Tableau 2019.3 Server Features : Encryption at Rest, Data Management Add-on and Server Management Add-on

Version 11

    Tableau 2019.3 has some big server features: Encryption at Rest, Catalog (part of the Data Management Add-on),  and Server Management Add-on. This webinar is for admin. What problems those features try to address? What is the setup, controls, licenses, configuration, alerts, monitoring that admins have to know about those new features?

    • Click here to download the 60 pages of  slides used
    • Click here for the recording
    • Click here for the Catalog Postgre workbook


    Encryption at Rest

    • Scope:
      • In-scope : Hyper files in Filestore.
      • Out-scope: Tmp files, data in memory, twb, tds, Excel and JSON
    • Use cases:
      • Compliance with data protection mandates
      • Restrict hackers from seeing specific data
      • Restrict OS users who can access extract files but can’t read it w/o encryption key
      • It does not restrict Tableau server admin from seeing your extracts on server



    • Impacts
      • Slight increase in viz load time
      • Slight to moderate increase in backgrounder load time
      • Significant (can be 2X) increaser backup size
    • Controls and Permissions
      • Super flexible controls at site, workbook or data source level
      • Content owners and admins have permission to change between Encrypted and Unencrypted when site level setting is ‘Enable’ user control. Vote here if you think that project leader/owner should make the change too.
    • License
      • No additional license
      • Feature available soon as server upgraded to 2019.3


    Data Management Add-on and Server Management Add-on




    Prep Conductor (part of Data Management Add-on)

    • Problem Statement: Refresh Flow on server in the same way as refreshing extracts
    • 5-step Setup
      1. Upgrade to 2019.1 and get Data Management Key license. For core based, you will need Data Management Key and Resource Core Key.
      2. Configure Tableau Prep Conductor process to one or multiple backgrounder nodes. Prep Conductor can only be enabled in the backgrounder node and it is recommended to restrict it to one backgrounder node to start with.
      3. Create Flow type schedule
      4. Change default timeout - recommend to be the same as extract timeout.
      5. Turn on/off Prep Conductor at site level  - if your Extract Job Failure Notification is off for the site and you use VizAlert, you need to change VizAlert to include Flow type.

    Tableau Catalog (part of Data Management Add-on)

    • Problem Statement: Data Lineage. i.e. Which dashboards are impacted when a source data table is changed?
    • Bonus: Catalog tables available to Postgre READONLY user without Data Management Add-on!!!!
      • Upgrade to 2019.3 server
      • Run  ‘tsm maintenance metadata-services enable’
      • Catalog tables would be populated with metadata automatically and on-going new content’s metadata would be populated too.
      • Please see the attached workbook for the basic catalog tables and joins

    Data Catalog Tables











    • Why you still want Data Management add-on licenses?
      • Make lineage available to all server users with permission controls and integrated with all existing Tableau workbook/view/data sources
    • Catalog Permissions -  Who can view the External Assets (aka catalog data or metadata)?
      • Content owner
      • Project leader
      • Project owner
      • Interactors for workbook with embedded data source


    Tableau Server Management Add-on

    • Features:
      1. Server Resource Monitoring (CPU, Mem, log, viz render, extracts)
      2. Content Migration (Between project, site, server)
      3. AWS RDS - external Repository (Better DR, separate AWS RDS license needed)
      4. Backgrounder Node Optimization(Dedicated backgrounder for subscriptions, FileStore no query)
    • How it fits all other existing server management toolsets?


    • Overall impression: Overall idea is very good to get CPU/Mem/Logs/Postgre data together for admin to have comprehensive pulses of your server – this is something that admins have been asking for long time. As V2019.3 is the first release of the server management add-on, the features can be a lot better. Current version is very hard to install, only works for Windows, limits to server workload under 1,800 views/hr, content migration tool does not handle passwords automatically yet – means that content migration tool is not designed for central IT team (unless central IT & publishers share same database password that is unlikely) to use but for each publisher to use.


    Explain Data

    • Intent is to answer ‘Why’ faster and discover additional insights.
    • Available for Desktop and Server web edit mode only. Please click IDEA to vote this feature be available without web edit mode.