©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010 Advanced Developer Training
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Advanced Developer Training
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Creating Sandboxed Solutions with SharePoint 2010
NameTitleCompany
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
AgendaIntroducing Sandboxed SolutionsExecuting Code in the SandboxBuilding Sandbox SolutionsSandbox Resource Monitoring
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
INTRODUCING SANDBOXED SOLUTIONS
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SharePoint 2007 ChallengeDevelopers build custom solutionsAdministrators can only secure solutions with CAS
Hard to control what is being done in custom code
Biggest cause of SharePoint support cases: custom code
Developer • Design, build and
test customizations
Administrator• Install and monitor
customizations
Site Collection Owner• Activate and use
customizations
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SharePoint 2010 ApproachDevelopers build custom solutionsSite collection owners deploy, activate and implement the customizationsAdministrators leverage resource monitors to check site collection usage
Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server
Developer • Design, build and test
customizations
Administrator• Monitor customizations
Site Collection Owner• Activate and use
customizations• Install customizations
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solutions Help Enterprises
Sandboxed solutions are important becauseSolve SharePoint hosting issues in corporate environmentsHosted environments much easier to manage
Reduces time to deploying custom solutionsRemoving process of getting code approved and deployed by IT
Improves stability of SharePoint serversNow badly performing code isolated to site collection rather than potentially bringing down an entire server
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Overview of the SandboxAllows a subset of the full capabilities in the SharePoint APISecure – enforcing the sandbox
Execute in a partially trusted environmentCode executes in a special service processSubject to CASValidation framework
Provides way to do custom farm wide validation for the deployed packages
Each solution is isolated to its site collection
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Site Collection Administration
Solution Gallery -- _catalogs/solutionsEmpower Site Collection administrators
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solution LifecycleActivation• A
uto-activates features
Deletion
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
EXECUTING CODE IN THE SANDBOX
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Defining the SandboxSolution Administration - Quota/Blocked SolutionsSubset Object ModelExternal ProcessCode Access Security (CAS Policies)
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Solution AdministrationCentral Administration
Block SolutionsQuota Templates
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
The Subset Object ModelIn general
SPSite and belowNo SPSecurityNo SPSite constructionCommon namespaces not available
Microsoft.SharePoint.AdministrationMicrosoft.SharePoint.WebControls
SPSite
SPWeb
SPList
SPListItem
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
A Separate ProcessUser Code Service(SPUCHostService.exe)Sandbox Worker Process(SPUCWorkerProcess.exe)Sandbox Worker Process Proxy(SPUCWorkerProcessProxy.exe)
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandbox
Sandbox and Code Access Security AspNetHostingPermission, Level=Minimal
SharePointPermission, ObjectModel=trueSecurityPermission, Flags=Execution
Full Trust
wss_usercode.config
User Code
Framework Code
My.dll
Other.dll System DLL
SharePoint DLL
SharePoint OMSubset OM
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Front end Back endHost ServiceExecution
Manager
Sandboxing Architecture
Worker Process
Untrusted Code
Subset Object Model
Full Object Model
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solutions Process
Root SPWeb of SPSite
Solution galleryWebParts.wsp
Web Part gallery
Per-WFE AssemblyCache
<siteguid>\company.intranet.webpart.wsp\foo.dll
Sandboxed Worker Process
12 5
6
7
4
3
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
BUILDING SANDBOX SOLUTIONS
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Types of Sandboxed SolutionsSandboxed Solutions Support
Sandboxed solutions offer developers a subset of the SharePoint API available fully trusted solutions
Site collection and site scoped FeaturesMany XML constructs available: Modules, Lists, ContentTypes, etc.
Client technologies to access external data – JavaScript, Silverlight etc.
Offloading resource usage and access handling to client
Non-Visual Web Parts
Event/Featur
e Receivers
Feature
Activation
Events
Custom
Workflow
Actions
InfoPath
Forms Servic
es
List Definitions
Custom Actions
Site Pages
Site Columns
Content Types
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandbox BoundariesOff-box connections, http, web services, etcADO.netEnterprise features (Search, BCS, etc.)ThreadingP-InvokeIOOther sites
xxxx
xxx
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Compiling vs. Executing Sandboxed Solutions
Visual Studio 2010uses IntelliSense tohide full-trust typesAll code is compiled against the full APIThus, no “sandbox” check at compile time… only at runtimeWorkaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version
[..]\14\UserCode\Assemblies\Microsoft.SharePoint.dllNOTE: Switch it back before deployment!
Use this as a temporary test - do not deploy code that references the sandbox’s assembly
Full Object Model Subset Object Model
MyWebPart.dll
Proxy
Runtime
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Creating a Sandbox Solution with VS 2010
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Breaking out of the SandboxExternal Lists via SPListFull-Trust Proxy
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Building a Full-Trust Proxy
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SANDBOX RESOURCE MONITORING
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Load BalancingSandboxed solutions can be run in two modes
Local ModeExecute code on the SharePoint WFELow administration overheadLower scalability
Remote ModeExecution on back-end farm machine
Via dedicated service applicationsLoad balanced distribution of code execution requests
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published April 2010
Solution Validation
[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]public class PublisherValidator : SPSolutionValidator{
public override void ValidateSolution( SPSolutionValidationProperties properties){ properties.Valid = [true || false]; properties.ValidationErrorMessage = “no soup for you”; }
public override void ValidateAssembly( SPSolutionValidationProperties properties, SPSolutionFile assembly){ }}
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandbox Solution MonitoringHow it works
Site collection quotas specify the warning and hard limits for number of resources that can be used per daySum of resource measures are taken across solutions deployed to site collection
I.e., add up CPU Points for all solutionsMax of resource utilization measures checked against site collection quota to determine if it should be throttled/blocked
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Monitored ResourcesMetric Name Description Units Resources
Per PointHard Limit
AbnormalProcessTerminationCount
Process gets abnormally terminated Count 1 1
CPUExecutionTime CPU exception time Seconds 200 60CriticalExceptionCount Critical exception fired Number 10 3InvocationCount Number of times solution
has been invoked Count N/A N/A
PercentProcessorTime Note: # of cores not factored in
Percentage Units of Overall Processor Consumed
85 100
ProcessCPUCycles CPU Cycles 1E+11 1E+11
ProcessHandleCount Windows Handles 10,000 5,000
ProcessIOBytes(Hard Limit Only) Bytes written to IO
Bytes 1E+07 1E+08
ProcessThreadCount Number of Threads in Overall Process Threads 10,000 200
ProcessVirtualBytes (Hard Limit Only) Memory consumed Bytes 1E+09 4E+0
9SharePointDatabaseQueryCount
SharePoint DB Queries Invoked Number 400 100
SharePointDatabaseQueryTimeAmount of time spent waiting
for a query to be performedSeconds 20 60
UnhandledExceptionCount Unhanded Exceptions 50 3
UnresponsiveprocessCountWe have to kill the process because it has become unresponsive
Number 2 1You can tweak these values to fit your need…
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandbox Solution MonitoringCase Study
A solution has executed 40 SQL queries (via the SharePoint OM)One point for SQL is 400 queriesMeans for SQL it’s consumed .1 resource points So the resource usage is for the day for that solution is .1 resource points + other counters
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Solution Validation
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SummaryIntroducing Sandboxed SolutionsExecuting Code in the SandboxBuilding Sandbox SolutionsSandbox Resource Monitoring
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.