outage times in the system history diagram are zero. The resulting system reliability process {U₁, U₂, . . .} comprises a sequence of (necessarily nonnegative) stochastically independent, identically distributed operating times. The independence comes from an understanding that the length of time that a system has operated since its most recent failure has no influence on the length of time a replacement might operate: even though there may appear to be some correlation, we can’t see a cause-and-effect relationship (of course, if this is not true, we need to adopt another modeling condition). The identical distribution comes from the similarity of the replacement to the original unit: the failed unit is replaced by one of the same type. These assumptions produce a system reliability process known as a renewal process: a sequence of nonnegative (because they are lifetimes), independent, and identically distributed random variables [11]. Denote the common distribution of the U_i by F and let μ < ∞ denote its mean.² The renewal process is a simple, well-understood process for which many results of interest to systems engineers are known.³ Some of these are

• The expected number of renewals (failures, in the reliability model) in the time interval [t, t + h] is asymptotic to h/μ as t → ∞.
• The expected number of renewals in [0, t], divided by t, approaches 1/μ as t → ∞. In reliability language, the asymptotic failure rate (Section 4.3.3.1) for the renewal process is 1/μ.
• The asymptotic distribution of the forward recurrence time from time x is given by
  

  as x → ∞. If we imagine x as the current time, the asymptotic distribution of the time to the next failure after x describes the forward recurrence time from a given time point (x) for a system that has been in operation for a long time. In practical terms, a “long time” generally can be safely interpreted as about 5 μ or greater.

• Let N(t) = max{n : S_n ≤ t} denote the number of renewals in [0, t]. The expected number of renewals in [0, t], denoted by EN(t) = M(t), is given by the solution of the integral equation:
  

  When F is exponential, F(t) = 1 − exp(−t/μ), then M(t) = t/μ for all t. Unfortunately, this equation has a closed-form solution for only a few other life distributions, but it is relatively easy to solve numerically [22]. The renewal process whose inter-renewal times are exponentially distributed is a homogeneous Poisson process with rate 1/μ [11].

• The failure rate over the time interval [t, t + h], as defined in Section 4.3.3.1, for the renewal process is
  

  Its expected value is h⁻¹[M(t + h) − M(t)] which, for a renewal process whose inter-renewal time distribution has a finite mean μ, converges to 1/μ as t → ∞. By a slight abuse of terminology, it is often said that “the failure rate of a renewal process is 1/μ.” What is correct is that the expected asymptotic failure rate of a renewal process is 1/μ (the equality h⁻¹[M(t + h) − M(t)] = 1/μ holds for the homogeneous Poisson process as well as for a stationary renewal process [11] but does not hold for any other renewal process when t < ∞). Consequently, you may need to verify the way “failure rate” may be used in this context.

4.4.2.2 Renewal models with time-consuming repair

A more realistic model is obtained if we allow the repair (or outage) times to be nonzero. In this case, the {D_i} are a significant part of the model. Following the renewal paradigm, we assume that D₁, D₂, . . . are independent and identically distributed with common distribution G which has mean ν < ∞. The independence comes from a belief that there is no, or we can find no reason to suspect the existence of, mechanism that would cause an outage time to be influenced in any way by the outage times preceding it. The identical distribution comes from the idea that it is the same system that fails each time, so it is fair to describe the outage times for it as coming from a single population. Of course, these are idealizations and often ignore some facts that we may know or suspect to be relevant, so the model provides an approximation to reality that is more or less acceptable depending on the strength of the ignored facts. See Section 4.5 for some additional information.

The sequence {U₁, D₁, U₂, D₂, . . .} is called an alternating renewal process [11] because it consists of two renewal processes interleaved [12]. The system reliability process is the 0–1 process Z(t) = I{t falls into a U-interval}. The reliability model for a system with time-consuming renewal repair consists of information that can be derived from these assumptions.

• The system availability (Section 4.3.3.4) is A(t) = P{Z(t) = 1}, the probability that the system is operating at time t. System availability is a reliability figure of merit. In the alternating renewal process model, assuming the system begins operation at time 0 in the operating state, we may write an integral equation for system availability as follows:
  

  where H = F*G is the convolution of F and G (Section 3.4.5.2). The solution of this equation is given by

  

  where M_H is the renewal function (Section 4.4.2.1) for H. Again, closed-form solutions are rare, but numerical evaluation is straightforward [22]. The asymptotic availability is given by

  

  which is the mean time between outages (mean operating time) divided by the mean cycle time (time from one failure to the next).

• The number of system failures in [0, t] is given by N(t) = max{n : S_n + U_n+1 ≤ t} with the convention that S₀ = 0 and again assuming the system begins operation at time 0 in the operating state. The expected number of system failures in [0, t] when the system starts in the up state at time 0 is 1 − F(t) + M_H(t).
• The system failure rate over a time interval [t, t + h] is given by h⁻¹[N(t + h) − N(t)], which has expected value h⁻¹[M_H(t + h) − M_H(t)]. As t → ∞, this converges to 1/(μ + ν), the reciprocal of the mean cycle time. See the discussion of failure rate for the renewal process (Section 4.4.2.1).

Example: A fluorescent tube has the life distribution F(t) = where t is measured in hours. When the tube fails, it is replaced with a new one and the replacement time has a uniform distribution U_2,6 on [2, 6], again with time measured in hours. What is the expected number of tube replacements per socket in 20 years of operation?

Solution: The conditions of the problem make it appropriate to use an alternating renewal process model to describe the system dynamics (by “system” here we mean the socket containing the tube, and by “dynamics” we mean the pattern of tube replacements in that socket). In the alternating renewal process model, the expected number of replacements in 20 years is the renewal function for F*U_{2, 6} evaluated at 175,320 hours (20 years). Numerical computation of this renewal function [22, 25] shows that F*U_2,6(175,320) = 7.367. Absent the ability to carry out this numerical computation, we may reason that the average replacement time (4 hours) is so short compared to the average tube lifetime (23,305.6 hours) that the approximation afforded by a renewal process model (zero-duration replacement times) should be good. In that model, the solution is the renewal function for F evaluated at 175,320 hours. Numerical computation yields F(175,320) = 7.368. In this example, using the nonzero repair time model changes the result only in the third decimal place, a meaningless change in this scenario.⁴ Without the numerical computation, we may reason that 20 years is more than 5 mean tube lifetimes so that the asymptotic approximation shown in Section 4.4.2.1 may be used. The expected number of tube replacements in 20 years is then approximately 175,320/23,305.6 = 7.52, a slight overestimate of the true value. The availability in this system at 20 years is 0.999828728. The numerical computation shows that this value is reached at 12 years and remains steady (to this many decimal places) thereafter.

4.4.3.1 Revival models with instantaneous repair

Mathematically, the BAO model says that the conditional distribution of the time to the next failure, given the occurrence time of the failure, is the same as the distribution of the time to the first failure. From the point of view of aging of the system, it is as if all the failures, up to and including the one taking place at S_n, had never happened. That is, applying this reasoning to the n^th failure that takes place at time S_n, the model postulates that the conditional distribution of the time U_n+1 to the next failure satisfies

for all n = 1, 2, . . ., where F is the distribution of U₁. Thompson [21] shows that this property entails that the sequence of failure times {S₁, S₂, . . .} forms a Poisson process whose intensity function is given by the hazard rate of the distribution of U₁. That is, if U₁ ~ F and the hazard rate of F is h, then the number of failures in [0, t] has a Poisson distribution

where H is the cumulative hazard function . It is easy to show also that H(t) = −log[1 − F(t)] for t ≥ 0. From this, we can see that if F(t) = 1 − exp(−λt), then H(t) = λt and the process is homogeneous with constant intensity function λ. For every other life distribution F, the process is nonhomogeneous.

Language tip: (possibly the most important one in this book): The revival process with an exponentially distributed time to first failure is a homogeneous Poisson process because h(t) = λ and H(t) = λt. This is the source of a great deal of confusion in both the language and the modeling in reliability engineering. Foremost is that the failure rate (failure intensity) λ of the process is equal to the hazard rate (usually called “failure rate,” see Section 3.3.3.5) of the distribution of the time to the first failure. The simplest system reliability model is a single unit that has an exponential life distribution and is replaced upon failure by another of the same type. The process of replacement times in this case is both a renewal process and a homogeneous Poisson process having a constant failure rate. It is easy to overapply this simple model to situations where it does not apply. Many engineers mistakenly believe that this model is the beginning and end of reliability modeling. Even a cursory review of this chapter will show that this is far from accurate. Yet the language and modeling errors brought on by this point of view persist: all failure rates are constant, all times between outages have the same mean, availability is always equal to its asymptotic value, and many other such beliefs are common. Fortunately, increasingly capable reliability modeling software is beginning to make more complex reliability modeling readily accessible, and the persistence of these mistaken ideas should diminish. As a systems engineer, be aware that errors and oversimplifications are common in reliability modeling, and be prepared to ask for clarification where required. See also Section 4.4.6.

Example: A sonar system contains 16 individually replaceable beam-former units. When one beam-former fails, the system is inoperative. The beam-former lifetime has a gamma distribution (Section 3.3.4.7) with location parameter 44,350 hour⁻¹ and shape parameter 2. The remainder of the system comprises power supplies, displays, signal processing units, antennas, and other essential equipment. When a beam-former fails, it is replaced by a working unit from an inventory of spares. The replacement process takes about an hour. What is the expected number of beam-former failures in the first 5 years of operation of the system?

Solution: We may use a revival process model for the sequence of failure times of the beam formers because when we replace a failed beam former, we are only affecting one-sixteenth of the ensemble. The approximation afforded by assuming that the replacement time is negligible compared to the mean operating time is good because the mean operating time is more than four orders of magnitude larger than the replacement time. So we may use the revival model with instantaneous repair for this scenario. The time to the first failure of the system we are considering (the ensemble of 16 beam formers, each of which is a single point of failure) has the survivor function

The mean beam-former life is 88700 hours = 10.12 years. For this survivor function, the cumulative hazard function is . Thus the sequence of beam-former failure times is approximately a (nonhomogeneous) Poisson process with intensity function H′(t). When t = 5 years = 43,830 hours, H(t) = 4.82. This is the expected number of individual beam-former failures, out of the group of 16 beam formers, in 5 years. See Exercise 4.

4.4.3.2 Revival models with time-consuming repair

So far, we have discussed the revival model only with zero repair times. The same reasons that we needed to consider time-consuming repair in the renewal model apply in the revival case as well. This aspect of the theory is not yet completely developed, however. We will review here what is known. The basic model begins with a nonhomogeneous Poisson process describing the operating times {U₁, U₂, . . .} of the unit being studied, so that repair of the unit is done according to the revival protocol. Each time a failure occurs, a repair is undertaken, and the repair times {D₁, D₂, . . .} form a renewal process with ED₁ = D, 0 < D < ∞. This model is used when there is no reason to believe that the repair times depend on the index number of the failure being corrected. This is usually a reasonable assumption. We assume that the sequences of operating times and repair times are independent to reflect a belief that the length of time it takes to complete a repair has nothing to do with how long the unit was operating before it failed.

Denote by F the distribution of U₁, the time to the first failure, and suppose F has a continuous density f and cumulative hazard function H = −log(1 − F). We further suppose that with 0 < η < ∞. With S_n = U₁ + ⋅ ⋅ ⋅ + U_n and N_U(t) = min{n : S_n ≤ t}, it is shown in Ref. 24 that and so that the process {S₁, S₂, . . .} is tame [12].

Now let N(t) denote the number of failures in the revival process with nonzero repair times {U₁, D₁, U₂, D₂, . . .}. As a result of these preliminary considerations, the salient facts about the revival process with nonzero repairs times are

• The asymptotic overall failure rate is
  
• The asymptotic average availability is

Note that this expression is only for the asymptotic average availability. This is weaker than the corresponding result for alternating renewal processes. It is not yet known whether the stronger result can be established for the revival process with nonzero repair times.

It is also shown in Ref. 12 that the availability in the revival process with time-consuming repair can be computed by evaluating the integral

where and G is the common distribution of the downtimes. Unfortunately, this is not yet of much practical help because a satisfactory expression for EN(x) is not yet known.

Requirements tip: If the system has an availability requirement, and if the system can reasonably be modeled using the revival process with time-consuming repair, then demonstrating compliance with the availability requirement will be difficult until an expression for availability, rather than only the average availability over a long time interval, is developed. Usually, when an availability requirement like “The system availability shall not be less than 0.98. . .” is put in place, reliability modeling to asses compliance with the requirement uses the formula for asymptotic availability in an alternating renewal process (Section 4.4.2.2) to compare with the requirement. Even this does not completely cover the requirement because it is possible under not unusual conditions for the system availability to decrease below its asymptotic value, and even oscillate above and below. The asymptotic value alone does not reveal the transient behavior of availability. In case an alternating renewal model is appropriate, transient availability can be solved for by numerically solving the availability integral equation found in Section 4.4.2.2. This is less readily accomplished in the revival model with time-consuming repair: while the previous equation shows how to compute the transient availability in this model, the difficulty is transferred onto the computation of EN(t) in this model, and this is not yet a routinely solved problem. See Exercise 5.

Example: Consider the sonar system example in Section 4.4.3.1, but now the repair times are independent and identically distributed with a mean of 2 weeks (336 hours). What are the asymptotic overall failure rate and the asymptotic average availability of the beam-former ensemble?

Solution: We continue to use the revival model for beam-former replacement, but now we treat the repair times as nonnegligible. When we assumed instantaneous replacement, the expected number of beam-former replacements in 5 years is 4.82. Taking into account the nonzero repair times, we find that η = 16/α = 0.000361, D = 336, and the asymptotic overall failure rate is 0.000322. The asymptotic average availability is 0.89.

4.4.3.3 Approximations

The most prominent approximation used in reliability modeling for maintained systems is the one we have already discussed in Sections 4.4.2.1 and 4.4.3.1, which is that in most cases, typical operating times are so long compared to typical repair times that the repair times may be taken to be zero at least for the purpose of computing the failure rate. If an estimate of availability is required, this will not do, and a model that explicitly incorporates nonzero repair times will have to be used.

Other approximations have been proposed, including the method of phase-type distributions [13, 15] which approximates an arbitrary life distribution by a special distribution that is the distribution of the time until absorption in a Markov process with one absorbing state. This approximation permits the use of matrix methods and well-known linear algebra techniques to obtain numerical results for several useful reliability models [14]. Advancing capabilities in applied probability numerical computations have rendered these methods of more theoretical than practical interest, and this trend is likely to continue.

4.4.5.1 Separate maintenance with renewal lru replacement

The separate maintenance model can be used with any reliability process (Section 4.3.2) description for each of its components. Not all components need have the same reliability process description. In this section, we study the separate maintenance model when the individual component reliability processes are renewal or alternating renewal processes.

Consider a system whose structure function is φ_R(x₁, . . ., x_k). The individual component reliability processes are alternating renewal processes (Section 4.4.2.2) Z₁(t), . . ., Z_k(t) whose availabilities are denoted by A₁(t), . . ., A_k(t), respectively. Then the system availability is given by φ_R(A₁(t), . . ., A_k(t)) [3]. If the mean operating time and mean outage time for component i are μ_i and ν_i, respectively, for i = 1, . . ., k, then the asymptotic system availability is given by

If the entire system consists only of single points of failure (i.e., is a series system), then the number of system failures is N₁(t) + ⋅ ⋅ ⋅ + N_k(t) where N_i(t) is the number of failures in time t in alternating renewal process i, i = 1, . . ., k. The expected number of failures and availability for each individual component reliability process may be computed using the expressions given in Section 4.4.2.2. If the system is not a series system, the system availability is still given by φ_R(A₁(t), . . ., A_k(t)), but computation of the number of system failures is more complicated. The method is outlined in Ref. 23. For a parallel (hot standby) system comprising m units whose structure function is given by φ_R(x₁, . . ., x_m) = 1 − (1 − x₁) ⋅ ⋅ ⋅ (1 − x_m), the expected number of system failures in [0, t] is given by

where A(t) = 1 − (1 − A₁(t)) ⋅ ⋅ ⋅ (1 − A_m(t)), F_i and G_i are the operating time and outage time distributions for unit i, H_i = F_i*G_i, and is the renewal function (Section 4.4.2.1) for H_i, i = 1, . . ., m (equation (4.10) of Ref. 23).

When the reliability process descriptions are renewal processes (zero outage times), the system availability is always 1. Counting the number of system failures is again accomplished by the method outlined in Ref. 23 but now H_i = F_i.

Example: Return to the server rack example shown in Figure 4.2. We will determine the mean and standard deviation of the time to the first rack failure and the expected number of maintenance actions, availability, and cumulative expected downtime for the rack under the separate maintenance model with renewal repair. To do this, we need to know the operating time and outage time distributions for each of the rack’s components. These are as given in Table 4.1.

Rack Component	Uptime Distribution	Downtime Distribution
Server	Gamma, mean 40,000 hours, standard deviation 15,000 hours	Lognormal, median 6 hours, shape factor 2
Power supply	Weibull, α = 2,000, β = 1.4	Lognormal, median 6 hours, shape factor 2
Fan	Exponential, mean = 105 hours	Lognormal, median 6 hours, shape factor 2
Cable harness	Exponential, mean = 106 hours	Lognormal, median 6 hours, shape factor 2
Backplane	Exponential, mean = 5 × 105 hours	Lognormal, median 168 hours, shape factor 1.8

The mean time to the first rack failure is 2481.9 hours, and its standard deviation is 1345.1 hours. Over the first 40,000 hours of operation (~5 years), the cumulative expected number of rack failures is shown in Figure 4.3, the availability is shown in Figure 4.4, and the cumulative expected downtime is shown in Figure 4.5.

At the end of the study period, 40,000 hours, the cumulative expected number of failures is 15.76, the availability is 0.97695, and cumulative expected downtime is 496.42 hours. It appears that the limiting value of availability has not yet been attained by the end of the study period. The minimum availability over the study period is 0.9766 (note the expanded vertical scale in Figure 4.4). To satisfy an availability requirement, it may be enough to show that the minimum value of availability is greater than the requirement. Numerical computations are again from Refs. 22, 25.

4.4.5.2 Separate maintenance with revival lru replacement

We now consider the case where Z₁(t), . . ., Z_k(t) are revival processes with zero repair times or revival processes with nonzero repair times. If repairs are instantaneous, the system availability is always 1 and the expected number of system failures for a series system is

where F_i is the distribution of the time to the first failure for component i, i = 1, . . ., m. An expression for the expected number of system failures for systems other than series systems is not known at this time.

When repair times are nonzero, little can yet be said because results relating the asymptotic average failure rate and asymptotic average availability for the system to the asymptotic average failure rates and asymptotic average availabilities for its components remain to be developed.

4.4.5.3 Separate maintenance with a spares pool of repaired lrus

In a remove-and-replace maintenance concept with repair of failed LRUs, neither of the above two models is quite correct because replacement LRUs come from a spares pool that contains not only new LRUs but also LRUs that have previously failed and been repaired. If we assume repair of an LRU is accomplished by a renewal procedure, this is tantamount to assuming that all LRUs are new, and the model of Section 4.4.5.1 applies. However, realistic repair of an LRU is usually accomplished by replacing one or a few components on the LRU that had failed, and this is more appropriately described by a revival model (Section 4.4.3). After some period of operation, spares in the pool will have failed and been repaired perhaps several times, and a spare drawn at random from the pool will have a lifetime whose distribution is the same as the distribution of the length of the ith interval in a nonhomogeneous Poisson process for some (unknown) i. The number of times an LRU has been used previously should not decrease as time passes, but beyond that it is a complicated function of the maintenance concept’s dynamics. Solution of this challenging research problem would be useful in developing greater understanding of system reliability when the remove-and-replace maintenance concept is used.

4.7.2.1 Warranty cost modeling

A typical warranty offered by a supplier contains conditions like: the supplier will repair or replace an item that fails when in use by the customer, for some period of time after the initial purchase. Projecting the likely cost of various warranty schemes is an important part of the planning a supplier must do to determine the likely profitability of a product or service. Detailed examination of warranty cost models is outside the scope of this book. The reliability engineering literature contains many studies of this kind; Blischke and Murthy [5] provide a good introduction. Because warranties are usually specified in terms of calendar time, the relationship between operational and calendar time is important for warranty modeling. See Sections 3.3.7 and 9.3.3.