Comparing features between the WAPT versions

Summary of operating principles in WAPT

  • WAPT is agent based to allow no inbound open port in host’s firewalls that initiate a secured bi-directional websocket with the server for allowing real-time reporting and actions

  • Can work with Trusted Data Gateways using simple task scheduling;

  • Works on the principle of smoothly pulling updates and then applying upgrades at convenient time (works with low / intermittent bandwidth, high latency, high jitter)

  • Does not require an AD (works with Windows Home edition too), but will show the host in its Active Directory tree if the host is joined to an AD

  • Methods for deploying WAPT agent:

    1. using a GPO or an Ansible script;

    2. manually after having downloaded the agent from the WAPT server or using SSH

  • Methods for registering hosts with the WAPT server:

    1. automatically using the host’s kerberos account

    2. manually with the WAPT Superadmin login and password

  • Upgrades may be triggered:

    1. upon shutdown of the host, the standard mode

    2. by an authorized WAPT Administrator in an emergency (ex: critical vulnerabilities running in the wild)

    3. by the user at a time she chooses (ex: 24/7 nursing cart unused during lunch break with a simple click)

    4. via a scheduled task running at a predetermined time (best for servers)

  • Security is insured with:

    1. signing of WAPT packages using asymmetric cryptography

    2. authentication of hosts against the WAPT server using symmetric cryptography on registering

    3. confidentiality of the WAPT server using WAPT deployed client certificates

Footnotes

1(1,2,3,4,5,6)

WAPT =< 1.8.2 implements python2.7, so there is no guarantee that packages designed for python3 will work.

2

The Enterprise version embeds more SetupHelper functions than the Community and Discovery versions.

3

In the Community and Discovery versions, the WAPT SuperAdmin password is shared between individuals that manage the WAPT server.

4(1,2)

A minimal volume of licenses must be subscribed in order to benefit from Tranquil IT’s telephone support for the daily operation of the software. Additional paid support is available to help you with your WAPT packaging needs. Forum support is provided without warranty nor delay and may be provided by Enterprise or Discovery users not affiliated with Tranquil IT.

5

Windows XP does not work with Python > 2.7. So a special branch of WAPT will be frozen with the last build of the WAPT agent running with 2.7. This version of the agent will of course be excluded from the target of evaluation in future security certifications.

6

Access to the store requires an account. WAPT package recipes are proprietary and may be offered for free, for a discount with a coupon, or with a charge. A payment does not entitle the user who downloads the WAPT package recipe to a license granting him use rights of the software embedded in the WAPT package. The User must insure he has the proper license grant to use the software.

Current feature list as of 2021-04-23

Attention

You may find on Internet the mention of a GPLv3 Community version of WAPT that has been maintained and supported by Tranquil IT up to version 1.8.2 or approximately January 2021.

The Community version of WAPT has been friendly forked. Tranquil IT provides no longer any support, nor any maintenance, either free or paid on WAPT =< 1.8.2. Support and maintenance may be obtained from the operators of the fork at their rates and conditions.

Tranquil IT is the sole author and the full copyright owner of WAPT 1.8.2 and will require from maintainers of friendly forks that they refrain from using the name WAPT as the WAPT brand is trademarked and protected by the French INPI.

Comparison of features between WAPT versions as of 2021-04-23

Feature

Enterprise

Discovery

Community

Deploy, update and remove software on hosts running

feature available

feature available

feature available 1

Maintenance and support (check footnote for conditions)

Tranquil IT staff 4

Tranquil IT forum 4

Opensource community

Licensed under

Proprietary

Proprietary

GPLv3

Limits on number of devices

unlimited

300

unlimited

Version of Python used in code and WAPT packages

3+ (current)

3+ (current)

2.7 (obsolete)

Deploy and update configurations in SYSTEM context

feature available

feature available

feature available 1

Deploy and update configurations in USER context

feature available

feature available

feature available 1

Get a comprehensive inventory of hardware, software and applied WAPT packages

feature available

feature available

feature available

Benefit from the differentiated self-service (authorized users may install authorized software from authorized WAPT package stores)

feature available

feature not available

feature not available

Benefit from simplified Windows Updates that work better than a standard WSUS (only the required KBs are downloaded from Microsoft)

feature available

feature not available

feature not available

Simplify and structure your administrative workload by applying WAPT packages to an OU

feature available

feature not available

feature not available

Configure and manage easily WAPT store relays to preserve bandwidth for Edge Computing scenarii

feature available

feature not available

feature not available

Get access to ready-to-deploy WAPT packages for common free-to-use software

feature available

feature available

feature available 1

Work with easily verifiable python recipes for installing, updating and removing software and configuration

feature available

feature available

feature available 1

Benefit from hundreds of Helpers for simplifying software packaging

feature available 2

feature available

feature available 1

Encrypt your sensitive data for transport (software license keys, login, password, server FQDN, API informations for registering software with the vendor, etc)

feature available

feature not available

feature not available

Automate the auditing of your configurations for an easy, automated and always up-to-date compliance

feature available

feature not available

feature not available

Benefit from the power of SQL integrated with the WAPT console to make reports that you need for your daily sysadmin work or that your organization requires for budgeting decisions

feature available

feature not available

feature not available

Authenticate your WAPT Administrators against Active Directory or LDAP, or their sets of certificates

feature available

feature not available

feature not available 3

Benefit from differentiated roles between Package Developers and Package Deployers so you can delegate your WAPT powers to the most adequate people (packagers know security implications, deployers know user needs)

feature available

feature not available

feature not available

Benefit from multi-tenant, multi-client mode with ACLs for MSPs or large multi-departmental or international organizations using an internal PKI based mechanism for allowed perimeter

feature available

feature not available

feature not available

Simple to use screen-sharing for user support, built with the same level of security and privacy as WAPT (requires an additional host)

feature available

feature not available

feature not available

Continued support for Windows XP in WAPT for factory machine tools, Hospital medical equipment, expensive and hard to replace research instruments, etc

feature available 5

feature not available

feature not available

Operating system image deployment tool integrated within WAPT

feature available

feature not available

feature not available

Integration of WAPT inventory with popular Glpi ITSM tools

feature available

feature not available

feature not available

Verified and approved by internationally recognized cybersecurity agency ANSSI French Security Visa, WAPT is the only deployment software in the world with this level of certification

feature available

feature not available

feature not available

Features coming soon

Below is a list of features that we have identified as being really useful to WAPT and WAPT’s user community and that we have already started to work on. No time-line is promised, stay tuned, we are only promising you that we are working very hard to achieve these objectives.

Feature

Enterprise

Discovery

History of actions done via WAPT for a complete reporting of a hosts software maintenance life-cycle

feature available

feature not available

Authentication of WAPT Administrators using cryptographic tokens (ex: smartcards)

feature available

feature not available

Access to ready-to-deploy WAPT packages or recipes for licensed business software (common business software for industry, medical, office, public collectivities, cybersecurity, etc)

feature available

feature not available

Access to ready-to-deploy WAPT package extensions for simplifying desktop armoring using Applocker or equivalent

feature available

feature not available

Main functional benefits of the Enterprise version of WAPT

Logo WAPT Enterprise

WAPT Discovery is designed to let you try WAPT at no cost on a limited perimeter and with limited high-end features.

With WAPT Enterprise, you benefit automatically from the base functions included in WAPT to help you deploy, upgrade and remove software and configurations on your Windows, Linux and MacOS devices, from a central console, with many more benefits.

WAPT is a freemium model. The Enterprise version shares the same code base with the Discovery version. An activated Enterprise license key turns on the following additional functionalities:

  • Active Directory authentication of WAPT package developers, package deployers, self-service users and for the initial registering of the WAPT agents with the WAPT Server. In addition, the display of WAPT equipped devices in the WAPT console follow the same structure as the hierarchical structure of the Organization’s Active Directory OU;

  • role separation between package developers and package deployers.

    This way, central IT teams may build the software packages because they know the Organization’s security guidelines, and local IT teams may deploy the WAPT packages because they know the needs of their user base.

    Such a separation is implemented using differentiated sets of keys (i.e. Code Signing SSL certificates for package developers and Simple SSL certificates for package deployers);

  • differentiated self service.

    WAPT Enterprise allows you to apply lists of allowed packages to user groups in Active Directory.

    Allowed users are free to install qualified packages from their list of approved packages without having to submit a ticket to their IT teams.

    This feature is designed to offer Users the feeling of freedom and empowerment that they fear to lose in managed environments while allowing CISO to apply strict security rules using such method as SRP, also known as Applocker.

  • WAPT WUA.

    WAPT allows to manage the Windows Updates on your Windows endpoints.

    WAPT WUA is designed to just work out of the box, be gentle on your storage and preserve your bandwidth for your productive needs.

  • advanced reporting for corporate teams. This reporting completes the operational reporting already available in the WAPT console; reports help WAPT operators demonstrate their efficacy with WAPT for insuring a greater level of security and conformity for their networks, systems, software and applications.

  • dynamic repository configuration. Starting with WAPT 1.8, repository replication can be enabled using a WAPT agent installed on an existing machine, a dedicated appliance or Virtual Machine.

    The replication role is deployed through a WAPT package that enables the Nginx web server and configures scheduling, packages types, packages sync, and much more.

    This feature allows WAPT agents to find dynamically their closest available WAPT repository from a list of rules stored on the WAPT server.

  • ACLs. ACLs are managed by the SuperAdmin to authorize or restrict WAPT Administrators to viewing informations or performing actions only on a subset of the devices registered with the WAPT server.

    The identification and the authentication processes rely either on using Active Directory, LDAP or certificates. The authorizations granted to the Administrators are managed in the WAPT server database. The perimeter of devices on which the rights are granted is defined by the deployed Administrator’s certificate.

    This feature is particularly useful for large multi-national Organizations, central administrations with large regional offices or for MSPs wanting to centralize the management of several clients while allowing their end customer to perform some daily management tasks.

  • integration with Glpi

    Glpi is a popular ITSM solution for ticketing, incident and asset tracking.

    WAPT can now optionally send a minimum set of useful informations to a Glpi server.

Targeted use cases of WAPT Enterprise

The Enterprise version of WAPT is particularly advisable for Organizations:

  • that manage large installed bases of devices (generally above 300 units)

  • that are spread geographically with many subsidiaries or production sites

  • that require a strong traceability of actions performed on the installed base of devices for reasons of audit or security

Description of services available with a WAPT Enterprise contract

Access to future improvements in WAPT Enterprise

By subscribing to a WAPT Enterprise contract and by maintaining your subscription valid, you benefit from the future improvements brought into the core of WAPT and you benefit automatically from all future improvements to the WAPT Enterprise version.

A lapsing of your subscription will automatically switch your WAPT instance back to its corresponding Discovery version, advanced functions only available in the Enterprise version will no longer be accessible.

Direct telephone support for your daily usage of WAPT

When your subscription reaches above a certain volume, Tranquil IT, the creator of WAPT, allows you a privileged access to its core team of WAPT experts and developers.

We give you access to a dedicated telephone hot-line with a direct answer to satisfy your needs for support in English and French.

We are committed to providing you with reliable and pertinent answers on the subscribed perimeter, quickly.

By subscribing or renewing your WAPT Enterprise contract, you will receive a notification indicating the practicalities to access our support.

Attention

The support concerns only the use in your Organization of the WAPT Enterprise software, additional support for adapting, personalizing, debugging or creating WAPT custom packages may be obtained with prepaid support tickets.

Up to two individuals in your Organization may communicate with our direct support.

Price and preferential access to WAPT training

You may choose to train your IT team on any particularity of WAPT.

WAPT Enterprise subscribers benefit from a privileged access to Tranquil IT’s training advisers and a 50% discount on standard training prices.