Checking WAPT Installation requirements

Installation requirements

Naming conventions

You have to take into consideration a few security points in order to extract all possible benefits from WAPT:

• If you are familiar with Linux, we advise you to install WAPT Server directly on Debian or a RedHat based distribution following the security recommendations of French ANSSI or the recommendations of your state cyberdefense agency.

• Although the WAPT Server is not designed to be a sensitive asset, we recommend it to be installed on a dedicated host (physical or virtual).

Attention

In all steps of the documentation, you will not use any accent or special characters for:

• user logins;

• path to the private key and the certificate bundle;

• the CN;

• the installation path for WAPT;

• group names;

• the name of hosts or the the name of the server;

• the path to the folder C:\waptdev.

Hardware recommendations

The WAPT Server can be installed either on a virtual server or a physical server.

Optimal RAM and CPU recommendations for the WAPT Server

Size of the network	CPU	RAM	Server optimization to apply
From 0 to 300 WAPT Agents	2 CPU	2024 Mio	No
From 300 to 1000 WAPT Agents	4 CPU	4096 Mio	Yes
From 1000 to 3000 WAPT Agents	8 CPU	8192 Mio	Yes
From 3000 desktops onward	16 CPU	16384 Mio	Yes

• A minimum of 10GB of free space is necessary for the system, the database and log files.

• For better performance, Tranquil IT recommends the database to be stored on fast storage, such as SSD drives or PCIe-based solid-state drives.

• The overall disk requirement will depend on the number and size of your WAPT packages (software) that you will store on your main repository, 30GB is a good start. It is not strictly required to store WAPT packages on fast drives.

• Finally, we have knowledge of users with WAPT Servers equipped with multiple 10Gbps networking interfaces deploying at full speed massive Catia, National Instruments and Solidworks update packages on their LAN.

Software recommendations

Operating system

The WAPT Server is available on Linux and Windows:

• For Linux, Debian 11, Red Hat 7 / 8 and derivatives, Ubuntu server LTS 20.04 64 bit version are supported.

Note

SELINUX is supported but not mandatory.

• For Windows WAPT Server can be installed on Windows Server 64 bit version supported by Microsoft (Win2012r2, Win2k16 or Win2k19). Depending on your need, it can also be installed on recent Win10 Pro/Ent version (20H2 or later).

Attention

The WAPT Server will only run on 64bit based system.

Open Ports

Data-flow diagram for WAPT

As you can see, only ports 80 and 443 MUST be opened for incoming connections as the WAPT frameworks works with websockets initiated by the WAPT Agents.

Inbound

Inbound ports to open for WAPT to work

Protocol	Port number	Source	Destination	Description
TCP	80	All WAPT Agents	WAPT Server	Websocket connection (unsecured) for downloading packages and KB.
TCP	443	All WAPT Agents	WAPT Server	Websocket connection for downloading packages and KB.
UDP	69. Note : tftp use ephemeral/dynamic ports for data transport. If you have a firewall in between the server and the computers, be sure to have enable support for tftp conntrack.	All computers using WADS deployment TFTP method.	WAPT Server	To download the first stage of OS boot files before HTTP becomes available.

Outbound

Outbound ports to open for WAPT to work

Protocol	Port number	Source	Destination	Description
TCP	80	WAPT Server	Internet	Websocket connection (unsecured) for downloading WAPT packages, wsusscn2.cab and KB.
TCP	80	WAPT Server	Linux repository (for Linux server) and Tranquil IT repositories ([1])	Uploading of WAPT packages using (unsecured) HTTP.
TCP	443	WAPT Server	Linux repository (for Linux server) and Tranquil IT repositories ([1])	Uploading of WAPT packages using (secured) HTTPS.
TCP	53	WAPT Server	Domain controller or DNS server	Domain name resolution.
TCP	389	WAPT Server	Domain controller or LDAP server	LDAP authentication to authenticate users with the WAPT Console or the WAPT Self-service.
TCP	636	WAPT Server	Domain controller or LDAP server	LDAP authentication.
UDP	123	WAPT Server	Domain Controller or NTP server	NTP to keep time synchronized and kerberos working properly.

Footnotes

[1] (1,2)

The following DNS names are the Tranquil IT repositories to allow :

• https://store.wapt.fr

• https://wapt.tranquil.it

Tips before installing

Configuring the Organization’s DNS for WAPT

Note

DNS configuration is not strictly required, but it is very strongly recommended.

In order to make your WAPT setup easier to manage, it is strongly recommended to configure the DNS server to include A field or CNAME field as below:

• srvwapt.mydomain.lan.

• wapt.mydomain.lan.

Replace mydomain.lan with your network’s DNS suffix.

These DNS fields will be used by WAPT Agents to locate the WAPT Server and their WAPT repositories closest to them.

Configuring DNS entries in Microsoft RSAT.

• The A field MUST point to the WAPT Server IP address.

You can now install the WAPT Server on your favorite operating system:

• Install the WAPT Server on GNU / Linux Debian.

• Install the WAPT Server on a RedHat based distribution.

• Install the WAPT Server on Windows (not recommended for large production networks).