Self-Deploy Tableau Server on AWS in a Distributed Environment
If you want to run Tableau Server in a highly available (HA) distributed environment, also known as a cluster, you need to launch three or more Amazon EC2 instances of the same type and capacity to your Amazon Virtual Private Cloud (VPC) and configure them as additional nodes.
The following scenario assumes that you have three Amazon EC2 instances with Tableau Server installed on each instance. One instance is configured as the initial node, and the other two instances are configured as additional nodes.
The following steps show how to install and deploy Tableau Server on a cluster of three Amazon EC2 instances in a highly available and scalable configuration.
The following steps assume that you have an Amazon VPC with at least six subnets (three public and three private) in different Availability Zones, as shown below. Be sure to use static IP addresses when setting up your IP addresses. For information about how to create a VPC with public and private subnets, see Scenario 2: VPC with Public and Private Subnets in the Amazon Virtual Private Cloud User Guide at the AWS website.
Launch one EC2 instance into each of the three subnets in your VPC for use as Remote Desktop gateways.
For more information about how to launch and connect to a Windows instance, see Getting Started with Amazon EC2 Windows Instances in the Amazon EC2 User Guide for Windows Instances at the AWS website.
Follow the steps in the Create a Microsoft AD Directory section, in the AWS Directory Service Administration Guide at the AWS website, to create a fully-managed Samba-based directory in AWS. When you create a directory with Microsoft AD, the AWS Directory Service creates two directory servers and DNS servers. The directory servers are created in different subnets in your Amazon VPC for redundancy, so that your directory remains accessible even if a failure occurs.
Use the two private subnets available within your Amazon VPC to create the Microsoft AD so that you can run Tableau Server across Availability Zones.
Deploy three Amazon EC2 instances across three Availability Zones, as shown in the following figure. You’ll install Tableau Server on the first node as the initial server and install Tableau Server on the remaining two nodes as additional servers. All of the instances should be of the same type and capacity.
These Amazon EC2 instances can be auto-joined to the Simple AD domain created in step 2 either via the console or by following the steps in Joining a Windows Instance to an AWS Directory Service Domain in the Amazon EC2 User Guide for Windows Instances at the AWS website.
After you have launched the EC2 instances, connect to them from one of the Remote Desktop Gateway (RDGW) instances by using the credentials that you decrypted for the local administrator account.
You’ll install Tableau Server on the Amazon EC2 instances you launched in Step 3: Deploy Three Amazon EC2 Instances and configure the instances as an initial server and the rest as additional servers. For more information about installing and configuring Tableau Server on an initial server and additional servers, see Install Tableau Server on Additional Nodes.
Follow the steps outlined in Getting Started with Elastic Load Balancing in the Elastic Load Balancing User Guide at the AWS website to launch a load balancer within your VPC.
In Step 1: Select a Load Balancer Type, if you want the load balancer to be publicly accessible, select the two public subnets. Otherwise, select the Create an internal load balancer check box and choose the two private subnets.
If you choose to expose the load balancer with a public endpoint, make sure that you configure Elastic Load Balancing with SSL, as explained in Create a Classic Load Balancer with an HTTPS Listener in the Elastic Load Balancing Classic Load Balancer Guide at the AWS website.
In Step 2: Configure Your Load Balancer and Listener of the instructions, in the Elastic Load Balancing User Guide at the AWS website, ensure that your security group is configured to allow access on port 80 or 443 only, with the source limited to hosts or ranges of hosts that will access Tableau Server.
In Step 4: Configure Your Target Group, you can specify the ping path as /.
In Step 5: Register Targets with Your Target Group, select the Tableau Server instances and ensure that Enable CrossZone Load Balancing is selected so that the load balancer can load-balance the traffic across the instances in multiple Availability Zones.
Update Tableau Server to use the load balancer. For more information, see Add a Load Balancer in the Tableau Server Help.
Alternatively, you can configure Tableau Server to work with a load balancer by performing the following steps.
Create a subnet for your load balancer that has a CIDR block with a /27 bitmask, for 32 IP addresses.
Note: The IP addresses provided by Elastic Load Balancing are dynamic, and Tableau Server needs a list of static IP addresses for this configuration. To make this work, we’re creating a subnet with the smallest possible CIDR range so that the IP addresses the load balancer has are limited to a finite set.
For the next steps we’ll use the tsm command line interface, which is installed with Tableau Server by default. You can use tsm to perform administrative tasks from the command line on Tableau Server. For a general overview, see tsm Command Line Reference in the Tableau Server Help.
In the Tableau Server bin directory, enter the following command, where name is the URL that will be used to reach Tableau Server through the load balancer:
tsm configuration set gateway.public.host "name"
Enter the following command, where server1, server2, and so on are the IP addresses for the given CIDR range of subnets for Elastic Load Balancing:
tsm configuration set gateway.trusted "server1,server2,..,server30"
Apply the changes:
pending-changes applycommand displays a prompt to let you know this will restart Tableau Server if the server is running. The prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the
--ignore-promptoption, but this does not change the restart behavior. For more information, see tsm pending-changes apply.
Start the server so the changes can take effect.