Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

Octopus Architecture


In the previous activity, we gained an understanding of what Octopus is. We will start this activity by exploring the architecture of Octopus.


Octopus architecture is a composition of the following three major components.

  • Server. The server is responsible for providing the user interface and the API interface, and for coordinating the execution of the deployments.
  • Agent. The agent is responsible for deploying files and executes scripts on the machines where the code is deployed.
  • Runner. The runner is responsible for executing scripts on behalf of the server or the agent.

This image depicts the origin of the product’s name. The octopus coordinates the work that is performed by the multiple agents, the arms. Unlike a real octopus, Octopus Deploy is not limited to having only eight arms.

Octopus Deploy Server

The central piece of Octopus architecture is the Octopus Deploy Server. The server is responsible for providing:

  • The Octopus web portal
  • The engine that orchestrates the deployments and distributes work to Tentacles

The server (commonly referred to as Octopus) relies on lightweight agents that are called Tentaclesto deploy software to machines.


The Tentacle is installed as a Windows service on all the machines for which we intend to deploy software. For example, an application or a web server.

For architectures that don’t rely on servers, and where you cannot install tentacles, such as Platform as a Service (PaaS) cloud services or server-less architectures, the server itself can execute the steps necessary to deploy to those services.

graphical representation of the octopus server executing steps to deploy to services

The server communicates with the Tentacles by using secure channels. You do not have to worry about complicated communication scenarios. Everything is set up automatically by Octopus when tentacles are installed. The trust relationship between Octopus uses public-key cryptography. Octopus only sends commands to Tentacles that it trusts, and Tentacles only accept commands from an Octopus that they trust.

A Tentacle can operate in two ways:

  • Listening Tentacle. The tentacle acts as if it were a server. Octopus initiates the communication with the tentacle(s) and sends commands to them when needed.
  • Polling Tentacle. In polling mode, the tentacle establishes the communication channel with Octopus. It regularly polls Octopus to see if it has commands to execute.

Learn more about how server and tentacles communicate to learn about the pros and cons of using a tentacle in the listening or polling mode and their scenarios.

A tentacle acts as a shell and it has two functions:

  • Transfer files (using a secure connection) and execute deploy scripts.
  • Ensure that all necessary scripts are up to date and on the machine.

Script execution is performed by Calamari and not the Tentacle itself. Calamari is a convention-driven deployment runner. It executes scripts and the tentacle communicates with it by using a well-defined protocol.

By having the runner separated from the agent, it is possible to keep the runner updated in all tentacles without having to manually update all machines. Octopus ensures that Calamari is updated on all tentacles.

Calamari is open source. Learn more about Calamari.

Non-Windows Support

Tentacles only run on Microsoft Windows, but Octopus is capable of deploying to UN*X machines. To do so, it relies on having a Secure Shell (SSH) server installed on the target machine(s).

The SSH server acts in the same capacity as a tentacle and it is capable of copying files and executing scripts just as a tentacle would.

Calamari is still used with SSH because Calamari is written with .NET Core. This means that any UN*X platform that supports SSH and .NET Core can be used with Octopus.

Learn more about using SSH and its requirements.

Data Storage

Octopus uses Microsoft SQL Server to store its data, such as metadata, auditing information and permissions.

Only Octopus Deploy Server communicates with SQL Server. Octopus also uses the disk storage for some of its data, such as configuration files and packages.

Learn more about:

Data Security

When the server is installed, it generates a master key that is stored safely on the machine. The master key encrypts sensitive data stored on the database and encrypts all files stored on disk.

Learn more about security and encryption.

Cloud Services Support

When deploying to cloud services where there is no notion of a machine and everything is handled for us as services, such as with PaaS offerings like Microsoft Azure Web App or server-less architecture, we simply can’t install a Tentacle or have an SSH server.

To deploy to cloud services, Octopus is capable of running scripts directly on the server foregoing the need to install a tentacle. This requires connectivity between the Octopus Deploy Server and the cloud provider.

In the next step, we will take a look at how we install Octopus.

This article is from the free online

Microsoft Future Ready: Continuous Integration Implementation

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now