Encrypted Data Collection
To make sure the data collection from Tableau Server to Tableau Resource Monitoring Tool is encrypted, communications between RMT Server and Agents and connections to Tableau Server Repository have to be enabled to use encrypted messaging.
For versions 2022.3 and later
- If RabbitMQ is installed on the same machine as the RMT Server (local configuration), Tableau Resource Monitoring Tool has built-in encrypted communications between RMT Server and agents. There is no setup required for encryption between RabbitMQ and RMT Server.
- If RabbitMQ is hosted external to RMT Server (external configuration), you must follow the same steps as described in the For versions 2022.2 and earlier section in this topic
You still need to enable and configure the encrypted communications to Tableau Server repository database in both cases stated above.
Tableau Repository SSL Configuration
- Make sure Tableau Server is configured to use SSL connections for internal Postgres connections. For more information, see Configure SSL for Internal Postgres Communication. The Resource Monitoring Toolallows you to use either the certificate file or thumbprint for the SSL connections. If you plan to use the certificate file, copy the certificate file generated by Tableau Server for internal Postgres SSL connections to the machine where you plan to install the RMT Server. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
On the RMT Server web interface, from the Admin menus, select Environments. Click on the edit environment icon.
In the
In the
In the
In the
- You can choose to either supply the thumbprint that was generated by Tableau Server, or copy the server.crt file to the Resource Monitoring Tool Master Server machine. If you choose to copy the certificate file, you don't have to supply the thumbprint. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
For versions 2022.2 and earlier
Encrypted communication between the Agent(s) and RMT Server is possible by performing the following:
- Configuring RabbitMQ with SSL/TLS certificates.
- Configuring the RMT Server and Agent(s) to enable encrypted messaging.
- Configuring encrypted connections to Tableau Repository.
RabbitMQ Setup
For details on RabbitMQ server setup please reference RabbitMQ’s documentation for TLS Setup.
Tableau Resource Monitoring Tool Setup
After RabbitMQ has been configured for TLS all-client applications, the Tableau Resource Monitoring Tool RMT Server and all Agents will need to be configured to enable encrypted messaging. Do the following on the RMT Server web interface:
- On the machine where RMT Server is installed, go to: http://<hostname>/setup/server.
- In the Message Queue section, tick the Enable TLS box, and provide the Certificate Host Name.
- Update the port information if needed.
When configuring the RMT Server and agent(s) for encrypted messaging:
- Both the
enabledflag and thecertificateHostNamemust be configured for encryption to be enabled. - The
certificateHostNamevariable must match the canonical name (CN=) on the server certificate or the connection will fail. - The
portnumber will likely need to be changed based on the TLS port you configured on RabbitMQ.
Note: If the Agents were already registered before SSL was configured, then you must re-register the agent. To do this, download the new bootstrap file and re-register the Agent using the new bootstrap file. For more information on re-registering the Agent, see Re-registering an Agent.
Who can do this
To configure encrypted data collection you must be both a Tableau Server Administrator and Resource Monitoring Tool.