Hardware and software requirements

The following tables provide a summary of the hardware and software required to run the software.

Average size deployment requirements

Attention: Hardware and software requirements that apply to an AppScan® Source deployment that only uses the User Administration component of AppScan Enterprise Server are highlighted like this: Applicable for an AppScan Source deployment.

This configuration supports an average size deployment: 3-4 Dynamic Analysis Scanners (4 concurrent scan jobs per scanner). Larger deployments or loads might require more resources.

Note: If you install on a virtual machine (VM), make sure that you use these settings during the VM configuration:
  • Number of virtual sockets: 4
  • Number of cores per socket: 1
Machine that hosts the SQL Server Database Machine that hosts the AppScan Enterprise Server

Also applicable for an AppScan Source deployment

Machine that hosts the Dynamic Analysis Scanner
Operating System
  • 64-bit Windows™ Server 2008 R2 SP1 (64-bit)
  • Windows 2012 Server x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (DataCenter) x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (Standard) x86-32, 64-bit tolerate
  • Windows Server 2016 (Standard and DataCentre) x86-32, 64 bit tolerate
Note: See the Database section for details on supported SQL Server versions.
  • 64-bit Windows Server 2008 R2 SP1 (64-bit)
  • Windows 2012 Server x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (DataCenter) x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (Standard) x86-32, 64-bit tolerate
  • Windows Server 2016 (Standard and Data-centre) x86-32, 64 bit tolerate
Note: The following environmental components are automatically installed during installation:
  • .NET 4.6.2 framework (as of v9.0.3.5)
  • IIS 7.5 and its dependencies
  • Rational® License Server
  • 64-bit Windows Server 2008 R2 SP1 (64-bit)
  • Windows 2012 Server x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (DataCenter) x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (Standard) x86-32, 64-bit tolerate
  • Windows Server 2016 (Standard and Data-centre) x86-32, 64 bit tolerate
Processor Quad-core CPU Quad-core CPU Quad-core CPU
RAM
  • 16 GB for < 4000 scan jobs.
  • 32 GB for > 4000 scan jobs.
16 GB 16 GB
Note: If running more than 4 scans in parallel, increase to 24+ GB.
Hard disk specific Fast input/output refers to the fast network and disk access, for example, use of Gigabit networking and use of a fast hard-drive such as SCSI or SSD for running the database. The requirement for "Fast input/output" depends on usage. Both the Dynamic Analysis Scanner server and the AppScan Enterprise Console server directly depend on a good connection to the SQL Server Database server and a good performing SQL Server database server. The faster the SQL Server Database server can handle requests, the more the system will be able to handle simultaneous scans and the faster the whole system will be in terms of UI responsiveness, report generation, etc. The disk speed on your local scanners should be fast as well. Fast input/output refers to the fast network and disk access, for example, use of Gigabit networking and use of a fast hard-drive such as SCSI or SSD for running the database. The requirement for "Fast input/output" depends on usage. Both the Dynamic Analysis Scanner server and the AppScan Enterprise Console server directly depend on a good connection to the SQL Server Database server and a good performing SQL Server database server. The faster the SQL Server Database server can handle requests, the more the system will be able to handle simultaneous scans and the faster the whole system will be in terms of UI responsiveness, report generation, etc. The disk speed on your local scanners should be fast as well.
Hard disk drive size
  • 500 GB for < 4000 scan jobs.
  • 1 TB for > 4000 scan jobs
200 GB 500 GB
C drive space minimum 10 GB minimum 10 GB
Required user accounts Service account

Software requirement options

Operating System

Also applicable for an AppScan Source deployment

  • Windows 2008 Server SP1 / SP2 (Standard) x86-32 bit (Limitation: See Note 1 below)
  • Windows 2008 Server SP1 / SP2 (Enterprise) x86-32 bit (Limitation: See Note 1 below)
  • Windows 2008 Server SP1 / SP2 (Standard) x64 bit (Limitation: See Note 1 below)
  • Windows 2008 Server SP1 / SP2 (Enterprise) x64 bit (Limitation: See Note 1 below)
  • Windows 2008 Server R2 (Standard) x64 bit
  • Windows 2008 Server R2 (Enterprise) x64 bit
  • Windows 2008 Server R2 SP1 (Standard, Enterprise) x64 bit
  • Windows 2012 Server (DataCenter) x86-32, 64-bit tolerate
  • Windows 2012 Server (Standard) x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (DataCenter) x86-32, 64-bit tolerate
  • Windows 2012 Server R2 (Standard) x86-32, 64-bit tolerate
  • Windows Server 2016 (Standard and DataCentre) x86-32, 64 bit tolerate
  • Red Hat Enterprise Linux™ Version 6.0, 6.2, 6.3, and 6.4 (AppScan Enterprise Server, User Administration component only. Does not apply to the Dynamic Analysis Scanner)
    Attention: AppScan Enterprise is a 32-bit product. Run the glibc.i686 and libgcc.i686 packages to enable 32-bit compatibility on a 64-bit Linux machine.
  • The Windows 7 Enterprise, Professional, and Ultimate operating systems are only for the client-side components of AppScan Enterprise:
    • Browser
    • Manual Explore plugins
    • Manual Explorer stand-alone tool
    • Web Services Explorer
    • AppScan Dynamic Analysis Client
Note:
  1. Windows 2008 Server only supports TLSv1.0. Enterprise Console will support TLSv1.1 or TLSv1.2 protocols available for the IIS hosted part of the application only if SQL Native client 11 is installed on the same system where enterprise server console installed.
  2. AppScan Enterprise is a 32-bit product. It will run on a 64-bit machine, but in 32 bit mode.
  3. The installer for the Dynamic Analysis Scanner and AppScan Enterprise Server checks for the .NET 4.6.2 framework, and installs it if it does not exist.
  4. For best results, install all critical Microsoft™ software updates.
  5. If the website being scanned uses technologies such as Flash, Windows Media, and additional character sets, these technologies must also be installed on the agent server machines.
Web Server
  • IIS7 (Windows 2008 Server)
    Note: IIS7 must be enabled on the Windows 2008 Server so that AppScan Enterprise Server properly installs (not required for servers running Scanning Agents only):
    • Common HTTP features (all components except HTTP Redirection)
    • Application development (ASP.NET, ISAPI Extensions, ISAPI Filters)
    • Health and diagnostics (HTTP Logging, Request Monitor)
    • Security (Basic and Windows Authentication)
    • Performance (Static Content Compression)
    • Management tools (IIS Management console)
    • IIS 6 Management Compatibility (All)
  • IIS8.0 (Windows 2012 Server)
    Note: IIS8.0 must be enabled on the Windows 2012 Server so that AppScan Enterprise Server properly installs (not required for servers running Scanning Agents only):
    • Common HTTP features (all components except HTTP Redirection)
    • Application development (ASP.NET, ISAPI Extensions, ISAPI Filters)
    • Health and diagnostics (HTTP Logging, Request Monitor)
    • Security (Basic and Windows Authentication)
    • Performance (Static Content Compression)
    • Management tools (IIS Management console)
    • IIS 6 Management Compatibility (All)
  • IIS8.5 (Windows 2012 Server)
    Note: IIS8.5 must be enabled on the Windows 2012 Server so that AppScan Enterprise Server properly installs (not required for servers running Scanning Agents only):
    • Common HTTP features (all components except HTTP Redirection)
    • Application development (ASP.NET, ISAPI Extensions, ISAPI Filters)
    • Health and diagnostics (HTTP Logging, Request Monitor)
    • Security (Basic and Windows Authentication)
    • Performance (Static Content Compression)
    • Management tools (IIS Management console)
    • IIS 6 Management Compatibility (All)
  • IIS10 (Windows 2016 Server)
    Note: IIS10 must be enabled on the Windows 2016 Server so that AppScan Enterprise Server properly installs (not required for servers running Scanning Agents only):
    • Common HTTP features (all components except HTTP Redirection)
    • Application development (ASP.NET, ISAPI Extensions, ISAPI Filters)
    • Health and diagnostics (HTTP Logging, Request Monitor)
    • Security (Basic and Windows Authentication)
    • Performance (Static Content Compression)
    • Management tools (IIS Management console)
    • IIS 6 Management Compatibility (All)
Database
Note:
  1. While Enterprise and Standard editions are supported for the following SQL Server versions, the Enterprise edition has superior scalability and security-enabling capabilities, such as built-in support for Transparent Data Encryption (TDE). Standard Edition can be secured through MS Windows Encrypting File System (EFS) or other third party encryption methods.
  2. While both 64 and 32 bit versions of SQL Server are supported, using the 64-bit version of SQL Server can result in better performance. The 32-bit version works best for evaluation and small deployments.
  3. If your environment uses a named SQL Server for the AppScan Enterprise database, make sure that TCP/IP is enabled in the SQL Server configuration manager, and restart the SQL services for SQL Server and SQL Server browser.
Other Prerequisites
Ensure that ASP.Net is installed and enabled in IIS.
Supported Browsers

Minimum resolution: 1024x768. Higher resolution recommended.

  • Microsoft Internet Explorer 8.0 (with Silverlight), 9.0, 10.0, 11.0
    Note:
    1. When using IE 8.0, you must install Microsoft Silverlight to view the charts in the Monitor view.
  • Mozilla Firefox 31.0 (ESR): supported in v9.0.2 - v9.0.2.1
  • Mozilla Firefox 38.0 (ESR): supported in v9.0.2.1 iFix2 and later
  • Google Chrome: supported in v9.0.3 and later
Rational License Key Server
Version 8.1.1, 8.1.2, 8.1.3, 8.1.4
Defect Tracking Systems
  • Atlassian JIRA 6.4.1, 7.0
  • Rational Team Concert 3.0, 3.0.1, 4.0, 4.0.1, 4.0.3, 5.0.2, 6.0.1, 6.0.4, 6.0.6
  • Rational Quality Manager 2.0, 2.0.1
Supported Integrations
  • AppScan Source v9.0.1.1 and higher (versions 7.0 - 9.0.0 are supported for importing of security results only)
  • AppScan Standard V7.7 - V9.0.4 inclusive (previous versions are supported for importing of security results only)
  • HCL® Security SiteProtector™ 3.0, 3.0.0.1, 3.1
  • HCL Security QRadar® SIEM 7.0 MR5, 7.1 MR2, 7.2, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5
  • WebSphere® Portal 6.0.1.4 and higher
VM
VMware ESXi v4.0, 4.1, 5.0
Application Server
WebSphere Application Server Liberty Core 19.0.0.1.
Java(TM) SE Runtime Environment
IBM J9 VM, Version: java version 1.8.0_191.
Supported technologies
See Supported technologies.

Additional software requirements for the Dynamic Analysis Scanner

If you are executing Adobe™ Flash, the Flash Player plugin for Internet Explorer browser must be installed on the machine where the Dynamic Analysis Scanner runs. The supported versions of Adobe Flash can be downloaded from http://get.adobe.com/flashplayer/. Version 8 and higher are supported, but only versions 9 and higher have ActionScript 3 capabilities.

Glass box security testing requirements

The Glass box software must be installed on the same server as the application you want to test, not on the local machine where AppScan Enterprise itself is installed.

Table 1. Java™ platform requirements
Software Requirement
Java EE containers JBoss AS 6, 7; JBoss EAP 6.1; Tomcat 6.0, 7.0; WebLogic 11; WebSphere 7.0, 8.0, 8.5, 8.5.5
Operating Systems
Windows:
  • Windows Server 2008 R2 with and without SP1 (both 32 and 64-bit supported)

Linux RHEL 5, 6, 6.1, 6.2, 6.3

UNIX™: AIX®, 6.1

Table 2. .NET platform requirements

Software Requirement
Operating System 32 - bit and 64 - bit editions:
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
Other Microsoft IIS version 7.0 or later

Microsoft .NET4 Framework must be installed, and IIS must be configured at the root level to work with this version of ASP.net

Note: The agent should be installed after the application you want to test is successfully installed on the server.

Translated languages

The AppScan Enterprise user interfaces are available in these languages:
  • English
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Brazil Portuguese
  • Russian
  • Spanish
  • Simplified Chinese
  • Traditional Chinese