Usage & Enterprise Capabilities
Sandstorm is an open-source "operating system" for your personal cloud. It solves the biggest problem with self-hosting: the difficulty of setup and the risk of security vulnerabilities. In a traditional setup, every app you install is a potential entry point for hackers. In Sandstorm, every app instance (called a "grain") is isolated in its own secure sandbox, ensuring that a vulnerability in one app cannot compromise your entire server or your other data.
With Sandstorm, you get a beautiful, unified interface for your entire suite of productivity tools—from chat and task management to document editing and file storage. Installing a new app is as simple as clicking a button in the app market. Sharing a document or project with a colleague is equally easy, thanks to a robust, capability-based sharing model that replaces complex password management.
Self-hosting Sandstorm provides you with the ultimate level of data sovereignty and privacy, giving you a professional-grade cloud environment that YOU own and control completely.
Key Benefits
Unrivaled Security: Every app runs in an isolated, fine-grained sandbox by default.
Easy Self-Hosting: No more complex server configurations or manual updates.
Unified Interface: One dashboard for all your apps and documents.
One-Click Apps: Install dozens of the best open-source tools instantly.
Privacy First: Your data never leaves your server, and third-party developers have no access.
Production Architecture Overview
A production Sandstorm environment is a highly integrated stack:
Sandstorm Core: The main server and orchestrator (Go/C++).
App Grains: Isolated containers for each instance of an app.
Mongo DB: Stores platform-level metadata, users, and organization data.
Sandstorm Front-End: The web interface and sharing platform.
Persistent Storage: High-speed SSDs for grain data and platform metadata.
Reverse Proxy: Integrated (or external) NGINX to handle SSL and subdomains.
Implementation Blueprint
Implementation Blueprint
Prerequisites
sudo apt update && sudo apt upgrade -y
# Sandstorm's official installer handles most dependencies automaticallyStandard Production Installation
The easiest and most reliable way to install Sandstorm is via the official install script.
curl https://install.sandstorm.io | bashDuring installation, you will be prompted to:
Choose a domain (Sandstorm provides free sandcats.io subdomains with automatic HTTPS).
Set up an admin account.
Configure your network and storage settings.
Scaling & Management
Storage Scaling: For organizations, ensure your Sandstorm instance is backed by large, high-speed persistent volumes.
Resource Management: Monitor individual grain resource usage through the Sandstorm admin dashboard to identify resource-heavy apps.
App Packaging: Use the Sandstorm Vagrant-based tooling (spk) to package your own internal web applications for secure deployment on the platform.
Security Best Practices
App Selection: Always install apps from the official Sandstorm App Market to ensure they have been properly reviewed and sandboxed.
Regular Updates: Sandstorm updates itself automatically by default; ensure this feature remains active.
Authentication: Use the built-in support for Google, GitHub, or LDAP to provide secure team-wide authentication.
Grain Backups: Regularly use the "Download Backup" feature for critical grains to ensure data portability.
Backup & Disaster Recovery
Full System Backup: Regularly back up the entire Sandstorm directory (usually
/opt/sandstorm) and your MongoDB instance.Automatic Snapshots: If running on a virtual server, use host-level snapshots daily.
Data Portability: Remember that all data in Sandstorm is portable; individual grains can be downloaded as
.zipfiles and restored on any other Sandstorm instance.