.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: WAPT Editions and versions history :keywords: WAPT, documentation, Enterprise, Discovery, Community .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: Feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: Feature not available .. |visa_secu| image:: wapt-resources/icon_visa_anssi_fr.png :scale: 10% :alt: French Security Visa .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only .. |date| date:: .. role:: green .. role:: orange .. role:: red .. _WAPT_Enterprise: ################################## WAPT Editions and versions history ################################## **************************** Currently supported versions **************************** .. list-table:: Current Software Lifecycle :header-rows: 1 :stub-columns: 1 :widths: auto :align: center * - \ - March 2022 - February 2023 - June 2023 - January 2024 - Second semester of 2024 * - WAPT 3.0 - \ - \ - \ - \ - :green:`Release 3.0 (To Be Defined)` * - WAPT 2.5 - \ - \ - \ - :green:`Release 2.5` - :green:`Security and bugfix maintenance` * - WAPT 2.4 - \ - \ - :green:`Release 2.4` - :green:`Security and bugfix maintenance` - :orange:`Security maintenance only` * - WAPT 2.3 - \ - :green:`Release 2.3` - :green:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :red:`End Of Life` * - WAPT 2.2 - :green:`Release 2.2` - :green:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :red:`End Of Life` - \ *********************** Out of support versions *********************** .. list-table:: Old Software Lifecycle :header-rows: 1 :stub-columns: 1 :widths: auto :align: center * - \ - January 2020 - March 2021 - October 2021 - March 2022 - April 2022 - June 2022 - January 2023 * - 2.1 Entreprise - \ - \ - :green:`Release 2.1` - :green:`Security and bugfix maintenance` - :green:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :red:`End Of Life` * - 2.0 Entreprise - \ - :green:`Release 2.0` - :green:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :orange:`Security maintenance only` - :red:`End Of Life` - \ * - 1.8 Entreprise - :green:`Release 1.8` - :orange:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :orange:`Security maintenance only` - :orange:`Security maintenance only` - :red:`End Of Life` - \ * - 1.8 Community - :green:`Release 1.8` - :orange:`Security and bugfix maintenance` - :orange:`Security maintenance only` - :orange:`Security maintenance only` - :red:`End Of Support by Tranquil IT, Community support only after` [#f1]_ - \ - \ *************************************** Summary of operating principles in WAPT *************************************** * **WAPT is agent based to allow no inbound open port** in host's firewalls that initiate a secured bi-directional websocket with the WAPT Server for allowing real-time reporting and actions. * WAPT works with Trusted Data Gateways using simple task scheduling. * WAPT works on the principle of smoothly pulling updates and then applying upgrades at a convenient time (works with low / intermittent bandwidth, high latency, high jitter networks). * WAPT does not require an Active Directory to work (works with Windows Home edition too); however, WAPT will show the host in its Active Directory tree if the host is joined to an AD. * Methods for deploying WAPT Agent: #. Using a :abbr:`GPO (Group Policy Object)` or an Ansible script. #. Manually after having downloaded the WAPT Agent from the WAPT Server or using :abbr:`SSH (Secured Shell)`. * Methods for registering hosts with the WAPT Server: #. Automatically using the host's kerberos account. #. Manually with the WAPT *SuperAdmin* login and password. * Upgrades may be triggered: #. Upon shutdown of the host, this is the standard mode. #. By an authorized WAPT Administrator in an emergency (ex: patching critical vulnerabilities running in the wild). #. By the user herself at a time she chooses (ex: 24/7 nursing cart unused during breaks with a simple click). #. Via a scheduled task running at a predetermined time (best for servers). * Security is insured with: #. Signing of WAPT packages using asymmetric cryptography. #. Authentication of hosts against the WAPT Server using symmetric cryptography on registering. #. Confidentiality of the WAPT Server using WAPT deployed client certificates. #. Using of :abbr:`ACL (Access Control Lists)` to define what an administrator is allowed to view or what actions he is allowed to perform according to his certificate. .. _current_feature_list: ********************************* Current feature list as of |date| ********************************* .. attention:: You may find on the Internet the mention of a GPLv3 **Community** version of WAPT that has been maintained and supported by Tranquil IT up to version 1.8.2, or up to approximately July 2021. The **Community** version of WAPT has been `friendly forked `_. **Tranquil IT provides no longer any support, nor any maintenance, either free or paid on WAPT =< 1.8.2**. Support and maintenance may be obtained from the operators of the fork at their rates and conditions. **Tranquil IT is the sole author and the full copyright owner of WAPT 1.8.2** and will require from maintainers of friendly forks that they refrain from using the name *WAPT* as the WAPT brand is trademarked and protected by the French :abbr:`INPI (Institut National de la Propriété Intellectuelle)`. .. list-table:: Comparison of features between WAPT versions as of |date| :header-rows: 1 :widths: auto :align: center * - Feature - Enterprise - Discovery * - **Deploy, update and remove software** on hosts - |ok| - |ok| * - Maintenance and support (check footnote for conditions) - Tranquil IT staff [#f5]_ - Tranquil IT forum [#f5]_ * - Licensed under - Proprietary - Proprietary * - Limits on number of devices - Depending on the number of devices in your contract - 300 * - Version of Python used in code and WAPT packages - 3+ (current) - 3+ (current) * - Deploy and update **configurations in SYSTEM context** - |ok| - |ok| * - Deploy and update **configurations in USER context** - |ok| - |ok| * - Get a **comprehensive inventory** of hardware, software and applied WAPT packages - |ok| - |ok| * - Benefit from the **differentiated self-service** (authorized users may install authorized software from authorized WAPT package stores) - |ok| - |nok| * - Benefit from **simplified Windows Updates** that work better than a standard WSUS (only the required KBs are downloaded from Microsoft) - |ok| - |nok| * - Simplify and structure your administrative workload by applying WAPT packages to an :abbr:`OU (Organizational Unit)` - |ok| - |nok| * - Configure and manage easily WAPT **store relays to preserve bandwidth** for *Edge Computing* scenarii - |ok| - |nok| * - Get access to **ready-to-deploy WAPT packages** for common free-to-use software - |ok| - |ok| * - Work with **easily verifiable python recipes** for installing, updating and removing software and configuration - |ok| - |ok| * - Benefit from **hundreds of Helpers** for simplifying software packaging - |ok| [#f3]_ - |ok| * - **Encrypt your sensitive data** for transport (software license keys, login, password, server FQDN, API informations for registering software with the vendor, etc) - |ok| - |nok| * - Automate the auditing of your configurations for an **easy, automated and always up-to-date compliance** - |ok| - |nok| * - Benefit from the power of SQL integrated with the WAPT Console to make **reports that you need for your daily sysadmin work or that your organization requires for budgeting decisions** - |ok| - |nok| * - Authenticate your WAPT :term:`Administrators` against **Active Directory or LDAP**, or their sets of certificates - |ok| - |nok| * - Benefit from differentiated roles between :term:`Package Developers` and :term:`Package Deployers` so you can **delegate your WAPT powers to the most adequate people** (packagers know security implications, deployers know user needs) - |ok| - |nok| * - Benefit from multi-tenant, multi-client mode with :abbr:`ACLs (Access Control Lists)` for :abbr:`MSPs (Managed Service Providers)` or large multi-departmental or international organizations using an internal, easy to use :abbr:`PKI (Public Key Infrastructure)` based mechanism for allowed perimeter - |ok| - |nok| * - Integration with Mesh Central for simple *screen-sharing* for user support - |ok| - |nok| * - **Continued support for Windows XP** in WAPT for factory machine tools, Hospital medical equipment, expensive and hard to replace research instruments, etc - |ok| [#f6]_ - |nok| * - Update packages directly within the WAPT Console with :file:`update_package` function - |ok| - |nok| * - Integrate WAPT inventory with popular GLPI :abbr:`ITSM (IT Service Management)` tool - |ok| - |nok| * - WADS : operating system image deployment tool integrated within WAPT - |ok| - |nok| * - Check package with www.virustotal.com - |ok| - |ok| [#f8]_ * - Verified and approved by internationally recognized cybersecurity agency ANSSI |visa_secu|, **WAPT is the only deployment software in the world with this level of certification** - |ok| - |nok| * - Remote restart and shutdown of client computers - |ok| - |nok| * - Send html formatted message to connected users - |ok| - |nok| * - Deploy WAPT configuration packages to easily change the configuration of remote WAPT Agents - |ok| - |nok| * - Filter newer versions of public WAPT packages directly from the local repository - |ok| - |nok| * - Support for macOS WAPT Agents - |ok| - |nok| * - Access to ready-to-deploy WAPT packages or recipes for licensed business software (common business software for industry, medical, office, public collectivities, cybersecurity, etc) - |ok| - |nok| .. _features_coming_soon: ******************** Features coming soon ******************** Below is a list of features that we have identified as being really useful to WAPT and WAPT's user community and that we have already started to work on. No time-line is promised, stay tuned, we are only promising you that we are working very hard to achieve these objectives. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Feature - Enterprise - Discovery * - History of actions done via WAPT for a complete reporting of a hosts software maintenance life-cycle - |ok| - |nok| * - Authentication of WAPT Administrators using cryptographic tokens (ex: smartcards) - |ok| - |nok| * - Access to ready-to-deploy WAPT package extensions for simplifying desktop armoring using Applocker or equivalent - |ok| - |nok| .. rubric:: Footnotes .. [#f1] WAPT 1.8.2 Community is supported by Tranquil IT until 2022-04-30. After this date, the support will be done by the community only. .. [#f2] WAPT =< 1.8.2 implements python2.7, so there is no guarantee that WAPT packages designed for python3 will work. .. [#f3] The Enterprise version embeds more *SetupHelper* functions than the **Community** and **Discovery** versions. .. [#f4] In the **Community** and **Discovery** versions, the WAPT *SuperAdmin* password is shared between individuals that manage the WAPT Server. .. [#f5] A minimal volume of licenses **MUST** be subscribed in order to benefit from Tranquil IT's telephone support for the daily operation of the software. Additional paid support is available to help you with your WAPT packaging needs. Forum support is provided without warranty nor delay and may be provided by **Enterprise** or **Discovery** users not affiliated with Tranquil IT. .. [#f6] Windows XP does not work with Python > 2.7. So a special branch of WAPT will be frozen with the last build of the WAPT Agent running with 2.7. This version of the WAPT Agent will of course be excluded from the target of evaluation in future security certifications. .. [#f7] Access to the store requires an account. WAPT package recipes are proprietary and may be offered for free, for a discount with a coupon, or with a charge. A payment does not entitle the user who downloads the WAPT package recipe to a license granting him use rights of the software embedded in the WAPT package. The :term:`User` **MUST** insure he has the proper license grant to use the software. .. [#f8] Only for packages on the Tranquil IT certified WAPT store. To benefit from virustotal for your own packages, the Enterprise version is required. ********************************************************** Main functional benefits of the Enterprise version of WAPT ********************************************************** |enterprise_feature| WAPT **Discovery** is designed to let you try WAPT at no cost on a limited perimeter and with limited high-end features. With WAPT **Enterprise**, you benefit automatically from the base functions included in WAPT to help you deploy, upgrade and remove software and configurations on your Windows, Linux and macOS devices, from a central WAPT Console, with many more benefits. WAPT is a *freemium* model. The **Enterprise** version shares the same code base with the **Discovery** version. An activated **Enterprise** license key turns on the following additional functionalities: * **Active Directory authentication** of WAPT package developers, package deployers, self-service users and for the initial registering of the WAPT Agents with the WAPT Server. In addition, the display of WAPT equipped devices in the WAPT Console follow the same structure as the hierarchical structure of the Organization's Active Directory :abbr:`OU (Organizational Units)`. * **Role separation between package developers and package deployers**. This way, central IT teams may build the software packages because they know the Organization's security guidelines, and local IT teams may deploy the WAPT packages because they know the needs of their user base. Such a separation is implemented using differentiated sets of keys (i.e. **Code Signing** SSL certificates for package developers and **Simple** SSL certificates for package *deployers*) and with ACLs rigths. * **ACLs**. :abbr:`ACLs (Access Control Lists)` are managed by the :term:`SuperAdmin` to authorize or restrict WAPT :term:`Administrators` to viewing informations or performing actions only on a subset of the devices registered with the WAPT Server. The identification and the authentication processes rely either on using Active Directory, LDAP or certificates. The authorizations granted to the Administrators are managed in the WAPT Server database. The perimeter of devices on which the rights are granted is defined by the deployed Administrator's certificate. This feature is particularly useful for large multi-national Organizations, central administrations with large regional offices or for :abbr:`MSPs (Managed Service Providers)` wanting to centralize the management of several clients while allowing their end customers to perform some daily management tasks. * **Differentiated self-service**. WAPT Enterprise allows you to apply lists of allowed packages to user groups in Active Directory. Allowed users are free to install qualified packages from their list of approved packages without having to submit a ticket to their IT teams. This feature is designed to offer :term:`Users` the feeling of freedom and empowerment that they fear to lose in managed environments while allowing CISO to apply strict security rules using such method as :abbr:`SRP (Software Restriction Policies)`, also known as *Applocker*. * **WAPT WUA**. WAPT allows to manage the Windows Updates on your Windows endpoints. WAPT WUA is designed to just work out of the box, be gentle on your storage and preserve your bandwidth for your productive needs. * **Advanced reporting for corporate teams**. This reporting completes the operational reporting already available in the WAPT Console; reports help WAPT operators demonstrate their efficacy with WAPT for insuring a greater level of security and conformity for their networks, systems, software and applications. * **Dynamic repository configuration**. Starting with WAPT 1.8, repository replication can be enabled using a WAPT Agent installed on an existing host, a dedicated appliance or Virtual Host. The replication role is deployed through a WAPT package that enables the :program:`Nginx web server` and configures scheduling, packages types, packages sync, and much more. This feature allows WAPT Agents to find dynamically their closest available WAPT repository from a list of rules stored on the WAPT Server. * **Integration with GLPI** GLPI is a popular :abbr:`ITSM (IT Service Management)` solution for ticketing, incident and asset tracking. WAPT can now optionally send a minimum set of useful informations to a GLPI server. ************************************* Targeted use cases of WAPT Enterprise ************************************* The Enterprise version of WAPT is particularly advisable for Organizations: * That manage large installed bases of devices (generally above 300 units). * That are spread geographically with many subsidiaries or production sites. * That require a strong traceability of actions performed on the installed base of devices for reasons of audit or security. * That value secured and proven solutions in their IT sourcing. ***************************************************************** Description of services available with a WAPT Enterprise contract ***************************************************************** Access to future improvements in WAPT Enterprise ================================================ By subscribing to a WAPT **Enterprise** contract and by maintaining your subscription valid, you benefit from the future improvements brought into the core of WAPT and you benefit automatically from all future improvements to the WAPT **Enterprise** version. A lapsing of your subscription will automatically switch your WAPT instance back to its corresponding **Discovery** version. Advanced functions only available in the **Enterprise** version will no longer be accessible and no action other that deleting hosts from the WAPT Console will be allowed until the host count has passed below 300. Direct telephone support for your daily usage of WAPT ===================================================== When your subscription **reaches above a certain volume**, Tranquil IT, the creator of WAPT, allows you a privileged access to its core team of WAPT experts and developers. We give you access to a dedicated telephone hot-line with a direct answer to satisfy your needs for support in **English** and **French**. We are committed to providing you with reliable and pertinent answers on the subscribed perimeter, quickly. By subscribing or renewing your WAPT **Enterprise** contract, you will receive a notification indicating the practicalities to access our support. .. attention:: The support concerns only the use in your Organization of the WAPT **Enterprise** software, additional support for adapting, personalizing, debugging or creating WAPT custom packages may be obtained with prepaid support tickets. Up to three individuals in your :term:`Organization` may communicate with our direct support. .. note:: For more information, `contact Tranquil IT sales team `_. Training on WAPT ================ You may choose to train your IT team on any particularity of WAPT. .. note:: For more information, `contact the Tranquil IT sales team `_.