A sandbox is a restricted execution environment that enables programs to access only certain resources and that keeps problems that occur in the sandbox from affecting the rest of the server environment. These sandbox solution cannot use centain computer and network resources, and cannot access content outsite the site collection they are deployed in.
farm administrator can promote a sandboxed solution??? check
explain resources points and quotas
Sandbox assemblies are not deployed in GAC, instead when user access any functionality like WebPart the assembly is extracted from the deployed .wsp package and copied into C:\ProgramData\Microsoft\SharePoint\UCCache. The SPUCWorkerProcess.exe cannot copy file on the file system, Microsoft SharePoint Foundation Sandbox Code Service does it for us. This assembly copying can be done on backend application server as well. Thus assemblies in sandboxed solutions are persisted in the content database inside the solution package (.wsp)
file. Non-SharePoint assemblies cannot be deployed in a sandboxed solution.
Things which are possible in Sandbox: Binding of contenttype to list, content type, custom action for menu, the ribbon, administration page,event receiver, feature(Site, Web), Feature receiver, Fields(Field types that already exit in the farm), list/library instance/template, Master page, Module, Property bag, Designer WF, Site page, feature stapling, Web parts(connecting web parts not possible, derive from only System.Web.UI.WebControls.WebParts.WebPart), web template, localization.
Limitations: BCS, External DB, cannot call to the network so resources available on the server can only be accessed(external list or the list connected to other databases can be accessed), application pages,user control, site definition, web.config, cannot write to registry, assemblies that are not installed in GAC cannot be called e.g Microsoft.SharePoint.UserCode.dll,timer jobs, runwithelevatedprivileges, read write files on server, web.config, there is different restricted Microsoft.SharePoint.dll for sandbox, it cannot overuse system resources,.
Split page rendering system where w3wp.exe and SPUCworkerprocess.exe run together when a page which has sandbox components is rendered. When the page is completed loaded the page object in SPUCworkerprocess.exe is merged into w3wp.exe process.
When we go on services.msc Sandbox service is called SharePoint User Code Host Service and in CA is called Microsoft SharePoint Foundation Sandboxed Code Service. So these services should run on the server where the request is coming.
Who can deploy Sandbox solution: Site Collection admin is wsp contains assembly otherwise User with Full control permission level at root of site collection can deploy.
Data Access: Sandbox solution can access data only from the site collection.
Process running in: SPUCWorkerProcess.exe which has restricted permission.
Sandbox solution in partnership with full-trust proxies: Here in case you need to develop functionality which is restricted by Sandbox then you deploy your full trust proxy solution(runs in SPUCWorkerProcess.exe) at farm level and call it from sandbox solution. So this wont work in SharePoint online. Other way to do the same is use Client object model.
Farm administrator can block or unblock sandbox wsp through CA via Manage User Solutions
We can set quatas for 'Limit maximum resource usage per day' = [in points]. If the points go out of this limit all sandbox solution will stop automatically until the Solution Daily Resource Usage Update timer job runs, which typically occurs each night.
Planning for Sandbox Solution: Need performance or security. Sandbox has more worker and proxy processes than that of farm.
Plan for load balance sandbox solution code: 1. Local Load balancing 2. Remote load balancing.