Sandboxed solutions

13 May

Sandboxed solutions are deployed to the database. This means that no files within the sandboxed solution will ever touch the file system of the server. Even dlls, xml files and aspx pages will be deployed to the database.

In Central Administration ensure that the Microsoft SharePoint Foundation Sandboxed Code Service is running on every server in the Farm where sandboxed solutions will be deployed and running.
Sandboxed solutions run within a special process, the Sandbox Worker Process (SPUCWorkerProcess.exe), part of this service.

The visually difference between a sandboxed and a farm solution in Visual Studio 2010 are:

  1. the property Sandboxed Solution (Project properties): true for sandboxed, false for farm solution
  2. AssemblyInfo.cs: [assembly: AllowPartiallyTrustedCallers()] is present in a sandboxed solution, not in a farm solution.

Sandboxed solution are wsp packages, deployed from solution gallery at site collection level by site collection administrators. The packages are isolated to site collection it is deployed to.
The solution gallery also displays resources consumed today and average usage the last 14 days.

When using sandboxed solutions a farm administrator can assign resource points to a site collection. The default quota is 300 points per day and points are calculated based on 14 different metrics:

Resource Description Units Resources per point Limit
AbnormalProcessTerminationCount Abnormally terminated process count 1 1
CPUExecutionTime CPU Execution Time for site seconds 3600 60
CriticalExceptionCount Critical Exception Events Events 10 3
InvocationCount Solution Invocation Events Events <TBD> <TBD>
PercentProcessorTime % CPU usage by solution % 85 100
ProcessCPUCycles Solution CPU cycles cycles 1×10^11 1×10^11
ProcessHandleCount Windows handles count items 10000 10000
ProcessIOBytes Windows handles count items 0 1×10^8
ProcessThreadCount Thread count in overall process Thread instances 10000 200
ProcessVirtualBytes Memory consumed Bytes 0 1×10^9
SharePointDatabaseQueryCount Number of SharePoint database queries Query instances 20 100
SharePointDatabaseQueryTime Elapsed time to execute query seconds 120 60
UnhandledExceptionCount Number of unhandled exceptions Unhandled exception instances 50 3
UnresponsiveProcessCount Number of unresponsive processes Unresponsive process instances 2 1

These metrics were chosen because they impact the health and stability of the server. The use of resources that have a higher impact on the server will cost you more points.
When the sandboxed solutions in a site collection use more than the assigned amount of points in a single day the sandboxed solutions in that particular site collection are shut down by SharePoint. This means that end users won’t be able to use the functionality of any sandboxed solution in that specific site collection until the resource points are reset. The following message will be displayed to the user:

The quota is per day, so after 24 hours the site collection will be unlocked and sandboxed solutions in that site collection can be used again. These 24 hours can be adjusted because this is a timerjob default scheduled every 24 hours: Solution Daily Usage Update.

Some important notes:

  • resource quota’s can be exceeded through high usage and can be an indicator of poorly written code e.g. the UnhandledExceptionCount, but this isn’t necessarily an indicator e.g. SharePointDatabaseQueryCount.
  • resource quota’s can be exceeded for a period of time, because the resource usage is calculated by timerjobs, these have to run first to update the resource usage calculation.
  • resource quota’s can be adjusted. You can define a new quota template (CA, App man, Specify Quota Templates, Create a new quota template and connect this template to a site collection: CA, App man, Configure quota’s and locks, select the site collection and the quota template to use) with other settings of maximum points, but this will impact the health and stability of the server.
  • sandbox code will not be terminated mid-execution.

Timerjobs involved (for every web application):

  • Solution Daily Usage Update (Marks the daily boundary for sandboxed solution resource quota monitoring, every day)
  • Solution Resource Usage Log Processing (Aggregates resource usage data from sandboxed solution execution, every 5 minutes)
  • Solution Resource Usage Update (Records resource usage data from sandboxed solution execution, and sends email to owners of site collections that are exceeding their allotted resource quota, every 15 minutes)

The Solution Gallery displays an overview of the solutions with status (activated or not) and the used resources per solution:

Unfortunately there is no drill down on this overview, so you can’t see which resource is heavily used in a particular solution.

3 Replies to “Sandboxed solutions

  1. Very informative submit, love the best way you write and I feel that the data helps in a way. I don’t normally say this, however I feel this is a great job done. If you like to alternate hyperlinks, I would be very happy to supply a hyperlink again to your site. Hope to hear from you soon. Cheers

  2. I have been checking out many of your stories and i can claim pretty good stuff. I will make sure to bookmark your website.

Comments are closed.