Best practise for a shutdown strategy for server with critical processes


Assume a Window Server with

  • running services and
  • running console applications

The nature of this software is very critical. Operations take up to a few minutes and should not be terminated.

What is strategy to shutdown/restart this sever?

  1. Should every running service/application handle by itself the shutdown?
  2. Should the admin follow the instruction to shutdown the server?
  3. Should another software exit every service/application and then shutdown the server?

Best Answer

Ideally, as a matter of best practice, (interactive) console applications should not be running on a server. Things that require interactive logon sessions should not be running on a server.

Windows Services should be programmed to handle shutdown events. This is extremely common development practice. Windows sends a notification to all Windows Services when the OS is preparing to shutdown, specifically to give services enough time so that they may also shutdown cleanly. If your service does not do this, then it was unfortunately written by amateurs, and ideally you would seek out a different product that was designed to run as a Windows service.

In an ideal world, you should be able to restart a Windows Server at any point in time, and all services running on that server will shut down and restart cleanly, in an unattended and headless manner. Any failure is typically due to incompetence on the application developer's part to properly handle OS shutdown events, or various extenuating circumstances that might prevent a service from operating normally, such as a spontaneous LUN disconnection due to hardware failure or something.

If you find yourself needing to write a script to tell a sysadmin how to restart the server, then you've already blown best practices.

  1. Should every running service/application handle by itself the shutdown?


  1. Should the admin follow the instruction to shutdown the server?

This is what you may have to do if you have poorly-written or configured applications running on your server. You may be able to script the admin's actions so that the shutdown can at least be automated. (For example, a shutdown script.)

  1. Should another software exit every service/application and then shutdown the server?

This could theoretically be possible with clever development work, but it would be creating a Rube Goldberg machine in response to a problem that should not have existed in the first place if you were just running server applications on your server instead of client applications.