Architecture & Security
StacksAtlas is engineered as a self-contained, high-performance appliance. It leverages the latest .NET technologies to deliver raw speed and reliability while maintaining a minimal system footprint.
Technical Stack
Core Engine
- Runtime: .NET 8 (C# 13)
- Architecture: Multi-threaded, asynchronous pipeline designed for parallel subnet scanning.
- Database: LiteDB (Embedded NoSQL). A serverless, high-performance document store that resides entirely on the local disk. This ensures zero latency for queries and eliminates the need for external SQL servers.
User Interface
- Framework: React 18
- Style System: Material UI (MUI v5)
- Delivery: The UI is compiled into the application binary and served directly by the .NET host (Kestrel), removing the need for separate web servers like IIS or Nginx.
File Structure
All application data is stored in a single, predictable location: %ProgramData%\StacksAtlas. This makes backup and migration extremely simple.
| File / Folder | Description |
|---|---|
| StacksAtlas.db | The main LiteDB database file containing your inventory, scan history, and user accounts. This is your critical data. |
| logs/ | Directory containing daily log files (log-YYYYMMDD.txt). Useful for troubleshooting. |
| certs/ | Directory housing the self-signed SSL certificate (StacksAtlas.pfx) generated during the first run. |
| license.key | A small file containing your encrypted activation key and instance ID. |
| networksettings.json | Configuration file storing your Scan Scopes and polling preferences. |
Note: The application binaries themselves are located in %ProgramFiles%\StacksAtlas.
Security & Access Control
StacksAtlas assumes a Zero Trust environment regarding external data while strictly protecting local access. For a deep-dive into our encryption, RBAC models, and data privacy policies, please see our dedicated Security documentation.
View Security & Access Control Guide →
Network Footprint
StacksAtlas is designed to be a "good citizen" on the network.
- Passive Listening: The mDNS and ARP modules listen for broadcast traffic without flooding the network.
- Rate Limiting: Active scans (ICMP/TCP) are rate-limited to prevent triggering intrusion detection systems (IDS) or saturating low-bandwidth links.
- Ports: The application listens on Port 5000 (HTTP) and Port 5001 (HTTPS) by default. These can be configured in
appsettings.json.