This blog series are advanced deployment techniques that will give you some ideas what actually can be done with Tableau server and Desktop. I’d like to share how we did the followings in our Tableau implementation:
- Internal Tableau Extension Gallery
- Controlled publishing
- Run FileStore on Network Storage
- ‘Incremental’ backup
- Customize Tableau Portal with alert feature
- Custom Tableau server banner color
- Customize Desktop Discover area links
- Desktop single master key and key protection
- Auto deploy Desktop and Prep Builder with license activation
- Ensure executive subscription always get latest data
- VizQL server timeout and subscription timeout
- Customize cache config
- Measure server KPI
Internal Tableau Extension Gallery
Tableau Extension, part of 2018.2 feature, is a great innovation. It give you the ability to interact with data from third-party applications directly in Tableau. Capabilities like write-back to a database, custom actions, and deep integration with other apps are all at your fingertips.
Problem Statement: Dashboard extensions have data vulnerability when any extension used from https://extensiongallery.tableau.com/. No matter from Desktop or Server since it has to send your data (summary or details) outside your firewall.
- Extension can access workbook’s summary data by default and full data with additional confirmations.
- Plus, they access the user’s IP address, Tableau Desktop or Safari versions, screen resolution, and device type.
While Tableau is still working on the ‘safe’ extension design, what can you do if you do not want to wait?
Solution: Build your own Tableau extension gallery and customize Desktop’s Extension Gallery link to automatically point to your own extension gallery.
Why you have to customize Desktop Extension link? If you don’t, most of the Desktop users will still go to https://extensiongallery.tableau.com/ as default. Once we figure out auto-redirect, the communication and training work becomes much easy now.
- How to build your internal Tableau Extension Gallery: Extension Gallery is pretty much a web server. In additional to regular Web server components, you do need to figure out user and object relationship to make sure John can only updates his extension and related libraries. You may want to design additional feature like private extension (only available to yourself) vs public extension that can be shared to anyone in your organization.
2. How to auto re-direct Tableau Extension Gallery to your internal Extension Gallery: Unfortunately it is not easy to hack the URL from Desktop package. I found that the easiest way is DNS re-direct.
- Work with your company’s network team to see if they are willing to re-direct all traffic from https://extensiongallery.tableau.com/ to your own internal extension gallery.
- If the above option not doable, you will have to set each Tableau Desktop user’s PC or Mac’s hosts to auto re-direct the traffic. This approach works if you control the Desktop deployment. For Mac, add one line IP Address extensiongallery.tableau.com to /etc/hosts file. Windows is similar hosts file change. The IP Address is your internal extension gallery’s IP address.
3. How to setup Tableau server for Extensions: The followings are needed to make data security while Extension enabled:
- Check ‘Enable Users to run extension on the site’ for each site
- Uncheck ‘Enable unknown extension to run….’ for each site
- Only add internal gallery extension to the server safe list – this is easy to control since only server admin can change the list and site admin can’t change it.
Re-cap: Tableau Extension is a great innovation. However if your org is concerned with data being sent out of your firewall while extension used, you can build your own internal extension gallery and direct DNS from https://extensiongallery.tableau.com/ to your extension gallery for all Desktop users. Then of course, you need to make sure Extension config on each site correctly not to use any external extensions.