Enterprise Edition

Planning a deployment

  • Last updated: January 29, 2024

  • Read time: 4 Minutes

In order for you to get the most out of Burp Suite Enterprise Edition, you should take some time to prepare before purchasing and installing. We recommend that you account for approximately one month of planning time before attempting to deploy Burp Suite Enterprise Edition.

This guide explains the configuration decisions you need to make, and some points you should be aware of before you get started.

Decide on your subscription

We offer a range of licensing models for Burp Suite Enterprise Edition:

  • If you're just starting out on your security journey and prefer usage-based pricing, we offer a pay-as-you-scan subscription.
  • If you know your scanning requirements, select our Classic subscription and choose how many concurrent scans you want to run.
  • If you're an enterprise with DevSecOps requirements, or you want to scan without limits, select our Unlimited subscription.

You should consider how you intend to use Burp Suite Enterprise Edition before deciding on a subscription type. For example, if you intend to run frequent scans across a large portfolio of target applications, you will likely need to purchase a higher number of concurrent scans, or consider an unlimited license.

Whichever license you choose, you can add as many target applications or URLs as you like, and set up as many users as you need at no extra cost.

Related pages

Pricing

Choose your deployment type

You can deploy Burp Suite Enterprise Edition in the following ways:

  • Standard deployments use an installer to deploy Burp Suite Enterprise Edition to physical or virtual machines, including cloud VMs and headless servers.
  • Kubernetes deployments use a Helm chart to deploy Burp Suite Enterprise Edition to your Kubernetes cluster. When running on Kubernetes, Burp Suite Enterprise Edition scales the amount of compute resources dedicated to scanning automatically.
  • CI-driven scans with no dashboard enables you to run scans from a container in your CI/CD environment without the need to deploy a Burp Suite Enterprise Edition server. You can see the scan results in your CI/CD environment. For more information, see CI-driven scans with no dashboard.

We recommend that you only use a Kubernetes deployment type if your organization has previous experience with Kubernetes. While we offer full support for Kubernetes deployments of Burp Suite Enterprise Edition, we are unable to offer support on your underlying Kubernetes infrastructure.

Choose your preferred architecture

When creating a standard deployment, you can either deploy all Burp Suite Enterprise Edition components to a single machine or use a multi-machine architecture.

The number of machines needed to run Burp Suite Enterprise Edition depends on how many concurrent scans you intend to run:

  • For up to five concurrent scans, we recommend a single-machine deployment. In this setup, scans run on the machine that the Enterprise server is installed on. This is the simplest deployment option.
  • For more than five concurrent scans, we recommend a multi-machine deployment. In this setup, scans run on dedicated scanning machines. This spreads the resource load across multiple machines. The system resources required increase with each concurrent scan.

Note

You can deploy as many scanning machines as you need. The number of concurrent scans you can run on each scanning machine depends on your system specification. See System requirements for more information.

Plan your database setup

Burp Suite Enterprise Edition includes an embedded H2 database, making it easy for you to evaluate the product or run trials. However, for production deployments we recommend that you connect to an external database.

You must use the database script provided to set up any external database you want to use before installing Burp Suite Enterprise Edition.

Related pages

For Kubernetes deployments:

  • External database system requirements.
  • Setting up the external database.

Review the system requirements

Whichever deployment type and architecture you choose, you should ensure that the machines you intend to run Burp Suite Enterprise Edition on meet the system requirements. You are likely to experience issues with Burp Suite Enterprise Edition and with scan performance if your infrastructure does not meet these requirements.

Plan your network and firewall setup

To ensure that Burp Suite Enterprise Edition can work correctly, you need to configure your network to allow the various components to communicate with each other and your target applications. The network requirements vary depending on whether you intend to perform a single-machine or multi-machine deployment.

Note that the Enterprise server must be able to connect to portswigger.net on port 443 in order to activate your license and complete the installation process. If you are not able to connect to the public internet from the machine you intend to install the server on, then you may need to configure an HTTP proxy server.

Prepare your organization

As well as making technical decisions, we recommend that you consider any factors within your organization that may cause delays when attempting to install Burp Suite Enterprise Edition.

For example, you should ensure that:

  • You have accounted for any internal compliance and security procedures.
  • You have appropriate IT resource available.
  • You have accounted for the time needed to authorize and provision any required infrastructure.

Was this article helpful?