Welcome to WAPT’s official documentation by Tranquil IT, last compiled on 2021-04-07.

Click here for a PDF version of the complete documentation.

WAPT is a software and configuration deployment tool that may be compared to Microsoft SCCM (now called MECM), Ivanti UIM, IBM Bigfix, Tanium, OPSI, PDQDeploy, or Matrix42.

WAPT exists in two flavors, WAPT Discovery and WAPT Enterprise.

Main benefits

For System Administrators:

• install software and configurations silently;

• maintain up to date an installed base of software and configurations;

• configure software at the system and user level to reduce the load on support teams;

• remove unwanted or out of cycle software and configurations silently;

• give Users more autonomy to install software safely and reliably;

• reduce as much as possible the consumption of bandwidth on remote sites to preserve it for productive uses;

For IT Security Officers

• pilot the software installed base to converge to a security standard acceptable to the Organization;

• prepare your enterprise for the coming GDPR and help your DPO keep his register of data processing, because you two will become close colleagues;

• no longer tolerate machines operating in Administrator mode;

• no longer tolerate users downloading and running software binaries from their home directory;

• start applying SRPs, also known as Applocker or WDAC to improve application level IT security;

• reduce the level of exposure to software vulnerabilities and lateral movement attacks;

• bring up audit indicators for a better knowledge of the state of installed IT devices and their global security level;

• be prompt to deploy updates to react to cyber attacks like Wannacry or notPetya;

For End-Users

• have your software configured to work well in the context of your Organization and trust that they will work correctly;

• reduce your need for support by your IT teams, whose reaction times are often long because of their workloads;

• have better working and more predictable work systems because of standard software configurations;

Presenting WAPT

• Introduction to WAPT
  • For what purpose is WAPT useful?
  • Security Certification from French Cyberdefense Agency ANSSI
  • The genesis of WAPT
• Fundamental principles
  • Package/ Repository principle
  • Types of WAPT packages
  • Dependency mechanism
  • Private key / Public key principle
• WAPT mode of operation
  • Inventory/ information feedback
  • Complete diagram of the WAPT operating mechanism
  • WAPT agent behavior with packages install / remove / session_setup / audit
• WAPT Server architecture
  • Repository role
  • Inventory server role
  • Proxy role
• WAPT language and development environment
  • Principles of WAPT package development
• Comparing features between the WAPT versions
  • Main functional benefits of the Enterprise version of WAPT
  • Targeted use cases of WAPT Enterprise
  • Description of services available with a WAPT Enterprise contract
  • Current feature list as of 2021-04-07
  • Features coming soon
  • Summary of operating principles in WAPT

Installing and managing WAPT

• Installation tips and requirements
  • Hardware recommendations
  • Configuring the Organization’s DNS for WAPT
  • Configuring DNS entries in Microsoft RSAT.
• Installing WAPT Server on Windows
• Installing WAPT Server on Debian
  • Setting up the GNU/Linux Debian server
  • Installing the WAPT Server on Debian Linux
• Installing WAPT Server on CentOS7
  • Configuring the CentOS/ RedHat server
  • Installing the WAPT Server on CentOS / RedHat
• Installing WAPT Server with Ansible
  • Requirements
  • Installing the Ansible role
  • Using the Ansible role
  • Role variables

Configure WAPT

• Configuring WAPT
  • Installing the WAPT management console
  • Starting the WAPT console
  • Generating the Administrator’s certificate for signing WAPT packages
  • Building the WAPT agent installer
  • Deploying the WAPT agent for Windows
  • Deploying the WAPT Agent on Linux
  • Deploying the WAPT agent on MacOS
  • Deploying the Linux WAPT Agent with Ansible
  • Uninstalling WAPT agent from clients
• Advanced WAPT configuration
  • Configuring the WAPT agent
  • Configuring the agents using a WAPT package
  • Configuring the WAPT console
  • Configuring the WAPT Server
  • Configuring WAPT Server for large deployments
• Upgrading the WAPT Server
  • Upgrading WAPT on a Debian from 1.8.2 to 2.0
  • Re-signing all packages by WAPT console following swith to Python3
  • Upgrading WAPT on a Centos / RedHat from 1.8.2 to 2.0
  • Re-signing all packages by WAPT console following swith to Python3
  • Upgrading WAPT on a Debian from 1.6/1.7 to 1.8
  • Upgrading WAPT on a CentOS from 1.6/1.7 to 1.8
  • Upgrading WAPT on a Windows from 1.6/1.7 to 1.8
  • Upgrading WAPT from 1.5 to 1.6
  • Updating PostgreSQL
• Backing up the WAPT Server
  • Backing up the WAPT Server on Linux
  • Restoring the WAPT Server on Linux
  • Backing up the WAPT Server on Windows
  • Restoring the WAPT Server on Windows
• Replicating repositories and working with multiple repositories
  • Replicating a repository to preserve the bandwidth on remote sites
  • Working with multiple public or private repositories
  • (Deprecated) Replicating repositories with Syncthing
• Enhancing the security of your WAPT setup
  • Configuring the firewall on the WAPT Server
  • Configuring kerberos authentication
  • Activating the verification of the SSL / TLS certificate
  • Configuring user authentication against Active Directory
  • Configuring Client-Side Certificate Authentication
  • Configuring Access Control Lists

Using WAPT daily

• How to use WAPT?
  • Using the WAPT console
  • Using the WAPT console (detailed)
  • Using WAPTtray
  • Using WAPTExit
  • Using Organizational Unit packages in WAPT
  • Using profile bundles in WAPT
  • Using WAPT Windows Update Agent (WAPTWUA)
  • Using the reporting functions in WAPT
  • Using WAPT SelfService
  • Differentiating user roles in WAPT
  • Synchronizing WAPT inventories to GLPI
• WAPT package structure
  • The control file
  • The setup.py file
  • The wapt.psproj file
  • The icon.png file
  • The manifest.sha256 file
  • The signature file
  • Other files
• Creating WAPT packages
  • Setting up your WAPT development and test environment
  • Creating a package template from the WAPT console
  • Building the package and sending it to the WAPT server
  • Packaging .msi packages (example)
  • Packaging .exe package (example)
  • Improving my package
  • Customizing the user environment
  • Using the audit functions for compliance
  • Updating automatically a software package
  • Deploying a portable software with WAPT
  • Packaging Windows Update .msu packages
  • Packaging simple Linux packages
  • Encrypting sensitive data contained in a WAPT package
  • Working with non standard return codes
  • Using different IDEs for developing WAPT packages
  • Simple examples of commonly used setuphelper functions
  • Videos showing WAPT in action
• Enhancing your productivity with WAPT
  • Simplifying the imaging of your workstations
• Frequent problems and questions
  • I have lost my SuperAdmin password
  • I lost my WAPT private key
  • My private key has been stolen
  • My BIOS UUID bugs
  • WAPTdeploy does not work
  • WAPT Exit will not launch
  • WAPTExit halts after 15 minutes and does not finish the installing the packages
  • Error message when opening the WAPT console
  • Problems with registering a host with WAPT
  • Problems when enabling enable-check-certificate
  • Problems when creating a package
  • WAPT package in error
  • Frequent problems caused by Anti-Virus software
  • EWaptBadControl: ‘utf8’ codec can’t decode byte
  • I have a lot more hosts in the console than I have host packages on my server?
• Common mistakes
  • Using a network drive to store and deliver WAPT packages
  • Using the register() function in your audit scripts
• Using WAPT with the Command Line
  • Using the more common functions in WAPT with the command line
  • Using special Command Lines with WAPT
  • Using the Command Line to create WAPT packages
• Using the WAPT server APIs
  • API V1
  • API V2
  • API V3

Appendix

• Contacting Tranquil IT
• Glossary
• Presentation of the security principles in WAPT
• (For software editors) Applying best practices to packaging software
• WAPT release Strategy
• Changelog
• WAPT End user License Agreement
• External component licenses used in WAPT

Indices and tables

• Index

• Glossary

• Search Page