deploy and enjoy: tableau mobile at enterprise scale · kerberos. authentication server info : ......
TRANSCRIPT
Deploy and Enjoy: Tableau Mobile at Enterprise Scale
# D e p l o y E n j o y M o b i l e
Paul Cardon
Staff Software Engineer
Tableau
Sham Dorairaj
Senior Software Engineer
Tableau
Sham Dorairaj
# D e p l o y E n j o y M o b i l e
Paul Cardon
# D e p l o y E n j o y M o b i l e
Tableau Mobile Team
We a r e b u t t w o o f m a n y :Test
User Experience
Support
Development
Documentation
# D e p l o y E n j o y M o b i l e
Tableau Champion
Tableau Server Administrator
IT/Operations
IT Security
You want to enable your Tableau Server users to enjoy Tableau on their mobile devices
You!
”Give our enterprise customers guidance on how to deploy Tableau Mobile in their network environments.”
Welcome and Introduction
Signing into Tableau ServerConnect > Trust > Authenticate
Mobile Device Management (MDM)Customize Tableau Mobile
Lagniappes
Tableau overviewTableau Mobile
is the fastest &
most delightful
way to stay on
top of your data
Tableau Mobile
Managing Mobile is Different
Mobile Platforms are unique:
Operating Systems
Apps & App Stores
Different Security Concerns
Bring-Your-Own-Device (BYOD) is common
Device is personal
Sign into Tableau Server
Signing into Tableau Server
1. Connect
2. Trust
3. Authenticate
Step 1: Connect
Private Network
Connect: Private Network (aka Intranet)
Private Network
Connect: Reverse Proxy
Private Network
Connect: Virtual Private Network (VPN)
Connect: The Cloud
Connect
Work with your Networking Team about which solution makes sense for your company
Signing into Tableau Server
1. Connect
2. Trust
3. Authenticate
Step 2: Trust
A Philosophical Argument?
When you die, if you get a choice between going to regular heaven or pie heaven, choose pie heaven. It might be a trick, but if it's not, mmmmmmmm, boy.
Jack Handey
When you choose your data transfer protocol, if you get a choice between an insecure protocol and a secure protocol, choose the secure protocol.
It won’t be a trick, so, mmmmmmmm, boy.
Paul Cardon
Trust: Why use HTTPS?
• S = Secure. SSL and TLS are secure protocols that enable HTTPS.
• HTTPS ensures you are talking to the correct server.
• HTTPS prevents eavesdropping.
• Apps in the iOS app store have to provide justification for supporting HTTP.
• Chrome browsers mark all HTTP–based sites and traffic as insecure.
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “1”Signed by “A”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “1”Signed by “A”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “2”Signed by “B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “2”Signed by “B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “MyTableau”Signed by “Company”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “MyTableau”Signed by “Company”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
“Company” Certificate Authority
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “MyTableau”Signed by “Company”
“Company” Certificate Authority
Trust: SSL Certificates
Certificate Authority ”A”
Certificate Authority ”B”
Server “MyTableau”Signed by “Company”
“Company” Certificate Authority
Signing into Tableau Server
1. Connect
2. Trust
3. Authenticate
Authentication
Why Authentication?
“workgroup session id”
Authentication types supported by Tableau Mobile:
Local Auth (User-Password)
SAML
Kerberos
Authentication
Server Info :
…
external_version : 2018.3
authentication :
type : user-password
Local Authentication
Local Authentication
“SAML” Authentication
Client
Identity Provider
Service Provider
Security
Assertion
Markup
Language
“SAML” Authentication
Security
Assertion
Markup
Language
Tableau Mobile
Identity Provider
Service Provider
“SAML” Authentication
Tableau Mobile
Identity Provider
Tableau Server
Security
Assertion
Markup
Language
SAML Authentication in a Webview
SAML Authentication in a Webview
Kerberos
Supports:Single Sign On for multiple services
Long lived sessions with Ticket Granting
Tickets (TGT)
Tableau requirements:Active Directory
Profile installed on the mobile device:
User principal name
Realm (your active directory domain)
If Kerberos fails, fall back can be configured.
Kerberos
Kerberos
User certificate decodes the ticket
User never types credentials!
Signed In!
Signing into Tableau Server
1. Connect
2. Trust
3. Authenticate
Users
I don’t want to
sign in ever again!
IT
I want my users
to be safe and renew
their sessions often!
Remembering Credentials
Tableau sessions expire after 4 hours of no use
… and you may need to enter credentials again
It Depends…
User–Password: If “Keep Me Signed In” is enabled, No
SAML: Yes
Kerberos: Only when Ticket Granting Ticket renewal is needed
Connected Clients to the Rescue!
Tableau Mobile for Tableau Online only (iOS, Android)
Identify Your Setup And Deploy To Users With MDM
Mobile Device Management
Mobile Device Management (MDM)
Secure
Configure
Distribute
Control
MDM: Secure Devices
Configure VPN
Entire device or per-app
Secure
MDM: Configure Devices
Install SSL certificates
Install Kerberos certificates
Configure email
Apple Device Enrollment Program (DEP)Configure
MDM: Apps
Can push apps to devicesAll your users could run the same version of Tableau Mobile
Control which groups of people get which apps
Distribute
MDM: Control Devices
Require device unlock passcode
Disable camera, screen capture, etc.
Specify the apps that can use cellular data
Remotely wipe device
Control
MDM: Systems
AppConfig(iOS Only) Compatible with:
VMWare AirWatch
MobileIron
Citrix XenMobile
Microsoft Intune
Pro Tip from Tableau DevIT: your MDM vendor can help
SDK Integration(iOS Only):
Customize Tableau Mobile
Customize Tableau Mobile
AppConfig
Industry standard, more info at appconfig.org
Publicly available app delivered with a special XML file containing key-value pairs
On startup, the app checks for these key-value pairs. If the app finds them, it uses them.
Customize Tableau Mobile
Reduce friction for users to sign in
Thanks to MDM: Experience can be tailored to different groups of users
Customize Tableau Mobile
Tableau Mobile AppConfig Key-Value Pairs
Key Value Type Example Value
AppServiceHosts string tableau.example.com, tableau-sales.example.com
AppServiceLabels string Main, Sales
CustomHostsTitle string Our Company Servers
RemoveTableauOnlineButt
onboolean true
HideServerNameField boolean true
RestrictUsername boolean true
UserName string janedoe
Documentation available online
Customize Tableau Mobile
Customize Tableau Mobile
AppServiceHosts =
tableau.example.com, tableau-sales.example.com
Customize Tableau Mobile
AppServiceHosts =
tableau.example.com, tableau-sales.example.com
AppServiceLabels =
Main, Sales
CustomHostsTitle =
Our Company Servers
Customize Tableau Mobile
AppServiceHosts =tableau.example.com, tableau-sales.example.com
AppServiceLabels =Main, Sales
CustomHostsTitle =Our Company Servers
HideServerNameField= trueRemoveTableauOnlineButton = true
Lagniappes
Tableau Data stored on your mobile device
Favorites cached on-device, viewable without a network connection
At regular intervals the app requests fresh versions of these offline favorites
Favorites are deleted on Sign Out or app removal
Configurable per site, under Offline Favorites
Configure Offline Favorites
Mobile App Bootstrap
Want to build your own custom mobile app? Consider starting here
Separate Objective-C and React Native versions
Objective-C library for Connected Clients
Was covered in depth in a separate session
Mobile app bootstrap | Custom mobile apps with embedded Tableau visualizations
Let us know if you’re developing custom mobile apps!
How We Troubleshoot: Certificates
SSL Detective and Certificate Inspector
iOS apps for on-device SSL certificate verification
How We Troubleshoot: General
Settings—Send Support LogsIncreases Tableau Mobile logging level
Shaking the device generates a log which can be shared with Tableau Support
Further Reading
Tableau & Mobile Security white paper
https://www.tableau.com/learn/whitepapers/tableau-mobile-security
Tableau Mobile Deployment Guide
https://onlinehelp.tableau.com/current/mobile/mobile-admin/en-us/admin_mobile_ace.html
Customize Tableau Mobile
https://onlinehelp.tableau.com/current/mobile/mobile-admin/en-us/admin_mobile_ace.html#Customize
Mobile App Bootstrap code
https://github.com/tableau/mobile-app-bootstrap-react-native
Tableau Mobile Rising | You CAN take it with youWednesday | Oct 24th | 3:30 PM – 4:30 PM
Data Village | Schedule in the TC18 mobile app
U P C O M I N G S E S S I O N S
Tableau Labs – Self Service Kiosk
Mobile app bootstrap | Custom mobile apps with embedded Tableau visualizations
PA S T S E S S I O N S
On the road again | Bring dashboards mobile with Device Designer
Your journey to amazing mobile dashboards
PA S T S E S S I O N S
Powering Boeing’s second century with actionable insights
Catering to customers at DEG | Creating painless, customized mobile reporting
Q & A
”Give our enterprise customers guidance on how to deploy Tableau Mobile in their network environments.”
Welcome and Introduction
Signing into Tableau ServerConnect > Trust > Authenticate
Mobile Device Management (MDM)Customize Tableau Mobile
Lagniappes
Please complete the
session survey from the My
Evaluations menu
in your TC18 app