Setting up Burp Suite Enterprise Edition
Last updated: January 29, 2024
Read time: 3 Minutes
Burp Suite Enterprise Edition offers multiple licensing and deployment options.
We recommend you follow our guide to Planning a deployment before you set up Burp Suite Enterprise Edition. This will help you to make sure you choose the right deployment type for you.
Choose your deployment type
You can deploy Burp Suite Enterprise Edition in the following ways:
- Standard deployments use an installer to deploy Burp Suite Enterprise Edition to physical or virtual machines, including cloud VMs and headless servers.
- Kubernetes deployments use a Helm chart to deploy Burp Suite Enterprise Edition to your Kubernetes cluster. When running on Kubernetes, Burp Suite Enterprise Edition scales the amount of compute resources dedicated to scanning automatically.
- CI-driven scans with no dashboard enables you to run scans from a container in your CI/CD environment without the need to deploy a Burp Suite Enterprise Edition server. You can see the scan results in your CI/CD environment. For more information, see Integrating CI-driven scans with no dashboard.
We recommend that you only use a Kubernetes deployment type if your organization has previous experience with Kubernetes. While we offer full support for Kubernetes deployments of Burp Suite Enterprise Edition, we are unable to offer support on your underlying Kubernetes infrastructure.
Choose your preferred architecture
When creating a standard deployment, you can either deploy all Burp Suite Enterprise Edition components to a single machine or use a multi-machine architecture.
The number of machines needed to run Burp Suite Enterprise Edition depends on how many concurrent scans you intend to run:
- For up to five concurrent scans, we recommend a single-machine deployment. In this setup, scans run on the machine that the Enterprise server is installed on. This is the simplest deployment option.
- For more than five concurrent scans, we recommend a multi-machine deployment. In this setup, scans run on dedicated scanning machines. This spreads the resource load across multiple machines. The system resources required increase with each concurrent scan.
You can deploy as many scanning machines as you need. The number of concurrent scans you can run on each scanning machine depends on your system specification. See System requirements for more information.
Plan your database setup
Burp Suite Enterprise Edition includes an embedded H2 database, making it easy for you to evaluate the product or run trials. However, for production deployments we recommend that you connect to an external database.
You must use the database script provided to set up any external database you want to use before installing Burp Suite Enterprise Edition.
- External database system requirements
- Setting up the external database
Review the system requirements
Whichever deployment type and architecture you choose, you should ensure that the machines you intend to run Burp Suite Enterprise Edition on meet the system requirements. You are likely to experience issues with Burp Suite Enterprise Edition and with scan performance if your infrastructure does not meet these requirements.
Plan your network and firewall setup
To ensure that Burp Suite Enterprise Edition can work correctly, you need to configure your network to allow the various components to communicate with each other and your target applications. The network requirements vary depending on whether you intend to perform a single-machine or multi-machine deployment.
Note that the Enterprise server must be able to connect to
portswigger.net on port
443 in order to activate your license and complete the installation process. If you are not able to connect to the public internet from the machine you intend to install the server on, then you may need to configure an HTTP proxy server.
Prepare your organization
As well as making technical decisions, we recommend that you consider any factors within your organization that may cause delays when attempting to install Burp Suite Enterprise Edition.
For example, you should ensure that:
- You have accounted for any internal compliance and security procedures.
- You have appropriate IT resource available.
- You have accounted for the time needed to authorize and provision any required infrastructure.
Was this article helpful?
An error occurred, please try again.