Gustavo Canete
Why you need a sandbox
Every NetSuite customization, script, workflow, or integration change carries risk. A SuiteScript that works perfectly in your head might break saved searches, slow down page loads, or create duplicate records when it hits real data. A workflow change that seemed straightforward might trigger email notifications to 5,000 customers.
A sandbox is a copy of your production environment where you test changes without consequences. It sounds obvious, but a surprising number of companies still test directly in production — and learn the hard way why that's a bad idea.
Types of NetSuite sandbox environments
NetSuite offers several environment types, each with different capabilities and costs.
Sandbox accounts
A sandbox is a full copy of your production account — configuration, customizations, scripts, workflows, roles, and data. It runs on the same NetSuite infrastructure and behaves like your production environment with a few key differences:
- Changes in sandbox don't affect production (and vice versa)
- Email sending is disabled by default to prevent accidental customer communications
- Integrations point to sandbox-specific URLs
- The environment is visually marked so users know they're not in production
Sandboxes are the standard testing environment for most NetSuite customers. They support the full range of customization — SuiteScript, SuiteFlow, SuiteBuilder, custom records, and SuiteBundler.
Release Preview accounts
Release Preview environments give you early access to upcoming NetSuite releases before they hit production. NetSuite pushes major updates twice a year, and Release Preview lets you test your customizations against the new version weeks in advance.
This is critical if you have heavy customization. A SuiteScript that works on the current release might break on the next one if Oracle changed an API or UI behavior. Release Preview gives you time to find and fix those issues before your production account upgrades automatically.
Development accounts
Development accounts are standalone environments for building SuiteApps or testing integrations from scratch. Unlike sandboxes, they don't carry your production data or configuration. They're blank slates with standard NetSuite functionality.
Development accounts are free for SuiteCloud Developer Network (SDN) members and are primarily used by partners and ISVs building commercial SuiteApps. Most end-user companies don't need these — a sandbox covers their testing needs.
How sandbox refresh works
A sandbox starts as a snapshot of your production account at a specific point in time. As you make changes in production — new records, updated configurations, new scripts — the sandbox drifts further from reality.
Refreshing overwrites the sandbox with a fresh copy of production. This resets all data and configuration to match the current state of production.
Key things to understand about refresh:
- Frequency depends on your plan. Standard sandbox accounts typically allow refreshes on a scheduled basis — the exact frequency depends on your contract. Some accounts get monthly refreshes; others are less frequent.
- Refresh overwrites everything. Any work-in-progress in the sandbox is lost. If you're mid-testing on a customization, finish or export your work before requesting a refresh.
- Refresh takes time. Depending on your data volume, a refresh can take several hours to a full day. Plan accordingly — don't request a refresh the morning before a major testing sprint.
- Some configurations need manual adjustment after refresh. Integration endpoints, SSO settings, and certain scheduled scripts may need reconfiguration after refresh because they reference production-specific values.
Best practice: refresh discipline
Establish a refresh schedule that aligns with your development cycles. Many teams refresh at the start of each major project or sprint. If you refresh too often, you lose in-progress testing work. If you refresh too rarely, your sandbox diverges from production and testing becomes unreliable.
When you need a sandbox
Not every company needs a sandbox from day one. Here's when it becomes essential:
You have custom SuiteScript. Any server-side or client-side scripting should be tested in a sandbox before deploying to production. A script that runs on record save, for example, will fire on every transaction — testing this in production means risking real financial data.
You're building or changing integrations. When connecting NetSuite to Shopify, Celigo, or any external system, the sandbox lets you test data flows without creating real orders, invoicing real customers, or corrupting real inventory counts.
You're doing a major configuration change. Restructuring your chart of accounts, changing approval workflows, modifying roles and permissions, or updating saved searches that feed dashboards — test these in sandbox first.
You have compliance requirements. SOX compliance and other regulatory frameworks often require documented testing in a non-production environment before changes go live. A sandbox provides that audit trail.
You're upgrading or installing SuiteApps. New SuiteApps or version upgrades can conflict with existing customizations. Test the installation in sandbox, verify that your workflows and scripts still work, then deploy to production with confidence.
When a sandbox is overkill
For simple configuration changes — adding a custom field, creating a saved search, adjusting a form layout — a sandbox might be unnecessary overhead. Experienced NetSuite administrators can make these changes safely in production. The risk-to-effort ratio doesn't justify spinning up a sandbox for every minor tweak.
Sandbox costs
Oracle does not publish official sandbox pricing. Based on industry estimates and reported contract terms:
| Environment type | Estimated cost | Notes |
|---|---|---|
| Standard sandbox | ~$500–1,500/month | Full copy of production |
| Premium sandbox | ~$1,500–2,500/month | Faster refresh, more frequent refreshes |
| Release Preview | Included | Available before each major release |
| Development account | Free (SDN members) | For SuiteApp development |
Some NetSuite editions include a sandbox in the base license — check your contract. If it's not included, adding a sandbox mid-contract is a negotiation with your account manager. Bundling a sandbox at initial contract signing typically yields better pricing than adding one later.
Oracle does not publish official pricing — these are industry estimates that vary by contract terms and edition.
Setting up your sandbox
Initial setup
- Request the sandbox through your NetSuite account manager or the SuiteCloud management portal. If your contract includes a sandbox, provisioning is usually straightforward.
- Wait for the initial copy. The first sandbox creation takes longer than subsequent refreshes because it's copying everything from scratch.
- Verify the copy. Once provisioned, log in and spot-check key data: customer records, transactions, custom records, saved searches. Make sure the sandbox matches production.
Post-setup configuration
After the sandbox is ready, adjust these settings:
Integration endpoints. Any integration pointing to production URLs needs to be reconfigured to sandbox URLs. This includes:
- REST API base URLs (sandbox uses a different account ID format)
- SuiteTalk (SOAP) endpoints
- RESTlet URLs
- iPaaS connections (Celigo, Boomi, etc.)
Email settings. Sandbox disables outbound email by default. If you need to test email workflows, configure a catch-all address that sends all outbound email to a single test inbox instead of actual recipients.
Scheduled scripts and workflows. Review any scheduled processes that run automatically. In sandbox, these may execute with production data patterns — disable any that could cause confusion or generate test data you don't want.
SSO and authentication. If you use SAML SSO or LDAP, sandbox authentication may need separate configuration. Users might need to log in with NetSuite-native credentials initially.
Testing best practices
Use a testing checklist
Before promoting any change from sandbox to production, verify:
- Core transactions still work (sales orders, invoices, payments)
- Saved searches return expected results
- Dashboards load correctly
- Integrations send and receive data
- Roles and permissions are correct
- Email templates render properly
- Scheduled scripts run on schedule
- Performance is acceptable (page load times, script execution)
Document your testing
Keep a simple log of what you tested, what the results were, and what you changed. This serves double duty: it provides an audit trail for compliance and helps you troubleshoot if something goes wrong after deploying to production.
Don't trust sandbox performance as a proxy for production
Sandbox environments may have different performance characteristics than production. A script that runs in 2 seconds in sandbox might take 10 seconds in production under concurrent user load. Performance testing in sandbox gives you a baseline, but production monitoring is still essential after deployment.
Promote changes systematically
Use SuiteCloud Development Framework (SDF) or SuiteBundler to package and promote changes from sandbox to production. Manual re-creation of customizations in production is error-prone and slow. SDF projects track your customizations as code, making promotion repeatable and auditable.
Common sandbox mistakes
Testing with stale data. If your sandbox was last refreshed three months ago, the data doesn't reflect current business reality. Test results may not be relevant. Refresh before major testing cycles.
Forgetting to disable integrations. A sandbox with active integrations pointing to production systems can create real orders, send real notifications, or update real inventory. Always reconfigure integration endpoints before testing.
Not testing with realistic user roles. Developers and admins have full permissions. Your end users don't. Test with the actual roles and permissions your team uses — a customization that works for an admin might fail for a standard user due to permission restrictions.
Treating sandbox as a permanent development environment. Sandboxes are for testing, not long-term development. Changes accumulate, the environment drifts from production, and eventually the sandbox becomes its own beast that doesn't represent reality. Refresh regularly and keep development work in version control.
The bottom line
A sandbox isn't a luxury — it's insurance. The cost of a sandbox environment is a fraction of the cost of a production incident caused by untested changes. For companies with custom scripts, active integrations, or compliance requirements, a sandbox is non-negotiable.
For smaller NetSuite implementations with minimal customization, evaluate whether the cost justifies the risk. But the moment you start writing SuiteScript or building integrations, get a sandbox. The first time it saves you from a production disaster, it pays for itself.
Frequently Asked Questions
Need help with your NetSuite project?
Whether it's integrations, customization, or support — let's talk about how we can help.
Gustavo Canete
Co-Founder & Development Director
Co-founder and Development Director at BrokenRubik overseeing technical excellence and development operations. 12+ years of experience leading NetSuite development teams and delivering complex enterprise solutions.
Get More Insights Like This
Join our newsletter for weekly tips, tutorials, and exclusive content delivered to your inbox.
Related Articles
NetSuite 2026.1 Release Notes: Developers & IT Architects
NetSuite 2026.1 for developers: REST batch operations, SuiteScript 2.1 runtime upgrades, AI coding in VS Code, and the TBA deprecation deadline.
NetSuite 2FA: Two-Factor Authentication Setup Guide
How to set up two-factor authentication in NetSuite. Covers authenticator app setup, QR codes, recovery options, and 2FA enforcement for your organization.
NetSuite Administrator: Role, Skills & Career Guide
The NetSuite administrator role explained. Daily responsibilities, required skills, salary expectations, certification, and career path.