A sandboxed solution is a new concept in Microsoft SharePoint Foundation that enables site collection users to upload their own custom code solutions.
When user write code then it is not trusted it's failure cause on entire site. So the sandbox solution concept is used.
In that case program is only written for particular site & solution is updated in the same site.
10 reasons to use Sandboxed Solutions
- Sandboxed solutions are secure.
- Sandboxed solutions can be monitored.
- Sandboxed solutions do not affect other sandboxed solutions, well atleast not in other site collections is what I mean.
- Sandboxed solutions do not touch the file system for the most part
- Sandboxed solutions skip application pool recycles, so debugging is not such a pain.
- Sandboxed solutions allow the site collection administrator to perform deployment and upgrades
- Sandboxed solutions make CAS policies look like the out of style hairstyles of 1980s
- The Solution validation framework for sandboxed solutions is exntensible, simply inherit from the SPSolutionValidator base class.
- Sandboxed solutions remove the need for line by line code reviews
- Sandboxed solutions allow you to offer different level of SLAs to different site collections using Resource Quotas.
Solution Monitoring
Administrators can monitor a solution and set a quota for how many "resource points" it can use in a day. There are various measures that build up points for a solution.
Add-PSSnapin Microsoft.SharePoint.Powershell [System.Reflection.Assembly]::Load("Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") $s=[Microsoft.SharePoint.Administration.SPUserCodeService]::Local $s.ResourceMeasures \| Select-Object Name,ResourcePerPoint
Server Default
The default quota is 300 resource points a day, if you exceed that your solution is "cut off". The below table shows how many instances of a resource measure it takes to build a resource point e.g. 1 "AbnormalProcessTerminationCount" is one resource point, so 300 of these would "cut off" the solution.
| Measure | Resource Per Point |
|---|---|
| AbnormalProcessTerminationCount | 1 |
| CPUExecutionTime | 3600 |
| CriticalExceptionCount | 10 |
| InvocationCount | 100 |
| PercentProcessorTime | 85 |
| ProcessCPUCycles | 100000000000 |
| ProcessHandleCount | 10000 |
| ProcessIOBytes | 0 |
| ProcessThreadCount | 10000 |
| ProcessVirtualBytes | 0 |
| SharePointDatabaseQueryCount | 20 |
| SharePointDatabaseQueryTime | 120 |
| UnhandledExceptionCount | 50 |
| UnresponsiveprocessCount | 2 |
Sandbox Processes
Here the processes which required for Sandbox solutions.
- SPUCWorkerprocess.exe - Sandbox Worker process service which is a Seperate Service Application which actually executes Sandbox code. It should be started in every farm to use Sandbox solutions.
- SPUCWorkerProcessProxy.exe - Sandbox Worker process proxy which is working as a proxy for Worker process and takes care of Sandbox code execution. It can also serve to other farms if configured. Basically it helps site administrator for load balancing.
- SPUCHostService.exe - Sandbox User Code Service takes care of user code in Sandbox amd it can be started in the farms where to use Sandbox solutions.
Sandbox Limitations
As I said before, Sandbox is a secured wrapper and it has restrictions on code to run in SharePoint environment. Few Key limitations which developers should know are listed below.
- No Security Elevation - RunWithElevatedPrivileges which runs the specified block of code in application pool account(typically System Account) context is not allowed in Sandbox code. SPSecurity class also not allowed to use in Sandbox.
- No Email Support - SPUtility.SendMail method has been blocked explicitly in Sandbox, However .Net mail classes can be used to send mails. Additionaly sandbox won't allow to read Farm SMTP address. So developers has to specify the SMTP address in code itself(may be some other workaround).
- No Support to WebPartPages Namespace - Sandbox won't allow to use Microsoft.SharePoint.WebPartPages namespace.
- No Support to external Webservice - Internet web service calls are not allowed to ensure security in Sandbox solutions. Allow Partially Trusted code also can't be accessed within Sandbox.
- No GAC Deployment - Sandbox solutions are not stored in File System(Physical path) and assemblies can't be deployed to Global Assembly Cache(GAC). But it's available on C:\ProgramData\Microsoft\SharePoint\UCCache at runtime. Note the ProgramData is a hidden folder.
- No Visual Webparts - Visual Studio 2010 by default won't allow to create Visual Webparts to deploy as sandbox solution. But with Visual Studio PowerTools extensions(downloadable from Microsoft MSDN website) Visual Webparts can be developed and deployed as sandbox Solutions.
SharePoint Online which is SharePoint environment provided by Microsoft to manage SharePoint Sites in internet accepts only Sandbox solutions. Because SharePoint Online sites are Windows Servers at Microsoft Datacenters, Microsoft won't allow GAC deployment or file system access. In future Sandbox solution will give more features for developers.
Start or stop Sandboxed Code Service on a server:-
Central Administration -> System Settings -> Services on Server -> Microsoft SharePoint Foundation Sandboxed Code Service
Configure load balancing for the sandboxed solutions:-
Understanding load balancing for sandboxed solutions
SharePoint Foundation provides two load-balancing schemes that are used to determine which server to run a sandboxed solution on. Farm administrators can select one of the following load-balancing schemes to apply to sandboxed solutions across the farm:
- Local load balancing The sandboxed solution runs on the same server that received the request.
- Remote load balancing The server that the sandboxed solution runs on is selected based on solution affinity, and the sandboxed solution is run on a server where it is already loaded and has already been run. This saves time in servicing the request for the solution.
Regardless of which load-balancing scheme that you select, the sandboxed solutions service must be running on each server on which you want to run sandboxed solutions.
To configure load balancing by using Central Administration
- Verify that you have the following administrative credentials:
- You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site.
- On the home page of the Central Administration Web site, click System Settings.
- On the System Settings page, in the Farm Management section, click Manage user solutions.
- On the Sandboxed Solution Management page, in the Load Balancing section, select one of the following options:
- All sandboxed code runs on the same machine as a request. This load-balancing scheme runs sandboxed code on the same server that handles the rest of the request.
- Requests to run sandboxed code are routed by solution affinity. This load-balancing scheme selects the server on which to run sandboxed code based on solution affinity.
- Click OK.
Blocking a sandboxed solution:-
Central Administration ->; System Settings ->; Manage user solutions ->
In the File box in the Solution Restrictions section of the Sandboxed Solution Management page, either type the full path of the file that contains the solution to block, or use the Browse button to browse for the file to block.
Optionally, type a message in the Message box. This message will be displayed when a user tries to use the solution.
Setting quotas:-
For this Goto Central Administration --> Application Management --> Specify quota templates --> Sandboxed Solutions with code limits
No comments:
Post a Comment