Sandbox Mode:
- It runs as a separate service, so it has got its own space to execute the process
- It has reduced functionality and a Partial Trust process
- On-premise CRM will allow you to run plugins in or out of sandbox mode (none), where as Online (Microsoft's hosted solution) will only run in sandbox mode
- Access to the file system, system event log, certain network protocols, registry, Active Directory are prevented in the sandbox. However, sandbox plug-ins do have access to external endpoints like the Windows Azure cloud
- Using any of the following cause a security exception (not an exhaustive list):
- Attempting to use the AppDomain.CurrentDomain.AssemblyResolve event
- System.IO.Path.GetTempPath() [System.Security.Permissions.EnvironmentPermissionException]
- Any filesystem access code [System.Security.Permissions.FileIOPermissionException]
- Attempting to use the EventLog [System.Diagnostics.EventLogPermissionException]
- Attempting to use IsolatedStorage [System.Security.Permissions.IsolatedStoragePermissionException]
- Any references to Thread.CurrentThread caused a security failure.
Sandbox (recommended option)
None
| pros | cons |
| Supported by all types of CRM deployment | You haven’t got access to the file system, system event log, certain network protocols, registry |
| Supports run-time monitoring and statistics reporting | |
| Secure approach | |
| MS CRM monitors sandbox worker process and handles situations of CPU/memory/handle limits exceeding. |
None
| pros | cons |
| All power of .NET framework is in your hands | Not supported by CRM online |
| Doesn’t support monitoring and statistic |
http://msdn.microsoft.com/en-us/library/gg334752.aspx
No comments:
Post a Comment