2. Agenda Sandbox Solutions Overview SharePoint 2007 Challenges for Farm Solutions SharePoint 2010 Approach for Sandbox Solutions Sandbox Solutions Lifecycle Executing Code in the Sandbox Sandbox Solutions Limitations Sandbox Resource Monitoring Load balancing Sandbox solutions Solution Validation
3. Overview of the Sandbox Allows a subset of the full capabilities in the SharePoint API Secure – enforcing the sandbox Execute in a partially trusted environment Code executes in a special service process Subject to CAS Validation framework Provides way to do custom farm wide validation for the deployed packages Each solution is isolated to its site collection
4. Defining the Sandbox Solution Administration - Quota/Blocked Solutions Subset Object Model External Process Code Access Security (CAS Policies)
5. SharePoint 2007 Challenge Developers build custom solutions Administrators can only secure solutions with CAS Hard to control what is being done in custom code Biggest cause of SharePoint support cases: custom code
6. SharePoint 2010 Approach Developers build custom solutions Site collection owners deploy, activate and implement the customizations Administrators leverage resource monitors to check site collection usage Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server
7. Sandboxed Solutions Help Enterprises Sandboxed solutions are important because Hosted environments much easier to manage Reduces time to deploying custom solutions Removing process of getting code approved and deployed by IT (Dev-Staging-Production) Improves stability of SharePoint servers Now badly performing code isolated to site collection rather than potentially bringing down an entire server
13. The Subset Object Model SPSite In general SPSite and below No SPSecurity No SPSite construction Common namespaces not available Microsoft.SharePoint.Administration Microsoft.SharePoint.WebControls SPWeb SPList SPListItem
14. A Separate Process User Code Service : Started where WFE configured to run sandbox solutions.(SPUCHostService.exe) Sandbox Worker Process: where your actual code runs(SPUCWorkerProcess.exe) Sandbox Worker Process Proxy(SPUCWorkerProcessProxy.exe)
15. Sandbox and Code Access Security AspNetHostingPermission, Level=Minimal SharePointPermission, ObjectModel=true SecurityPermission, Flags=Execution Sandbox My.dll wss_usercode.config Other.dll System DLL SharePoint DLL Full Trust SharePoint OM Subset OM
16. Front end Back end Host Service ExecutionManager Sandboxing Architecture Worker Process Untrusted Code Subset Object Model Full Object Model
17. Sandboxed Solutions Process 2 1 5 6 7 4 3 Per-WFE AssemblyCache RootSPWeb of SPSite <siteguid>ompany.intranet.webpart.wspoo.dll Solution gallery Web Part gallery Sandboxed Worker Process WebParts.wsp
18. Types of Sandboxed Solutions Sandboxed Solutions Support Sandboxed solutions offer developers a subset of the SharePoint API available fully trusted solutions Site collection and site scoped Features Many XML constructs available: Modules, Lists, ContentTypes, etc. Client technologies to access external data – JavaScript, Silverlight etc. Offloading resource usage and access handling to client
19. Best Practices: Sandbox Boundaries Off-box connections, http, web services, etc ADO.net Enterprise features (Search, BCS, etc.) Threading (No complex processing) P-Invoke IO Other sites x x x x x x x
20. Compiling vs. Executing Sandboxed Solutions Visual Studio 2010uses IntelliSense tohide full-trust types All code is compiled against the full API Thus, no “sandbox” check at compile time… only at runtime Workaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version [..]4serCodessembliesicrosoft.SharePoint.dll NOTE: Switch it back before deployment! Use this as a temporary test - do not deploy code that references the sandbox’s assembly This is valid if you don’t have VS 2010 SP Power tools. MyWebPart.dll Runtime Full Object Model Subset Object Model Proxy
22. Load Balancing Sandboxed solutions can be run in two modes Local Mode Execute code on the SharePoint WFE Low administration overhead Lower scalability Remote Mode Execution on back-end farm machine Via dedicated service applications Load balanced distribution of code execution requests
In this demo will show:Use VS 2010 to create sandbox solutions.Deploy and configuration on the Sandbox solutions.Test deploy the sandbox solution.Go through the prerequisites to enable user code service on your farm. Enable User code service in your farm-- Tips: Don’t use WSP Builder menu for Sandbox solutions, use Retract,Deply…etc options from the Project properties menu.Try to do a change in UI and redeploy your wsp, the old webpart UI still cached, Resolve: Remove the webpart from webpart gallery.
Inert: Not effectiveIt’s called also : Sandbox Solution model process: 4 phases: Upload stageActivation stageDeactivation stage: pages with web parts will shows an error message.Delete Stage: cant be deleted if the solution is activated. If deleted it goes to the site recycle bin and can be deleted or restored.Upgrade Stage
Activate/ Deactivate/ Delete and restore.
Path for the configuration for the sandbox solution is:C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14CONFIGFile name: wss_usercode.config
How to get VS 2010 SP power tools:From VS tools -> Extension manager and Top Ranked Extensions.
Open SPSNYCDemo2Try to build - > Get an error since the SPSecurity in not available in sandbox solutions.Change the project target to farm solution and try to build -> 0 errors.This is only applied on: VS 2010 Power tools. This is your validation for Sandbox solutions.Details:http://visualstudiogallery.msdn.microsoft.com/en-us/8e602a8c-6714-4549-9e95-f3700344b0d9
To show how to load balance the sandbox solutions:Central AdministrationSystem SettingsManage User Solutions All user requests will be executed on the same machine - >Users’ requests are routed using solution affinity.Try to blocksharepoint solution and navigate to the webpart page. You will see the block message is appearing.
Farm solution.
Only 14 metric:http://msdn.microsoft.com/en-us/magazine/ee335711.aspx
From Central admin -> application management -> Configure quotas and locks