4 Replies Latest reply on Sep 7, 2017 11:31 AM by Aaron Hosier

    Secure network configuration

    Aaron Hosier

      Here at UNL our security team requires the use of a two factor based VPN to access any server that could potentially contain sensitive information.  One of the primary things our administration want to use Tableau for, though, is the publishing of several of our public dashboards.  With the VPN requirement in place, obviously the public wont be able to get to them.  Has anybody run/setup something similar?  We have a single, core-based instance of Tableau.

       

      Thanks.

       

      Aaron Hosier

      University of Nebraska - Lincoln

        • 1. Re: Secure network configuration
          Jeff Strauss

          I don't really understand your query.  Typically VPN with 2 factor authentication is required when you are connecting to your network.  There are other ways of granting access to your public dashboards such as either using Tableau Online or fronting your Tableau on-premise deployment with a reverse proxy load balancer.  See this link as a starting point.  Collect Data with the Tableau Server Repository

          • 2. Re: Secure network configuration
            Aaron Hosier

            Yep, you're correct about the VPN.  Think of our Tableau server as having a wall around it.  The only holes poked through it are connections from our two factor VPN IP range.  The only people who can login to that VPN are campus faculty, staff and students.  So that, in effect, blocks any public type access.

             

            I was thinking we'd have to do something like a proxy, or maybe our security team can do something with the F5 web application firewall they have, but I was asked by my boss to put the question out there, to see if anybody had already done something similar, and I'm still waiting to hear back from the security team, to see what they'd propose for this.

            • 3. Re: Secure network configuration
              Jeff Strauss

              yep.  We are similar in the sense that our TS is on-premise and is accessible via our internal employees.  But, we've made it also accessible via a secure proxy which has an external directive to route traffic to the TS.  It was a project to get this done in a secure manner!

              • 4. Re: Secure network configuration
                Aaron Hosier

                Yeah, pretty much what I expected.  Thanks for the response!

                 

                Aaron