This document discusses sandboxed solutions in SharePoint 2010. It provides an overview of sandboxed solutions, outlines challenges with farm solutions in SharePoint 2007, and describes SharePoint 2010's approach of sandboxed solutions. Key points covered include the sandboxed solution lifecycle, how code executes in the sandbox, limitations of sandboxed solutions, sandbox resource monitoring, load balancing sandboxed solutions, and solution validation.

1. SP 2010 Sandboxed Solutions MostafaElzoghbiSr. Software Engineer - C# MVPMetroStar Systems

2. AgendaSandbox Solutions OverviewSharePoint 2007 Challenges for Farm SolutionsSharePoint 2010 Approach for Sandbox SolutionsSandbox Solutions LifecycleExecuting Code in the SandboxSandbox Solutions LimitationsSandbox Resource MonitoringLoad balancing Sandbox solutionsSolution Validation

3. Overview of the SandboxAllows a subset of the full capabilities in the SharePoint APISecure – enforcing the sandboxExecute in a partially trusted environmentCode executes in a special service processSubject to CASValidation frameworkProvides way to do custom farm wide validation for the deployed packagesEach solution is isolated to its site collection

4. Defining the SandboxSolution Administration - Quota/Blocked SolutionsSubset Object ModelExternal ProcessCode Access Security (CAS Policies)

5. SharePoint 2007 ChallengeDevelopers build custom solutionsAdministrators can only secure solutions with CASHard to control what is being done in custom codeBiggest cause of SharePoint support cases: custom code

6. SharePoint 2010 ApproachDevelopers build custom solutionsSite collection owners deploy, activate and implement the customizationsAdministrators leverage resource monitors to check site collection usageAutomatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server

7. Sandboxed Solutions Help EnterprisesSandboxed solutions are important becauseHosted environments much easier to manageReduces time to deploying custom solutionsRemoving process of getting code approved and deployed by IT (Dev-Staging-Production)Improves stability of SharePoint serversNow badly performing code isolated to site collection rather than potentially bringing down an entire server

8. Create/Deploy Sandbox solutiondemo

9. Site Collection AdministrationSolution Gallery -- _catalogs/solutionsEmpower Site Collection administrators

10. Sandboxed Solution Lifecycle

11. Managing Sandbox Solutionsdemo

12. Solution AdministrationCentral AdministrationBlock SolutionsQuota Templates

13. The Subset Object ModelSPSiteIn generalSPSite and belowNo SPSecurityNo SPSite constructionCommon namespaces not availableMicrosoft.SharePoint.AdministrationMicrosoft.SharePoint.WebControlsSPWebSPListSPListItem

14. A Separate ProcessUser Code Service : Started where WFE configured to run sandbox solutions.(SPUCHostService.exe)Sandbox Worker Process: where your actual code runs(SPUCWorkerProcess.exe)Sandbox Worker Process Proxy(SPUCWorkerProcessProxy.exe)

15. Sandbox and Code Access SecurityAspNetHostingPermission, Level=MinimalSharePointPermission, ObjectModel=trueSecurityPermission, Flags=ExecutionSandboxMy.dllwss_usercode.configOther.dllSystem DLLSharePoint DLLFull TrustSharePoint OMSubset OM

16. Front endBack endHost ServiceExecutionManagerSandboxing ArchitectureWorker ProcessUntrusted CodeSubset Object ModelFull Object Model

17. Sandboxed Solutions Process2156743Per-WFE AssemblyCacheRootSPWeb of SPSite<siteguid>\company.intranet.webpart.wsp\foo.dllSolution galleryWeb Part gallerySandboxed Worker ProcessWebParts.wsp

18. Types of Sandboxed SolutionsSandboxed Solutions SupportSandboxed solutions offer developers a subset of the SharePoint API available fully trusted solutionsSite collection and site scoped FeaturesMany XML constructs available: Modules, Lists, ContentTypes, etc.Client technologies to access external data – JavaScript, Silverlight etc.Offloading resource usage and access handling to client

19. Best Practices: Sandbox Boundaries Off-box connections, http, web services, etcADO.netEnterprise features (Search, BCS, etc.)Threading  (No complex processing)P-InvokeIOOther sitesxxxxxxx

20. Compiling vs. Executing Sandboxed SolutionsVisual Studio 2010uses IntelliSense tohide full-trust typesAll code is compiled against the full APIThus, no “sandbox” check at compile time… only at runtimeWorkaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version[..]\14\UserCode\Assemblies\Microsoft.SharePoint.dllNOTE: Switch it back before deployment!Use this as a temporary test - do not deploy code that references the sandbox’s assembly This is valid if you don’t have VS 2010 SP Power tools.MyWebPart.dllRuntimeFull Object ModelSubset Object ModelProxy

21. Execution vs. Compilation in SandboxDemo

22. Load BalancingSandboxed solutions can be run in two modesLocal ModeExecute code on the SharePoint WFELow administration overheadLower scalabilityRemote ModeExecution on back-end farm machineVia dedicated service applicationsLoad balanced distribution of code execution requests

23. Load balancing Sandbox Solutions & Blockingdemo

24. Solution Validation[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]publicclassPublisherValidator:SPSolutionValidator{publicoverridevoidValidateSolution(SPSolutionValidationProperties properties){properties.Valid = [true || false];properties.ValidationErrorMessage = “no soup for you”;}publicoverridevoidValidateAssembly(SPSolutionValidationPropertiesproperties,SPSolutionFileassembly){}}

25. Solution Validatordemo

26. Monitored ResourcesYou can tweak these values to fit your need…

27. Manage Sandbox solution resourcesdemo

28. SummarySandbox Solutions OverviewSharePoint 2007 Challenges for Farm SolutionsSharePoint 2010 Approach for Sandbox SolutionsSandbox Solutions LifecycleExecuting Code in the SandboxSandbox Solutions LimitationsSandbox Resource MonitoringLoad balancing Sandbox solutionsSolution Validation

29. Blog: http://moustaga-arafa.blogspot.comTwitter: @mostafaelzoghbi