Install Tableau Server in a Disconnected (Air-Gapped) Environment
You can install Tableau Server in a disconnected environment that has no outside network access of any kind. Such disconnected environments, commonly referred to as air-gapped, are used when high security is needed to prevent data breaches or to guard against hacking. Air-gapped environments have no internet access, no outside network access, no outside wireless access, etc. The only means of getting software and data into or out of an air-gapped environment is by using removable media such as USB sticks or writable optical CDs or DVDs.
Installing Tableau Server in an air-gapped environment is an advanced task for IT administrators who are familiar with the security considerations, best practices, and pitfalls of installing software in air-gapped environments.
The following Tableau Server features will be unavailable or will have reduced functionality in an air-gapped environment:
-
Maps – Tableau Server uses externally hosted map data by default. Beginning with version 2020.4.0, you can configure Tableau Server to use offline maps. With earlier versions of Tableau, maps are unavailable in an air-gapped environment unless you also install a map server in your air-gapped environment. For more details, see Displaying Maps in an Air-Gapped Environment.
-
Licensing – Tableau Server needs to connect to the internet in order to activate product keys. However, you can manually activate the product keys.
-
External data – Any data located outside your air-gapped environment is unavailable.
Prerequisites
In order to install Tableau Server in an air-gapped environment, you’ll need the following:
-
Trusted computer with limited access to the internet that you can use to download the installation packages and resources required by Tableau Server. A trusted computer has been scanned and cleared of any viruses and malware.
-
Trusted removable media that you can use to transfer the downloaded software to your air-gapped environment. Trusted removable media is removable media that is new and previously unused and comes from a reputable or known source. Trusted removable media has been scanned and verified that it does not contain any viruses or malware.
-
Air-gapped environment with computers and storage that meet the requirements for installing Tableau Server.
Installing Tableau Server on an Air-Gapped Computer Running Windows
The easiest way to install Tableau Server on a computer in an air-gapped environment is to do so before the computer is placed into the air-gapped environment. If that is not possible you’ll need to download the required packages to a trusted computer outside the air gap and transfer them to the air-gapped computer:
-
On a trusted computer outside the air gap with internet access, download the Tableau Server installation package.
-
Transfer the package to your removable media.
-
On your air-gapped computer, insert the removable media containing the Tableau Server installation package, and then run the installer.
Note: Server ATR is the default activation method for Tableau Server 2021.4 and later. As of Tableau Server 2023.1 and later, you can use Server ATR to install into an air-gapped environment.
-
After installation is complete, you can activate the Tableau Server product keys. For more information, see Activating Tableau Server in an Air-Gapped Environment.
Activating Tableau Server in an Air-Gapped Environment
Because an air-gapped computer is not connected to the internet, you’ll need to perform the Tableau Server activation process manually.
Offline activation overview
Offline activation of Tableau Server involves the following steps:
-
Generate an offline activation request file.
-
Copy the offline activation request file to a computer with internet access.
-
Upload the offline activation request file to the Tableau activation website(Link opens in a new window).
-
Download the resulting offline activation response file from the website. You'll use this file to activate Tableau Server
Offline activation file name changes
Beginning in Tableau Server version 2023.1, the Tableau licensing system supports two underlying licensing technologies. From an administrative perspective, the only configuration difference between the two systems is the file types that are generated and consumed for offline activation. The licensing technology is determined during the initial installation of Tableau Server, and cannot be changed after install.
We refer to the legacy (and still supported) version of licensing technology as FlexNet. The latest version of the technology is referred to as Server ATR. For more information, see Activate Tableau Server Using the Authorization-To-Run (ATR) Service. The following table describes the file naming nomenclature for each technology. The table also includes the generic reference.
Generic file name | Server ATR file names | FlexNet file names |
---|---|---|
OfflineActivationRequest | OfflineActivationRequestFile_yyyyMMdd.hhmmss.json | TableauOfflineActivationRequest.tlq |
OfflineActivationResponse | OfflineActivationLicensingAtrs.zip | activation.tlf |
Note: Since this documentation supports multiple versions of Tableau Server, we will use the generic file name references (OfflineActivationRequest and OfflineActivationResponse) for the rest of this topic. You can identify the licensing technology your Tableau Server installation uses according to the file type that generated in the steps that follow.
Step 1. Log in to Tableau Services Manager
-
To log in to Tableau Services Manager (TSM), run the following command:
tsm login -u <username>
What if I can't log in?
Verify that the account you are using is a member of the Local Administrators group on the Windows computer where you are installing Tableau Server.
Step 2. Determine your Tableau Server licensing type
How you activate Tableau Server will be different depending on which licensing type you are running. Run the following command to determine the licensing type your Tableau Server deployment is configured with:
tsm configuration get -k serverauthorizationtorun.enabled
If this command returns true
, then your deployment is configured with Server ATR licensing type.
If this command returns false
, then your deployment is configured with legacy licensing type.
Go to the step 3 that matches your licensing type.
Step 3 (Server ATR licensing type) Generate and copy json content to Activation page.
Follow these steps if your Tableau Server deployment is configured with Server ATR licensing type. If your server is configured with the legacy licensing type, skip to the following section.
-
On your Tableau Server in the air-gapped environment, use TSM to obtain the offline activation file. At a command prompt:
tsm licenses get-offline-activation-file -k <product-key> -o <target-directory>
The
<target-directory>
must exist. You can obtain your product key in the Tableau Customer Portal(Link opens in a new window). -
Copy the JSON file contents.
-
From the internet connected computer, navigate to the Tableau Offline Activation(Link opens in a new window) website, select Option B - Manually Enter Information from Activation File, copy the JSON contents into the requested fields, and then click Submit.
-
The website should say
The activation was successful. Please click here to download your activation file.
Download the OfflineActivationResponse file from Tableau, and proceed to step 4.
Step 3 (Legacy licensing type) Transcribe data from your air-gapped system into an activation request template.
Follow these steps if your Tableau Server deployment is configured with the legacy licensing type. If your server is configured with the Server ATR licensing type, run the above procedure.
-
On your Tableau Server in the air-gapped environment, use TSM to obtain the offline activation file. At a command prompt:
tsm licenses get-offline-activation-file -k <product-key> -o <target-directory>
The
<target-directory>
must exist. You can obtain your product key in the Tableau Customer Portal(Link opens in a new window). -
If you can copy the offline request file (OfflineActivationRequest) from the target directory to a computer that has Internet access, skip to step 5.
Otherwise, if you cannot copy the file to another computer due to security reasons, continue with step 3.
-
Download and open the
server_windows.tlq(Link opens in a new window)
file in an XML text editor such as Notepad++ on a trusted computer that has Internet access.You'll need to write down the values listed in step 4 from the air-gapped computer in order to copy them to the offline template (
server_windows.tlq
). -
Update the following XML elements in the appropriate
server_windows.tlq
file with the values for the same elements listed below from the air-gapped computer.All the Machine / Hash values in the .tlq files are Hex values. The only valid characters are 0 - 9 and A - F. Use all caps for any letters.
Do not add any additional spaces or carriage controls and only modify the “X” characters found in the template. The format of the file must not change.
Line 2 - <EntitlementId>
Line 5 - <ClientVersion>
Line 5 - <RevisionType> (This value is present in the server_windows.tlq file.)
Line 5 - <MachineIdentifier> (This value is present in the server_windows.tlq file.)
Line 11 - <Value> (If the value is not present, remove the "X" place holder, leaving <Value></Value>.)
Line 12 - <Value> (If the value is not present, remove the "X" place holder, leaving <Value></Value>.)
Line 14 - <SequenceNumber>
Line 60 - <Hash>
-
Upload the offline request file (OfflineActivationRequest) to the Tableau Offline Activation(Link opens in a new window) website.
-
The website should say
The activation was successful. Please click here to download your activation file.
Download the OfflineActivationResponse file from Tableau.
Step 4. Initialize or activate your license
-
Move the OfflineActivationResponse file to your air-gapped computer using trusted removable media.
-
Run the following command:
tsm licenses activate -f <path-and-activation-file>
You should see the message "
Activation successful.
", which indicates that Tableau Server is activated.
Displaying Maps in an Air-Gapped Environment
In an air-gapped environment, maps in Tableau Server will be unavailable by default due to the lack of internet access. Instead, you can configure Tableau to use local maps in an air-gapped environment using the steps below.
Configuring Tableau Server to use offline maps:
-
Open a command prompt as administrator.
-
Configure Tableau to use locally available offline maps:
tsm configuration set -k vizqlserver.force_maps_to_offline -v true
tsm pending-changes apply