This topic describes how site admins can configure and manage pooling for Bridge clients. Pooling allows clients across the site to load balance data freshness tasks for data sources or virtual connections that connect to private network data.
The purpose of a pool is to distribute (or load balance) data freshness tasks among the available clients in a pool whose access is scoped to a domain within your private network. Pools map to domains, giving you the ability to dedicate pools to keeping specific data fresh and maintaining security by restricting access to protected domains in your private network.
Although the client in the pool that performs the data freshness task is chosen at random, if for whatever reason a client can no longer perform the task, the task is automatically rerouted to another available client in the pool to handle the task. There is no additional intervention required from you or your users to support or manage the pool of clients.
Pooling is optimized for keeping data sources or virtual connections that connect to data on one or more private networks fresh. Pooling support does not extend to data sources that use Bridge (legacy) schedules.
In general, pooling is optimized for the following situations:
Bridge is used as a critical service. If your organization requires that live query and scheduled refresh support must be available even if a client becomes unavailable.
Client is at capacity. If your existing site traffic is exceeding current capacity of the client.
Tableau Online-managed schedules for file-based data sources. Beginning with Bridge client version 2021.4.3 (coming soon), Bridge pools enable Online schedules for file-based data sources.
Keeping data fresh on multiple private networks.
- Virtual connections. Requires the Data Management Add-on. Bridge is required to refresh data in virtual connections that connected to private network data. For more information about virtual connections, see About Virtual Connections and Data Policies.
Before configuring the pool
Before you can configure a client pool for your site, review the following:
- Clients must be installed and running.
- Clients are configured to run as a service. For more information, see Application versus Service mode.
- The user authenticated into a client is a Tableau Online site admin. For more information about deploying Bridge, see Plan Your Bridge Deployment.
- To keep virtual connections fresh, ensure all clients in the pool are running Bridge 2021.4 (or later).
- To load balance file-based data sources (coming in version 2021.4.3), ensure all clients in the pool are running Bridge 2021.4.3 (or later).
Note about user roles
Only site admins, or users with either the Site Administrator or Site Administrator Creator role, can configure and maintain pooled clients. Regardless of the type of user authenticated in to the client, only site admins can add new pools, add clients to a pool, remove clients from a pool, and monitor clients in a pool.
Step 1: Ensure clients can connect to the site
In order for Bridge to work with your site, you must allow clients to authenticate to the site.
Sign in to Tableau Online using your site admin credentials and go to the Settings page.
Click the Authentication tab and validate that the Let clients automatically connect to this Tableau Online site check box under the Connected Clients heading is selected. For more information about this check box, see Access Sites from Connected Clients.
Note: If enabled, the connected clients option must enabled to support multi-factor authentication with Tableau authentication. If connected clients are disabled for your site, Bridge can only support Tableau username and password authentication.
Pools help route live query and extract refresh jobs to the appropriate private network. Use pools to access data distributed across multiple private networks, enable extract refreshes for file-based data sources (coming in version 2021.4.3), and to support data freshness tasks for virtual connections.
- On the Bridge tab, under Pooling, click the Add New Pool button.
- In the dialog box, enter a new pool name in the Pool text box and click Save.
After you have at least one pool configured, as part of the publishing process, Tableau Online associates certain data sources or virtual connections with Bridge and client pools automatically.
Beginning in version 2021.4, each new pool requires a domain to be specified through the Private Network Allowlist. This information is required to enable Bridge access to data in the private network on behalf of Tableau Online.
Using the allowlist, you must specify the domains of the private network where you want to enable client access. In other words, the domain names that you specify in the allowlist are the server names used in the data source connection. In some cases, you can find the server name listed in the Connections tab of the data source page in Tableau Online.
For example, to keep data sources like “Starbucks” up to date, you might specify “mssql.myco.lan” and “oracle.myco.lan” or “*.myco.lan” in the allowlist.
In other cases, for data sources like "Fitness Challenge" the Connections tab might not list the server name. When the server name is not listed, consider working with the data source owner to identify where the data is hosted and specify the server name in the allowlist when you have the information. As a temporary alternative, you can skip to Step 4: Add clients to a pool to assign clients to use the Default Pool instead.
- For security purposes, the allowlist is empty by default to prevent Tableau access. This ensures that site admins specify what data can be sent to Tableau Online using Bridge.
- You can assign one or more domains to a pool.
- If your site was set up to use pooling prior to Tableau 2021.4, the Default Pool remains but can't be configured to access a specific private network. To reduce the scope of access of this pool, consider recreating the pool and mapping it to a specific domain.
To map a domain to a pool, do the following:
While on the Bridge tab, under the Private Network Allowlist, click the Add New Domain button.
In the Domain text box, enter the URI of the domain using the information described in Allowlist registry rules.
Under Domain permissions, ensure the Allow radio button is selected.
Under Pool, select the pool whose scope of access should be limited to the URI you specified in step 2.
- Repeat steps 1-4 for each additional domain.
When finished, click Save.
Use the following rules when specifying the domains that you want to enable Bridge access to. This allows Bridge, on behalf of Tableau Online, to access the data on your private network to perform data freshness tasks. A domain enables Bridge to connect to both databases and file data (coming in version 2021.4.3) hosted in that domain.
- Domains are not verified when a data sources or virtual connections at publishing time or when refresh schedules are configured.
- Domains must be accessible by Bridge. This means, all clients in the pool must have access to the specified domain.
- If no domains are specified, Bridge is unable to run data freshness tasks for data sources or virtual connections configured for Online schedules. Note: Data sources configured for Bridge (legacy) schedules will continue to run in the same way.
|Exact domain name||Can either be a FQDN or PQDN. IP addresses and port numbers are not allowed.||myco.com
|Range of domain names||
Use an optional leading wildcard (*) to include all subdomains. The * must be followed directly by a period (.).
|Block domains||Block Bridge connectivity to hosts in this domain.||
When adding or editing a domain in the private network allowlist, select the Block radio button option.
Example 1 - database data
Suppose you want Bridge to do the following:
- Perform data freshness tasks for data located in data.lan and sqlserver.myco.lan.
- Prevent data freshness tasks for data located in oracle.myco.lan.
To enable Bridge to support these scenarios, you can map the domains to two pools (A and B) and block the third domain.
|If you specify...||and map to pool...||...data is refreshed in locations|
Note: Although this domain range blocks data freshness tasks on oracle.myco.lan, a blocked domain range can unblock a specific domain within it if the domain is explicitly allowed, such as sqlserver.myco.lan.
Example 2 - file data (coming in version 2021.4.3)
Suppose you have file data, C:\Shared\employees.csv, located on fileserv.myco.lan. To enable Bridge access to this data, map the domain of the machine to a pool. You can specify one of the following domains to a pool:
- Option #1: *.lan
- Option #2: *.myco.lan
- Option #3: fileserv.myco.lan
Note: The host machine must allow network access to the "Shared" folder.
Follow the procedure below to assign clients not already assigned to a pool.
Note: To support data freshness tasks for all data, ensure clients in the pool are running Bridge 2021.4 (or later).
- On the Bridge tab in the Unassigned Clients table, navigate to the client you want to assign to a pool and click Assign.
- In the Pool drop-down menu, select the pool you want to associate with the client.
- Repeat step 2 for each unassigned client you want to assign to a pool.
There are a few ways you can manage your pooled Bridge clients.
Monitor data freshness tasks
You can monitor client activity using a combination of the Jobs page and built-in admin views.
To monitor live query activity, you can use the Traffic to Bridge Connected Data Sources admin view.
To monitor refresh jobs, you can use the following resources:
Jobs page: The Jobs page can show you the completed, in progress, pending, canceled, and suspended Bridge refresh jobs that use Online schedules. For more information, see About Bridge Refresh jobs.
Background Tasks for Non Extracts admin view: After filtering on Refresh Extracts Via Bridge, this admin view shows Bridge refresh jobs that use Online schedules. For more information, see Background Tasks for Non Extracts.
Bridge Extracts admin view: This admin view shows Bridge refresh jobs that use both Online schedules and Bridge (legacy) schedules. For more information about this view, see Bridge Extracts.
Create a data source or view using client logs: Using JSON log files generated by a client, create your own data sources and views to monitor refresh jobs. For more information, see the Refresh jobs by client section below.
As an alternative to monitoring refresh jobs using the admin views listed above, consider creating your own data sources and views to monitor refreshes performed by a Bridge client. You can do this by using Tableau Desktop to connect to a client’s JSON log files on the machine where the client is running.
Note: A client's JSON log files do not capture refreshes for virtual connections.
The JSON log files are comprised of objects, “k” and “v”. The “k” objects capture refresh jobs and “v” objects capture refresh details. The refreshes and their details include:
- Schedule type - Online or Bridge (legacy)
- Data source type and name
- Refresh start and end time, duration, time to upload and publish
Step 1: Before you begin
If you want to build a view from the data of one log file, you can skip to Step 2.
If the data for a client is in multiple log files, you’ll need to union the files. You can create a script to union the log files locally or use Tableau Desktop to perform the union as described in the procedure below.
- The procedure described below assumes you are running Tableau Desktop on the same machine as the client.
- If you are working with multiple log files from different clients in a pool, in addition to unioning multiple logs files for a client, you can join the log files from multiple clients to monitor refreshes in a pool.
- Connecting to JSON files directly from Tableau Online web authoring is currently not supported. For more information, see Creators: Connect to data on the web(Link opens in a new window).
Step 2: Connect to JSON logs
To build a data source and view, connect to a client’s log files using Tableau Desktop.
Start Tableau Desktop and under Connect, select JSON file. Do the following:
- In the Select Schema Levels dialog box, select the top level schema to include “k” object details and optionally, select the "v"-level schema to include "v" object details, and then click OK.
- Navigate to the log file you want to connect to (for example, C:\Users\jsmith\Documents\My Tableau Bridge Repository\Logs), select it, and then click Open.
(Optional) On the data source page, right-click the log files and click Convert to Union to set up a union. Do the following:
- Select Wildcard (automatic) tab.
- Next to Search In, verify the path shows the client’s Log folder.
- Under Matching pattern, enter ExtractRefreshMetrics_* and click OK.
Select the sheet tab to start your analysis and build your view.
When finished, publish the data source and view to Tableau Online separately. To ensure that your data source is kept up to date, you can set up a Bridge (legacy) schedule for the data source after publishing.
Be aware that the data sources and views you create can change without warning because new log files can be generated and old log files can be deleted after certain log-specific limits are met. For more information about these limits and how to adjust them, see Change the Bridge Client Settings.
Under the Pooling section, you can see up to five tables of pooling and client related information in your Bridge deployment.
The first table consists of clients registered to the site organized by the pools they are assigned to.
The second table, Unassigned Clients, shows clients not assigned to a pool. In most cases, these clients need to be assigned to a pool before they can load balance live query and extract refresh jobs. In other cases, clients in this table might be dedicated to refreshing data sources using Bridge (legacy) schedules.
The third table, Default Pool, shows clients in the default pool. Clients configured to use pooling prior to Bridge 2021.4 are included in this pool by default. Because the default pool's domain can't be configured to access a specific private network, we recommend you reduce its scope of access by recreating the pool and mapping it to a specific domain.
The clients you see in the first three tables can tell you the following information:
Client name, also known as the computer name, is the name of the machine the client is installed on and running from.
Owner name, which in most cases is a site admin. This is the user who is authenticated (signed in) to Tableau Online from the client.
- Pool status, applies to the first table only, can indicate 1) whether there are assigned clients in the pool, 2) clients are connected and available to handle data freshness tasks, or 3) pool is offline because all clients int he pool are disconnected.
A warning icon () displays in this column when the client is not running the latest version of Bridge. Although not required, we strongly recommend upgrading to take advantage of the latest security and feature updates. To download the latest version of Bridge, go to the Tableau Bridge Releases(Link opens in a new window) page on the Tableau website.
Note: The warning icon shows only when there is a newer client available for download. The warning icon is not an indication that there are issues with the client or related Bridge data sources or virtual connections.
Connection status—for more information see the Client connection status, below.
Last connected—shows the day and time Tableau Online was last able to reach the client.
About Private Network Allowlist
The fourth table, Allowlist Registry, contains a list of domains that pools are scoped to.
The fifth table, Allowlist Requests, shows pending domains that users have requested to connect to when trying to create virtual connections. These domain requests should be addressed as soon as possible to unblock users from their virtual connection workflows.
Where clients are listed, the colored squares and status labels indicate the availability of the client to support data freshness tasks.
Green or "Connected": A green or Connected state indicates that the client is connected and available to support live queries and extract refreshes.
Red or "Disconnected": A red or Disconnected state can indicate one of a few conditions that have temporarily put the client in a disconnected state. The most common scenario is if the client is not running or was unable to establish communication with Tableau Online after being launched. You can hover the mouse over the status to see a tooltip that describes the condition.
- When the client is in a disconnected state, live queries might be disrupted. In cases like this, views that depend on data sources or virtual connections with live queries might not properly display until the issue is resolved.
The states described above reflect and correspond to the status you see in the client.
Bridge Refresh jobs fail with one of the errors listed below.
The following errors can be seen on the Jobs page and the Background Tasks for Non Extracts admin view.
This issue can occur for one of two reasons:
When the server address of a data source does not match a domain specified in the Private Network Allowlist. This causes refresh jobs to be sent to the Default Pool where there are no assigned clients. To resolve this issue, make sure 1) the allowlist contains the domains (or server addresses) used by the data sources, and 2) at least one pool is associated with those domains (or sever addresses). For more information, see Step 3: Specify a domain for a pool.
- When there are no clients in the pool. To resolve this issue, add at least one Bridge 2020.2 (or later) client to the pool. For more information, see Step 4: Add clients to a pool.
This issue can occur when a refresh job tries to run without at least one Bridge 2020.2 (or later) client in the pool. To resolve this issue, add at least one Bridge 2020.2 (or later) client to the pool. For more information, see Step 3: Specify a domain for a pool.
This issue can occur when none of the clients in the pool are available to run data freshness tasks. For more information, see the Client connection status section above.
"errorID=REMOTE_EXTRACT_REFRESH_ALL_AGENTS_BUSY" or "errorMessage: Maximum concurrency reached" in the client
These issues can occur if the number of refresh jobs running at a given time exceeds the capacity of your client pool. To help resolve this issue, you can do the following:
Beginning with Tableau 2021.4, this issue can occur when the clients in the pool need to be upgraded to Bridge 2021.4 (or later) in order to run data freshness tasks. For more information about upgrading clients, see Install Bridge.
Bridge clients are being signed out
This issue can happen if you deploy a large number of clients under the same Windows services account. When there are more than 10 clients running under one Windows services account, account security measures can cause clients to be logged out. For more information, see Windows services account.
Other potential pooling issues
When trying to diagnose issues related to pooling, consider reviewing the following log files for a client on the Bridge client machine: tabbridgeclijob_<process_id>, jprotocolserver_<process_id>, stdout_jprotocolserver_<process_id>. For more information, see Manage Bridge log files.