Encrypted Data Collection

To make sure the data collection from Tableau Server to Tableau Resource Monitoring Tool is encrypted, communications between RMT Server and Agents and connections to Tableau Server Repository have to be enabled to use encrypted messaging.

For versions 2022.3 and later

  • If RabbitMQ is installed on the same machine as the RMT Server (local configuration), Tableau Resource Monitoring Tool has built-in encrypted communications between RMT Server and agents. There is no setup required for encryption between RabbitMQ and RMT Server.
  • If RabbitMQ is hosted external to RMT Server (external configuration), you must follow the same steps as described in the For versions 2022.2 and earlier section in this topic

You still need to enable and configure the encrypted communications to Tableau Server repository database in both cases stated above.

Tableau Repository SSL Configuration

  1. Make sure Tableau Server is configured to use SSL connections for internal Postgres connections. For more information, see Configure SSL for Internal Postgres Communication. The Resource Monitoring Toolallows you to use either the certificate file or thumbprint for the SSL connections. If you plan to use the certificate file, copy the certificate file generated by Tableau Server for internal Postgres SSL connections to the machine where you plan to install the RMT Server. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
  2. On the RMT Server web interface, from the Admin menus, select Environments. Click on the edit environment icon.

    In the Tableau Repository Configuration section:

    1. In the SSL Mode drop-down box, select Prefer SSL or Require SSL to configure SSL connections to Tableau Repository. Choosing Disable means SSL will never be used to make Tableau Server Repository connections.

      In the Prefer SSL mode, the Resource Monitoring Tool will use SSL in the first attempt, and if that fails, the subsequently attempts a non-encrypted connection.

      In the Require SSL mode, if the SSL connection fails, the connections to Tableau Server Repository will fail entirely. In this case, Tableau Server REST API connections will be used to communicate with Tableau Server.

    2. You can choose to either supply the thumbprint that was generated by Tableau Server, or copy the server.crt file to the Resource Monitoring Tool Master Server machine. If you choose to copy the certificate file, you don't have to supply the thumbprint. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.

 

For versions 2022.2 and earlier

Encrypted communication between the Agent(s) and RMT Server is possible by performing the following:

RabbitMQ Setup

For details on RabbitMQ server setup please reference RabbitMQ’s documentation for TLS Setup.

Tableau Resource Monitoring Tool Setup

After RabbitMQ has been configured for TLS all-client applications, the Tableau Resource Monitoring Tool RMT Server and all Agents will need to be configured to enable encrypted messaging. Do the following on the RMT Server web interface:

  1. On the machine where RMT Server is installed, go to: http://<hostname>/setup/server.
  2. In the Message Queue section, tick the Enable TLS box, and provide the Certificate Host Name.
  3. Update the port information if needed.

When configuring the RMT Server and agent(s) for encrypted messaging:

  • Both the enabled flag and the certificateHostName must be configured for encryption to be enabled.
  • The certificateHostName variable must match the canonical name (CN=) on the server certificate or the connection will fail.
  • The port number will likely need to be changed based on the TLS port you configured on RabbitMQ.

Note: If the Agents were already registered before SSL was configured, then you must re-register the agent. To do this, download the new bootstrap file and re-register the Agent using the new bootstrap file. For more information on re-registering the Agent, see Re-registering an Agent.

Who can do this

To configure an encrypted data collection you must be both a Tableau Server Administrator and a Resource Monitoring Tool administrator.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!