Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

ENTERPRISE

Preparing to deploy Burp Suite Enterprise Edition

  • Last updated: November 30, 2022

  • Read time: 4 Minutes

Burp Suite Enterprise Edition offers multiple licensing, deployment, and installation options, enabling you to configure the system in the way that best meets your needs.

In order for you to get the most out of Burp Suite Enterprise Edition straight away, you should take some time to prepare before purchasing and installing. We recommend that you account for approximately one month of planning time before installing Burp Suite Enterprise Edition.

This guide explains the configuration decisions you need to make, and some points you should be aware of before you get started.

Decide on your licensing needs

Burp Suite Enterprise Edition licenses are based around the number of concurrent scans that you want to run. Your subscription enables you to add as many target applications or URLs as you like, and to set up as many users as you need at no extra cost.

As such, you should consider how you intend to use Burp Suite Enterprise Edition before deciding how many concurrent scans to purchase. For example, if you intend to run frequent scans across a large portfolio of target applications you will likely need to purchase more concurrent scans than if you were scanning less intensively.

Related pages

Pricing

Choose your deployment type

You can deploy Burp Suite Enterprise Edition in two ways:

  • Standard deployments use an installer to deploy Burp Suite Enterprise Edition to a physical or virtual server. We recommend this method for smaller-scale deployments that have fairly predictable scanning requirements.
  • Kubernetes deployments use a Helm chart to deploy Burp Suite Enterprise Edition to your Kubernetes cluster. When running on Kubernetes, Burp Suite Enterprise Edition scales the amount of compute resources dedicated to scanning automatically. We recommend this method for larger deployments, or for deployments with variable scanning requirements.

We recommend that you only use a Kubernetes deployment type if your organization has previous experience with Kubernetes. While we offer full support for Kubernetes deployments of Burp Suite Enterprise Edition, we are unable to offer support on your underlying Kubernetes infrastructure.

Choose your preferred architecture

When creating a standard deployment, you can either deploy all Burp Suite Enterprise Edition components to a single machine or use a multi-machine architecture.

The number of machines needed to run Burp Suite Enterprise Edition depends on how many concurrent scans you intend to run:

  • For one or two concurrent scans, we recommend a single-machine deployment. In this setup, scans run on the machine that the Enterprise server is installed on. This is the simplest deployment option.
  • For three or more concurrent scans, we recommend a multi-machine deployment. In this setup, scans run on dedicated scanning machines. This offers a more scalable solution in which you could potentially run any number of concurrent scans.

Note

You can deploy as many scanning machines as you need. We strongly recommend running no more than 3-4 concurrent scans on each scanning machine, and no more than two concurrent scans on the server machine.

Plan your database setup

Burp Suite Enterprise Edition includes an embedded H2 database, making it easy for you to evaluate the product or run trials. However, for production deployments we recommend that you connect to an external database. Note that you can migrate from the embedded database to an external database after installation if required.

You must use the database script provided to set up any external database you want to use up before installing Burp Suite Enterprise Edition.

Review the system requirements

Whichever deployment type and architecture you choose, you should ensure that the machines you intend to run Burp Suite Enterprise Edition on meet the system requirements. You are likely to experience issues with Burp Suite Enterprise Edition and with scan performance if your infrastructure does not meet these requirements.

Plan your network and firewall setup

To ensure that Burp Suite Enterprise Edition can work correctly, you need to configure your network to allow the various components to communicate with each other and your target applications. The network requirements vary depending on whether you intend to perform a single-machine or multi-machine deployment.

Note that the Enterprise server must be able to connect to portswigger.net on port 443 in order to activate your license and complete the installation process. If you are not able to connect to the public internet from the machine you intend to install the server on, then you may need to configure an HTTP proxy server.

Prepare your organization

As well as making technical decisions, we recommend that you consider any factors within your organization that may cause delays when attempting to install Burp Suite Enterprise Edition.

For example, you should ensure that:

  • You have accounted for any internal compliance and security procedures.
  • You have appropriate IT resource available.
  • You have accounted for the time needed to authorize and provision any required infrastructure.

Was this article helpful?