WAPT 2.0 F.A.Q. : 70 questions about WAPT

by | May 12, 2021 | FAQ, WAPT

A few weeks ago, we announced the release of WAPT 2.0. And we couldn’t help but organize a webinar to celebrate the release of this new version!

We always design our webinars to be for everyone! So there are a lot of questions asked. It’s pretty easy to get lost between the video explanations and the chat. And that’s for the lucky ones who can participate in this webinar.

Fortunately, we have many solutions to deal with all these little inconveniences:

Discover the content of the WAPT 2.0 F.A.Q. in replay:

Discover the WAPT 2.0 F.A.Q.:

With 70 questions in this WAPT 2.0 F.A.Q., you will probably find the details you are looking for! Here is a summary to help you navigate through this “huge flood of information”:

Discover WAPT:

General questions

Is WAPT the only solution in its category to be certified by the ANSSI?

To our knowledge, WAPT is the only solution in its category to have received a security visa from the ANSSI.

Do you offer educational rates?

Yes, we have educational rates as well as rates for local government, associations and hospitals. So don’t hesitate to contact us to benefit from preferential rates.

What is the future of the public package repository after the end of WAPT Community?

You will always have access to a package store with WAPT Enterprise. The current store may change, but there is no intention to remove it right now.

Is it possible to test this new version of WAPT?

Absolutely! You can get a free 30-day trial of WAPT Enterprise!

Is there a negotiated protocol with the groupement logiciel?

Yes, if you are in universities; research; CNRS, you can contact us. We will then apply the rates established in the agreement.

Are there any free package repositories other than the WAPT Store and the fourmis du web?

Not to our knowledge.

Using WAPT

Is it possible to install a WAPT server on a Raspberry Pi?

The performance of the Raspberry Pi may be a little light to host a WAPT server. It is however possible to install a remote repository.

Does WAPT work correctly on every versions?

For Windows 7 and Windows 10, you can use WAPT 2.0. For Windows XP, you must use WAPT 1.8.2.

What happens if WAPT installs one version of a software and a user installs another version on the same computer?

If the user can do this, it means that he is the administrator of his computer, so it is worrying. An update will appear in the “software inventory” tab of the console. You will have to update the package by yourself.

Can a single WAPT instance manage multiple independent AD domains?

Yes, this is possible. You can also manage computer stations that are outside the domain

Is it possible to deploy software on Mac OS X computers?

Yes, WAPT also has a working Mac agent.

Is the WAPT console a rich client?

The WAPT console is a Windows rich client (only). The console is automatically installed with the WAPT agents, so it can be accessed from any Windows workstation in your computer park.

You can interact with the console only if you have a valid certificate. This strengthens the security of deployments.

What is the difference between a basic installation and a forced installation of a package?

The basic installation will launch the installation of the software. The forced installation will force the installation of the software, even if the software is already installed on the computer and in the right version.

Is it possible to use AD groups to manage console access?

By default, the AD group that has permission to connect to WAPT is defined in the server configuration file. The ACLs are managed by user.

Is it possible to use WAPT to manage stand-alone computer stations?

Of course! You can have computers outside the domain without any problems. However, it is recommended to use WAPT Enterprise for the installation at shutdown.

How do WAPT agents for MAC OS behave?

WAPT agents for Mac OS and Linux have the same functionality as a regular agent, except the “installation at shutdown” feature. Everything else works the same way.

Discover WAPT 2.0:

Questions about WAPT 2.0

Will WAPT 2.0 also be certified by the ANSSI?

For this new version, the CSPN is being validated by the ANSSI.

Is the migration from WAPT Community 1.8.2 to WAPT 2.0 easy?

If you are using WAPT 1.8.2, the migration will be simple. It is like a regular upgrade.

However, you will have to re-sign your packages after the switch to Python 3. You may have to modify some packages that are not compatible with Python 3. We have provided a dedicated button in the console to simplify this task.

If you are using an older version, you will have to upgrade several times (up to 1.8.2) before upgrading to version 2.0.

Will a message appear to indicate which packages will be in error during the migration to WAPT 2.0?

If you run an audit on a machine, the audit will show an error if there is a syntax problem. If the machine has been upgraded to 2.0, you will be able to see if there are syntax errors on the packages on that machine.

Does version 2.0 solve the error message problem on clients who have installed Anaconda?

Many internal tests lead us to believe that it is solved. If the problem is still present on your side, do not hesitate to contact us.

What does the new package summary tab add?

It allows you to have a summary of the status of the packages. This is close to reporting, without the need for SQL queries.

Do you have any APIs planned for this new version?

The WAPT server is an API. There are still many things that are done via the console. The APIs will mostly allow you to delete machines, delete packages or even execute SQL queries.

Is there any way to know which packages will be incompatible before upgrading to version 2.0?

No. All packages in the WAPT store are compatible with Python 3.For your own packages, you need to check them. The recommendations for upgrading to Python 3 may help you.

Is it possible to import WAPT 2.0 based packages to a 1.8.2 version?

It all depends on the package code. We are going to start using WAPT 2.0 code, rather than 1.8 code. So there is a risk that the packages will not be functional.

Is the WAPT 2.0 client available on Big Sur?

Not yet. We’re working on it.

Does Mesh use port 443?

Yes, this is the same concept as WAPT. The client will connect to the Mesh server.

WAPT Discovery

What is the release date of WAPT Discovery?

It has not yet been announced. This version should be released soon.

What happens if WAPT Discovery is used on a computer park with more than 300 computers?

You will not be able to use the WAPT Discovery console if you are over 300 computers. However, it will be possible to delete computers to get back under this limit.

Will Mesh integration be included in WAPT Discovery?

No.

The integration of WAPT with GLPI

Will the Discovery version benefit from the integration of WAPT with GLPI?

No, this is a feature dedicated to WAPT Enterprise.

With WAPT, is the tracking of changes made on the workstation similar to Fusion?

In the WAPT console, you can go to “Tools > Manage the export of inventory data to GLPI > Advanced”. You will be able to specify the delay of the information feedback in the console.

What information is sent to GLPI?

Hardware and software inventory.

Is it possible to add the merge tag based on the OU where the machine is located in the AD domain?

No. We can do something if the demand becomes stronger.

Features (potentially) to come

Do you plan to integrate other solutions than GLPI?

No. We may consider adding it if there is a strong demand, but we have not identified that need right- now.

Are smartphone agents planned in the roadmap?

Not yet, we are discussing it

Is it possible to have a dashboard with the software that is not up to date?

No. We have started working on it with some organizations. We hope it will be available soon.

However, if a new version is available in the public repository, it is possible to check the box “Newer packages only”.

Will it be possible to deploy packages to user-based AD groups?

On the users, no. In our opinion, this is not a desirable behavior because the software is dedicated to the computer and not to the user.

Have you made any progress on the Wake On Lan feature in multi-site (across repositories)?

No, we’ll get back to it soon.

Is it possible to update the console without action?

No. We are working to make this possible.

Is it planned to add an update package warning when opening the console?

No, this is not planned.

Is native support on Azure AD planned?

No.

How WAPT works:

Discover the WAPT Self Service

Does a user need administrator rights to install WAPT Self Service packages?

No, that is the advantage of WAPT Self Service. A user can install software without having administrator rights.

Can I access WAPT Self Service without authentication?

No. We are studying the different solutions to be able to do it.

Is the identification to WAPT Self Service done with CAS or Shiboleth authentication?

No, the identification is based on the couple “login / password”. The verification is done at the Windows layer.

Does WAPT Self Service work for telecommuting computers? Are there any recommendations to follow with firewalls / VPNs?

By default, the WAPT Self Service authentication is done through Windows authentication. If the Active Directory is not available through Windows, then it will not be possible.

An intermediate mode is provided which transfers the “login/password” to the WAPT server, which will then make an LDAP request.

WAPT packages management

Are packages subject to a size limit?

A WAPT package is nothing more than a downloadable “.zip” file. So there is no size limit. Your client must have enough space to get the package, unzip it and install it.

Is it possible to force the installation of packages only at boot time?

Yes, by creating a scheduled task via a package. The task will be able to launch the installation.

Is it possible to choose the order in which packages are installed when the machine is shut down?

You cannot specify the order in which the packages are installed. By default, it will be done with the dependency system. Otherwise, it will be done in the order of arrival.

How are checkboxes that install third-party software handled when installing software via WAPT?

It will really depend on the software and the editor. If the silent installation of the software doesn’t allow to remove this kind of elements, you won’t be able to do anything about it when creating the package.

Can I remotely uninstall a package that was not installed with WAPT?

Yes, you cab do this with a dedicated package.

Is it possible to launch a one-time task on an agent without using package creation?

With WAPT 2.0, it is possible to stop and restart machines. However, it is not possible to run one-time tasks. You have to use WAPT packages for that.

How does package deployment work on degraded networks?

In case of network outage, WAPT integrates a download resumption function. It is functional on this type of network.

Is it possible to disable the automatic installation of packages at shutdown?

It’s quite easy to prevent all packages from being installed when the computer is shut down.

It will be more complicated to prevent it for some packages, but it can be done.

Does a deployed application follow its classic update cycle? What about adding PPAs on Linux clients?

WAPT packages are independent of Linux packages. WAPT will behave like a debian, it’s the same principle.

Will a manually made package in which I specify a type of package that is forbidden to me be refused by the WAPT client?

If a package is in conflict, then it will be uninstalled. To prevent the installation, you have to put it in the list of forbidden packages (host, group, etc).

Why the "launch package update" doesn't function appear when I right-click on a package in the WAPT console?

There are several possibilities, either:

  • You have just migrated to the latest version without putting any ACL.
  • The computer is not connected.
  • You have a certificate that is not good.
The machine package of the teleworking computers keeps the status "to upgrade". Where can this problem come from?

This may be due to users not necessarily shutting down their machines. The status “to upgrade” indicates that the package is waiting to be installed and the installation is supposed to be done when the computer is shut down.

Windows Updates

Can I schedule the installation of Windows packages and updates?

Yes, you can make a scheduled task that will start installing all Windows updates at a specific time, for example.

Can we deploy major Windows Updates to a set of PCs?

Yes, with a generic WAPT package. It works differently from the KB list available in the “Windows Update” tab of the console.

For most major updates, we provide the package on the WAPT store so feel free to check it out.

Is it possible to know the percentage of Windows Updates installed on a computer?

Via the “Windows update” tab of the console, you will be able to see the workstations that have the KB that you click on. For the reporting, the easiest way is to make an SQL query.

Using remote repositories

How is space management done in a remote repository?

The remote repositories go to the WAPT repository and copy it. Changes made on the WAPT server are also made on the remote repositories.

Do you need a dedicated workstation or a server to manage remote repositories and packages?

To manage remote repositories, you need a WAPT agent with a NGINX server installed, so a small machine can be enough. It is possible to put a remote repository on a Raspberry Pi, for example.

Is it possible to create a package and prevent it from being automatically replicated to remote repositories?

No. Since the remote repository acts as a mirror, it is impossible to create a package without it being automatically replicated to the remote repositories.

Can we create a remote repository on synology (docker)?

If it’s docker, yes. However, it depends on your configuration. We can’t give a categorical answer, it really depends on the configuration of your synology.

Security in WAPT

Is the access to the database secure? How is it secured?

By default, PostgreSQL is not open. You can do this by opening the right ports and creating a strong password to access the database.

How can I secure administrator access to the console?

First of all, it is recommended to have a strong password. If you place it behind a reverse-proxy, you can protect some access points. We also recommend to use a personal certificate and an account per user.

Is it possible to encrypt the database?

No, because if the data is encrypted, it’s complicated to display it in the console.

Is it recommended to create one certificate per person?

Yes, because we have added a “package signer” column to the WAPT console. You will not be able to identify the signer of the package if you share a certificate. So this option provides better tracking.

Techincal questions

How to manage roaming/teleworking computers without a unified network via VPN? Is it recommended to create one certificate per person?

When it comes to telecommuting, you have several options:

  • You can use a VPN so that the computer stations are on the same network.
  • It is also possible to put the WAPT server on the Internet so that the computers can see it. As the certificates take care of securing WAPT, the server is not considered a sensitive asset.
Is it possible to remove the WAPT Exit when the machine is stopped?

Yes, this is possible. We recommend that you tell it not to do anything when the machine is shut down. This way, if he is installing something, the installation will not be shut down.

Is Lutti still working?

Yes, this is still true.

And here we are “already” at the end of this WAPT 2.0 F.A.Q. This is the perfect opportunity to thank our community, whose responsiveness allows us to turn this kind of initiative into a real success!

I don’t think you should have any more questions. However, if I’m wrong, don’t hesitate to let us know in the comment section!

Demonstration

Group demo

04/04/2024 : 10h30 - 11h30

Let's go !