WAPT Editions and versions history¶
24 Jan 2020 |
30 Mar 2021 |
30 Oct 2021 |
15 Mar 2022 |
30 Apr 2022 |
30 Jun 2022 |
10 Jan 2023 |
13 Jun 2023 |
|
---|---|---|---|---|---|---|---|---|
3.0 Entreprise Discovery |
Release 3.0 (To Be Defined) |
|||||||
2.3 Entreprise Discovery |
Release 2.3 |
Security and bugfix maintenance |
||||||
2.2 Entreprise Discovery |
Release 2.2 |
Security and bugfix maintenance |
Security and bugfix maintenance |
Security maintenance only |
End Of Life |
|||
2.1 Entreprise |
Release 2.1 |
Security and bugfix maintenance |
Security and bugfix maintenance |
Security maintenance only |
End Of Life |
|||
2.0 Entreprise |
Release 2.0 |
Security and bugfix maintenance |
Security maintenance only |
Security maintenance only |
End Of Life |
|||
1.8 Entreprise |
Release 1.8 |
Security and bugfix maintenance |
Security maintenance only |
Security maintenance only |
Security maintenance only |
End Of Life |
||
1.8 Community |
Release 1.8 |
Security and bugfix maintenance |
Security maintenance only |
Security maintenance only |
End Of Support by Tranquil IT, Community support only after [1] |
Summary of operating principles in WAPT¶
WAPT is agent based to allow no inbound open port in host’s firewalls that initiate a secured bi-directional websocket with the WAPT Server for allowing real-time reporting and actions.
WAPT works with Trusted Data Gateways using simple task scheduling.
WAPT works on the principle of smoothly pulling updates and then applying upgrades at a convenient time (works with low / intermittent bandwidth, high latency, high jitter networks).
WAPT does not require an Active Directory to work (works with Windows Home edition too); however, WAPT will show the host in its Active Directory tree if the host is joined to an AD.
Methods for deploying WAPT Agent:
Using a GPO or an Ansible script.
Manually after having downloaded the WAPT Agent from the WAPT Server or using SSH.
Methods for registering hosts with the WAPT Server:
Automatically using the host’s kerberos account.
Manually with the WAPT SuperAdmin login and password.
Upgrades may be triggered:
Upon shutdown of the host, this is the standard mode.
By an authorized WAPT Administrator in an emergency (ex: patching critical vulnerabilities running in the wild).
By the user herself at a time she chooses (ex: 24/7 nursing cart unused during breaks with a simple click).
Via a scheduled task running at a predetermined time (best for servers).
Security is insured with:
Signing of WAPT packages using asymmetric cryptography.
Authentication of hosts against the WAPT Server using symmetric cryptography on registering.
Confidentiality of the WAPT Server using WAPT deployed client certificates.
Using of ACL to define what an administrator is allowed to view or what actions he is allowed to perform according to his certificate.
Current feature list as of 2024-09-20¶
Attention
You may find on the Internet the mention of a GPLv3 Community version of WAPT that has been maintained and supported by Tranquil IT up to version 1.8.2, or up to approximately July 2021.
The Community version of WAPT has been friendly forked. Tranquil IT provides no longer any support, nor any maintenance, either free or paid on WAPT =< 1.8.2. Support and maintenance may be obtained from the operators of the fork at their rates and conditions.
Tranquil IT is the sole author and the full copyright owner of WAPT 1.8.2 and will require from maintainers of friendly forks that they refrain from using the name WAPT as the WAPT brand is trademarked and protected by the French INPI.
Feature |
Enterprise |
Discovery |
---|---|---|
Deploy, update and remove software on hosts |
||
Maintenance and support (check footnote for conditions) |
Tranquil IT staff [5] |
Tranquil IT forum [5] |
Licensed under |
Proprietary |
Proprietary |
Limits on number of devices |
unlimited |
300 |
Version of Python used in code and WAPT packages |
3+ (current) |
3+ (current) |
Deploy and update configurations in SYSTEM context |
||
Deploy and update configurations in USER context |
||
Get a comprehensive inventory of hardware, software and applied WAPT packages |
||
Benefit from the differentiated self-service (authorized users may install authorized software from authorized WAPT package stores) |
||
Benefit from simplified Windows Updates that work better than a standard WSUS (only the required KBs are downloaded from Microsoft) |
||
Simplify and structure your administrative workload by applying WAPT packages to an OU |
||
Configure and manage easily WAPT store relays to preserve bandwidth for Edge Computing scenarii |
||
Get access to ready-to-deploy WAPT packages for common free-to-use software |
||
Work with easily verifiable python recipes for installing, updating and removing software and configuration |
||
Benefit from hundreds of Helpers for simplifying software packaging |
||
Encrypt your sensitive data for transport (software license keys, login, password, server FQDN, API informations for registering software with the vendor, etc) |
||
Automate the auditing of your configurations for an easy, automated and always up-to-date compliance |
||
Benefit from the power of SQL integrated with the WAPT Console to make reports that you need for your daily sysadmin work or that your organization requires for budgeting decisions |
||
Authenticate your WAPT Administrators against Active Directory or LDAP, or their sets of certificates |
||
Benefit from differentiated roles between Package Developers and Package Deployers so you can delegate your WAPT powers to the most adequate people (packagers know security implications, deployers know user needs) |
||
Benefit from multi-tenant, multi-client mode with ACLs for MSPs or large multi-departmental or international organizations using an internal, easy to use PKI based mechanism for allowed perimeter |
||
Integration with Mesh Central for simple screen-sharing for user support |
||
Continued support for Windows XP in WAPT for factory machine tools, Hospital medical equipment, expensive and hard to replace research instruments, etc |
||
Update packages directly within the WAPT Console with |
||
Integrate WAPT inventory with popular GLPI ITSM tool |
||
WADS : operating system image deployment tool integrated within WAPT |
||
Check package with www.virustotal.com |
||
Verified and approved by internationally recognized cybersecurity agency ANSSI , WAPT is the only deployment software in the world with this level of certification |
||
Remote restart and shutdown of client computers |
Features coming soon¶
Below is a list of features that we have identified as being really useful to WAPT and WAPT’s user community and that we have already started to work on. No time-line is promised, stay tuned, we are only promising you that we are working very hard to achieve these objectives.
Feature |
Enterprise |
Discovery |
---|---|---|
History of actions done via WAPT for a complete reporting of a hosts software maintenance life-cycle |
||
Authentication of WAPT Administrators using cryptographic tokens (ex: smartcards) |
||
Access to ready-to-deploy WAPT packages or recipes for licensed business software (common business software for industry, medical, office, public collectivities, cybersecurity, etc) |
||
Access to ready-to-deploy WAPT package extensions for simplifying desktop armoring using Applocker or equivalent |
Footnotes
Main functional benefits of the Enterprise version of WAPT¶
WAPT Discovery is designed to let you try WAPT at no cost on a limited perimeter and with limited high-end features.
With WAPT Enterprise, you benefit automatically from the base functions included in WAPT to help you deploy, upgrade and remove software and configurations on your Windows, Linux and MacOS devices, from a central WAPT Console, with many more benefits.
WAPT is a freemium model. The Enterprise version shares the same code base with the Discovery version. An activated Enterprise license key turns on the following additional functionalities:
Active Directory authentication
of WAPT package developers, package deployers, self-service users and for the initial registering of the WAPT Agents with the WAPT Server. In addition, the display of WAPT equipped devices in the WAPT Console follow the same structure as the hierarchical structure of the Organization’s Active Directory OU.
Role separation between package developers and package deployers.
This way, central IT teams may build the software packages because they know the Organization’s security guidelines, and local IT teams may deploy the WAPT packages because they know the needs of their user base.
Such a separation is implemented using differentiated sets of keys (i.e. Code Signing SSL certificates for package developers and Simple SSL certificates for package deployers) and with ACLs rigths.
ACLs.
ACLs are managed by the SuperAdmin to authorize or restrict WAPT Administrators to viewing informations or performing actions only on a subset of the devices registered with the WAPT Server.
The identification and the authentication processes rely either on using Active Directory, LDAP or certificates. The authorizations granted to the Administrators are managed in the WAPT Server database. The perimeter of devices on which the rights are granted is defined by the deployed Administrator’s certificate.
This feature is particularly useful for large multi-national Organizations, central administrations with large regional offices or for MSPs wanting to centralize the management of several clients while allowing their end customers to perform some daily management tasks.
Differentiated self-service.
WAPT Enterprise allows you to apply lists of allowed packages to user groups in Active Directory.
Allowed users are free to install qualified packages from their list of approved packages without having to submit a ticket to their IT teams.
This feature is designed to offer Users the feeling of freedom and empowerment that they fear to lose in managed environments while allowing CISO to apply strict security rules using such method as SRP, also known as Applocker.
WAPT WUA.
WAPT allows to manage the Windows Updates on your Windows endpoints.
WAPT WUA is designed to just work out of the box, be gentle on your storage and preserve your bandwidth for your productive needs.
Advanced reporting for corporate teams.
This reporting completes the operational reporting already available in the WAPT Console; reports help WAPT operators demonstrate their efficacy with WAPT for insuring a greater level of security and conformity for their networks, systems, software and applications.
Dynamic repository configuration.
Starting with WAPT 1.8, repository replication can be enabled using a WAPT Agent installed on an existing host, a dedicated appliance or Virtual Host.
The replication role is deployed through a WAPT package that enables the Nginx web server and configures scheduling, packages types, packages sync, and much more.
This feature allows WAPT Agents to find dynamically their closest available WAPT repository from a list of rules stored on the WAPT Server.
Integration with GLPI
GLPI is a popular ITSM solution for ticketing, incident and asset tracking.
WAPT can now optionally send a minimum set of useful informations to a GLPI server.
Targeted use cases of WAPT Enterprise¶
The Enterprise version of WAPT is particularly advisable for Organizations:
That manage large installed bases of devices (generally above 300 units).
That are spread geographically with many subsidiaries or production sites.
That require a strong traceability of actions performed on the installed base of devices for reasons of audit or security.
That value secured and proven solutions in their IT sourcing.
Description of services available with a WAPT Enterprise contract¶
Access to future improvements in WAPT Enterprise¶
By subscribing to a WAPT Enterprise contract and by maintaining your subscription valid, you benefit from the future improvements brought into the core of WAPT and you benefit automatically from all future improvements to the WAPT Enterprise version.
A lapsing of your subscription will automatically switch your WAPT instance back to its corresponding Discovery version. Advanced functions only available in the Enterprise version will no longer be accessible and no action other that deleting hosts from the WAPT Console will be allowed until the host count has passed below 300.
Direct telephone support for your daily usage of WAPT¶
When your subscription reaches above a certain volume, Tranquil IT, the creator of WAPT, allows you a privileged access to its core team of WAPT experts and developers.
We give you access to a dedicated telephone hot-line with a direct answer to satisfy your needs for support in English and French.
We are committed to providing you with reliable and pertinent answers on the subscribed perimeter, quickly.
By subscribing or renewing your WAPT Enterprise contract, you will receive a notification indicating the practicalities to access our support.
Attention
The support concerns only the use in your Organization of the WAPT Enterprise software, additional support for adapting, personalizing, debugging or creating WAPT custom packages may be obtained with prepaid support tickets.
Up to three individuals in your Organization may communicate with our direct support.
Note
For more information, contact Tranquil IT sales team.
Price and preferential access to WAPT training¶
You may choose to train your IT team on any particularity of WAPT.
Note
For more information, contact the Tranquil IT sales team.