The architecture of Ostorlab mobile security tool focuses on extensibility without sacrificing robustness and resiliency. This extensibility allows Ostorlab team to quickly add and experiment with new scanning capabilities and run at the same time the infrastructure responsible for hundreds of thousands of scans with a near-zero maintenance cost.
Ostorlab scanner relies on a distributed architecture built to support scalability with a focus on ease of extensibility. The infrastructure is separated into a Core infrastructure communicating with a set of Universes.
CORE infrastructure is in charge of scan scheduling, reporting, access management, data collection, and monitoring.
A Universe is a group of agents that runs the scan logic. All agents communicate using message queues dedicated to the universe and offer each scan a self-contained environment with no interaction with other running scans.
Ostorlab scanner leverages scalability on different levels:
- Agents: Each agent performs a specialized task. Agents can be duplicated to perform repetitive intensive tasks that run within a single scan;
- Universe: The scanner runs multiple universes to support handling multiple scans in parallel. All universes are separate, stateless and self-contained entities;
- Cluster nodes: All scanner components are separate containers that run on a full dedicated cluster. Increasing cluster nodes offers straightforward horizontal scalability.
Ostorlab updates are managed using a private central registry. Updates are pushed automatically to all of the scanner nodes.
Some updates may require human interaction, for instance, updates to the database schema in order to ensure migrations were successfully completed and did not corrupt any existing data.
All data is collected in a central database. All other components are stateless and don’t store any information locally.
Secret keys and SSL certificates are provisioned using a secret management system accessible from within the cluster.
All the data-in-transit is encrypted and scanned mobile applications are purged right after the scan.
Ostorlab scanner enforces users and groups (organization) access control with a separation of privileges using role.