1 / 35

Creating Sandboxed Solutions with SharePoint 2010

Creating Sandboxed Solutions with SharePoint 2010. Name Title Company. Agenda. Introducing Sandboxed Solutions Executing Code in the Sandbox Building Sandbox Solutions Sandbox Resource Monitoring. Introducing Sandboxed Solutions. SharePoint 2007 Challenge.

patia
Download Presentation

Creating Sandboxed Solutions with SharePoint 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Creating Sandboxed Solutions with SharePoint 2010 Name Title Company

  2. Agenda • Introducing Sandboxed Solutions • Executing Code in the Sandbox • Building Sandbox Solutions • Sandbox Resource Monitoring

  3. Introducing Sandboxed Solutions

  4. SharePoint 2007 Challenge • Developers build custom solutions • Administrators can only secure solutions with CAS • Hard to control what is being done in custom code • Biggest cause of SharePoint support cases: custom code

  5. SharePoint 2010 Approach • Developers build custom solutions • Site collection owners deploy, activate and implement the customizations • Administrators leverage resource monitors to check site collection usage • Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server

  6. Sandboxed Solutions Help Enterprises • Sandboxed solutions are important because • Solve SharePoint hosting issues in corporate environments • Hosted environments much easier to manage • Reduces time to deploying custom solutions • Removing process of getting code approved and deployed by IT • Improves stability of SharePoint servers • Now badly performing code isolated to site collection rather than potentially bringing down an entire server

  7. Overview of the Sandbox • Allows a subset of the full capabilities in the SharePoint API • Secure – enforcing the sandbox • Execute in a partially trusted environment • Code executes in a special service process • Subject to CAS • Validation framework • Provides way to do custom farm wide validation for the deployed packages • Each solution is isolated to its site collection

  8. Site Collection Administration • Solution Gallery -- _catalogs/solutions • Empower Site Collection administrators

  9. Sandboxed Solution Lifecycle

  10. Executing Code in the Sandbox

  11. Defining the Sandbox • Solution Administration - Quota/Blocked Solutions • Subset Object Model • External Process • Code Access Security (CAS Policies)

  12. Solution Administration • Central Administration • Block Solutions • Quota Templates

  13. The Subset Object Model SPSite • In general • SPSite and below • No SPSecurity • No SPSite construction • Common namespaces not available • Microsoft.SharePoint.Administration • Microsoft.SharePoint.WebControls SPWeb SPList SPListItem

  14. A Separate Process • User Code Service(SPUCHostService.exe) • Sandbox Worker Process(SPUCWorkerProcess.exe) • Sandbox Worker Process Proxy(SPUCWorkerProcessProxy.exe)

  15. Sandbox and Code Access Security AspNetHostingPermission, Level=Minimal SharePointPermission, ObjectModel=true SecurityPermission, Flags=Execution Sandbox My.dll wss_usercode.config Other.dll System DLL User Code SharePoint DLL Full Trust Framework Code SharePoint OM Subset OM

  16. Sandboxing Architecture Front end Back end ExecutionManager Host Service Worker Process Untrusted Code Subset Object Model Full Object Model

  17. 2 • 1 • 5 • 6 • 7 • 4 • 3 Sandboxed Solutions Process Per-WFE AssemblyCache RootSPWeb of SPSite <siteguid>\company.intranet.webpart.wsp\foo.dll Solution gallery Web Part gallery Sandboxed Worker Process WebParts.wsp

  18. Building Sandbox solutions

  19. Types of Sandboxed Solutions Sandboxed Solutions Support • Sandboxed solutions offer developers a subset of the SharePoint API available fully trusted solutions • Site collection and site scoped Features • Many XML constructs available: Modules, Lists, ContentTypes, etc. • Client technologies to access external data – JavaScript, Silverlight etc. • Offloading resource usage and access handling to client

  20. Sandbox Boundaries • Off-box connections, http, web services, etc • ADO.net • Enterprise features (Search, BCS, etc.) • Threading • P-Invoke • IO • Other sites x x x x x x x

  21. Compiling vs. Executing Sandboxed Solutions • Visual Studio 2010uses IntelliSense tohide full-trust types • All code is compiled against the full API • Thus, no “sandbox” check at compile time… only at runtime • Workaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version • [..]\14\UserCode\Assemblies\Microsoft.SharePoint.dll • NOTE: Switch it back before deployment! • Use this as a temporary test - do not deploy code that references the sandbox’s assembly MyWebPart.dll Runtime Full Object Model Subset Object Model Proxy

  22. Creating a Sandbox Solution with VS 2010 demo

  23. Breaking out of the Sandbox • External Lists via SPList • Full-Trust Proxy

  24. Building a Full-Trust Proxy demo

  25. Sandbox Resource Monitoring

  26. Load Balancing • Sandboxed solutions can be run in two modes • Local Mode • Execute code on the SharePoint WFE • Low administration overhead • Lower scalability • Remote Mode • Execution on back-end farm machine • Via dedicated service applications • Load balanced distribution of code execution requests

  27. Solution Validation • [GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")] • publicclassPublisherValidator:SPSolutionValidator{ • publicoverridevoidValidateSolution( • SPSolutionValidationProperties properties){ • properties.Valid = [true || false]; • properties.ValidationErrorMessage = “no soup for you”; • } • publicoverridevoidValidateAssembly( • SPSolutionValidationPropertiesproperties, • SPSolutionFileassembly){ • } • }

  28. Sandbox Solution MonitoringHow it works • Site collection quotas specify the warning and hard limits for number of resources that can be used per day • Sum of resource measures are taken across solutions deployed to site collection • I.e., add up CPU Points for all solutions • Max of resource utilization measures checked against site collection quota to determine if it should be throttled/blocked

  29. Monitored Resources You can tweak these values to fit your need…

  30. Sandbox Solution MonitoringCase Study • A solution has executed 40 SQL queries (via the SharePoint OM) • One point for SQL is 400 queries • Means for SQL it’s consumed .1 resource points  • So the resource usage is for the day for that solution is .1 resource points + other counters

  31. Solution Validation demo

  32. Summary • Introducing Sandboxed Solutions • Executing Code in the Sandbox • Building Sandbox Solutions • Sandbox Resource Monitoring

  33. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related