Hi fellow Tableau worshippers! Hope you’re all rocking the 8.1 action. Bummer that the free Starbucks thing was only applicable in the USA. Booo. Here at VizNinja we love a free coffee. We take it black, obviously.
Well I didn’t expect that level of response to my first post about how I recently brought Tableau Server into my organisation as an IT Service. Thanks to everyone that commented, followed and favourited – meant a lot. I literally couldn’t believe it when I started getting shout outs from Zen Masters. I’m even hearing that some senior product managers at Tableau have been sending this to potential customers. Totally, totally cool. Thanks again.
One thing to note. This is a BIG subject. I could write whole posts on each bullet point, so this is very much a summary. If you want more detail do ping me an email. I’m happy to meet anyone to discuss if you’re in London. Given the level of interest I think this might turn into a full on presentation. I’ll let any interested parties know if it does. My fee is some Jaffa Cakes.
Anyway this is part 2 – Infrastructure Design and Configuration
Usually you’ll have some form of design ready before the project gets full approval and you might even have had to submit an architecture diagram with the Project Charter document. In my case we didn’t have to do that as the project was low rigor, so we began the hardcore system design after approval.
The beauty of bringing an IT service in from scratch is that you can often have total control over the system design and configuration. Sounds good eh? Well it is and it isn’t. I’ve been involved in projects where we’ve brought in a system and set it up in good faith, only to have the user experience be one we’d rather forget. And the real pain is that going back to correct mistakes, especially in a complex, globally distributed system is sometimes almost impossible. It’s actually very upsetting to be flooded with user complaints in situations like that, as you’ll have worked hard and in good faith to do what you and the project team thought was right – but it hasn’t worked and unfortunately you’re the one that’s accountable.
In the case of Tableau server it was kind of my pet side project and didn’t have any real business pressure to implement so I had a bit more freedom. If it worked then great, if not I’d look a bit stupid but there wouldn’t be an almighty shitstorm. Contrast that with an application that is out of support or legacy, or needs to be upgraded quickly due to regulatory requirements, or is a significant spend – if that goes wrong then you’ll be involved in some conversations that might turn out to be fairly uncomfortable or even career limiting.
OK so what OS to run this bad boy on? Pretty simple decision this one as Tableau Server is a Windows application. Unfortunately to the IT professional this is a pretty bad thing. I’d have taken a system that runs on a Red Hat Enterprise Linux OS all day long over Windows. Here are some of the issues that we typically get with services running on Windows and why I prefer Linux.
- Patching – Windows tends to have a lot of security issues. Luckily Microsoft release regular patches and hotfixes. Unfortunately that means that those patches have to be applied, and then the server rebooted and that means the application running on the box is down. We do that every month for our Windows estate – and we’ve got over 1500 servers. It’s a colossal pain. We have to notify our users, get their OK, schedule the resource to do the work (usually at a weekend – annoying to the individual and costs the firm overtime charges), perform the work, check that all is well with the server and also deal with those occasions where the patch knackers the box. You still need to apply patches to Linux but this is much less often.
- Stability – Windows just isn’t as stable as Linux. Simple as. Hung servers, slowdowns are commonplace. Windows is also more susceptible to out of memory issues caused by memory leaks. This is a situation where an application is badly coded and doesn’t manage memory usage correctly, gradually using up all the RAM on the server until it falls over. That happens on all OSs as it’s usually down to the application, but more so on Windows. Linux is also better at handling multiple running processes than Windows.
- Security – This is pretty key for enterprises like investment banks running systems with trading and regulatory data. Linux was designed to be multi-user from the start, and only the root (super admin) user can make critical system changes. Then there’s the separation of user mode from kernel mode. This means that only certain trusted code can access the heart of the operating system – the kernel. User programs have to run in user mode and as a result are restricted from modifying key kernel settings. If the application needs to do this it must use a system call, a trusted instruction into the kernel. All this means user applications, programs and malicious scripts have a much lower chance of doing something nasty to your Linux system.
- Total Cost of Ownership – Linux wins this hands down as the software is usually free. Commercial versions like RHEL will need a support agreement to be purchased, but you’ll still be quids in compared to Windows.
- Configuration changes – Many Windows configuration changes need the system to be rebooted, much less so on Linux. It’s incredibly annoying to need to change a simple system parameter and then have to reboot. It means that you’d probably have to schedule the change for outside of business hours and get the application team to give their ok for you to take their service out. With Linux, you’re more likely to be able to make the change during the day (depending on risk) without impacting the application. That’s actually pretty important with Tableau as you just never know when someone is going to hit that report. Could be at any time, on iPad etc so you want that service to be available.
- Troubleshooting – I’ve had plenty of experience debugging issues with applications on Linux and Windows systems. Both offer a variety of tools and commands to assist investigation but in terms of speed and ease Linux is a clear winner. Debugging using the Windows GUI interface is slow and difficult in comparison to using the command shell in Linux. A good Windows system administrator could probably disprove this but I’m much happier in a Linux environment.
There are tons of different Linux distributions out there. Some more suited to enterprise usage than others. You’ll need to ask a real Linux geek why, but I’ve had positive experiences with Red Hat, SUSE & CentOS. Don’t bother running Linux as a desktop environment though and certainly not in an enterprise.
Doesn’t have to be Linux though, you could run on another UNIX platform like Solaris. This isn’t the trend though as many big enterprises are migrating from Solaris to Linux due to prohibitive licence costs amongst other factors.
Come on Tableau – let’s make sure version 9 of server runs on Linux eh?
Physical or Virtual Machine
This is a decision that you may not need to make depending on how your organisation works. At my place we have a well established Virtual Machine environment, hosting many tier 1 applications and systems. Over the last few years we’ve migrated much of our estate off physical servers.
Our VM environment looks something like this.
At the bottom is the actual hardware that provides the compute power. I think we run HP servers although I’m not sure of the model. The ESX server layer runs above that and is carved up into logical Virtual Machines which can be moved, split and reallocated dynamically. That’s pretty much it. Very simple and very effective.
So what are the key considerations here?
- Cost – The primary driver for virtualising server estates is cost. VM environments benefit from lower costs in terms of hardware, datacenter occupancy, power consumption and maintenance. Operating system licences will be the same though as they’re charged on a per-server basis regardless of VM or not. Many organisations will undergo a project to move applications from physical to virtual servers. It’s not that difficult actually, as the VM technology today is fast, agile and stable so it’s a pretty safe move. New applications will always be steered down the VM route.
You’ll need to have a VERY good reason why you can’t use a VM for the platform teams to allow you to purchase and install a physical server and it will need to be approved by all sorts of senior managers.
- Setup – Want a physical server? You’ll need to get the cost approved, submit your order and wait for it to be delivered. You’ll then need to get some datacenter space allocated and get someone to rack it. Then you’ll need to get the OS installed and configured before it’s ready for you to use. I’ve seen that process take 3 months and longer.
With a VM it’s a simple software operation using the VMWare admin tool or equivalent. The operating system install procedure can also easily be automated using tools like Opsware. Altogether a much faster process from making your request to getting your hands on the server.
- Efficiency – Most dedicated servers run at a fraction of their capability. Some servers in our environment are barely used at all. That’s a lot of expensive, wasted compute cycles. In a VM environment the overall pool of resource (memory, CPU) is centrally managed as part of the ESX server and can be allocated to each VM as needed. Not perfect but much more efficient in terms of overall utilisation of available compute resources. VMs mean less physical hardware, so that’s less power and cooling costs to deal with also.
- Failure & Disaster Recovery – Most VM environments come with a form of management software that allows administrators to maximise uptime of a VM. Using these tools, an admin can effectively pause operations on a server, and resume at a later time or even move a VM instance from one ESX host to another, while the application remains uninterrupted. On VMWare that’s a feature called VMotion.
Our VM environment is spread across two datacenters with seamless failover. So if we lose the whole of site A then VMware automatically fails over and your service continues pretty much uninterrupted. That’s an awesome thing to demonstrate to management during a failover test as it means the application team don’t have to do anything when the site A is shut down. All in all it gives your system some serious resilience.
Another extremely useful feature is the ability to snapshot the state of a VM server. Worried about applying that upgrade in case you hose the system? Take a snapshot and you can snap back to the pre-upgrade state in seconds should you need to. Very handy. You can’t do that easily on a physical server.
- Expansion – Big one this. Let’s say you’re having performance issues. Either the box is running out of memory or it’s running slow. With a physical server you’ll have to shut it down, take it out of the rack in the datacenter and open the thing up to add more RAM or other upgrade that you’ll need to purchase and wait to be delivered. That takes ages to plan and execute, and you’ll probably have to take your application down. With VM it’s a request to your friendly platform team and a couple of clicks later you’ll be ready with a more powerful machine. Your outage will be no more than a reboot. All they have to do is allocate a little more resource from the overall capacity of the ESX host. No brainer.
All this meant it was an easy decision. We’d run as part of our standard virtual environment.
Monitoring and Alerting
Monitoring of your system often gets overlooked as it’s not one of the more glamorous areas of IT infrastructure services. But get it wrong and you’re in a world of pain. The idea is that when you get a problem you’re notified and can get the message out to the users before they even notice they have an issue. There’s nothing worse than being called by your users to tell you that your system is down. It’s a sure-fire way to lose their confidence.
There are a ton of choices when it comes to monitoring tools. Chances are you’ll be using one of the systems that your own monitoring or system administration team will be providing as a service to you. So it will just be a case of utilising one of those tools to configure your monitoring. Monitoring effectively breaks down into these categories.
- Infrastructure Monitoring – That’s the monitoring of the platform and operating system you’re using. Typically every server commissioned would come with pre-configured monitoring rules for disk space, CPU usage, memory usage, reboots, and ping (availability) monitoring. You might even get more complex checks for swap space, inodes, etc. The key message is that you shouldn’t have to worry about any of this. Infrastructure monitoring should be set up and managed by your server teams. If an alert is generated by these rules then it should be them that deal with it and fix the problem. However, the more advanced user will at least want some visibility of these alerts, either on some form of alerting console or email.
The problem arises when users start telling the platform teams that their monitoring should be modified or is inadequate. In my experience its best to trust the server teams as they are experts in their field and will know the OS inside out. Plus you’ll always need a good relationship with that team as it’s best to keep them onside as much as possible. If you really do want them to change their alerting thresholds then they’ll certainly do it, but chances are the alert will be waking you up instead of them. In my case we use Microsoft Operations Manager (MOM) to monitor Windows infrastructure. In my opinion that tool isn’t fit for purpose, there are much better tools available such as Geneos by ITRS.
- Hardware Monitoring – The monitoring of the actual hardware used to run the OS. Again this is one you shouldn’t need to worry about but again you may want some visibility for added sanity. Metrics include system temperatures, power throughput, BIOS errors or other lower level system issues. Our platform team uses a system called IBM Director for this. I’ve not used it much, all I know is that my colleagues don’t like it at all.
- Application Monitoring – The monitoring of your application. You certainly need to pay attention to this. It’s up to you to decide what you want to monitor and you may have to set the rules up yourself. So what to monitor? Well some vendors will help you with this and provide a guide of stuff they advise keeping an eye on. You don’t have to go with it, I prefer to make my own mind up so that’s what I did. Here’s are some of the main things you should consider when monitoring your application.
- Process Monitoring – Is your Windows service actually running? You’ll want an alert instantly if it stops running. It’s a simple up or down check. Gets a little harder to detect when a process is running but not actually responding. This should be the first monitoring rule you set up.
- Application Performance – What is that process actually doing? Worth setting up rules to monitor memory and CPU usage for the Tableau server process. This can be tricky to optimize though as CPU and memory usage can spike, triggering an alert when there’s no real issue. To get around that you can implement rules that look for a sustained threshold breach over a few minutes or several polling cycles. Some applications run quite hot in this respect so you’ll need to get a feel for how the application runs and might want to delay implementing this monitoring until you get a feeling for the application behaviour. You don’t want to get woken up to check a CPU alert and find it back to normal by the time you’ve logged on.
- Log file monitoring – Tableau has excellent logging. Both on desktop and server. I’ve debugged countless performance issues by analysing logs. Using MOM we were able to scrape the logs and send an alert when a particular string occurs. I wasn’t able to find a list of strings that Tableau recommend monitoring for (is there one?), so I kind of free-styled it. When I get an issue that is exposed in the logs I’ll configure monitoring for that string. There are obvious messages such as “Error” or “Fatal” etc but these don’t always indicate a system failure or issue. It’s a case of building up a series of log file checks to cover all major eventualities. It’s also worth monitoring the Windows event log as many applications post alarms there by default. You’ve also got to be careful with log monitoring as some applications go error crazy and if you’re not set up correctly you may end up with hundreds of alerts in a short space of time.
While I’m on the subject do check out @interworks Tableau performance analyser. It’s an ace tool that parses your desktop log and allows you to visualise those dodgy queries slowing down your viz.
Luckily Tableau server has simple Active Directory integration. Was a very simple process to connect the server to our AD environment. Even better was the ability to add AD groups in the server configuration. I often needed to add accounts for dozens of people at a time and groups made the process a lot easier. You can use locally added accounts in server but I certainly wouldn’t recommend that in an enterprise setup.
Domain Name System (DNS)
Simple one – give your server a DNS alias. That way your users wont have to remember what the server name is, they can just go to http://tableau.myorg.com and they’re in. Sounds simple but you’d be amazed by how many badly implemented systems require you to remember to type some crazy address like http://se186293.gsdomain.com:8888 to access them.
You’ll need to ensure your server is getting backed up on an OS and application level. This should be taken care of by your platform team but it’s always worth asking them for some evidence that they’ve actually done this. Either a log of the setup request or a report of successful backups. I ask for a positive confirmation of backup every quarter. I’ve seen it many times where a system is lost and then the backup hasn’t even been set up or has been failing for months. It’s just not worth taking the chance.
Typically most enterprises will have a backup policy similar to this. We went for the 7 year retention for our Tableau Server data as some of the reports may contain sensitive information.
- 7 years – Business related data (e.g. trading information)
- 1 year – Non-Business data (e.g. application configuration or logs)
- 1 month – Short term data (e.g. development or UAT environment)
It’s also worth checking that the backup includes your application partitions or drives. Sometimes the platform team just set up the OS related backups and the rest is down to you.
This isn’t a worry where Tableau Server is concerned as all the data is stored on the local file system as part of the application. For other enterprise services the database connectivity will be a key concern. I’m no DBA but here’s an example of the database choices available to users in a typical enterprise. I’ll keep this brief as it’s not relevant to Tableau.
- Sybase – Fairly niche but a good balance between cost and functionality
- MS SQL Server – Cheap but sometimes unreliable
- Oracle – Functionality rich, enterprise grade database environment. Expensive.
You also may need to decide whether to host your database on a local dedicated server (need to consider replication and DR) or on a consolidated database environment.
The Other Big Option
There is of course another option here. And it’s an option that is getting increasingly more traction with enterprises. That option is to make all of the above someone else’s problem.
There are a good number of companies (Amazon, Google etc) that will happily provide you with somewhere to host your applications. It’s known as Platform as a Service (PaaS). We’ve spoken about it for a number of infrastructure services such as email, and there are some advantages but also some disadvantages. I may elaborate on this in a future blog post.
Right that’s it for part 2. If you’re enjoying it or finding it useful then do let me know.
Coming soon – Part 3 – Our Tableau Server Configuration