Create an Azure Database PostgreSQL Instance on Azure
Beginning in version 2020.4, you can host your External Repository on the Azure Cloud Platform. This topic describes how to create a Azure Database for PostgreSQL instance to use as your Tableau Server external repository.
Requirements and Recommendations
We recommend that you use 8 vCore memory optimised server with 50 GB of storage for Tableau Server external repository, but the exact requirements will vary with your requirements and usage. If you already have a Tableau Server, review the usage of your existing repository to determine your storage needs.
You can also scale your resources if you find that you need more. For more information, see Scaling your PostgreSQL Azure Database resources.
Secure communications between Tableau Server and the external PostgreSQL DB instance using SSL is recommended, but not a requirement.
If you do not want to use secure connections between Tableau Server and External Repository, you should configure the Azure Database to allow unencrypted connections.
The PostgreSQL DB instance must be reachable by all nodes in the Tableau Server cluster. The database instance must be set up to allow connections from all the Tableau Server nodes. There are two ways to set this up:
This is most secure way: Configure Azure Database for PostgreSQL instance to only allow private access via the Virtual Network service endpoint. For more information, see Use Virtual Network service endpoints and rules for Azure Database for PostgreSQL and Create and Manage VNet service endpoints.
You may also want to review the overview topic on Azure virtual networks.
- Alternatively, Azure Database for PostgreSQL can be configured to allow connections from a range of public IP addresses. This method exposes the Azure Database endpoint to public access on the Internet.
When setting up the Azure Database instance, we recommend using postgres as the Administrator username. If you choose to use a different username, make sure that the username does not start with pg or azure. The username also cannot be rails, tblwgadmin, tableau, readonly or tbladminviews.
The version of PostgreSQL should match the version used by Tableau Server when installed locally. Tableau Server 2020.4 uses PostgreSQL version 12.
Tableau auto-generates passwords for internal use by internal database users. These passwords are 32 characters long and consist of lower-case letters and numbers. They cannot be accessed or configured by an admin. Your external PostgreSQL instance may allow you to set a password policy (this will depend on the platform you are using). If you specify a policy that includes character types other than numbers and lower-case letters, this can cause errors while configuring Tableau Server to use the external repository.
Create a Database PostgreSQL instance on Azure
Step 1: Create a delegated subnet for the Azure Database for PostgreSQL instance
This step is a prerequisite for setting up private access for your networking option when you create the instance. Setting up private access to the database is a must for secure communications. This lets the virtual machines created anywhere in that Virtual Network connect to the database instance, but none outside of the Virtual Network are able to do so.
On the same virtual network where you are currently hosting your Tableau Server, create a new delegated subnet for the Azure Database instance. For more information on setting up private access see Networking Options for Azure Database for PostgreSQL - Flexible Server on the Azure website.
Step 2: Create an Azure Database for PostgreSQL instance
To create a new Azure Database for PostgreSQL, follow the instructions provided on the Azure documentation site(Link opens in a new window).
Following are configuration options and the recommended values for the new PostgreSQL DB instance:
Server Details
- Specify None as the Data source to create a new server.
- For Admin username, we recommend using postgres as the Administrator username. If you choose to use a different username, make sure that the username does not start with pg or azure. The username also cannot be rails, tblwgadmin, tableau, readonly or tbladminviews.
Pick a password that meets Azure's requirements.
- Use the compatible version of PostgreSQL for the version of Tableau Server you are using. For a full list of PostgreSQL versions compatible with Tableau Server versions, see Product Compatibility.
- Allocate at least 512GB of storage.
Compute and Storage
- At a minimum, use Flexible Server with General Purpose computer tier, and Standard_D8s_v3 (8 vCores, 32 GB RAM) compute size.
- Network Options
- Select Private Access (Virtual Network). This ensures private and secure communications for the database.
High availability
Enable the high availability option per your requirements.
Backup
Set the retention period as per your requirements. This is for Azure automated backups, not Tableau Server's backups. You can specify the settings that meets the requirements.
Step 3: Configure a server-level firewall rule
Once the database is created, configure a server-level firewall rule to allow access to the Tableau Server nodes.
Make sure that the Database instance can be reached by all the Tableau Server nodes using the dedicated subnet described in Step 1.
Step 4: Configure the Azure Database for PostgreSQL Instance.
From the Tableau Server perspective, most of the parameter values for the instance can be set to defaults. You can modify the parameter values if you have specific performance or logging requirements, but we strongly recommend that the following parameters be left to default values and not be changed:
standard_conforming_strings
escape_string_warning
We also recommend the value for the work_mem
be set to at least 16384 to help avoid performance issues.
For information on how to configure server parameters, see this Azure documentation.
Step 5: Get the PostgresSQL DB Instance Endpoint
Once the instance is ready, get the endpoint information that you will use to configure Tableau Server to use this instance for the Tableau Sever Repository.
Step 6: Download the SSL certificate file
Secure communications between Tableau Server and the External Repository using SSL is not required but recommended.
If you want to set up secure connections between Tableau Server and the External Repository, download the certificate file. You will need this certificate file when you configure Tableau Server to use this external repository. For more information, see Configure TLS connectivity for Azure Database for PostgreSQL(Link opens in a new window).
If you do not need to use secure connections between Tableau Server and External Repository, configure the Azure Database instance to allow unencrypted connections.
Configuring High Availability for your PostgreSQL DB
Tableau Server does not manage or set up high availability for the external repository. Azure offers high availability features that can be used to provide high availability. For more information, see Azure Database High Availability(Link opens in a new window).
Disaster Recovery for your PostgreSQL DB
In the event of a disaster, you may need to set up a new Azure Database for PostgreSQL instance. There are other scenarios where you may need to recover from an issue with the database instance. In such scenarios, to configure your Tableau Server to use the new Azure Database instance, use the following steps:
Restore the backup to a new Azure Database instance. In Azure Database for PostgresQL, performing a restore creates a new server from the original server's backups. For more on Azure Database for PostgreSQL backup and restore, see Azure Database for PostgreSQL Backup and Restore.
Create a new JSON settings file containing connection information for the new Azure Database for PostgreSQL instance. For more information on creating a JSON settings file, see Step 1 in Install Tableau Server with External PostgreSQL Repository.
Use the
tsm topology external-services repository replace-host
command to point your Tableau Server to the new Azure Database for PostgreSQL instance.For more information on the
tsm topology external-services repository replace-host
command, see tsm topology.
Who can do this
Only Tableau Server Administrators can configure Tableau Server to use the external repository. You will also need an Azure account to create the Azure Database.
Next Steps
For new installations: Install Tableau Server with External PostgreSQL Repository
If you want to configure your existing Tableau Server to use an external repository, see Re-Configure Tableau Server Repository.