Encrypted Data Collection

Encrypted communication between the Agent(s) and RMT Server is possible by performing the following:

  • Configuring RabbitMQ with SSL/TLS certificates.
  • Configuring the RMT Server and Agent(s) to enable encrypted messaging.
  • Configuring encrypted connections to Tableau Repository.

RabbitMQ Setup

For details on RabbitMQ server setup please reference RabbitMQ’s documentation for TLS Setup.

Tableau Resource Monitoring Tool Setup

After RabbitMQ has been configured for TLS all-client applications, the RMT Server and all Agents will need to be configured to enable encrypted messaging.

Tableau Resource Monitoring Tool Setup

After RabbitMQ has been configured for TLS all-client applications, the Tableau Resource Monitoring Tool RMT Server and all Agents will need to be configured to enable encrypted messaging. Do the following on the RMT Server web interface:

  1. Navigate to: http://<hostname>/setup/server.
  2. In the Message Queue section, tick the Enable TLS box, and provide the Certificate Host Name.
  3. Update the port information if needed.

When configuring the RMT Server and agent(s) for encrypted messaging:

  • Both the enabled flag and the certificateHostName must be configured for encryption to be enabled.
  • The certificateHostName variable must match the canonical name (CN=) on the server certificate or the connection will fail.
  • The port number will likely need to be changed based on the TLS port you configured on RabbitMQ.

Note: If the Agents were already registered before SSL was configured, then you must re-register the agent. To do this, download the new bootstrap file and re-register the Agent using the new bootstrap file. For more information on re-registering the Agent, see Re-registering an Agent.

Tableau Repository SSL Configuration

  1. Make sure Tableau Server is configured to use SSL connections for internal Postgres connections. For more information, see Configure SSL for Internal Postgres Communication. The Resource Monitoring Toolallows you to use either the certificate file or thumbprint for the SSL connections. If you plan to use the certificate file, copy the certificate file generated by Tableau Server for internal Postgres SSL connections to the machine where you plan to install the RMT Server. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
  2. On the RMT Server web interface, from the Admin menus, select Environments. Click on the edit environment icon.

    In the Tableau Repository Configuration section:

    1. In the SSL Mode drop-down box, select Prefer SSL or Require SSL to configure SSL connections to Tableau Repository. Choosing Disable means SSL will never be used to make Tableau Server Repository connections.

      In the Prefer SSL mode, the Resource Monitoring Tool will use SSL in the first attempt, and if that fails, the subsequently attempts a non-encrypted connection.

      In the Require SSL mode, if the SSL connection fails, the connections to Tableau Server Repository will fail entirely. In this case, Tableau Server REST API connections will be used to communicate with Tableau Server.

    2. You can choose to either supply the thumbprint that was generated by Tableau Server, or copy the server.crt file to the Resource Monitoring Tool Master Server machine. If you choose to copy the certificate file, you don't have to supply the thumbprint. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.

Who can do this

To configure encrypted data collection you must be both a Tableau Server Administrator and Resource Monitoring Tool.

Thanks for your feedback!