Deploying additional scanning machines
Last updated: May 17, 2022
Read time: 3 Minutes
When you performed the initial installation of Burp Suite Enterprise Edition, you probably chose to run the Enterprise server and web server on the same machine that you run scans on. However, running too many concurrent scans on the same scanning machine can cause performance issues. In this case, you might want to deploy one or more dedicated scanning machines to ease the load on your Enterprise server machine.
This page explains how to configure fixed scanning machines as part of a standard deployment. For information on how to use cloud-based auto-scaling scanning, see the Managing auto scaling scan resources page.
Setting up a new scanning machine
The setup process for a new scanning machine uses the same installer you used for the initial installation of Burp Suite Enterprise Edition. However, you might need to download a different installer if your intended scanning machine uses a different operating system.
Please make sure that the Enterprise server is able to connect to
https://portswigger.net throughout the scanning machine setup process. This is necessary in order for the system to enable the new scanning machine.
On the machine that you want to use, log in to your account page on
- Under "Your licenses and products", download the installer for the same version of Burp Suite Enterprise Edition that is installed on your Enterprise server machine.
- Open the installer and follow the same process that you did when installing Burp Suite Enterprise Edition. When asked what you want to use the machine for, deselect Running the Enterprise server and web server and select Running scans.
- When prompted, enter the hostname or IP address of the machine where you previously installed the Enterprise server. External scanning machines automatically access the Enterprise server on port 8072.
- When the installation is complete, you are given a fingerprint of the scanning machine's public key. You need to keep this to authorize the new scanning machine later.
For a single deployment of Burp Suite Enterprise Edition, you only need one license. It doesn't matter how many scanning machines you deploy, or how many scans you run. However, if you want to deploy Burp Suite Enterprise Edition in multiple environments, you must purchase a separate license for each environment. This also applies to test, development, or staging environments, for example.
If you have any questions about your licensing requirements, please contact our customer support team at firstname.lastname@example.org.
Authorizing a new scanning machine
Communication between scanning machines and the Enterprise server is protected by mutually authenticated TLS. When you set up a new scanning machine, it will generate a unique fingerprint, which acts as a public key, and send an authorization request to your Enterprise server. When the Enterprise server receives an authorization request, it displays the fingerprint that was used in the TLS negotiation. You compare this fingerprint with the fingerprint that you generated when setting up the new scanning machine to make sure that communication is happening directly with the authentic machine before authorizing it.
- Log in to the web UI as an administrator and go to the Scanning machine settings page.
- On the Authorization requests tab, you should see a pending authorization request showing the IP address of the new scanning machine (or, if NAT is being used on the network, the IP address from which the scanning machine's connection was received) and the public key fingerprint.
- If you are using a standard deployment (as opposed to a Kubernetes deployment), choose the pool that the scanning machine will belong to. For more details, see Managing scanning pools.
- Compare the public key fingerprint shown with the one that you saved after setting up the new scanning machine. If they match, click Authorize.
This scanning machine is now available for use on the Scanning machine settings page and you can start assigning scans to it.