Upload
sharepoint-saturday-ny
View
5.909
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SP 2010 Sandboxed Solutions
Mostafa ElzoghbiSr. Software Engineer - C# MVPMetroStar Systems
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
AgendaSandbox Solutions OverviewSharePoint 2007 Challenges for Farm SolutionsSharePoint 2010 Approach for Sandbox SolutionsSandbox Solutions LifecycleExecuting Code in the SandboxSandbox Solutions LimitationsSandbox Resource MonitoringLoad balancing Sandbox solutionsSolution Validation
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Overview of the Sandbox
Allows a subset of the full capabilities in the SharePoint APISecure – enforcing the sandbox
Execute in a partially trusted environmentCode executes in a special service processSubject to CASValidation framework
Provides way to do custom farm wide validation for the deployed packages
Each solution is isolated to its site collection
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Defining the Sandbox
Solution Administration - Quota/Blocked SolutionsSubset Object ModelExternal ProcessCode Access Security (CAS Policies)
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SharePoint 2007 Challenge
Developers build custom solutionsAdministrators can only secure solutions with CAS
Hard to control what is being done in custom code
Biggest cause of SharePoint support cases: custom code
Developer • Design, build and test customizations
Administrator• Install and monitor customizations
Site Collection Owner• Activate and use customizations
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
SharePoint 2010 Approach
Developers build custom solutionsSite collection owners deploy, activate and implement the customizationsAdministrators leverage resource monitors to check site collection usage
Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server
Developer • Design, build and test
customizations
Administrator• Monitor customizations
Site Collection Owner• Activate and use
customizations• Install customizations
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solutions Help Enterprises
Sandboxed solutions are important becauseHosted environments much easier to manage
Reduces time to deploying custom solutionsRemoving process of getting code approved and deployed by IT (Dev-Staging-Production)
Improves stability of SharePoint serversNow badly performing code isolated to site collection rather than potentially bringing down an entire server
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Create/Deploy Sandbox solution
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Site Collection Administration
Solution Gallery -- _catalogs/solutionsEmpower Site Collection administrators
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solution LifecycleInstallation• Upload into Solution Gallery
Activation• Auto-activates features
Deactivation• Inert operation, extended by developer • Web Parts no longer execute
Deletion
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Managing Sandbox Solutions
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Solution Administration
Central AdministrationBlock SolutionsQuota Templates
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
The Subset Object Model
In generalSPSite and below
No SPSecurityNo SPSite constructionCommon namespaces not available
Microsoft.SharePoint.AdministrationMicrosoft.SharePoint.WebControls
SPSite
SPWeb
SPList
SPListItem
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
A Separate Process
User Code Service : Started where WFE configured to run sandbox solutions.(SPUCHostService.exe)Sandbox Worker Process: where your actual code runs(SPUCWorkerProcess.exe)Sandbox Worker Process Proxy(SPUCWorkerProcessProxy.exe)
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandbox
Sandbox and Code Access Security AspNetHostingPermission, Level=Minimal
SharePointPermission, ObjectModel=trueSecurityPermission, Flags=Execution
Full Trust
wss_usercode.config
My.dll
Other.dllSystem
DLL
SharePoint DLL
SharePoint OM
Subset OM
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Front end Back end
Host ServiceExecutionManager
Sandboxing Architecture
Worker Process
Untrusted Code
Subset Object Model
Full Object Model
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Sandboxed Solutions Process
Root SPWeb of SPSite
Solution galleryWebParts.wsp
Web Part gallery
Per-WFE AssemblyCache
<siteguid>\company.intranet.webpart.wsp\foo.dll
Sandboxed Worker Process
1
2 5
6
7
4
3
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Types of Sandboxed SolutionsSandboxed Solutions SupportSandboxed solutions
offer developers a subset of the SharePoint API available fully trusted solutions
Site collection and site scoped FeaturesMany XML constructs available: Modules, Lists, ContentTypes, etc.
Client technologies to access external data – JavaScript, Silverlight etc.
Offloading resource usage and access handling to client
Non-Visual Web Parts- and Visual
WP is now available with VS 2010 SP Power
Tools
Event/Feature Receivers
Feature Activation Events
Custom Workflow Actions
InfoPath Forms Services List Definitions
Custom Actions Site Pages
Site Columns Content Types
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Best Practices: Sandbox Boundaries
Off-box connections, http, web services, etcADO.netEnterprise features (Search, BCS, etc.)Threading (No complex processing)P-InvokeIOOther sites
x
xxx
x
xx
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Compiling vs. Executing Sandboxed Solutions
Visual Studio 2010uses IntelliSense tohide full-trust typesAll code is compiled against the full APIThus, no “sandbox” check at compile time… only at runtimeWorkaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version
[..]\14\UserCode\Assemblies\Microsoft.SharePoint.dllNOTE: Switch it back before deployment!
Use this as a temporary test - do not deploy code that references the sandbox’s assembly
This is valid if you don’t have VS 2010 SP Power tools.
Full Object Model Subset Object Model
MyWebPart.dll
Proxy
Runtime
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Execution vs. Compilation in Sandbox
Demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Load Balancing
Sandboxed solutions can be run in two modes
Local ModeExecute code on the SharePoint WFELow administration overheadLower scalability
Remote ModeExecution on back-end farm machine
Via dedicated service applications
Load balanced distribution of code execution requests
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Load balancing Sandbox Solutions & Blocking
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published April 2010
Solution Validation
[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]public class PublisherValidator : SPSolutionValidator{
public override void ValidateSolution( SPSolutionValidationProperties properties){ properties.Valid = [true || false]; properties.ValidationErrorMessage = “no soup for you”; }
public override void ValidateAssembly( SPSolutionValidationProperties properties, SPSolutionFile assembly){ }}
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Solution Validator
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Monitored Resources
Metric Name Description UnitsResources Per Point
Hard Limit
AbnormalProcessTerminationCount
Process gets abnormally terminated
Count 1 1
CPUExecutionTime CPU exception time Seconds 200 60CriticalExceptionCount Critical exception fired Number 10 3
InvocationCountNumber of times solution has been invoked
Count N/A N/A
PercentProcessorTimeNote: # of cores not factored in
Percentage Units of Overall Processor Consumed
85 100
ProcessCPUCycles CPU Cycles 1E+111E+11
ProcessHandleCount Windows Handles 10,000 5,000
ProcessIOBytes(Hard Limit Only) Bytes written to IO
Bytes 1E+07 1E+08
ProcessThreadCountNumber of Threads in Overall Process
Threads 10,000 200
ProcessVirtualBytes(Hard Limit Only) Memory consumed
Bytes 1E+094E+09
SharePointDatabaseQueryCount
SharePoint DB Queries Invoked
Number 400 100
SharePointDatabaseQueryTimeAmount of time spent waiting
for a query to be performedSeconds 20 60
UnhandledExceptionCount Unhanded Exceptions 50 3
UnresponsiveprocessCountWe have to kill the process because it has become unresponsive
Number 2 1You can tweak these values to fit your need…
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Manage Sandbox solution resources
demo
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Summary
Sandbox Solutions OverviewSharePoint 2007 Challenges for Farm SolutionsSharePoint 2010 Approach for Sandbox SolutionsSandbox Solutions LifecycleExecuting Code in the SandboxSandbox Solutions LimitationsSandbox Resource MonitoringLoad balancing Sandbox solutionsSolution Validation
©2010 Microsoft Corporation. All rights reserved. RTM Content - Published May 2010
Blog: http://moustaga-arafa.blogspot.comTwitter: @mostafaelzoghbi