We are considering moving our Octopus Deploy server to Azure. The tentacles would mostly still be in our local data center, and so we would need to either configure a VPN, or use polling tentacles. I am leaning towards the latter initially, but I don’t know what security concerns exist around having a polling tentacles communicating over the public internet. Is this an issue? Is the tentacle communication secure enough for the web?
Thanks for getting in touch. The short answer is yes, the communication channel between Octopus and Tentacle uses TLS and requires Client Certificate authentication.
For more information take a look at these:
Additionally Octopus 3.1 enables TLS 1.2 support: http://octopus.com/downloads/3.1.0
We have a whitepaper coming soon about how Octopus is secure out of the box, but at the end of the day you need to make the call about how many layers of security you want to implement and maintain.
If you can, I would still recommend aiming for Listening Tentacles.
Hope that helps!
Thanks Mike, this is perfect. More than enough to help everyone feel comfortable with putting it out there.
That’s great news. Good hunting on setting up your new environment. As always feel free to contact us if you run into trouble.