Encrypted Data Collection
To make sure the data collection from Tableau Server to Tableau Resource Monitoring Tool is encrypted, communications between RMT Server and Agents, and connections to Tableau Server Repository have to be enabled to use encrypted messaging.
For versions 2022.3 and later
- If RabbitMQ is installed on the same machine as the RMT Server (local configuration), Tableau Resource Monitoring Tool has built-in encrypted communications between RMT Server and agents. There is no set up required for encryption between RabbitMQ and RMT Server.
- If RabbitMQ is hosted external to RMT Server (external configuration), you must follow the same steps as described in the For versions 2022.2 and earlier section in this topic
You still need to enable and configure encrypted communications to Tableau Server repository database in both cases stated above.
- Make sure Tableau Server is configured to use SSL connections for internal Postgres connections. For more information, see Configure SSL for Internal Postgres Communication. The Resource Monitoring Toolallows you to use either the certificate file or thumbprint for the SSL connections. If you plan to use the certificate file, copy the certificate file generated by Tableau Server for internal Postgres SSL connections, to the machine where you plan to install the RMT Server. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
On the RMT Server web interface, from the Admin menus, select Environments. Click on the edit environment icon.
Tableau Repository Configurationsection:
SSL Modedrop down box, select Prefer SSLor Require SSLto configure SSL connections to Tableau Repository. Choosing Disablemeans SSL will never be used to make Tableau Server Repository connections.
Prefer SSLmode, the Resource Monitoring Tool will use SSL in the first attempt, and if that fails the subsequently attempts a non-encrypted connection.
Require SSLmode, if the SSL connection fails, the connections to Tableau Server Repository will fail entirely. In this case, Tableau Server REST API connections will be used to communicate with Tableau Server.
- You can choose to either supply the thumbprint that was generated by Tableau Server, or copy the server.crt file to the Resource Monitoring Tool Master Server machine. If you choose to copy the certificate file, you don't have to supply the thumbprint. For more information, see Configure Postgres SSL to Allow Direct Connections from Clients.
Encrypted communication between the Agent(s) and RMT Server is possible by performing the following:
- Configuring RabbitMQ with SSL/TLS certificates.
- Configuring the RMT Server and agent(s) to enable encrypted messaging.
- Configuring encrypted connections to Tableau Repository.
For details on RabbitMQ server setup please reference RabbitMQ’s documentation for TLS Setup.
After RabbitMQ has been configured for TLS all client applications: the Tableau Resource Monitoring Tool RMT Server and all Agents will need to be configured to enable encrypted messaging. Do the following on the RMT Server web interface:
- On the machine where RMT Server is installed, go to: http://<hostname>/setup/server.
- In the Message Queue section, check the Enable TLS check box, and provide the Certificate Host Name.
- Update the port information if needed.
When configuring the RMT Server and agent(s) for encrypted messaging:
- Both the
enabledflag and the
certificateHostNamemust be configured for encryption to be enabled.
certificateHostNamevariable must match the canonical name (CN=) on the server certificate or the connection will fail.
portnumber will likely need to be changed based on the TLS port you configured on RabbitMQ.
Note: If the Agents were already registered before SSL was configured, then you must re-register the agent. To do this, download the new bootstrap file and re-register the Agent using the new bootstrap file. For more information on re-registering the Agent, see Re-registering an Agent.
Who can do this
To configure encrypted data collection you must be both a Tableau Server Administrator and Resource Monitoring Tool.