dealing with and learning from the sandbox

Dealing with and Learning from the Sandbox

Elaine van BergenOBS

Who Am I ?

• SharePoint 2010 MCM• SharePoint MVP• Co-organiser of Melbourne SharePoint User Group

(MSPUG)• @laneyvb on Twitter

Types

• SharePoint online dedicated• On-premise sandbox• SharePoint online

Online Dedicated

• Unlikely to be used by Australian or New Zealand Customers

• May actually be hosted not dedicated• Great case study for what Microsoft requires for

customisation• Plenty of advice useful for all SharePoint developers

Design Process for Customisation

• Gather requirements.• Create high-level design (HLD) document.• Microsoft review of HLD.• Develop custom solution.• Test, package, and validate with MSOCAF.

Design Guidelines - Examples

• Use native SharePoint functionality when possible• Evaluate the use of a client-side solution• Create logical solution versioning• Move business logic to separate classes• Develop asynchronous code that connects to an

Internet address• Ensure that dependencies to external systems are

managed correctly

Design Guidelines – Directory Structure

• Solution Artifacts • Release • Source code• Installation scripts• Test documentation

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18128

MSOCAF

• Guidance Package • Analyze Code

– Structure– FXCOP– Additional Rules

• Submit

https://caf.sharepoint.microsoftonline.com/Default.aspx

MSOCAF – Additional Rules

• SPList.Items • SPListItemCollection\GetItemByID inside loop• SPListItem.Update() inside loop• Log Exceptions in Feature Receiver and Report Back

to SharePoint• SharePointMonitorScope Webpart Check

https://caf.sharepoint.microsoftonline.com/Default.aspx

DemoMSOCAF

SharePoint Online Dedicated

Great Guidance for ANY SharePoint Development

On Premise Sandbox

• How does it work ?• Why ?• Development Setup

Sandbox Worker Process(SPUCWorkerProcess.exe)

User Code Service (SPUCHostService.exe)Execution Manager

(Inside Application Pool)

IIS(WPW3.EXE)

FRONT END

Sandbox Worker Proxy Process(SPUCWorkerProcessProxy.exe)

Full SP Object Model

SP Object Model Subset

Untrusted Code

Web.config / CAS Policies

BACK END

Deployment

• Solution Gallery at Site Collection• Site Collection Admin uploads and activates solution• Solutions are validated against policies• No artefacts on file system• No IIS Reset

Custom Validators

[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]public class PublisherValidator : SPSolutionValidator{

[Persisted] List<string> _allowedPublishers;

public override void ValidateSolution( SPSolutionValidationProperties properties){ }

public override void ValidateAssembly( SPSolutionValidationProperties properties, SPSolutionFile assembly){ }}

Supported Artefacts

API Scope

• Sandboxed .Net Code– Very limited subset of Microsoft.SharePoint– Scoped to current SPSite and below– No SPSecurity– No web service , external data or other network

calls

• Client side code– Silverlight – JavaScript

Client.svc

Server OM

Contentdatabase

ECMAScript OM

Proxy

Managed OM

Proxy

Managed Controls and Logic

ECMAScriptControlsand Logic

XML Request

XML Request

JSON Response

JSON Response

Browser

Managed Client

SharePoint Server

Server (Microsoft.SharePoint)

.NET Managed(Microsoft.SharePoint.Client)

Silverlight(Microsoft.SharePoint.Client.Silverlight)

ECMAScript(SP.js)

SPContext ClientContext ClientContext ClientContext

SPSite Site Site Site

SPWeb Web Web Web

SPList List List List

SPListItem ListItem ListItem ListItem

SPField Field Field Field

Full Trust Proxy

• Operations in class that inherits Microsoft.SharePoint.Usercode.SPProxyOperation

• Arguments in serializable class that inherits Microsoft.SharePoint.Usercode.SPProxyOperationArgs

• Register full trust proxy• Recycle user code service• Consume via SPUtility.ExecuteRegisteredProxyOperation

Display Logic

Reusable/Complex Logic

Solution monitoring

• Protects Site Collection from resource intensive solutions

• Resource Points measure resource consumption• Site Collection Quota limits resource consumption

per day• Absolute Limit limits cuts of solutions when limit hit

Monitored Metrics

Metric Name Description Units Resources Per Point

Absolute Limit

AbnormalProcessTerminationCount Process gets abnormally terminated Count 1 1

CPUExecutionTime CPU exception time Seconds 3,600 60

CriticalExceptionCount Critical exception fired Number 10 3

PercentProcessorTime Note: # of cores not factored inPercentage Units of Overall Processor Consumed

85 100

ProcessThreadCount Number of Threads in Overall Process Threads 10,000 200

SharePointDatabaseQueryCount SharePoint DB Queries Invoked Number 20 100

SharePointDatabaseQueryTime Amount of time spent waiting for a query to be performed Seconds 120 60

UnhandledExceptionCount Unhanded Exceptions 50 3

Why ?

• Developers can deploy updates without IIS restarts• Site Collection Owners can control loading of

solutions• Complex code separated from display logic• Solution performance can be monitored and

controlled

Rapid changes possible with low Governance

Development Setup

• Enable Microsoft SharePoint Foundation Sandboxed Code Service via CA

• Download power toolshttp://visualstudiogallery.msdn.microsoft.com/8e602a8c-6714-4549-9e95-f3700344b0d9

• Download Silverlight toolkithttp://www.microsoft.com/web/gallery/install.aspx?appid=silverlight4tools;silverlight4toolkit;riaservicestoolkit

Sandbox modes

• Local Mode:– Execute code on WFE– Low administration overhead– Lower scalability

• Remote Mode:– Execute on dedicated SharePoint servers– Load balanced distribution of code execution

requests

DemoSandbox Solutions

Common Pain Points

• Error Handling/Visibility• Configuration Storage• Limited API set• Learning curve required

On Premise Sandbox

Promotes efficient , well designed code that allows for rapid user interface change

SharePoint Online

• Development Process• Data Access• Authentication

Develop/ Debug

local.company.com

F5

dev.spo.contoso.com

*.wsp

*.wsp

spo.company.com/test

*.wsp

Upload/ Activate/ Deactivate

spo.company.com/prod

Data Access

• SharePoint data – Rest API, webservices, CSOM• JSON-P calling services

http://www.wictorwilen.se/Post/SharePoint-Online-and-External-Data-using-JSONP.aspx

• BCS + WCF Service + Client Object Model• Applications put or get data to/from SharePoint

Authentication

• Claims + Federation + Multiple Authentication Providers• FedAuth cookie with HTTP Only Flag = WinInet.dll • Active vs. Passive

COMPLICATED !

http://msdn.microsoft.com/en-us/library/hh147177.aspx http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx

SharePoint Online Sandbox

Authentication and Data Access need to be carefully planned

Summary

Consider sandbox concepts as part of your solution design

@laneyvb

Bronze Sponsors Media SponsorsTechnology

Sponsor

Gold Sponsors

Silver Sponsors