The OpenROAD Installer sets the authentication level for the ASO and SPO to Packet Privacy because this provides the most secure default, with integrity-checking and encryption for all message traffic between the client and server. The cost of this added security is insignificant in most environments, and therefore we recommend keeping this default, but you can reduce the Authentication Level for the ASO or SPO if you want.

The ASO Authentication Level must be set to at least the Connect level. Because each ASO instance is a private server, launched under the same account as the client, that client must be authenticated to provide a security context under which to launch the process.

The SPO Authentication Level can be set as low as None, if you want to allow unauthenticated DCOM access to the SPO. But we do not recommended this because it provides no security. Using an HTTP gatekeeper is a better alternative because it enables you to be selective about which applications and which SCPs you expose to unauthenticated callers.