4 Replies Latest reply on Jan 24, 2014 12:58 PM by eugen.frunza

    How to expose certain admin/config functions to remote clients.

      Hello Forum,

      We embed Tableau (7.0.3) views in our or web based product. We install and configure Tableau in the same machine as our web server and embed Tableau views in our pages.

      There are several Tableau configs/properties that we tweak and CLI commands that we use while we use Tableau.

      Let me list some of them

      • tabadmin - set trusted hosts,  query server status
      • tabcmd - edit or add users, user roles.

      These activities are programmatically achieved.

       

      Now we would like to enable installing Tableau in a different machine (from our main web server machine) and would still like to communicate with Tabluea to  query/edit its properties (programmatically, from the runtime).

      What is the recommended practice of achieving this. Especially

      1. Set trusted hosts from a remote machine ( we want the same effect as invoking tabadmin)
      2. Query server status (we want the same effect as invoking tabadmin)
      3. Edit or add  users, user roles ( we want the same effect as invoking tabcmd)

       

      Questions

      1. Are these functions exposed in the Tableau server console? (I doubt it. I could not find them). If yes, we are OK with programmatically doing HTTP calls to achieve this
      2. We thought of installing an agent in the Tableau machine and issuing remote commands to it ( on TCP or HTTP) and then have the agent invoke tabadmin/tabcmd CLIs to issue commands to Tableau.  Would you recommend this?
      3. Tableau ships a tomcat.  Another thought was to implement this agent as a web application and deploy it in the tomcat that is shipped with Tableau. Would you recommend this practice?
      4. Any other thoughts/ideas?

       

      Thanks in advance!

        • 1. Re: How to expose certain admin/config functions to remote clients.
          Leo Great

          1. Setting Trusted hosts - it is an one time command so I think there is very little need and can avoid it to implement this from remote. So better issue this command in the server.

           

          2.An Alternative solution is there http://kb.tableausoftware.com/articles/knowledgebase/monitoring-tableau-server

             You can get the systeminfo in an xml format, request the xml, validate it and monitor the server remotely.

           

          3. You can install tabcmd in the remote machine and use it to connect with the server to do this function.  so Tabcmd is enough for this functionality. install the tabcmd in the remote machine and use this.

           

           

          Answers

          1.   tabcmd is fine for doing edit users and other stuffs.

          2.   Direct implementation is available so there is no need of this.

          3.   2

          4.   Nope, until you ask more

          1 of 1 people found this helpful
          • 2. Re: How to expose certain admin/config functions to remote clients.

            Thanks Leo. Your suggestions were helpful.

            But...

            The ip of the  trusted mahine / wgserver.systeminfo.allow_referrer machine may not be known/decided at the time of Tableau Server installation. What I mean to say is that, the user may first install Tableau Server on machine A and at a later point install our product on machine B. Then he would have to switch to machine A and set up trusted machine IP and wgserver.systeminfo.allow_referrer IP using tabadmin tool.

             

            It could be helpful to have an agent running (and capable of executing  tabadmin/other  commands on someone's behalf)  in the Tableau server machine.

            So, Questions again :

            a. Can that agent be deployed into one of  Tableau's web servers:  httpd or tomcat?

            b.  Would you recommend/discourage such an approach?

             

            Thanks!

            • 3. Re: How to expose certain admin/config functions to remote clients.
              Leo Great

              Here I can Suggest you other idea than giving access to the external web installation to your tabadmin tool.

               

              Have a Database in your Server, whenever an installation triggers in the remote machine, get the IP inserted in a row of the DB. Have a script in the DB side whenever a row is updated trigger a script locally to trust the inserted IP. Also you can validate the IP before trust it, will decrease the vulnerability.

               

              Other ways like httpd or agents are not much secure so I discourage the remote execution of tabadmin.

              • 4. Re: How to expose certain admin/config functions to remote clients.
                eugen.frunza

                Could you please expand on this comment:

                2.   Direct implementation is available so there is no need of this.

                I am referring to the question of installing an 'agent' on Tableau Server, sending requests to that agent, then the agent would invoke tabcmd commands.

                 

                What is the direct implementation of this? Is it an API, and if so, does it have a documentation anywhere?

                 

                Thanks much