.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. _install_requirements: ************************* Installation requirements ************************* You have to take into consideration a few security points in order to extract all possible benefits from WAPT: * If you are familiar with Linux, we advise you to install WAPT Server directly on CentOS following the security recommendations of French :term:`ANSSI` or the `recommendations of your state cyberdefense agency `_. * Although the WAPT Server is not designed to be a sensitive asset, we recommend it to be installed on a **dedicated machine** (physical or virtual). .. attention:: In all steps of the documentation, **you will not use any accent or special characters** for: * user logins; * path to the private key and the certificate bundle; * the :abbr:`CN (Common Name)`; * the installation path for WAPT; * group names; * the name of hosts or the the name of the server; * the path to the folder :file:`C:\\waptdev`. Hardware recommendations ======================== The WAPT Server can be installed either on a virtual server or a physical server. RAM and CPU recommendations are: .. list-table:: :header-rows: 1 :widths: auto :align: center * - Size of the network - CPU - RAM - Server optimization to apply * - From 0 to 300 agents - 2 CPU - 2024 Mio - No * - From 300 to 1000 agents - 4 CPU - 4096 Mio - Yes * - From 1000 to 3000 agents - 8 CPU - 8192 Mio - Yes * - From 3000 desktops onward - 16 CPU - 16384 Mio - Yes * A minimum of 10GB of free space is necessary for the system, the database and log files. **For better performance, Tranquil IT recommends the database to be stored on fast storage, such as SSD drives or PCIe-based solid-state drives**. * The overall disk requirement will depend on the number and size of your WAPT packages (software) that you will store on your main repository, 30GB is a good start. It is not strictly required to store WAPT packages on fast drives. * Finally, we have knowledge of users with servers equipped with multiple 10Gbps networking interfaces deploying at full speed massive Katia, National Instruments and Solidworks update packages on their :abbr:`LAN (Local Area Network)`. Software recommendations ======================== Operating system ---------------- WAPT server are available on Linux and Windows: * For Linux, **Debian 11**, **Red Hat 7 / 8 and derivatives**, **Ubuntu server LTS 20.04** 64 bit version are supported. It not an obligation to use a Linux server distribution, but use a **non graphical distribution**. .. note:: SELINUX is supported but not mandatory. * For Windows WAPT Server can be installed on **Windows Server** 64 bit version supported by Microsoft (Win2012r2, Win2k16 or Win2k19). Depending on your need, it can also be installed on recent Win10 Pro/Ent version (20H2 or later). The WAPT Server will only run on **64bit** based system. .. _open_ports: Open Ports ---------- .. figure:: wapt-resources/diagramme_flux.png :align: center :alt: Data-flow diagram of WAPT Data-flow diagram of WAPT As you can see, only ports **80** and **443** must be opened for incoming connections as the WAPT frameworks works with websockets initiated by the WAPT agents. Inbound ^^^^^^^ .. list-table:: :header-rows: 1 :widths: auto :align: center * - Protocol - Port number - Source - Destination - Description * - `TCP` - **80** - All WAPT agents - WAPT Server - Websocket connection (unsecured) for downloading packages and KB * - `TCP` - **443** - All WAPT agents - WAPT Server - Websocket connection for downloading packages and KB Outbound ^^^^^^^^ .. list-table:: :header-rows: 1 :widths: auto :align: center * - Protocol - Port number - Source - Destination - Description * - `TCP` - **80** - WAPT Server - Internet - Websocket connection (unsecured) for downloading packages, :file:`\wsusscn2.cab` and KB * - `TCP` - **443** - WAPT Server - All WAPT agents - Websocket connection for downloading packages, :file:`\wsusscn2.cab` and KB * - `TCP` - **80** - WAPT Server - Linux repository (for Linux server) - Update for packages * - `TCP` - **443** - WAPT Server - Linux repository (for Linux server) - Update for packages * - `TCP` - **53** - WAPT Server - Domain controller - DNS resolve * - `TCP` - **389** - WAPT Server - Domain controller - LDAP authentication * - `TCP` - **636** - WAPT Server - Domain controller - LDAP authentication * - `UDP` - **123** - WAPT Server - Domain controller - NTP ********************** Tips before installing ********************** .. _srv_dns: Configuring the Organization's DNS for WAPT =========================================== .. note:: **DNS configuration is not strictly required, but it is very strongly recommended**. In order to make your WAPT setup easier to manage, it is strongly recommended to configure the :term:`DNS` server to include A field or CNAME field as below: * *srvwapt.mydomain.lan*. * *wapt.mydomain.lan*. Replace *mydomain.lan* with your network's :term:`DNS` suffix. These DNS fields will be used by WAPT agents to locate the WAPT Server and their WAPT repositories closest to them. Configuring DNS entries in Microsoft RSAT. ========================================== * The *A* field must point to the WAPT Server IP address. .. figure:: wapt-resources/dns-configure-alias.png :align: center :alt: Configuring the A field in Windows RSAT You can now install the WAPT Server on your favorite operating system: * :ref:`Install the WAPT Server on GNU / Linux Debian `. * :ref:`Install the WAPT Server on CentOS / RedHat `. * :ref:`Install the WAPT Server on Windows `.