SharePoint 2010 Sandboxed Solutions Presentation_title SharePoint 2010 Sandboxed Solutions Endlich kontrollierte SharePoint-Erweiterungen! Was ist neu für Entwickler und Administratoren? Michael Hofer 1stQuad Solutions mhofer@1stquad.com dd/mm/yyyy, author_alias

Agenda Warum Sandboxed Solutions? 5‘ Die Sandbox-Architektur 5‘ Presentation_title Agenda Warum Sandboxed Solutions? 5‘ Die Sandbox-Architektur 5‘ Entwicklung (Demo) 15‘ Administration (Demo) 15‘ Full-Trust Proxies (Demo) 15‘ Wrap-Up 5‘ dd/mm/yyyy, author_alias

Wieso braucht SharePoint Sandboxed Solutions? Warum? Wieso braucht SharePoint Sandboxed Solutions?

Erweiterungen unter MOSS 2007 / WSS 3.0 SharePoint 2010 Developer Workshop (Beta2) Erweiterungen unter MOSS 2007 / WSS 3.0 Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Entwickler

Erweiterungen unter MOSS 2007 / WSS 3.0 SharePoint 2010 Developer Workshop (Beta2) Erweiterungen unter MOSS 2007 / WSS 3.0 Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Administratoren stellen Applikations-Sicherheit mittels spezieller Code-Access-Security (CAS) sicher. Können individuellen Code (meist) nicht prüfen (lassen). Entwickler Administratoren

Erweiterungen unter MOSS 2007 / WSS 3.0 SharePoint 2010 Developer Workshop (Beta2) Erweiterungen unter MOSS 2007 / WSS 3.0 Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Administratoren stellen Applikations-Sicherheit mittels spezieller Code-Access-Security (CAS) sicher. Können individuellen Code (meist) nicht prüfen (lassen). Site-Collection Besitzer aktivieren & benützen Erweiterungen. Melden schlechte Performance, Fehler und dergleichen. Entwickler Administratoren Site-Collection Besitzer

Erweiterungen unter MOSS 2007 / WSS 3.0 SharePoint 2010 Developer Workshop (Beta2) Erweiterungen unter MOSS 2007 / WSS 3.0 Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Administratoren stellen Applikations-Sicherheit mittels spezieller Code-Access-Security (CAS) sicher. Können individuellen Code (meist) nicht prüfen (lassen). Site-Collection Besitzer aktivieren & benützen Erweiterungen. Melden schlechte Performance, Fehler und dergleichen. Entwickler Undisposed Objects? Memory Leaks? Performace? Stabilität? Der häufigste Grund für SharePoint Support Cases: CUSTOM CODE Administratoren Site-Collection Besitzer

Neu: Sandboxed Solutions MS Confidential : SharePoint 2010 Developer Workshop (Beta1) Lecture 13: Sandboxed Solutions - 8 Neu: Sandboxed Solutions “Normale” SharePoint Solutions (WSP), aber Teilmenge (Subset) der SharePoint Funktionalität / Namespaces wird unterstützt. Code wird in einer geschützten “SandBox” in einem eigenen Prozess mit spezieller CAS ausgeführt: Mit Ressourcen verbinden, die nicht auf dem lokalen Server sind? Verboten! Das Threading-Modell ändern? Verboten! Auf das Datei-System schreiben? Verboten! Unmanaged Code aufrufen? Verboten! Ressourcen von anderen Site-Collections? Verboten! Werden von Site-Collection Administratoren in “Solution Gallery” installiert, aktiviert, überwacht, deaktiviert und –installiert.

SharePoint 2010 Sandboxed Solutions SharePoint 2010 Developer Workshop (Beta2) SharePoint 2010 Sandboxed Solutions Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Entwickler

SharePoint 2010 Sandboxed Solutions SharePoint 2010 Developer Workshop (Beta2) SharePoint 2010 Sandboxed Solutions Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Site-Collection Besitzer installieren und aktivieren die Erweiterungen. Überwachen und deaktivieren Erweiterungen falls nötig. Entwickler Site-Collection Besitzer

SharePoint 2010 Sandboxed Solutions SharePoint 2010 Developer Workshop (Beta2) SharePoint 2010 Sandboxed Solutions Entwickler entwerfen, entwickeln & testen individuelle Erweiterungen. Site-Collection Besitzer installieren und aktivieren die Erweiterungen. Überwachen und deaktivieren Erweiterungen falls nötig. Administratoren überwachen die Gesamtheit der Erweiterungen. Automatisches “Throttling” & Abstellen von problematischen Erweiterungen. Entwickler Site Collection Besitzer Administratoren

Die Architektur der Sandbox

Die Sandbox-Architektur 3/28/2017 8:10 PM Die Sandbox-Architektur FRONT END BACK END Execution Manager (Inside Application Pool) Host Services (SPUCHostService.exe) IIS (WPW3.EXE) Worker Service (SPUCWorkerProcess.exe) Untrusted Code Subset Object Model Full Object Model © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Die Sandbox-Architektur 3/28/2017 8:10 PM Die Sandbox-Architektur FRONT END BACK END Execution Manager (Inside Application Pool) Host Services (SPUCHostService.exe) IIS (W3WP.EXE) Worker Service (SPUCWorkerProcess.exe) Untrusted Code Subset Object Model Subset-Model Request Full Object Model © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Die Sandbox-Architektur 3/28/2017 8:10 PM Die Sandbox-Architektur FRONT END BACK END Execution Manager (Inside Application Pool) Host Services (SPUCHostService.exe) IIS (W3WP.EXE) Worker Service (SPUCWorkerProcess.exe) Untrusted Code Subset Object Model Full-Model Request Full Object Model © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Die Sandbox-Architektur 3/28/2017 8:10 PM Die Sandbox-Architektur FRONT END BACK END Execution Manager (Inside Application Pool) Host Services (SPUCHostService.exe) IIS (W3WP.EXE) Worker Service (SPUCWorkerProcess.exe) while(true) { //Do a Bad Bad Thing! } Untrusted Code Run for 30sec Subset Object Model Resource Wasting Call Full Object Model © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/02/08 SharePoint Developer Workshop: MS Confidential Code Access Security AspNetHostingPermission, Level=Minimal SharePointPermission, ObjectModel=true SecurityPermission, Flags=Execution Sandbox User Code My.dll wss_usercode.config Other.dll System DLL Framework Code SharePoint DLL Full Trust SharePoint OM Subset OM

Entwicklung von Sandboxed Solutions

Microsoft SharePoint Conference 2009 3/28/2017 Was geht und was nicht Geht: Content Types, Site Columns List Definitions & Instances Web Templates Site Pages Navigation ASP.NET web parts Deklarative Workflows Event Receivers, Feature Receivers Custom Actions InfoPath Forms Services (not admin-appr) JavaScript, AJAX, jQuery, Silverlight Module / Dateien Geht NICHT Farm & Web Application Features Timer Jobs SharePoint/Visuelle Web Parts Verwenden der WebPartManager Programmatische Workflows Dateien im Dateisystem / SharePoint Root Content Type Binding Custom Action groups HideCustomAction element WebParts in der Sandbox: Müssen von System.Web.UI.WebControls.WebParts.WebPart abgeleitet sein Keine WebPart-Connections Keine asynchronen Post-Backs Client-Scripts müssen beim ScriptManager registriert werden. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Einschränkungen im Objektmodell Microsoft SharePoint Conference 2009 3/28/2017 Einschränkungen im Objektmodell Microsoft.SharePoint ausser (einige) SPSite Konstruktor SPSecurity Objekt SPWorkItem and SPWorkItemCollection Objekte SPAlertCollection.Add Methode SPAlertTemplateCollection.Add Methode SPUserSolution and SPUserSolutionCollection Objekte SPTransformUtilities Microsoft.SharePoint.Navigation Microsoft.SharePoint.Utilities ausser SPUtility.SendEmail Methode SPUtility.GetNTFullNameandEmailFromLogin Methode Microsoft.SharePoint.Workflow Microsoft.SharePoint.WebPartPages ausser SPWebPartManager Objekt SPWebPartConnection Objekt WebPartZone Objekt WebPartPage Objekt ToolPane Objekt ToolPart Objekt Referenz: http://msdn.microsoft.com/en-us/library/ee537860(office.14).aspx © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sandboxed Solutions entwickeln Gleiches Vorgehen wie bei Farm Solutions: Gleiche Projekt-/Package Struktur, gleiches Objekt- und Deklarationsmodell. ACHTUNG: Visual Studio 2010 braucht IntelliSense um Full-Trust Typen zu verstecken, aber der Code wird gegen die volle API kompiliert! Workaround: Microsoft.SharePoint.dll Projekt-Reference auf Version der SandBox ändern: [..]\14\UserCode\Assemblies\Microsoft.SharePoint.dll ACHTUNG: Wieder zurücksetzten vor dem Deployment Full Object Model Subset Object Model MyWebPart.dll Proxy Runtime

Sandboxed Solution entwickeln Demo Sandboxed Solution entwickeln

Sandboxed Solutions administrieren & validieren Administration Sandboxed Solutions administrieren & validieren

Farm-Architektur & Skalierung Ausführung von User-(Sandboxed)-Solutions ist ein Farm-Server Service. Skalierbar! Load-Balancing Aufgerufener Server, oder Umleitung auf Server nach “Solution Affinity” Eigene Regeln möglich!

Administration von Sandboxed Solutions In Central Administration Einzelne Solutions komplett blockieren Quotas setzen Pro Site Collection In Quota Template Maximum & Warning Ressource Usage per day Mit Power Shell Get-SPSite | foreach-object {$_.Quota.UserCodeMaximumLevel = 300} Get-SPSite | foreach-object {$_.Quota.UserCodeWarningLevel = 100}

Wie funktionieren Resource Quotas? Bei der Ausführung einer Sandboxed Solution werden best. Metriken erfasst z.B. % Prozessor-Zeit oder Nr. von unbehandelten Exceptions Timer Jobs kompilieren die Metriken und berechnen einen Ressourcen-Verbrauch im Punktesystem Wenn alle Sandboxed Solutions einer Site Collection zusammen die täglich möglichen Ressourcen-Punkte verbraucht haben wird die gesamte Sandbox der Site Collection abgestellt. Benutzer sehen den gesamten Verbrauch sowie den individuellen Verbrauch je Solution in der Solution-Gallery:

Überwachte Ressourcen Microsoft SharePoint Server 2010 Ignite! 3/28/2017 Überwachte Ressourcen Metric Name Description Units Resources Per Point Hard Limit AbnormalProcessTerminationCount Process gets abnormally terminated Count 1 CPUExecutionTime CPU exception time Seconds 3,600 60 CriticalExceptionCount Critical exception fired Number 10 3 InvocationCount Number of times solution has been invoked N/A PercentProcessorTime Note: # of cores not factored in Percentage Units of Overall Processor Consumed 85 100 ProcessCPUCycles CPU Cycles 1E+11 ProcessHandleCount Windows Handles 10,000 1,000 ProcessIOBytes (Hard Limit Only) Bytes written to IO Bytes 1E+08 ProcessThreadCount Number of Threads in Overall Process Threads 200 ProcessVirtualBytes (Hard Limit Only) Memory consumed 1E+09 SharePointDatabaseQueryCount SharePoint DB Queries Invoked 20 SharePointDatabaseQueryTime Amount of time spent waiting for a query to be performed 120 UnhandledExceptionCount Unhanded Exceptions 50 UnresponsiveprocessCount We have to kill the process because it has become unresponsive 2 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Validatoren Erlauben, Sandboxed Solutions vor der Aktivierung zu überprüfen Code-Klassen, die von SPSolutionValidator ableiten: Registrieren: public class PublicKeyTokenSolutionValidator : SPSolutionValidator { public const string InternalName = "PublicKeyTokenSolutionValidator"; public PublicKeyTokenSolutionValidator() { ... } public PublicKeyTokenSolutionValidator(SPUserCodeService sandboxService) : base(InternalName, sandboxService) { ... } public override void ValidateSolution(SPSolutionValidationProperties properties) { ... } public override void ValidateAssembly(SPSolutionValidationProperties properties, SPSolutionFile assembly) {...} } SPUserCodeService sandboxService = SPUserCodeService.Local; SPSolutionValidator publicKeyTokenSolutionValidator = new PublicKeyTokenSolutionValidator(sandboxService); sandboxService.SolutionValidators.Add(publicKeyTokenSolutionValidator);

Sandboxed Solutions administrieren & validieren Demo Sandboxed Solutions administrieren & validieren

Die Sandbox mit Full-Trust Proxies erweitern

Microsoft SharePoint Conference 2009 3/28/2017 Full-Trust Proxy Erlauben den Zugriff auf Sandbox-geschützte Ressourcen SPProxyOperationsArgs = Bindeglied zwischen Farm und Sandbox SPProxyOperation = Farm-Seitig registrierte Full-Trust Operationen Worker Service (SPUCWorkerProcess.exe) GAC Untrusted Code SPProxyOperationsArgs SPProxyOperationsArgs SPUtility. ExecuteRegisteredProxyOperation SPProxyOperation Secured Resource © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Die Sandbox mit Full-Trust Proxies erweitern Demo Die Sandbox mit Full-Trust Proxies erweitern

Top 10 Gründe für Sandboxed Solutions SharePoint 2010 Developer Workshop (Beta2) Top 10 Gründe für Sandboxed Solutions Neue Möglichkeiten: Hoster, MS-Online etc. Sicherer, stabiler und überwachbar. Verändern und installieren keine System-Files. Beeinträchtigen keine anderen Site-Collections. Kein Application Pool Recycling, separate Prozesse. Verwaltung delegiert zu Site-Collection Besitzer. Skalierbare Service-Architektur & Load-Balancing. Erweiterbar dank Validatoren und Full-Trust-Proxies. (Fast) keine komplexen CAS-Policies mehr. Erlauben SLA’s via Resource Quotas.

Vielen Dank für Ihre Aufmerksamkeit Für mehr Informationen kontaktieren Sie bitte: Michael Hofer Solution Architect mhofer@1stquad.com Tel 043 541 13 35 Mobile 079 825 35 08 1stQuad Solutions Sonnenbergstrasse 32 8603 Schwerzenbach

Links & Ressourcen MSDN Other What‘s new: Sandboxed Solutions Sandboxed Solution Considerations Plan for Sandboxed Solutions Sandboxed Solutions Architecture Configure a farm for Sandboxed Solutions Developing, Deploying and Monitoring Sandboxed Solutions Other Channel 9 Sandbox Solutions Videos SharePointDev Wiki – Sandboxed Solutions

Presentation_title dd/mm/yyyy, author_alias

Über mich Michael Hofer, 34 Jahre, Zürich, Schweiz Presentation_title Über mich Michael Hofer, 34 Jahre, Zürich, Schweiz Mitbegründer 1stQuad Solutions «Spezialisten für Beratung, Software-Architektur und -Entwicklung sowie Schulungen rund um die Microsoft SharePoint Server Produkte & Technologien sowie Microsoft .NET.» http://www.1stquad.com Seit 7 Jahren „SharePoint“-All-Rounder Sprecher an verschiedenen Konferenzen und Events Kontakt: mhofer@1stquad.com Blog: www.1stquad.com/blog.aspx dd/mm/yyyy, author_alias

Resource Monitoring Processing MS Confidential : SharePoint 2010 Developer Workshop (Beta1) Resource Monitoring Processing

Sandbox Solution Monitoring Case Study Web Part in a sandbox solution executes 40 SQL queries (via the SharePoint OM) 20 SQL Queries = 1 point (default) Resource usage for this Web Part for the day: = (2 points * # of executions throughout the day) + other counters OOTB resource quota = 300, so one execution of this Web Part = 0.67% of site collection’s daily allocation

Timer Jobs Name Frequenz Beschreibung Solution Resource Usage Log Processing Alle 5 Minuten Extrahiert und aggregiert den Ressourcen-Verbrauch der Sandboxed Solutions aus den Log-Files. Solution Resource Usage Update Alle 15 Minuten Protokolliert den Ressourcen-Verbrauch der Sandboxed Solutions, schreibt Warn-Emails und blockiert wenn die tägliche Ressource-Quota überschritten wurde. Solution Daily Resource Usage Update Täglich Markiert die Tages-Grenze für die tägliche Ressourcen-Quota für Sandboxed Solutions je Site Collection. Hmm… Dann merkt SharePoint erst in 15 Minuten, wenn eine Sandboxed Solution über die Stränge schlägt!? …