View
590
Download
4
Category
Tags:
Preview:
DESCRIPTION
Session delivered at the Australian SharePoint conference
Citation preview
Dealing with and Learning from the Sandbox
Elaine van BergenOBS
Who Am I ?
• SharePoint 2010 MCM• SharePoint MVP• Co-organiser of Melbourne SharePoint User Group
(MSPUG)• @laneyvb on Twitter
Types
• SharePoint online dedicated• On-premise sandbox• SharePoint online
Online Dedicated
• Unlikely to be used by Australian Customers• May actually be hosted not dedicated• Great case study for what Microsoft requires for
customisation• Plenty of advice useful for all SharePoint developers
Design Process for Customisation
• Gather requirements.• Create high-level design (HLD) document.• Microsoft review of HLD.• Develop custom solution.• Test, package, and validate with MSOCAF.
Design Guidelines - Examples
• Use native SharePoint functionality when possible• Evaluate the use of a client-side solution• Create logical solution versioning• Move business logic to separate classes• Develop asynchronous code that connects to an
Internet address• Ensure that dependencies to external systems are
managed correctly
Design Guidelines – Directory Structure
• Solution Artifacts • Release • Source code• Installation scripts• Test documentation
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18128
MSOCAF
• Guidance Package • Analyze Code
– Structure– FXCOP– Additional Rules
• Submit
https://caf.sharepoint.microsoftonline.com/Default.aspx
MSOCAF – Additional Rules
• SPList.Items • SPListItemCollection\GetItemByID inside loop• SPListItem.Update() inside loop• Log Exceptions in Feature Receiver and Report Back
to SharePoint• SharePointMonitorScope Webpart Check
https://caf.sharepoint.microsoftonline.com/Default.aspx
DemoMSOCAF
SharePoint Online Dedicated
Great Guidance for ANY SharePoint Development
On Premise Sandbox
• How does it work ?• Why ?• Development Setup
Sandbox Worker Process(SPUCWorkerProcess.exe)
User Code Service (SPUCHostService.exe)Execution Manager
(Inside Application Pool)
IIS(WPW3.EXE)
FRONT END
Sandbox Worker Proxy Process(SPUCWorkerProcessProxy.exe)
Full SP Object Model
SP Object Model Subset
Untrusted Code
Web.config / CAS Policies
BACK END
Deployment
• Solution Gallery at Site Collection• Site Collection Admin uploads and activates solution• Solutions are validated against policies• No artefacts on file system• No IIS Reset
Custom Validators
[GuidAttribute("34805697-1FC4-4b66-AF09-AB48AC0F9D97")]public class PublisherValidator : SPSolutionValidator{
[Persisted] List<string> _allowedPublishers;
public override void ValidateSolution( SPSolutionValidationProperties properties){ }
public override void ValidateAssembly( SPSolutionValidationProperties properties, SPSolutionFile assembly){ }}
Supported Artefacts
API Scope
• Sandboxed .Net Code– Very limited subset of Microsoft.SharePoint– Scoped to current SPSite and below– No SPSecurity– No web service , external data or other network
calls
• Client side code– Silverlight – JavaScript
Client.svc
Server OM
Contentdatabase
ECMAScript OM
Proxy
Managed OM
Proxy
Managed Controls and Logic
ECMAScriptControlsand Logic
XML Request
XML Request
JSON Response
JSON Response
Browser
Managed Client
SharePoint Server
Server (Microsoft.SharePoint)
.NET Managed(Microsoft.SharePoint.Client)
Silverlight(Microsoft.SharePoint.Client.Silverlight)
ECMAScript(SP.js)
SPContext ClientContext ClientContext ClientContext
SPSite Site Site Site
SPWeb Web Web Web
SPList List List List
SPListItem ListItem ListItem ListItem
SPField Field Field Field
Full Trust Proxy
• Operations in class that inherits Microsoft.SharePoint.Usercode.SPProxyOperation
• Arguments in serializable class that inherits Microsoft.SharePoint.Usercode.SPProxyOperationArgs
• Register full trust proxy• Recycle user code service• Consume via SPUtility.ExecuteRegisteredProxyOperation
Display Logic
Reusable/Complex Logic
Solution monitoring
• Protects Site Collection from resource intensive solutions
• Resource Points measure resource consumption• Site Collection Quota limits resource consumption
per day• Absolute Limit limits cuts of solutions when limit hit
Monitored Metrics
Metric Name Description Units Resources Per Point
Absolute Limit
AbnormalProcessTerminationCount Process gets abnormally terminated Count 1 1
CPUExecutionTime CPU exception time Seconds 3,600 60
CriticalExceptionCount Critical exception fired Number 10 3
PercentProcessorTime Note: # of cores not factored inPercentage Units of Overall Processor Consumed
85 100
ProcessThreadCount Number of Threads in Overall Process Threads 10,000 200
SharePointDatabaseQueryCount SharePoint DB Queries Invoked Number 20 100
SharePointDatabaseQueryTime Amount of time spent waiting for a query to be performed Seconds 120 60
UnhandledExceptionCount Unhanded Exceptions 50 3
Why ?
• Developers can deploy updates without IIS restarts• Site Collection Owners can control loading of
solutions• Complex code separated from display logic• Solution performance can be monitored and
controlled
Rapid changes possible with low Governance
Development Setup
• Enable Microsoft SharePoint Foundation Sandboxed Code Service via CA
• Download power toolshttp://visualstudiogallery.msdn.microsoft.com/8e602a8c-6714-4549-9e95-f3700344b0d9
• Download Silverlight toolkithttp://www.microsoft.com/web/gallery/install.aspx?appid=silverlight4tools;silverlight4toolkit;riaservicestoolkit
Sandbox modes
• Local Mode:– Execute code on WFE– Low administration overhead– Lower scalability
• Remote Mode:– Execute on dedicated SharePoint servers– Load balanced distribution of code execution
requests
DemoSandbox Solutions
Common Pain Points
• Error Handling/Visibility• Configuration Storage• Limited API set• Learning curve required
On Premise Sandbox
Promotes efficient , well designed code that allows for rapid user interface change
SharePoint Online
• Development Process• Data Access• Authentication
Develop/ Debug
local.company.com
F5
dev.spo.contoso.com
*.wsp
*.wsp
spo.company.com/test
*.wsp
Upload/ Activate/ Deactivate
spo.company.com/prod
Data Access
• SharePoint data – Rest API, webservices, CSOM• JSON-P calling services
http://www.wictorwilen.se/Post/SharePoint-Online-and-External-Data-using-JSONP.aspx
• BCS + WCF Service + Client Object Model• Applications put or get data to/from SharePoint
Authentication
• Claims + Federation + Multiple Authentication Providers• FedAuth cookie with HTTP Only Flag = WinInet.dll • Active vs. Passive
COMPLICATED !
http://msdn.microsoft.com/en-us/library/hh147177.aspx http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx
SharePoint Online Sandbox
Authentication and Data Access need to be carefully planned
Summary
Consider sandbox concepts as part of your solution design
@laneyvb
Gold Sponsors
Bronze Sponsors Media Sponsors
Silver Sponsors
Recommended