FA+
Shop
User Space
9 years ago
General
I've been seeing a growing trend toward critical system applications running in user space on servers. And frankly I find this very disturbing.
Applications that run in the server's kernel space are better known as services (for the Windows group) or daemons (for the Linux bunch). These are programs that the kernel starts on its own, usually during boot-up and they run in the background, independent of any user being logged in. Applications that run in user space are tied to a particular user and when that user logs out of the system, those applications are generally shut down.
Knowing that fact, why would anybody design a system where critical applications that must be up and running for your service to function are started in user space, only after a user has logged in? And if that user is ever logged out, the entire system will stop functioning.
A prime example is our CGS graphics overlay box for our on-air signal. It lets us put up news crawls or weather alerts on top of the current program. First, a user must be logged in to the system and the control application must be started before the box will even pass video through it. If that application ever crashes (and it does), it stops passing video. Which is a problem, since it's designed to be in-line with the station's on-air signal. What happens if there's a power failure? The system isn't set to automatically log in when it comes up, so someone has to go to the box and log in before video can once again flow through it.
"Ha!" you say, "Rank amateurs! No big company would ever put critical services in user space!"
I wish you were right.
Imagine Communications (formerly the broadcast engineering side of Harris) has a Media Delivery System where all it's critical elements are running in user space. One of them is kind enough to minimize to the system tray, but the other must be alive and running on the task bar at all times or shows do not get delivered. When using remote desktop to get into the system, one must remember to close the remote session rather than log out of the machine.
And the Associated Press' Essential News Production System (ENPS) has several applications that all work together... all in user space. The system installers made it very clear that we should leave the ENPS user logged in at all times to the server because if they are logged off, the entire newsroom production system will stop working. Both their master and backup servers are this way. How is this in any way acceptable?
I have a message for all the up-and-coming programmers out there: If your system will not work without a process running at all times, that process should be a service or a daemon that is independent of a user logged into the server. It may not be as easy as creating a service or daemon, but it will save a lot more headaches for your users in the long run.
Applications that run in the server's kernel space are better known as services (for the Windows group) or daemons (for the Linux bunch). These are programs that the kernel starts on its own, usually during boot-up and they run in the background, independent of any user being logged in. Applications that run in user space are tied to a particular user and when that user logs out of the system, those applications are generally shut down.
Knowing that fact, why would anybody design a system where critical applications that must be up and running for your service to function are started in user space, only after a user has logged in? And if that user is ever logged out, the entire system will stop functioning.
A prime example is our CGS graphics overlay box for our on-air signal. It lets us put up news crawls or weather alerts on top of the current program. First, a user must be logged in to the system and the control application must be started before the box will even pass video through it. If that application ever crashes (and it does), it stops passing video. Which is a problem, since it's designed to be in-line with the station's on-air signal. What happens if there's a power failure? The system isn't set to automatically log in when it comes up, so someone has to go to the box and log in before video can once again flow through it.
"Ha!" you say, "Rank amateurs! No big company would ever put critical services in user space!"
I wish you were right.
Imagine Communications (formerly the broadcast engineering side of Harris) has a Media Delivery System where all it's critical elements are running in user space. One of them is kind enough to minimize to the system tray, but the other must be alive and running on the task bar at all times or shows do not get delivered. When using remote desktop to get into the system, one must remember to close the remote session rather than log out of the machine.
And the Associated Press' Essential News Production System (ENPS) has several applications that all work together... all in user space. The system installers made it very clear that we should leave the ENPS user logged in at all times to the server because if they are logged off, the entire newsroom production system will stop working. Both their master and backup servers are this way. How is this in any way acceptable?
I have a message for all the up-and-coming programmers out there: If your system will not work without a process running at all times, that process should be a service or a daemon that is independent of a user logged into the server. It may not be as easy as creating a service or daemon, but it will save a lot more headaches for your users in the long run.
Regarding what you wrote about-- what happens when the computer automatically goes into sleep mode?
Kernel space just means priviliged memory, which means no security mechanisms and full access to hardware. This is where the kernel and device drivers live. Occasionally application software might go here, but only when it has some unusual requirement like extreme timing precision.