Attention : support for WAPT 2.1 ended on January the 10th 2023.

Please upgrade to the latest supported version

Installation requirements

You have to take into consideration a few security points in order to extract all possible benefits from WAPT:

  • If you are familiar with Linux, we advise you to install WAPT Server directly on CentOS following the security recommendations of French ANSSI or the recommendations of your state cyberdefense agency.

  • Although the WAPT Server is not designed to be a sensitive asset, we recommend it to be installed on a dedicated machine (physical or virtual).

Attention

In all steps of the documentation, you will not use any accent or special characters for:

  • user logins;

  • path to the private key and the certificate bundle;

  • the CN;

  • the installation path for WAPT;

  • group names;

  • the name of hosts or the the name of the server;

  • the path to the folder C:\waptdev.

Hardware recommendations

The WAPT Server can be installed either on a virtual server or a physical server.

RAM and CPU recommendations are:

Size of the network

CPU

RAM

Server optimization to apply

From 0 to 300 agents

2 CPU

2024 Mio

No

From 300 to 1000 agents

4 CPU

4096 Mio

Yes

From 1000 to 3000 agents

8 CPU

8192 Mio

Yes

From 3000 desktops onward

16 CPU

16384 Mio

Yes

  • A minimum of 10GB of free space is necessary for the system, the database and log files. For better performance, Tranquil IT recommends the database to be stored on fast storage, such as SSD drives or PCIe-based solid-state drives.

  • The overall disk requirement will depend on the number and size of your WAPT packages (software) that you will store on your main repository, 30GB is a good start. It is not strictly required to store WAPT packages on fast drives.

  • Finally, we have knowledge of users with servers equipped with multiple 10Gbps networking interfaces deploying at full speed massive Katia, National Instruments and Solidworks update packages on their LAN.

Software recommendations

Operating system

WAPT server are available on Linux and Windows:

  • For Linux, Debian 11, Red Hat 7 / 8 and derivatives, Ubuntu server LTS 20.04 64 bit version are supported. It not an obligation to use a Linux server distribution, but use a non graphical distribution.

Note

SELINUX is supported but not mandatory.

  • For Windows WAPT Server can be installed on Windows Server 64 bit version supported by Microsoft (Win2012r2, Win2k16 or Win2k19). Depending on your need, it can also be installed on recent Win10 Pro/Ent version (20H2 or later).

The WAPT Server will only run on 64bit based system.

Open Ports

Data-flow diagram of WAPT

Data-flow diagram of WAPT

As you can see, only ports 80 and 443 must be opened for incoming connections as the WAPT frameworks works with websockets initiated by the WAPT agents.

Inbound

Protocol

Port number

Source

Destination

Description

TCP

80

All WAPT agents

WAPT Server

Websocket connection (unsecured) for downloading packages and KB

TCP

443

All WAPT agents

WAPT Server

Websocket connection for downloading packages and KB

Outbound

Protocol

Port number

Source

Destination

Description

TCP

80

WAPT Server

Internet

Websocket connection (unsecured) for downloading packages, wsusscn2.cab and KB

TCP

443

WAPT Server

All WAPT agents

Websocket connection for downloading packages, wsusscn2.cab and KB

TCP

80

WAPT Server

Linux repository (for Linux server)

Update for packages

TCP

443

WAPT Server

Linux repository (for Linux server)

Update for packages

TCP

53

WAPT Server

Domain controller

DNS resolve

TCP

389

WAPT Server

Domain controller

LDAP authentication

TCP

636

WAPT Server

Domain controller

LDAP authentication

UDP

123

WAPT Server

Domain controller

NTP

Tips before installing

Configuring the Organization’s DNS for WAPT

Note

DNS configuration is not strictly required, but it is very strongly recommended.

In order to make your WAPT setup easier to manage, it is strongly recommended to configure the DNS server to include A field or CNAME field as below:

  • srvwapt.mydomain.lan.

  • wapt.mydomain.lan.

Replace mydomain.lan with your network’s DNS suffix.

These DNS fields will be used by WAPT agents to locate the WAPT Server and their WAPT repositories closest to them.

Configuring DNS entries in Microsoft RSAT.

  • The A field must point to the WAPT Server IP address.

Configuring the A field in Windows RSAT

You can now install the WAPT Server on your favorite operating system: