Tableau Server Administration: A Comprehensive Guide

Tableau Server on Windows seamlessly integrates with various components within your IT infrastructure, fostering a unique culture of self-service data analytics for your users. As a server administrator, it is crucial for you to comprehend the role of Tableau Server within your IT infrastructure.

The following sections encompass a wealth of valuable information regarding the planning, deployment, optimization, and management of Tableau Server.

If your objective is to transform your organization into a data-driven culture and Tableau Server is a part of that endeavor, we highly recommend exploring Tableau Blueprint. This comprehensive guide, accessible through the Tableau Blueprint, presents a step-by-step approach to becoming a data-driven organization. Whether your organization is new to modern, self-service analytics or you have already implemented such solutions and aim to expand, deepen, and scale your data utilization, Tableau Blueprint will prove invaluable.

This section offers a concise overview of how to conceptualize Tableau Server and its interactions with your existing IT infrastructure.

Validating your server deployment plan

Before making the commitment to install a new Tableau Server deployment within your organization, it is essential to thoroughly evaluate your available options. In most cases, Tableau Cloud offers a more dependable, high-performing, and cost-effective analytics solution compared to self-hosting Tableau Server. To assess the suitability of Tableau Cloud for your organization, we invite you to explore our informative blog post titled Should I move my analytics to the cloud?.

If you have determined that self-hosting Tableau Server is the best approach for your specific needs, we highly recommend following the comprehensive guidelines provided in the Enterprise Deployment Guide (EDG). This guide presents a meticulously tested and fully supported reference architecture designed to deliver optimal performance, scalability, and security within a tiered data network. As we move forward, we remain committed to investing in the development of the EDG reference architecture, aiming to streamline feature rollouts and enhance upgrade scenarios.

Architectural overview

Tableau Server encompasses a set of interconnected processes that collaborate harmoniously to deliver a comprehensive self-service analytics platform for your users. Below is an illustrative diagram representing the high-level architecture of Tableau Server, providing an overview of its components and their interactions.

Tableau Server operates through a cohesive system of multiple server processes (depicted in blue in the diagram above) working in tandem to deliver services across different tiers. The pivotal component responsible for directing traffic from all Tableau clients to the available server nodes in a cluster is the Gateway process.

Data Services encompasses a logical grouping of services designed to ensure data freshness, facilitate shared metadata management, govern data sources, and support in-memory data processing. Powering Data Services are a combination of underlying processes, namely the Backgrounder, Data Server, and Data Engine processes.

Analytics Services, comprising the VizQL and Cache Server processes, deliver user-facing visualization and analytics services, along with efficient caching functionality.

Sharing and Collaboration, as well as Content Management, rely on the Application Server process. This process is responsible for key Tableau Server functionalities, including user login, content management (such as projects, sites, and permissioning), and administration activities.

The services mentioned above are interconnected and rely on the vital Repository process, which houses structured relational data such as metadata, permissions, workbooks, data extracts, user information, and other relevant data.

To ensure redundancy and accessibility of data extracts across the cluster, the File Store process comes into play. It enables data extract file replication throughout the cluster, ensuring that extracts are readily available on all nodes. This distributed availability of extract files enhances processing and rendering speed, particularly during periods of heavy workload.

Tableau’s architecture is highly flexible, providing the freedom to deploy the platform in various environments. You have the option to install Tableau Server on-premises, in your private cloud or data center, on Amazon EC2, on Google Cloud Platform, or on MS Azure. Furthermore, the Tableau analytics platform is compatible with virtualization platforms. We strongly recommend adhering to the best practices specific to each virtualization platform to optimize the performance of Tableau Server.

Tableau and your data

When Tableau Server is installed within your organization, it becomes a crucial component of the analytics pipeline, facilitating access to the data your users require. It is essential to comprehend how Tableau Server interacts with your business data to effectively leverage its capabilities. Specifically, Tableau Server offers the option to store data extracts within your organization and establish connections with live data sources. Determining the most suitable approach for delivering data to your Tableau users relies on several factors, including the type of data source, user scenarios, performance and access requirements, and infrastructure conditions.

It’s important to note that Tableau Server is not designed to function as a traditional data warehouse server that houses static, native data files. Utilizing Tableau Server solely as a data warehouse would underutilize its potential. Instead, we recommend utilizing Tableau Server for hosting optimized data extracts. While a data extract typically represents a subset of a larger data source within your organization, you can also create extracts for data sources that experience heavy load during work hours and schedule their refresh during off-hours for optimal performance.

Extracts serve multiple purposes, including data modeling and enabling high-performance visualization authoring. For instance, to enhance the speed and interactivity of visualization authoring, you can optimize extracts by filtering the source data to include only the essential fields relevant to a particular department or project. It’s important to note that working with extracts can be resource-intensive. If your organization plans to extensively utilize extracts, we recommend reviewing the topic Optimize for Extracts for valuable insights.

In addition to extracts, Tableau Server allows authorized users to directly access live data sources. This functionality empowers users to construct and execute complex filtered queries against a diverse range of connected data sources. To ensure optimal performance in this scenario, Tableau Server requires efficient network connectivity to both on-premises and cloud-based data sources. Furthermore, both Tableau Server and the target data sources need to be appropriately sized to handle the processing demands associated with high-volume and complex data operations. To optimize performance for live data connections, you can leverage caching configurations and specify initial SQL commands as part of your implementation.

User access

Tableau Server serves as a web-based collaboration platform, enabling users to connect and engage with data visualizations and data sources from various devices. It fosters seamless sharing, viewing, and interactive exploration of data among users. To ensure accessibility, Tableau Server must be available to authorized Tableau users within your secure local network. Moreover, you have the option to extend access to data visualizations for desktop, mobile, and authenticated web users outside your organization.

In terms of user authentication, Tableau Server seamlessly integrates with multiple authentication solutions, including Active Directory, SAML, OpenID, and Kerberos. This allows organizations to leverage their existing authentication frameworks and streamline the user authentication process within Tableau Server.

Where should I install Tableau Server in my network?

Due to the highly sensitive nature of the data managed by organizations using Tableau Server, as well as the requirement for Tableau Server to access internal data stores, it is imperative to run Tableau Server within a secure and protected network environment. To enable authenticated access from the internet, a configuration involving a reverse proxy or VPN solution is implemented to establish a connection with Tableau Server.

In certain cases, organizations may choose to embed Tableau views on public webpages or internal web servers within their network for their internal users. Tableau Server offers support for such scenarios, providing options for both authenticated and anonymous access.

For authorized access, where users are granted permissions to view specific underlying data, you can configure trusted tickets with a generic web server. This configuration allows Tableau Server to authorize access to the embedded view’s underlying data. By adopting this approach, interactive data visualizations can be hosted on a web server located in a DMZ (Demilitarized Zone) or outside the protected network, while still ensuring controlled access.

For anonymous access to embedded Tableau views, enabling the “guest user” functionality in Tableau Server is necessary. It’s important to note that utilizing the guest user feature requires licensing Tableau Server based on the number of cores being utilized, rather than the traditional named-user (interactor) model.

Sizing and scalability

The scalability of Tableau Server depends on the size and data usage within your organization, allowing you to tailor the resources to meet your specific data and user requirements.

Scaling up Tableau Server involves enhancing the hardware resources of a single server. For instance, you can augment the memory capacity and processing power of the computer hosting Tableau Server to handle larger workloads.

On the other hand, scaling out Tableau Server entails adding additional computers or nodes to the deployment. To achieve a highly available setup with failover capabilities, a minimum of three nodes is recommended. One approach is to distribute the CPU-intensive server processes across two nodes, while utilizing the third node for the gateway and coordination controller services.

Regardless of whether you choose to scale up or scale out, Tableau Server allows you to selectively allocate resources by configuring the number and type of server processes. If your organization deals with extensive data and frequently creates data extracts, you can increase the number of processes dedicated to refreshing and storing extracts. Conversely, if your focus is on optimizing performance for high user loads, you can allocate more processes to efficiently handle user requests. Moreover, integrating Tableau Server with industry-standard network load balancers can further optimize the server’s responsiveness to user requests.

Tableau Server management model

Tableau Server incorporates a management structure that involves two primary administrators: the server administrator and the site administrator. While in smaller organizations, these roles may be fulfilled by the same individual or team, larger organizations typically have separate individuals designated for each role.

In this model, server administrators are IT professionals responsible for the maintenance and deployment of diverse server solutions. Their areas of expertise encompass networking, hardware optimization and maintenance, security and access management, as well as user and directory services administration. The tools and documentation provided with Tableau Server cater to these fundamental server-related IT aspects, supporting server administrators in their responsibilities.

On the other hand, the site administrator role is specific to Tableau Server or Tableau Cloud deployments. Site administrators primarily focus on data content management. They oversee user management and control access to projects, workbooks, and data sources within the Tableau environment. To gain a comprehensive understanding of sites and effectively plan their deployment, it is recommended to refer to the resource What is a site.

Administrative roles

While it is possible for a single administrator to handle Tableau Server in smaller organizations, larger enterprise organizations typically adopt a multi-administrator approach to effectively manage Tableau Server at scale. In such cases, a minimum of three administrative roles are commonly utilized for efficient management and maintenance.

Tableau Server administrator

Once the Tableau Server installation is finalized, the Tableau Server administrator gains privileged access to a range of administrative pages. These pages empower the administrator to create and modify sites, add users and assign roles, as well as perform various content-related tasks. Additionally, the Tableau Server administrator holds the responsibility of creating and overseeing other server and site administrators. These designated administrators are entrusted with managing sites, user groups, and projects within the Tableau Server ecosystem.

For detailed guidance on accessing the Tableau Server Admin Area as a Tableau Server administrator, please refer to the documentation on Sign in to the Tableau Server Admin Area.

TSM administrator

Tableau Services Manager (TSM) is a comprehensive tool designed to empower server administrators with both command-line and web-based capabilities for seamless installation, upgrade, configuration, and maintenance of Tableau Server. The TSM administrator assumes the critical role of installing the server and overseeing various server-related administrative tasks, such as data backup, restoration, log archiving, and management of multi-node clusters.

To perform these duties, the TSM administrator must possess administrative privileges on the local computer. For detailed instructions on accessing the Tableau Services Manager Web UI, please refer to the documentation on “Sign in to Tableau Services Manager Web UI.”

The TSM administrator handles a range of common tasks, including:

1. Initial configuration of Tableau Server post-installation
2. Ongoing management of configuration settings and server topology adjustments
3. Execution of administrative functions such as backup, restore, and ziplogs

To delve deeper into the functionalities and capabilities of TSM, I recommend exploring the Tableau Services Manager Overview resource.

Tableau portal administrator

In a Tableau Server deployment, the role of Tableau Customer Portal Administrator holds significant importance. This administrator is responsible for overseeing licensing operations and managing the associated keys for the Tableau deployment. As the portal administrator, your initial step involves procuring licenses through the Tableau Customer Portal. Upon license purchase, the portal will provide you with corresponding product keys. For license renewal, you can visit the Tableau renewal web page.

Tableau offers a range of products, including Desktop, Server, Prep Builder, and more. Each of these products necessitates license activation, which entails updating the Tableau software with the purchased product keys stored on the Tableau Customer Portal. As the administrator entrusted with the activation of Tableau licenses, it is crucial that you comprehend the relationship between licenses and keys. To gain a comprehensive understanding of license models and product keys, I recommend referring to the resource on Understanding License Models and Product Keys.

Management tools

Tableau Server provides a comprehensive set of toolsets for effectively managing the system:

1. Tableau Server Administrator Page: This web-based administrative site is installed on each Tableau Server instance. It serves as the hub for day-to-day tasks performed by both server and site administrators. Server-related responsibilities include creating sites and site administrator accounts, importing users if needed, setting up directory service synchronization, establishing extract refresh schedules, monitoring server performance and usage, and configuring global settings. Site-related tasks involve managing content, assigning permissions, initiating extract refreshes, creating groups and projects, monitoring site activity, optionally adding users, and other content-related activities. For detailed guidance, refer to the Navigate the Admin Areas of the Tableau Web Environment resource.
2. TSM Command Line Reference: The TSM Command Line Interface (CLI) serves as the primary interface for server-wide configurations. Once the initial configuration is set, most configurations made through TSM CLI are rarely revisited. It enables you to manage various aspects such as SSL settings, subscriptions, data caching, service account setup, SMTP alerting, user authentication, and single sign-on configuration. To access the TSM Web UI, you can sign in using the provided credentials.
3. tabcmd: tabcmd is a command-line utility available on Windows and Linux platforms. It allows you to create scripts for automating administrative tasks on your Tableau Server sites. With tabcmd, you can streamline processes such as user and group management, project creation and deletion, and other administrative functions.
4. REST API: The Tableau Server REST API provides a programmatic interface to manage and manipulate Tableau Server resources via HTTP. This API grants easy access to the functionality related to data sources, projects, workbooks, site users, and sites on your Tableau Server. You can leverage this access to develop custom applications or script interactions with Tableau Server resources. For detailed information and examples, refer to the Tableau Server REST API documentation. These toolsets offer comprehensive options to effectively manage and configure your Tableau Server, providing flexibility and control over various administrative tasks.

Security

As an application server that interacts with potentially sensitive data, Tableau Server places great emphasis on security and adheres to industry-standard security protocols. Our documentation for server administrators provides comprehensive guidelines on best practices and implementation strategies for ensuring user authentication, authorization, data security, and network security. While our default installation is designed to be secure, we highly recommend following our security hardening checklist to enhance the protection of your Tableau Server deployment. By following these guidelines, you can further strengthen the security measures and safeguard your valuable data.