4 Replies Latest reply on Mar 27, 2018 4:05 AM by Sivasankar Muthusamy

    Do we need to whitelist Tableau online site ip range when keeping a live connection to on-premise data source with tableau bridge?

    Damith Gunasekara

      Hi All,

       

      Do we need to whitelist Tableau online ip range when keeping a live connection to on-premise datasource with tableau bridge?.Prior to tableau version 10.3 it was required to add tableau online site IP range to authorized list to enable keeping a live connection between tableau online and data source.Do we need to follow the same with tableau bridge?,in case we do not want to open the data source to outside except local network, is there any other option to maintain live connection between tableau online and data source?

       

      Thanks,

      Damith

        • 1. Re: Do we need to whitelist Tableau online site ip range when keeping a live connection to on-premise data source with tableau bridge?
          Dave Reeck

          Hi Damith Gunasekara,

           

          Whitelisting is not needed when using Tableau Bridge. Tableau Bridge is designed to allow data to flow to Online without requiring changes to your firewall. Allow me to explain a bit more (apologies if this is too rudimentary!)

           

          On-premises data is on your private network. Private networks have firewalls which are designed to prevent access from the public internet. Tableau Online is on the public internet (so that customers can access it), which means it will be blocked by your firewall unless you do something special to allow it access to your on-prem data.

           

          One approach to allowing your data to flow to Tableau Online would be to 'whitelist' Online on your own firewall. This means that your firewall will give Online an exception to its regular rules, and allow it to directly access your private network. This is a valid approach, but has a few special implications and needs careful thought. Designing and maintaining secure whitelist rules can be tricky. Also: Online (which is essentially Tableau Server on the internet) may not have the drivers necessary to access your data source.

           

          Tableau Bridge lets you get your data to securely Online without having to whitelist. Bridge runs on-prem (just like your data source) and establishes out-bound communication from your network to Online and uses the drivers installed on a local computer. Your firewall won't block this traffic because it originates from inside your network (similar to how you can use a web browser to connect to a web site on the internet and receive traffic from it without having to whitelist it).

           

          In Tableau 10.3, we added 2 things to Bridge: A new name (it used to be named Tableau Online Sync Client), and a live connection capability. When using Bridge to perform extract refreshes it phones home to Online on a scheduled basis to retrieve schedules and send extracted data. When using Bridge's Live Connection capability we establish a secure long lived connection to allow queries to flow from Online to your on-prem database. Because all of these connections are initiated from inside your firewall no whitelisting is needed.

           

          Whew! That was a lot of words, but I hope it answers your question.

           

          Best Regards,

          Dave Reeck

          Sr. Product Manager - Tableau Bridge

          1 of 1 people found this helpful
          • 2. Re: Do we need to whitelist Tableau online site ip range when keeping a live connection to on-premise data source with tableau bridge?
            Sivasankar Muthusamy

            @Dave Reeck

             

            Much appreciated your answers  on how the live connection works.  Could you also clarify  some of the question please ?

            1.Connection established from Tableau online will starts only when I am trying to refresh a specific data source / workbook or the connection established as soon as my tableau bridge is running ?

            2. Each data source has its own connection established or a single  TCP connection which will then shared by all the data source ?

            3. Have the Bridge client makes a call to the tableau online and communicate if there any change on the data on a frequent interval of time or It has only the inbound connection from Tableau online when there is a refresh request ?  I have noticed sometime when I refresh a dashboard, the dashboard is refreshed immediately and no 'Querying live' message appear on the tableau bridge connection status. Does it mean the tableau bridge do the auto refresh in a specific interval ?

            4. Does the Tableau bridge has both inbound and outbound calls to Tableau online ?

             

            Much appreciated if you could clarify this please .

            • 3. Re: Do we need to whitelist Tableau online site ip range when keeping a live connection to on-premise data source with tableau bridge?
              Dave Reeck

              HI Siva,

               

              I think we already spoke about this a while ago on the phone, but for the sake of posterity let me answer here too.

               

              1. Tableau Bridge establishes an out-bound connection to Online right after it's started. You can see this connection being made in the Bridge Client UI by watching the Status indicator. The connection we make is a long-lasting web socket connection, which basically allows Online to simulate a push notification.

               

              2. Are you asking about the connection between the Bridge Client and Online? Or about the connection between the Bridge Client and on-prem data sources? I'll assume the former - All data sources use the same Web Sockets connection.

               

              3. Bridge client let's Online send queries to your on-prem data. Bridge does not notify Online of changes in your on-prem data. The reason you're seeing quick returns on some refreshes is because Tableau caches data. The caching scheme we use is the same for Cloud based connections and bridge based connections, so the behaviour you are seeing should be consistent.

               

              4. This question depends on what precisely you're asking about, but the easiest way to think about it is that Online sends live queries to you on-prem data, and results go back to Online.

               

              Does that help Sivasankar Muthusamy?

               

              Best,

               

              Dave Reeck

              1 of 1 people found this helpful
              • 4. Re: Do we need to whitelist Tableau online site ip range when keeping a live connection to on-premise data source with tableau bridge?
                Sivasankar Muthusamy

                Hi Dave,

                 

                Thanks very much for responding back again with your answers. I just missed few bits while we spoke on the phone and then decided to post it on the community

                 

                Regards

                Siva