The Tableau Server Enterprise Deployment Guide (EDG) has been developed to provide prescriptive guidance for deploying Tableau Server (on-premises or in the cloud). The Guide provides deployment guidance for enterprise scenarios in context of a reference architecture. We have tested the reference architecture to verify compliance with security, scale and performance benchmarks, which conform to industry-standard best practices.
At a high-level, the core features of an industry standard enterprise deployment consisting of a tiered topology where each layer of server application functionality (web gateway tier, application tier and data tier) is bound and protected by access-controlled subnets. Users accessing the server application from the internet are authenticated at the web tier. Once authenticated, the request is proxied to a protected subnet where the application tier handles the business logic. High-value data is protected by the third subnet: the data tier. Services in the application tier communicate over the protected network to the data tier to service data requests to the backend data sources.
In this deployment, security is at the forefront of all design decisions and implementation. However, reliability, performance and scalability are also priority requirements. Given the distributed and modular design of the reference architecture, reliability and performance scale in a linearly predictable way by strategically co-locating compatible services at each node and adding services at chokepoints.
Who should read this
The EDG has been developed for enterprise IT administrators who may require:
- An IT-managed Tableau deployment
- Industry compliance enforcement
- Industry deployment best practices
- Secure deployment by default
The EDG is an implementation guide for deploying the enterprise reference architecture. While this version of the EDG includes an example AWS/Linux implementation, the Guide can be used as a resource by experienced enterprise IT administrators to deploy the prescribed reference architecture into any industry standard data centre environment.
This version of EDG was developed for the 2021.2.3 version (or later) of Tableau Server. While you may use the EDG as a general reference for deploying older versions of Tableau Server, we recommend that you deploy the reference architecture with Tableau Server 2021.2.3 or later. Some features and options are not available on older versions of Tableau Server.
For the most up-to-date features and improvements, we recommend deploying EDG with Tableau Server 2022.1.7 and later.
The reference architecture described in this Guide supports the following Tableau clients: Web authoring with compatible browsers, Tableau Mobile and Tableau Desktop version 2021.2.1 or later. Other Tableau clients (Tableau Prep, Bridge, etc.) have not yet been validated with the reference architecture.
The first version of the Tableau Server reference architecture introduces the following scenarios and features:
- Client pre-authentication: Tableau clients (Desktop, Mobile, Web Authoring) authenticate with the corporate authentication provider in the web tier before accessing the internal Tableau Server. This process is managed by configuring an authN plug-in on the Tableau Server Independent Gateway acting as reverse proxy server. See Part 5 - Configuring Web Tier.
- Zero trust deployment: Because all traffic to Tableau Servers is pre-authenticated, the entire Tableau deployment operates in a private subnet that does not require a trusted connection.
- External repository: The reference architecture specifies installing the Tableau repository onto an external PostgreSQL database, allowing DBAs to manage, optimise, scale and back up the repository as a generic database.
- Initial node recovery: The EDG introduces a script that automates initial node restoration in the event of a failure.
- Tar-based backup and restore: Use familiar tar backups at strategic milestones of the Tableau deployment. In the event of a failure or deployment misconfiguration, you can quickly recover to the previous deployment stage by recovering the associated tar backup.
- Performance improvement: Customer and lab validation shows a 15-20% performance improvement when running EDG compared to standard deployment.
The Tableau Sever reference architecture prescribed in this Guide requires a Tableau Advanced Management licence to enable Tableau Server External Repository. You may also optionally deploy Tableau Server External File Store, which also requires the Tableau Advanced Management licence. See About Tableau Advanced Management on Tableau Server (Linux(Link opens in a new window)).