Tuesday, May 17, 2011

Cloud Computing - Sandboxed solutions?

Sharepoint 2010 Online cloud offerings : Some insight into the Sandboxed solutions

 
 
I recently got this great opportunity to work on BPOS D env on Sharepoint online. Exploring all the options for development and deployment was a very logical next step.. Here are all my findings on the BPOS online world for Sharepoint 2010 online development..... Starting with Sandboxed solutions.. Collating all the information that I have for now.... Next will be farm solutions and all about MSOCAF...Plan is to also have some sample code that goes for these…
  • Visual Studio supports sandboxed solutions through a Boolean project property called Sandboxed Solution. This property can be set at any time in the project, or it can be specified when you create the Project
  • By using sandboxed solutions, you can deploy your solutions to a subarea of the farm, a specific site collection. To provide additional protection, the solution’s assembly is not loaded into the main IIS process (w3wp.exe). Instead, it is loaded into a separate process (SPUCWorkerProcess.exe). This process is monitored and implements quotas and throttling to protect the farm from sandboxed solutions that perform harmful activities, such as running tight loops that consume CPU cycles.

 
 
When a sandboxed solution is deployed, the array of SharePoint functionality available to it is limited to help reduce any security vulnerabilities it may have. Some of these limitations include the following
  • Sandboxed solutions have a restricted subset of deployable solution elements available to them. Potentially vulnerable SharePoint project templates, such as site definitions and workflows, are not available.
  • SharePoint runs sandboxed solution code in a process (SPUCWorkerProcess.exe) separate from the main IIS application pool (w3wp.exe) process.
  • Mapped folders cannot be added to the project.
  • Types in the Microsoft SharePoint Server 2010 assembly Microsoft.Office.Server cannot be used in sandboxed solutions. Also, only types in the Microsoft SharePoint Foundation 2010 assembly Microsoft.SharePoint can be used in sandboxed solutions.
What you CANNOT DO…
    • You cannot run your code with elevated permissions in sandboxed solution
    • You cannot use Visual web part template for sandboxed solution. Because sandbox solution cannot deploy files to web front end.
    • You cannot access internet to make web service calls directly
    • You cannot access hard drive to read/write files
    • You can’t access code that is not marked to allow partially trusted callers
    • You cannot deploy assemblies to GAC
It is especially appropriate to use sandboxed solutions in the following scenarios :
When you want to load balance solutions between multiple SharePoint Server servers.When an organization wants to run code for employees on a production SharePoint Server site, and that code has not been stringently code reviewed and tested.When an Internet hosting provider wants to let the owners of hosted SharePoint Server sites upload and run custom code.
      Plan sandboxed solutions governance
While you are still planning for sandboxed solutions, you should consider your processes for governance issues, including the following
  • At what point will the farm administrator block or unblock a sandboxed solution? Identifying the administrative policy for blocking and unblocking sandboxed solutions will eliminate confusion if there is any doubt about the need to block a solution.
  • At what point will you transfer a sandboxed solution to the global catalog as a full trust solution? This decision applies to solution code that is developed by your organization’s developers. You should establish a policy for determining what level of testing is required for a sandboxed solution to be considered ready for production use in your organization.
  • When you are planning for who can deploy sandboxed solutions, will you choose to add people to the site collection administrators group or establish a procedure for a limited number of site collection administrators to deploy sandboxed solutions on behalf of their users? Depending on the security concerns in your organization, you can decide to add people directly to the site collection administrators group rather than requiring them to ask permission to deploy the sandboxed solution.
Getting close to the CODE
Restricting the access of sandboxed solutions to a subset of the Microsoft.SharePoint namespace is intended to prevent solutions from accessing functionality that could destabilize the farm. When sandboxed solutions make calls to the SharePoint object model, the calls are routed through the subset proxy, which in turn makes calls to the full object model. Sandboxed solutions do not support the following capabilities and elements, hence the design of the solution should take care of the following
1.    Visual Web Parts
2.    Application Pages
3.    Custom Action Group
4.    HideCustomAction element
5.    Content Type Binding
6.    Web Application-scoped features
7.    Farm-scoped features
8.    Workflows with code

The subset proxy exposes only the following subset of the object model
All of the Microsoft.SharePoint namespace, except
1.      SPSite constructor
2.      SPSecurity object
3.      SPWorkItem and SPWorkItemCollection objects
4.      SPAlertCollection.Add method
5.      SPAlertTemplateCollection.Add method
6.      SPUserSolution and SPUserSolutionCollection objects
7.      SPTransformUtilities object
8.      Microsoft.SharePoint.Navigation namespace

 
All of the Microsoft.SharePoint.Utilities namespace, except
    • SPUtility.SendEmail method
    • SPUtility.GetNTFullNameandEmailFromLogin method
    • Microsoft.SharePoint.Workflow namespace
All of the Microsoft.SharePoint.WebPartPages namespace, except
    • SPWebPartManager object
    • SPWebPartConnection object
    • WebPartZone object
    • WebPartPage object
    • ToolPane object
    • ToolPart object
WORKAROUNDS…… Some pretty important things that make it work in online environment…
1.    Visual Web Part       Install the Visual Studio 2010 SharePoint Power Tools   http//visualstudiogallery.msdn.microsoft.com/8e602a8c-6714-4549-9e95-f3700344b0d9/   and you will find a new "Visual Web Part (Sandboxed)" template.
2.    Cannot deploy files on layouts folder You can use a Module to deploy files on your application, without using Document Library.
3.    Cannot use Application Pages with code behind You can deploy an application page using a Module and add a Sandboxed Web Part to use code behind. SharePoint offers a specific class name <WebPartPagesSPUserCodeWebPart > to archives this goal. At the following link you can find a good example    http//www.wictorwilen.se/Post/Custom-application-pages-in-the-SharePoint-2010-Sandbox.aspx

 
 
References

1 comment:

  1. Excellent goods you have shared here and previous article was also great and i got huge information.Website Hosting

    ReplyDelete