Application Server
The following Application Server enhancements are made in this maintenance release:
• Authorized Applications Only
• Forced Shutdown
• DPO
• SPO Launch Permissions
Authorized Applications Only
If the new RunAuthorizedAppsOnly option is selected in the VASA SPO configuration options, the SPO will refuse to Initiate any application images that have not been registered. An "Unauthorized application" error 0x8004E300 is returned on the Initiate call.
Forced Shutdown
When the OpenROAD Application Server service (orsposvc) is stopped, the SPO now shuts down regardless of how many other clients are connected.
Calls already in process are given a grace period to complete. Further calls from existing clients are refused (with a "Dispatcher disabled due to shutdown" error 0x8004E000). Attempts by new clients to connect are refused by COM (with an "Access denied" error 0x80070005). The SPO terminates as soon as all its ASO slaves have finished processing their current calls, or when the grace period expires, whichever comes first.
The ShutdownGracePeriod can be set in the VASA SPO configuration options, and it defaults to 15 seconds. If a call does not complete within the grace period, the ASO processing that call will be disconnected, and the SPO will terminate. When a disconnected ASO finally completes the call, the byref results are discarded and the ASO begins a normal shutdown sequence.
DPO
The DPO (OpenROAD.DomainPortal routing server) is removed from this release (and will be automatically uninstalled and erased from existing installations) because it created a potential security risk. It is replaced by a more direct method for overriding the COM default authentication level of the client machine and requesting unauthenticated connections.
If a Routing string of "unauthenticated" is specified on an Initiate call, an explicitly unauthenticated connection is established directly to the target server. Without this, COM would first attempt to establish an authenticated connection, and only after failing that would it fall back to an unauthenticated connection. Under some network configurations, those failed attempts can significantly impact performance. An explicitly unauthenticated connection also overrides the default authentication level of the client process.
The Initiate Routing string "OpenROAD.DomainPortal" is still supported for backward compatibility, but it no longer causes connections to be forwarded through a DPO server; it simply enables an explicitly unauthenticated connection, directly connecting to the target server. The new Routing string "unauthenticated" is equivalent, and is the preferred way to achieve that result.
SPO Launch Permissions
The installer now sets the SPO launch permissions to include only the SYSTEM account, which is the account under which the OpenROAD Application Server service (orsposvc) runs. This enables the lifetime of the SPO to be fully controlled by the orsposvc, by preventing other users from launching an SPO when the orsposvc is trying to shut down.
Last modified date: 12/20/2023