Step 1: Components & architecture, prerequisites, and download

Acunetix 360 is available as an On-Demand and On-Premises solution. Acunetix 360 On-Premises is identical to the hosted version in terms of features and capabilities, but since it runs on your own servers and network, there are a few things to note:

  • You can scan any internal web application without the need to allow incoming access through corporate firewalls.
  • No internet connection is required.
  • Acunetix 360 On-Premises can also be easily deployed on Amazon Web Services (AWS), Microsoft Azure, Google Cloud, or any other type of private cloud environment.
  • If your business has to adhere to strict regulatory compliance requirements and policies or you have concerns about your data being stored on our servers, you can still take advantage of Acunetix 360's workflow tools, scaling, and scanning capabilities. The On-Premises edition can be installed on your own servers managed by your team.
  • No data will leave the On-Premises edition of Acunetix 360.

This document explains the components and architecture, prerequisites, and how to download Acunetix 360 On-Premises.

NOTE: All Acunetix 360 editions support IPv6 both as servers and agents. This means you can configure the Acunetix 360 On-Premises server to use IPv6, and Acunetix 360 can scan websites that use IPv6.

Components and architecture

Acunetix 360 On-Premises contains five parts which are explained in the table below:

Component

Explanation

Application Server

This provides the web interface that enables the efficient administration and automation of scans. This is the application that users will see and use via the Acunetix 360 UI.

Agent

This is a service application that executes scans and informs the Acunetix 360 Application Server of the results. A single agent can only run one scan at a time. If you want to run more than one scan at a time, you will need to install more agents.  

Authentication Verifier

This is a service application that verifies form-based login authentication configuration. It is an optional component. However, if you are scanning websites that require form authentication, you need to install it.

Authentication Verifier Service

This is a service application that establishes communication between the Authentication Verifier Agent and the Acunetix 360 Application Server. It is an optional component. However, if you are scanning websites that require form authentication, you need to install it.

IAST Bridge

This is a service application that relays information from the AcuSensor agent to the scanning agent. It is an optional component. If you are using AcuSensor for Java, .NET, and Node.js, you need to install this bridge.

The following diagram shows the architecture of Acunetix 360 On-Premises.

Prerequisites

This section lists the minimum requirements for installing each of the components of Acunetix 360 On-Premises.

ALLOWLISTING REQUIREMENTS:

  • Antivirus: Some antivirus or anti-malware software may prevent Acunetix 360 On-Premises from working or cause it to run very slowly. To ensure you can use Acunetix 360 On-Premises effectively, we recommend adding Acunetix 360 files and folders to your antivirus (or other protection scanning software) exception list (also known as a 'whitelist' or 'allowlist'). For more information about the Acunetix 360 files and folders we recommend excluding from your antivirus software, refer to Excluding Acunetix 360 files from antivirus scans.

  • Discovery service: To ensure you can use the discovery service and predictive risk scoring features, allowlist Invicti's discovery service URLs:
  • https://discovery-service.invicti.com
  • https://jwtsigner.invicti.com

Minimum requirements for the Acunetix 360 Application Server

All components (the Application Server, the Agent, the Authentication Verifier, the Authentication Verifier Service, the IAST Bridge, and the Database Server) can be installed on the same server if the hardware meets the listed requirements.

TIP: We highly recommend that you install the Webapp, Agents, and DB on separate servers to maximize stability and performance.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • Web Server (IIS) role should be installed on the server
  • IIS 10
  • .NET Framework 4.8

Hardware requirements

Minimum: 2x cores CPU, 4GB RAM, 5 GB Free Disk Space

This specification applies to using the Acunetix 360 interface and scanning a few simple websites.

While Acunetix 360 may run on a machine with a lower specification than this, we do not recommend doing so for performance reasons.

Recommended: 2x cores CPU, 16GB RAM, 20 GB Free Disk Space

This is a good general-purpose specification.

Advanced: 4x cores CPU, 32GB RAM, 50 GB Free Disk Space

This option is suitable if you have a large number of users, advanced websites, and want to run a large number of scans simultaneously.

Access requirements

  • RDP credentials and access as a user with Administrator rights
  • Can be installed by an Acunetix 360 Engineer (or the user) using the provided installer

Minimum requirements for the Acunetix 360 Agent

These are the minimum requirements for installing the Acunetix 360 Agent.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • .NET 6

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 4 GB RAM or higher recommended
  • 10 GB free disk space for each internal agent

Network requirements

  • The Agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port

Access requirements

  • Installation of the Agent requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for the Authentication Verifier Service and Authentication Verifier

These are the minimum requirements for installing the Acunetix 360 Authentication Verifier Service and Authentication Verifier Agent.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)
  • .NET 6 for Authentication Verifier Agent
  • .NET 8 for Authentication Verifier Service
  • IIS 10 for Authentication Verifier Service

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 1 GB RAM (4 GB or higher recommended)
  • 2 GB Free Disk space (5 GB or higher recommended)

Network requirements

  • The Authentication Verifier Agent needs to be able to access the Authentication Verifier Service's HTTP(S) port. (Default port: 5000)
  • Enterprise users should access the Acunetix 360 Authentication Verifier Service Hub publicly. (Default port: 5000)
  • The Authentication Verifier Service needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443/80) port.

Access requirements

  • Installation of the Authentication Verifier and Authentication Verifier Service requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for IAST Bridge

These are the minimum requirements for installing the IAST Bridge.

Software requirements

  • Windows Server 2016 or later (Windows Server 2019 or later recommended)

Hardware requirements

  • 1.4 GHz Processor (2 GHz or faster recommended)
  • 4 GB RAM or higher recommended

Network requirements

  • The IAST Bridge Service needs to be able to listen to the Acunetix 360 Application Server’s HTTP(S) (7880) port

Access requirements

  • Installation of the IAST Bridge requires Administrator rights
  • Ensure that the following groups do not have permission to modify or write service executables and that these groups do not have Full Control permission to any directories that contain service executables: Everyone, Users, Domain Users, Authenticated Users

Minimum requirements for the Database Server

These are the minimum requirements for the Database Server.

IMPORTANT: The database is not provided by Acunetix 360. You must set it up yourself.

Software requirements

  • Microsoft SQL Server 2016 or later (Microsoft SQL Server 2019 or later recommended)

Hardware requirements

  • Same as the Application Server requirements above

Network requirements

  • The Acunetix 360 Application Server needs to access this database server for the relevant port (1433 by default), or it needs to be on the same server

Access requirements

  • An SQL Server database login with the db_owner role
  • The Name of an empty SQL Server database
  • The Database Collation field should be configured as case-insensitive

NOTE: The db_owner permission is required during installation and updating. The db_datareader and db_datawriter roles are enough for daily operations.

How to download the installer files

  1. Download to your server the Acunetix360.zip file that was emailed to you.
  2. Extract the .zip file to a directory.
  3. Check that these five files are in the directory:
  • WebAppSetup.exe (Acunetix 360 Application Server installer)
  • AgentSetup.exe (Acunetix 360 Agent installer)
  • AuthVerifierAgentSetup.exe (Acunetix 360 Authentication Verifier installer)
  • AuthVerifierServiceSetup.exe (Acunetix 360 Authentication Verifier Service installer)
  • IASTBridgeSetup.exe (Acunetix 360 IAST Bridge installer)

NOTE: If you also purchased Invicti API Security, the .zip file will contain an additional file called ApiHubServiceSetup.exe. For instructions on how to install Invicti API Security as a component of Acunetix 360 On-Premises, refer to Installing Invicti API Security for Acunetix 360 On-Premises.

 

« Back to the Acunetix Support Page