Optimizing SharePoint Application Design -
     Instrumenting code to improve the ability to maintain the system

Ramona Maxwell’s study notes, ©2010 All rights reserved

•      Custom code that contains a lot of Web Service requests or SQL Server queries may create serious logjams. Just as in SQL stored procedures, large amounts of data should be retrieved in batches to avoid holding up other traffic through the DB server, yet code should also be designed to make as few trips back and forth for data as possible. Pages that are frequently accessed are better off with little or no custom code and TechNet adds a reminder to use indexes effectively when querying filtered subsets of data. To identify custom code that may cause a bottleneck SP administrators should enable the Developer Dashboard.
•      Where custom code is implemented affects the overall load on the server. When it is deployed within the Global Assembly Cache [GAC] there are no Code Access Security [CAS] and because, as the name 'Global' infers, the assembly you install is accessible within any SP web app. If you update your assembly, the GAC will not automatically distribute the newer version. You have to force this by resetting the IIS service. It appears there may be an opportunity for housekeeping here as the MSDN library states, "The global assembly cache can contain multiple versions of the same assembly." Code within a bin directory is limited by CAS and is only available to the web application it was created for. From a security aspect this is preferable, as a developer can create a trust policy with on the needed permissions and reference it from the web.config file. You could also raise the permission level for the whole bin directory, but this does undermine the protective effect of the CAS. The overall disadvantage to running custom code in a bin rather than the GAC is that SP must verify the untrusted code every time the page loads, which in frequently accessed pages results in undesirable overhead. You can also deploy code to the Solution Gallery, where it has partial trust by default and the farm also benefits from resource monitoring of code placed here. However not every feature of the SP object model will be available here and your code will be specific to just that site collection.