What is Windows Sandbox
Next major update for Windows will introduce Windows Sandbox. It is temporary lightweight virtual machine that allow users and developers to run programs in isolation. This blog post is overview of Windows Sandbox with focus on developers.
Running Windows Sandbox
Windows Sandbox is coming as a Windows feature. We can turn it on as any other Windows feature we are using.
Besides system components we get Windows Sandbox application installed on machine. If we want to run some program in isolation then we have to open Windows Sandbox desktop application. Easiest way to do it is to search for it.
Those who need it often can add it to start menu for quicker access.
Windows Sandbox for developers
Windows Sandbox is quick and effective way to wind up virtual machine, try something and then blow it off. When trying out current preview of Windows I see some important things for developers to know.
- After closing virtual machine everything is wiped – all stuff put there is gone forever.
- Apps running on host machine are not automatically available on guest.
- Today Windows Sandbox is great for trying out stand-alone applications that install fast.
- Files can be moved to Windows Sandbox using copy and paste.
If application needs some large Windows features or some other slow to install components then it’s better to go with Hyper-V virtual machine that uses clean prepared image.
It’s also possible to copy folder with required command-line utilities and batch file to Windows Sandbox to download and install required components for application, take source from Git, build it and run. Again it comes down to size and time of additional components. If something like this is not needed frequently or process runs fast then this is one option to consider for developers.
On my development laptop (runs Visual Studio on big web applications well but not strong enough to run SharePoint virtual machines) Windows Sandbox runs smooth. It puts some unexpected load to host system when it is starting but after this there are no glitches – it just runs.
How Windows Sandbox works
With Windows Sandbox Microsoft is using multiple tricks to keep image size and resource consumption minimal. Using dynamic file links they keep image size around 100MB for full operating system. Smart memory management enables to share physical memory between instances of operating system components in guest and host machine. As Windows Sandbox uses practically same operating system than host machine then it doesn’t need to boot up another full scale operating system.
There’s no reason to worry about memory shared between host and Windows Sandbox – they can’t access private memory buffers of each other. So memory level attacks are avoided by architecture. Or let’s hope they are avoided.
Besides nice things there are also support for battery pass-through and hardware accelerated rendering. More technical details are available at Microsoft Technet Community page. It’s possible to configure networking and startup scripts for Windows Sandbox. Not many options are available right now but let’s hope again for bright future.
Windows Sandbox is lightweight and great solution to try out things fast without installing whole new virtual machine. It comes always clean and it doesn’t keep it’s state today. I’m sure that Windows Sandbox will be win for power users, administrators and developers who have clear idea what it means to run something in isolation. Dumb users probably will continue running all these interesting exe and bat files like before.
6 thoughts on “What is Windows Sandbox”
Will this tie into something like docker / containers or is it completely separate?
From Windows 8 there are many components of hypervisor built into operating system. Some people say that even home version have these components but it doesn’t use them. AFAIK Windows Sandbox uses these hypervisor components. By implementation it should me more similar to virtual machine.
1) What are the impacts on performance ?
2) Can you prioritize one SandBox over another ?
3) What about programs that needs access to HW (such as USB/Serial port/GPU) ?
4) Can you assign X amount of cores for a specific SandBox ?
1) Yes, it impacts performance as it needs resources. Performance depends on load and resources of host machine. Sandbox is kind of like clean install and it needs therefore less resources. Some resources like memory of system files and system files itself are shared between host and sandbox
2) Not possible yet. Probably will remain feature of Hyper-V.
3) There is GPU virtualization already and you can control it. USB/serial – I rarely need it but will try out
4) Not yet. Not sure if they will bring it to Windows Sandbox
Good read, thanks.
There’s no reason to worry about memoty
Sample of configuring Windows Sandbox machines using XML are here: https://gunnarpeipman.com/net/dotnet-core-windows-sandbox/