INTRO: Sandboxed Solutions in SP2010 [Sharepoint 2010]
Now all of us (MOSS 2007) folks know we have solutions (often referred as WSP). With Sharepoint 2010 we get 2 types of Solutions: 1. Sandboxed Solutions and 2. Full-trust Solution. So now for IT-Pros a goodie is provided and that is Sandboxed solution. Why? As with Sandboxed solutions ITPros will not be bothered for deploying the solutions to the FARM, hey don’t party yet as Sandboxed solutions are not the same FULL-BLOWN solutions that we think. So not everything can be done as Sandboxed Solutions only few can be done and following are some of them that can be created:
v Content Types
v Site Columns
v Custom Actions
v Declarative Workflows
v Event Receivers
v Feature Receivers
v InfoPath Forms Services (not admin-approved i.e. withour code behind)
v JavaScript, AJAX, jQuery, Silverlight
v List Definitions
v Site Pages (but no application pages with code behind)
v Web parts (but not visual web parts)
What is Sandboxed: It is a separate process where solutions run and not all features of Microsoft. SharePoint namespace are available i.e. only a subset of features are available. So with sandboxed solution we can’t leverage everything inside the Microsoft.SharePoint namespace but we can consume bulk of the stuff. Basically a CAS [Code Access Policy] keeps us within the limits. Any solution that is created for Sandbox can be deployed into a special Solutions Gallery in the site-collection called SOLUTIONS GALLERY. And all these solutions that are deployed here can be activated from a menu (ECB menu) on that solutions gallery itself, hover around the item and you will get a ACTIVATE/DEACTIVATE menu. For all this to work properly we have to make sure that the “Microsoft SharePoint Foundation User Code Service” is starting on one or more of the servers in the Farm. You can confirm whether the service is running or not by checking the sandbox resource quota that is available on the top of the same page (Solutions Gallery Page). All of the resource assignment and monitoring for the Sandboxed solution can be controlled from Central Admin app.
Sandboxed Solutions to work need these 3 thing:
User Code Service (SPUCHostService.exe): this service will decide whether the box on which this service is running will participate in the Sandboxed solutions are not. This should run either on one box or more for sandbox solutions to take advantage of the server and run it on that server.
Sandbox Worker Process (SPUCWorkerProcess.exe): This is the actual process in which the Sandboxed Solutions run.
Sandbox Worker Process Proxy (SPUCWorkerProcessProxy.exe): If you have already studied and are aware of the new Service Application architecture then you get this one, this is the proxy which the web-app will use form the proxy group to use the sandbox.
So with Sandboxed solutions you can only do limited things i.e. to use limited API from the Microsoft.SharePoint namespace to name some of them:
Microsoft.SharePoint.Navigation , Microsoft.SharePoint.Utilities (with few exception), Microsoft.SharePoint.Workflow , Microsoft.SharePoint.WebPartPages (with few exception).
So if there are so many things that I can’t use, what is the advantage of Sandboxed solution?
Well if you have been an IT-Pro or for that matter even and end-user or to say a business user/Author, you know the pain. You have to wait till the admins approve your solution, go thru the code review, deploy it to test environment, then deploy it to staging and finally make it to Production. Also as most of the time the environments are shared, you have to follow the schedule and the deployments are not adhoc. So with Sandboxed solution you can give some control in the hands of end-users/business user (authors) whom the developers would hand over the sandboxed solution which they will upload to the solutions gallery just as you would upload a document to a document-library. And then activate there and there itself.
Ohh hold on, you mean to say the developers would give the WSP (sandboxed solution) to the end-user and no one would do a performance testing on that, how the artifact consumes the resources? Well in a shared environment it is BAD. Well for this problem we have the solution and i.e. RESOURCE QUOTAS. Basically the Farm admins would decide and allocate some kind of number, wowo this number is basically the amount of resource that your guy (the artifact/solution) can use from the shared resources and this is tracked. So in case if the execution of your artifact/solution happens to cross this limit/number boy your solution will not be allowed to execute anymore and it will be locked. So this way even if you have the mercy to run your own solutions (wsp) you are limited by your resource quota, don’t cross the number somebody’s watching you (I hope you know the MJ song “I always feel like somebodies watching me” J).
Hey I have one more Question:
Question: What if I dont want to wait for the solution to cross the Resource quota and then stop executing, i.e. What if I want to validate the solution even before it is run for the first time? I.e. on activation I want to perform few checks and then if the solution passes those checks then only allow it to be activated, what do I do for that?
Answer: Very Simple answer for that, write your own CUSTOM VALIDATOR, i.e. write a simple FARM level feature that inherits from a SPSolutionValidator. This allows us to walk thru the entire solution package and check for invalid points (i.e. perform some checks) and then Mark the solution as VALID or INVALID. For this simply create simple constructor to assign an ID to the SolutionValidator that we are writing i.e. something this.Signature="12334678"; and override 2 methods viz. ValidateSolution and ValidateAssembly method.
ValidateSolution(SPSolutionValidationProperties properties) method: This is called once per the solution package.
ValidateAssembly(SPSolutionValidationProperties properties, SPSolutionFile assembly) method: This is called once per each assembly in the soluion Package.
So yes this feature is ROCKING!!! This gives the business user the control required without waiting for the IT/Operations team and at the same time not staking the shared resources. SP2010 you ROCK!!!.
Also let me say a BIG thank you to SCOTT HILLER.
