In one of the highest-rated customer presentations at TC18, Global Tableau Server Admin Eric Hannell walked us through how he institutes DevOps best practices when running Tableau Server on Amazon Web Services (AWS) at Schibsted, an international media group with over 8,000 employees in 22 countries. A self-proclaimed “paranoid Swede,” Eric takes data governance seriously. With GDPR in full effect and the security of 3,000 Tableau users under his purview, Eric created a framework for quickly and securely deploying, monitoring, and upgrading Tableau.
What is a DevOps mentality?
Per AWS, DevOps is “the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.” For Schibsted, running Tableau on AWS has been central to its DevOps mindset, as Eric and his team have been able to deliver software to end users in a scalable, secure, speedy, and reliable fashion. Let’s look at how Schibsted realized each of these benefits.
For those organizations just beginning their Tableau on AWS journey, Eric recommends utilizing the Tableau Server on AWS Quick Start, as it creates a distributed deployment that is industry-certified as best practice. Running Tableau on AWS enabled Eric and his team to quickly and easily access their Amazon data sources with native connections to both Amazon Redshift and Amazon Athena. The Tableau Server on AWS Quick Start was the optimal starting point for Schibsted, providing the organization the flexibility and scalability necessary to make the infrastructure unique to its growing organizational needs.
Eric is serious about ensuring access to Tableau Server is locked down via the most stringent security protocols. Luckily, AWS enables Tableau Server virtual machines to be architected in the safest way possible by gating access through the use of a bastion host. This provides system administrators access to backend systems in protected network segments. For a single sign-on experience in Tableau Server, Schibsted uses Okta as their external identity provider to authenticate users over SAML. Finally, additional authorization control is enabled through Elastic Load Balancing capabilities in AWS, which confirms that the users are within the Schibsted network. These security measures are critical for Schibsted and allow Eric to sleep at night—which is exciting for Eric, as he exclaims, “I like to sleep.”
Tableau’s rapid release schedule means that users are constantly receiving new features at a regular cadence. It also means that Eric and his team need to automate the delivery of upgrades, so as not to cause downtime for their users. In true DevOps fashion, Eric delivers upgrades via blue-green deployments—meaning, running two identical environments with one live to support production traffic—with the help of AWS CloudFormation. With CloudFormation, Schibsted can automate its deployments through a simple text file which serves as a “single version of truth” when provisioning infrastructure resources in the cloud. After backing up the current deployment and pushing to Amazon Simple Storage Service (S3), Eric then restores the backup to the new deployment and routes traffic from the load balancer to the new Tableau Server. The result? A seamless and speedy upgrade with zero downtime for users.
For Schibsted, monitoring the connectivity between the load balancer and Tableau Server is critical. Eric utilizes Amazon CloudWatch to view system-wide performance changes and respond to any issues via automated alerts. Hooking up CloudWatch to SNS (simple notification service) provides Eric email or text notifications explaining any fluctuations in system performance. Schibsted also monitors disk space and RAM, adjusting the capacity of their environment as needed (check out TabMon and other tools for platform monitoring and management). To ensure Eric and his team can run scheduled commands on the server in an automated and reliable fashion, they use AWS Lambda, a serverless way to run and scale code with high availability. This helps Eric unleash his “inner server-less hipster” (his words) and makes his admin life easier.