Network Communication
This content is part of Tableau Blueprint—a maturity framework allowing you to zoom in and improve how your organization uses data to drive impact. To begin your journey, take our assessment(Link opens in a new window).
Tableau Server
There are three main network interfaces in Tableau Server:
- Client to Tableau Server: The client can be a web browser, Tableau Mobile, Tableau Desktop, Tableau Prep Builder, or the tsm (Windows | Linux) and tabcmd (Windows | Linux) utilities.
- Tableau Server to your database(s): To refresh data extracts or handle live database connections, Tableau Server needs to communicate with your database(s).
- Server component communication: This applies to distributed deployments only.
You should configure SSL to ensure that access to Tableau Server is secure and that sensitive information passed between the server and Tableau clients is protected on your network. For more information, visit Network Security (Windows | Linux) and Ports (Windows | Linux. To review SSL configuration examples for industry standard reference architecture, visit Part 6 of the Tableau Server Enterprise Deployment Guide, Part 6 - Post-Installation Configuration.
Secure On-Prem Servers
To prevent users with publish/explore permissions from connecting to Tableau Server resources that they shouldn't have access to, complete the following steps to configure and secure your on-prem servers.
-
Create a PostgreSQL user account.
-
Name it: tbladminviews
-
Select the least privileges for Admin Views.
-
Change the Admin Views workbook templates to use tbladminviews instead of tblwgadmin.
-
Add connection IP policy to deny private (non-routable) IP addresses:
-
Change connection IP default rule to Allow
tsm configuration set -k ConnectionIPDefaultRule=ALLOW
-
Deny private (not-routable) IP addresses
tsm configuration set -k ConnectionIPDenyRanges=127.0.0.1,192.168.0.0-192.168.255.255,172.16.0.0-172.31.255.255,10.0.0.0-10.255.255.255
-
Tableau Cloud
All communication with Tableau Cloud is encrypted using SSL for secure transmission of data. Clients include the following: a web browser, Tableau Desktop, Tableau Prep Builder, Tableau Bridge, Tableau Mobile, and tabcmd utility. Tableau Cloud supports TLS 1.2 and higher. A variety of encryption techniques ensure security from browser to server tier to repository and back. In addition, Tableau has many built-in security mechanisms to help prevent spoofing, hijacking, and SQL injection attacks, and it actively tests and responds to new threats with monthly updates.