Tranquil IT Forum

Hello,

I'm wondering about the functionality of WAPT in a mobile/teleworking environment.
I've experimented with the WPAT community on a local network (clients and server on the same LAN).
For updates to work from home as well, is a public WPAT server necessary?
Is this a reasonable security measure for the server given the potential dangers of the internet?

The need is similar for a fleet of devices such as Android or Apple tablets and smartphones:
centralized software updates and
limited configuration and usage options (kiosk mode).

There are many MDM (Mobile Device Management) options on the Play Store; do you have any recommendations (CLYD, SureLock, etc.)?
Have you considered developing a WAPT solution for Android/Apple?

Sincerely,
EdG

Regarding tablet management, I found an interesting solution:
https://www.manageengine.com/fr/mobile- ... anagement/

But I haven't tested it...

Hello,
Wapt's communication and security model is well-suited for managing a mobile fleet.

The protocol used is HTTPS, so it works well over the internet. (Only port 443 is open on the Wapt server, and absolutely no ports are open on the clients.)

Network communications are initiated by the client workstation, so there are no issues with clients using NAT behind internet routers.

The server can be exposed to the public internet by enabling client certificate authentication. (https://www.wapt.fr/fr/doc/wapt-securit ... entication)
When a client workstation is initially registered on the Wapt server, it receives a unique certificate (X.509, RSA key, signed by the server's CA) which allows it to authenticate later on the public Wapt server (NGINX reverse proxy). The server is therefore protected from access by unauthorized clients.
Therefore, a VPN connection is not required for managing mobile client workstations.

Client security is based on packet signing (RSA) (actually a zip file). The client workstation has a list of authorized signing certificates. There are no open network ports on the client side. (https://www.wapt.fr/fr/doc/wapt-concept ... -principle)

The current situation has motivated many Wapt users to expose their Wapt server to the internet by enabling client certificate authentication. This allows them to keep their workstation up to date and deploy new applications or configurations.

For Android and Apple mobile clients, the security systems of these platforms make it difficult for third-party software to affect the device as a whole or other installed applications (unless the device is rooted or jailbroken). For Android, the Wapt service should be a "system" application, and therefore could only be installed on devices with an unlockable bootloader.
That's why, for the moment, we don't have advanced development on these two platforms. But it would be a logical evolution for Wapt to address MDM.