Burp Suite Enterprise Edition system requirements
This section describes the requirements for the various systems that are involved in a deployment of Burp Suite Enterprise Edition. Please read these carefully before proceeding with your installation.
Number of machines
The number of machines needed to run Burp Suite Enterprise Edition very much depends on the scale of your intended usage.
You can run all of the components on a single machine, including the bundled database. This is suitable for evaluation purposes and for many production use cases. On a machine with substantial resources, this set up should be able to comfortably support up to 10 agents. The diagram below shows a single-machine deployment:
At the other extreme, you can run agents on a large number of machines, and you can use your own external database for storage. This lets you scale the number of concurrent scans to be indefinitely large, and utilize any existing database infrastructure that you have. The diagram below shows a multiple-machine deployment, with an external database and agent machines:
Each agent machine, and optionally the Enterprise server machine, can be configured to run multiple logical agents. Each logical agent can be occupied carrying out a single scan at any given time. The number of agents that will actually used is limited to the number in your license. Read more about agent counts
Note that the Enterprise server and web server components are always deployed on a single machine.
Machine specifications
All machines on which Burp Suite Enterprise Edition components are installed must have:
- 64-bit architecture.
- A modern Windows, Linux, or MacOS operating system. It is possible to use different operating systems on different machines within the deployment.
The amount of system resources required for machines running Burp Suite Enterprise Edition is highly dependent on a variety of factors, including the nature and extent of the applications being scanned, the numbers of issues that are reported, and the number of active users of the web UI and REST API. The following table provides an indicative guide to the machine specifications that are recommended to ensure satisfactory performance. When provisioning machines, be aware that specifications might need to change later based on the experience of your actual usage.
| Enterprise server machine | Agent machine | |
|---|---|---|
| Base installation |
10Gb of free disk space 16Gb of RAM 4 CPU cores |
10Gb of free disk space 2Gb of RAM 2 CPU cores |
| Per logical agent |
20Gb of free disk space 4Gb of RAM 4 CPU cores |
20Gb of free disk space 4Gb of RAM 4 CPU cores |
| Bundled database |
Additional disk space is required if the bundled database is used. Read more |
Not applicable |
Please note the following points regarding free disk space requirements:
- The free space required is not only for the up-front installation. Disk space is used for storage of ephemeral data during scans and product updates.
- The disk location (configured during the installation process) must reside on locally attached storage, and not be a networked file system.
Database
Burp Suite Enterprise Edition uses an SQL database to store data about configured sites and scans, the results of scans, and other configuration information. You can use one of the following options:
- A bundled database that can be installed on the same machine as the Enterprise server. This option can be used to support any scale of deployment provided you have sufficient disk space available (see below).
- Your own external database. This option lets you utilize any existing database infrastructure that you have, including database backups, and is more appropriate for larger deployments. The types and versions of external databases that have been tested and are fully supported are shown below:
| Type | Supported versions |
|---|---|
| MariaDB | 5.6, 5.7, 10.1, 10.2, 10.3 |
| Microsoft SQL server | 2012, 2014, 2016, 2017 |
| MySQL |
5.6, 5.7 |
| Oracle | 12.2, 18c |
| PostgreSQL | 9.4, 9.5, 9.6, 10 |
Database size
The quantity of data that might be accumulated by Burp Suite Enterprise Edition depends hugely on the scale and nature of your usage, and particularly on the number of scans that are performed and the number of issues that are reported by those scans. The following table is an indicative guide to the quantity of data that is likely to be accumulated in different situations:
| Number of scans | Data storage |
|---|---|
| 1,000 | 500Mb |
| 10,000 | 5Gb |
| 100,000 | 50Gb |
Client browsers
Most modern machines should be able to use the web UI without any problems.
Browsers that are specifically supported and tested are current versions of Chrome, Edge, Firefox, Internet Explorer, and Safari.
The recommended minimum screen size is 1080 pixels in the shorter dimension. Smaller screens than this can still use the web UI, but with a degraded experience.
A mouse pointer is required to access some features, which appear on contextual controls on mouse hover. The remainder of the UI and the majority of features will still function correctly without a mouse pointer.
Network and firewall configuration
The diagram below shows the required network topology and access. This includes machines that are optional and won't appear in some deployments (external agents and database):
A dedicated DMZ network is recommended to host the machines on which Burp Suite Enterprise Edition is deployed, but this is not mandatory.
In particular, note the requirements below for network access. It might be necessary to configure your firewall to allow the necessary access.
- Users and API clients need to access the web server on a port that you can select (by default, 8080).
- The Enterprise server needs to access portswigger.net on port 443, to carry out license activation and software updates. Note that this access is needed for ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
- If you install agents on any external machines, these need to access the Enterprise server machine on port 8072.
- If you use the bundled database, then any external agent machines will need to access the Enterprise server machine on port 9092.
- If you use an external database, then the Enterprise server and any external agents will need to access the database service on the configured host and port.
- Agents will need to access the sites that are to be scanned (on ports 80, 443, etc. as required).
- To gain the full benefit of Burp Suite's out-of-band vulnerability detection technology, agents will need to access burpcollaborator.net on port 443.