Dealing with and learning from the sandbox


Published on

Session delivered at the Australian SharePoint conference

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This must be the opening slide
  • Comprehensive list of best practises
  • SPMonitoredScope should be enabled for all custom methods of Web Parts except OnInit, Render, and OnPreRender.
  • Dealing with and learning from the sandbox

    1. 1. Dealing with and Learning from the Sandbox Elaine van Bergen OBS
    2. 2. Who Am I ?• SharePoint 2010 MCM• SharePoint MVP• Co-organiser of Melbourne SharePoint User Group (MSPUG)• @laneyvb on Twitter
    3. 3. Types• SharePoint online dedicated• On-premise sandbox• SharePoint online
    4. 4. Online Dedicated• Unlikely to be used by Australian Customers• May actually be hosted not dedicated• Great case study for what Microsoft requires for customisation• Plenty of advice useful for all SharePoint developers
    5. 5. Design Process for Customisation• Gather requirements.• Create high-level design (HLD) document.• Microsoft review of HLD.• Develop custom solution.• Test, package, and validate with MSOCAF.
    6. 6. Design Guidelines - Examples• Use native SharePoint functionality when possible• Evaluate the use of a client-side solution• Create logical solution versioning• Move business logic to separate classes• Develop asynchronous code that connects to an Internet address• Ensure that dependencies to external systems are managed correctly
    7. 7. Design Guidelines – Directory Structure• Solution Artifacts• Release• Source code• Installation scripts• Test documentation
    8. 8. MSOCAF• Guidance Package• Analyze Code – Structure – FXCOP – Additional Rules• Submit
    9. 9. MSOCAF – Additional Rules• SPList.Items• SPListItemCollectionGetItemByID inside loop• SPListItem.Update() inside loop• Log Exceptions in Feature Receiver and Report Back to SharePoint• SharePointMonitorScope Webpart Check
    10. 10. DemoMSOCAF
    11. 11. SharePoint Online Dedicated Great Guidance for ANY SharePoint Development
    12. 12. On Premise Sandbox• How does it work ?• Why ?• Development Setup
    13. 13. FRONT END BACK END User Code Service (SPUCHostService.exe)Execution Manager(Inside Application Pool) Sandbox Worker Process (SPUCWorkerProcess.exe) IIS (WPW3.EXE) Web.config / CAS Policies Sandbox Worker Proxy Process (SPUCWorkerProcessProxy.exe)
    14. 14. Deployment• Solution Gallery at Site Collection• Site Collection Admin uploads and activates solution• Solutions are validated against policies• No artefacts on file system• No IIS Reset
    15. 15. Custom Validators[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]public class PublisherValidator : SPSolutionValidator{ [Persisted] List<string> _allowedPublishers; public override void ValidateSolution( SPSolutionValidationProperties properties){ } public override void ValidateAssembly( SPSolutionValidationProperties properties, SPSolutionFile assembly){ }}
    16. 16. Supported Artefacts
    17. 17. API Scope• Sandboxed .Net Code – Very limited subset of Microsoft.SharePoint – Scoped to current SPSite and below – No SPSecurity – No web service , external data or other network calls• Client side code – Silverlight – JavaScript
    18. 18. ECMAScriptControlsand LogicBrowser JSON Response ECMAScript OM Server XML Request OM Proxy Client.svc XML Request Proxy JSON Response Content Managed OM databaseManaged Client Managed Controls and Logic SharePoint Server
    19. 19. Server .NET Managed Silverlight ECMAScript(Microsoft.Shar (Microsoft.Shar (Microsoft.Shar (SP.js)ePoint) ePoint.Client) ePoint.Client.Sil verlight)SPContext ClientContext ClientContext ClientContextSPSite Site Site SiteSPWeb Web Web WebSPList List List ListSPListItem ListItem ListItem ListItemSPField Field Field Field
    20. 20. Full Trust Proxy• Operations in class that inherits Microsoft.SharePoint.Usercode.SPProxyOperation• Arguments in serializable class that inherits Microsoft.SharePoint.Usercode.SPProxyOperationArgs• Register full trust proxy• Recycle user code service• Consume via SPUtility.ExecuteRegisteredProxyOperation
    21. 21. Display LogicReusable/Complex Logic
    22. 22. Solution monitoring• Protects Site Collection from resource intensive solutions• Resource Points measure resource consumption• Site Collection Quota limits resource consumption per day• Absolute Limit limits cuts of solutions when limit hit
    23. 23. Monitored Metrics Resources Per AbsoluteMetric Name Description Units Point Limit Process gets abnormallyAbnormalProcessTerminationCount Count 1 1 terminatedCPUExecutionTime CPU exception time Seconds 3,600 60CriticalExceptionCount Critical exception fired Number 10 3 Percentage Units ofPercentProcessorTime Note: # of cores not factored in Overall Processor 85 100 Consumed Number of ThreadsProcessThreadCount Threads 10,000 200 in Overall ProcessSharePointDatabaseQueryCount SharePoint DB Queries Invoked Number 20 100 Amount of time spent waitingSharePointDatabaseQueryTime Seconds 120 60 for a query to be performedUnhandledExceptionCount Unhanded Exceptions 50 3
    24. 24. Why ?• Developers can deploy updates without IIS restarts• Site Collection Owners can control loading of solutions• Complex code separated from display logic• Solution performance can be monitored and controlled Rapid changes possible with low Governance
    25. 25. Development Setup• Enable Microsoft SharePoint Foundation Sandboxed Code Service via CA• Download power tools 6714-4549-9e95-f3700344b0d9• Download Silverlight toolkit verlight4tools;silverlight4toolkit;riaservicestoolkit
    26. 26. Sandbox modes• Local Mode: – Execute code on WFE – Low administration overhead – Lower scalability• Remote Mode: – Execute on dedicated SharePoint servers – Load balanced distribution of code execution requests
    27. 27. DemoSandbox Solutions
    28. 28. Common Pain Points• Error Handling/Visibility• Configuration Storage• Limited API set• Learning curve required
    29. 29. On Premise Sandbox Promotes efficient , well designed code that allows for rapid user interface change
    30. 30. SharePoint Online• Development Process• Data Access• Authentication
    31. 31. *.wsp Upload/ Activate/
    32. 32. Data Access• SharePoint data – Rest API, webservices, CSOM• JSON-P calling services External-Data-using-JSONP.aspx• BCS + WCF Service + Client Object Model• Applications put or get data to/from SharePoint
    33. 33. Authentication• Claims + Federation + Multiple Authentication Providers• FedAuth cookie with HTTP Only Flag = WinInet.dll• Active vs. Passive COMPLICATED !
    34. 34. SharePoint Online Sandbox Authentication and Data Access need to be carefully planned
    35. 35. SummaryConsider sandbox concepts as part of yoursolution design @laneyvb
    36. 36. Gold Sponsors Silver SponsorsBronze Sponsors Media Sponsors