Tableau Desktop On Amazon Appstream2.0

Tableau Desktop on
Amazon AppStream 2.0

AWS Whitepaper
Tableau Desktop on Amazon
AppStream 2.0 AWS Whitepaper
Tableau Desktop on Amazon AppStream 2.0: AWS Whitepaper

Copyright © 2023 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
Table of Contents
Abstract and overview ......................................................................................................................... i
What is Amazon AppStream 2.0? ................................................................................................. 1
How does AppStream 2.0 fit with Tableau? ................................................................................... 1
Tableau Desktop ................................................................................................................ 1
Tableau Prep Builder .......................................................................................................... 1
Content Migration Tool ....................................................................................................... 1
Data residency ................................................................................................................... 2
Considerations ................................................................................................................................... 3
Procedures ........................................................................................................................................ 4
Step 1: Create your image ........................................................................................................... 4
Step 2: Customize your image ..................................................................................................... 6
Step 3: Create your fleet ........................................................................................................... 10
Step 4: Create your stack .......................................................................................................... 14
Step 5: Manage users ............................................................................................................... 15
Single sign-on with SAML 2.0 ............................................................................................ 15
Active Directory (Optional) ................................................................................................ 15
User pool ........................................................................................................................ 16
Licensing ......................................................................................................................................... 17
LBLM and ATR (recommended) .................................................................................................. 17
Master key approach ........................................................................................................ 18
Alternative approach ........................................................................................................ 18
Security ........................................................................................................................................... 19
Conclusion ....................................................................................................................................... 20
Contributors .................................................................................................................................... 21
Document history ............................................................................................................................. 22
Notices ............................................................................................................................................ 23
AWS glossary ................................................................................................................................... 24
iii
What is Amazon AppStream 2.0?

AppStream 2.0
Publication date: November 11, 2021 (Document history (p. 22))
This guide provides best practices for deploying Tableau Desktop to Amazon AppStream 2.0 as well as
instructions to launch and configure the AppStream 2.0 resources needed for this use case.
What is Amazon AppStream 2.0?

Amazon AppStream 2.0 is a fully managed, non-persistent desktop and application virtualization service
for securely accessing the data, applications, and resources users need, anywhere, anytime, from any
supported device. With AppStream 2.0, you can scale your applications and desktops to any number of
users across the globe without acquiring, provisioning, and operating hardware or infrastructure.
AppStream 2.0 is built on Amazon Web Services (AWS), so you benefit from a data center and network
architecture designed for the most security-sensitive organizations. Each user has a fluid and responsive
experience because your applications run on virtual machines optimized for specific use cases, and each
streaming session automatically adjusts to network conditions.
How does AppStream 2.0 fit with Tableau?

Using AppStream 2.0, you provide access to Tableau’s desktop-based products through a web browser
instead of requiring users to install applications like Tableau Desktop, Tableau Prep Builder, and the
Content Migration Tool on their local desktop.
Tableau Desktop
Tableau Server already has web-edit capabilities, but a gap exists between the features available in web-
edit compared to Tableau Desktop. If you want to provide the full Tableau Desktop experience to your
content creators but want to avoid installing software on workstations, AppStream 2.0 is designed to
provide a solution.
Tableau Prep Builder

If you are running the Tableau Server 2020.4 pre-release and later versions, you can create and edit
Tableau Prep flows through your web browser. If you are running an older version of Tableau Server,
you can stream the application with AppStream 2.0 to provide Prep Builder functionality to your users
without local installation.
Content Migration Tool

The Content Migration Tool is a Windows-only desktop application, so macOS users need virtualization
software like VMware or Parallels to run it. You can use AppStream 2.0 to simplify deployment of the
tool.
1
Data residency
Data residency
The previous use cases center on operating systems and features, but what if access to the data itself is
the challenge? For example, what if your data must live in the AWS eu-west-1 Region, but your content
creators work outside of that Region? Using AppStream 2.0, content creators can work with the data
without the need to bring it down to Tableau Desktop on their machines.
If Tableau Desktop is running within AWS and delivered to users through AppStream 2.0, your data can
remain centralized, and applications can interact with data stored in Amazon Simple Storage Service
(Amazon S3), Amazon Relational Database Service (Amazon RDS), and other services with low latency.
2
What are the prerequisites for this

guide?
• Confirm that you have an AWS account and that you have the required permissions to create
AppStream 2.0 resources.
• Review the AppStream 2.0 Getting Started Guide and AppStream 2.0 Administration Guide to learn
more about AppStream 2.0.
• Review AppStream 2.0 pricing and the simple pricing tool to estimate the cost of streaming Tableau
applications using AppStream 2.0.
• Confirm your installation of Tableau Server and that you are able to publish your Tableau Desktop
applications to the AppStream 2.0 fleet instances. Also, if following this guide, you must have a license
key to use Login-based License Management (LBLM).
• Confirm that the Tableau Desktop Installer is version 2020.1 or higher. These versions are compatible
with LBLM.
3
Step 1: Create your image
Procedures
Steps
• Step 1: Create your image (p. 4)
• Step 2: Customize your image (p. 6)
• Step 3: Create your fleet (p. 10)
• Step 4: Create your stack (p. 14)
• Step 5: Manage users (p. 15)

Create the custom image that will get assigned to your AppStream 2.0 fleet.
1. Open the AppStream 2.0 console at https://console.aws.amazon.com/appstream2 (login required)

2. From the navigation pane, choose the Images section, then choose the Image Builder tab. The images
you’ve already created are listed.
3. Choose the blue Launch Image Builder button beside the desired image to open the AppStream 2.0
Image Builder.
The AppStream 2.0 console

4. On the Choose Image page, choose the latest general-purpose Windows Server 2019 base image.
5. Choose Next.
6. On the Configure Image Builder page, enter basic details about your image, including name and
display name.
7. Select stream.standard.large as the instance type.
8. Choose Next.
4
Choose the instance type

9. On the Configure Network page, choose Default Internet Access if you want the Image Builder to
connect to the internet via a public IP address; for example, if you need to download the Tableau
Desktop installer. Also specify the VPC, subnet, and security group(s), and configure Active Directory
settings if required for your image.
10.Choose Next.
5
Step 2: Customize your image
Configure network access

11.On the Review page, review your settings and choose Launch. The Image Builder typically takes about
15 or 20 minutes to create the image.

Customize your image with details that are specific to your configuration.
1. In the AppStream 2.0 console, select the image that you just created in the Image Builder list, and
choose Connect.
2. In the Local User tab, choose Administrator so you can install Tableau Desktop.
Note
These steps might vary depending on your Tableau licensing. This guide assumes you have
LBLM as your licensing option. If not, see the Licensing section later in this guide.
3. After logging in, download the installer for Tableau Desktop, but don’t start the installer wizard.
Instead, use the following installation script so you can customize some user settings:
TableauDesktop-Installer.exe /quiet /norestart ACCEPTEULA=1

REGISTER=1 SILENTLYREGISTERUSER="true" LBLM="required"
ACTIVATIONSERVER=https://<<my-tableau-server>> ATRENABLED=1
ATRREQUESTEDDURATIONSECONDS=14400 SYNCHRONOUSLICENSECHECK="true"
REPORTINGSERVER="https://<<my-tableau-server>>"
The script tells Tableau Desktop that users are activated using LBLM through their Tableau server.
When users open Tableau Desktop for the first time, they are prompted to enter their Tableau Server
credentials. This activates their desktop license for 14,400 seconds (four hours).
6
For information about licenses that expire during a session and best practices for AppStream 2.0 and
the authorization-to-run (ATR) service duration, refer to Login-based License Management in the
Tableau documentation.
Note
The subnet in which the AppStream 2.0 instances and image builders reside must be able to
access the Tableau service instance. For more information about configuring VPCs, refer to
VPCs and subnets.
4. After Tableau Desktop is installed, open the Image Builder and launch the AppStream 2.0 Image
Assistant, where you can make Tableau Desktop available in the AppStream 2.0 application catalog.
5. In the Image Assistant, choose Add App, and then navigate to the Tableau Desktop executable file; for
example, C:\Program Files\Tableau\Tableau {version}\bin\tableau.exe.
Choose Add App

6. (Optional) Choose the Configure Apps tab, and then choose Switch user > Template user. After
logging in, launch Tableau Desktop and make one or more of the following customizations:
• Save data sources
• Pin workbooks to the start page
• Configure analytic extensions
• Define custom color palettes and shapes
• Define custom geocoding
• Define new background maps
7. When you are finished, go back to the administrator user via the Image Assistant or the Admin
Commands in the AppStream 2.0 toolbar, and choose Save settings.
8. Choose Next.
7
Choose Save settings

9. To test the user experience with Tableau Desktop, open the Test tab, open the Test User account, and
open Tableau Desktop. Verify the application is working as expected.
10.Switch back to the administrator user and choose the Optimize tab.
11.Choose the Launch button.
12.After Tableau Desktop loads, choose Continue.
13.Choose the Configure Image tab, and provide a name for your custom image. The name must be
unique in your Image Registry.
14.Choose Next.
8
Provide a name for your custom image

15.Choose the Review tab to review your image’s configuration.
16.After you verify settings, choose Disconnect and Create Image.
After disconnecting from the Image Builder, wait 20 to 30 minutes for your new image to become
available in the Image Registry.
9
Step 3: Create your fleet
Review the details for your image

An AppStream 2.0 fleet is a set of instances that run on your custom image.
1. In AppStream 2.0, open the Fleets page, and choose Create Fleet
Choose Create Fleet

2. On the Provide Fleet Details page, provide a unique name and optionally a display name.
3. On the Choose an Image page, select the custom image you created from the image list.
4. Choose Next.
10
Select the custom image you created from the image list
5. On the Configure Fleet page, choose the stream.standard.large instance type (the same as you did
with the Image Builder).
11
On the Configure Fleet page, choose the stream.standard.large instance type

Note
You might decide to use a compute or memory-optimized instance type, depending on user
datasets. Make the following additional updates:
a. In the Fleet Type details section, in the Fleet type field, choose either On-Demand or Always-On.
12
The Always-On option means instances are available and ready whenever users try to access
Tableau Desktop. However, this option also means that you pay for instances to be available at
all times, even when users are not streaming from the fleet. The On-Demand option is better if you
are not sure how often users will need Tableau Desktop, as it spins up new instances as needed.
This means users must wait a couple of minutes when they first access Tableau Desktop for it to
spin up the fleet instance. This option also means a lower cost to maintain the fleet.
b. In the User Session details section, specify the different timeouts. Set the maximum session
duration and disconnect timeout to 240 minutes to match the four-hour ATR duration used during
the Tableau Desktop installation.
c. Provide details for fleet capacity, including the minimum and maximum number of instances
available in your fleet, and whether to stream the entire desktop or just the Tableau Desktop
application for users. For information to help you determine configuration choices, refer to Fleet
Auto Scaling for Amazon AppStream 2.0 in the AWS documentation.
6. On the Configure Network page, make the following additional updates to configure the network
settings of your fleet:
The Configure Network page

a. Specify whether you want the fleet instances to connect to the internet via a public IP address.
b. Define the VPC, subnets, and security groups for the instances within the fleet.
c. Configure the fleet to join an Active Directory domain, if needed. Choose Next.
d. On the Review page, confirm your settings, and choose Create to create your fleet.
13
Step 4: Create your stack
Step 4: Create your stack

Use AppStream 2.0 stacks to define user access policies and storage configurations for your fleet.
1. From the navigation pane, go to the Stacks page and choose Create Stack.
Choose Create Stack
2. On the Stack Details page, provide a name for the stack, and select the fleet you just created from the
Fleet list.
3. Choose Next.
4. On the Enable Storage page, choose to enable or disable home folders.
If enabled, home folders provide Amazon S3-backed file storage that persists from session to session.
When users save files to their home folder, those files are available the next time they start a session,
and they can publish their content to the Tableau Server when they’re ready. You can also enable
access through Google Drive and OneDrive storage connectors, so your users can easily pull their files
from the cloud.
5. Choose Next to continue.
The Enable Storage page
14
Step 5: Manage users
6. On the User Settings page, choose if users can copy and paste from their clipboard and upload and
download files from this instance. Also select the check box to enable application settings persistence
if you want AWS to save customizations and settings for the next time users start a session.
The User Settings page

7. On the Review page, review the stack settings.
8. Choose Create to create the stack.
Step 5: Manage users

Now that you’ve created an active stack and running fleet, use one of the following AppStream 2.0
options to grant user access.
Single sign-on with SAML 2.0

AppStream 2.0 supports identity federation to AppStream 2.0 stacks through Security Assertion Markup
Language (SAML) 2.0. You can use an identity provider such as AWS Single Sign-On (AWS SSO), Okta, or
Active Directory Federation Services to pass user credentials to service providers AWS and AppStream
2.0.
For instructions on how to set up SAML 2.0 with AppStream 2.0, refer to Setting up SAML.
Active Directory (Optional)

Using an Active Directory domain, you can use your organization’s existing group structure to provide
user access and security. For instructions on setting up Active Directory with AppStream 2.0, refer to
Tutorial: Setting Up Active Directory.
15
User pool
User pool
The AppStream 2.0 user pool provides a simplified way to manage user access to applications through a
persistent portal for each AWS Region. This feature is a built-in alternative to user management through
Active Directory and SAML 2.0 federation. As a best practice, use user pools when Active Directory is not
required, for testing purposes, or for deployments with 50 or fewer users.
The User Pool page
For more information, refer to Using Active Directory with AppStream 2.0 and Single Sign-on Access
(SAML 2.0).
16
LBLM and ATR (recommended)
Licensing
When using a non-persistent solution such as AppStream 2.0 to host Tableau Desktop, you must activate
the license key. Activation options depend on how you purchased Tableau licenses.
LBLM and ATR (recommended)

LBLM is used when users don’t need their own license key to activate the software. Instead, the Tableau
Server is licensed for a pool of creator users, and each user signs in to the Tableau Server individually to
activate the license. This option gives you a central place to manage Tableau Desktop users on Tableau
Server and an activations dashboard that shows the history of which users activated Tableau Desktop
and how often they use it. For information about the activations dashboard, refer to View login-based
usage.
To use this option, your Tableau Server’s license key must allow for LBLM. You can enable the LBLM
feature using the following Tableau Services Manager (TSM) command:
tsm configuration set -k

licensing.login_based_license_management.enabled -v true
tsm pending-changes apply
Your Tableau Server’s license key must allow for LBLM
For environments that meet the LBLM requirements, a typical user flow with an ATR duration of four
hours starts by starting the session and logging in to Tableau Server, which is activated for four hours.
Next, one the following scenarios occur:
• If users disconnect from their session and then reopen the session more than four hours later, when
they log in to Tableau Server, the session is active for another four hours.
• Assuming the fleet’s disconnect timeout value matches the ATR duration, if users disconnect from
the session but open it again within that four-hour window, the instance remains active, and they can
access Tableau Server without logging in again.
• Assuming the maximum session duration matches the ATR duration of four hours, if users reach the
end of the four hours, they are prompted to save their work before the session closes. Then they can
open a new session and log back in to Tableau Server, if desired.
You must configure ATR settings when using LBLM. Tableau Desktop comes with copy protection to
prevent users from installing or activating Tableau Desktop on a virtual machine and simply cloning it
17
Master key approach
for other users. This means that when an instance is terminated, even if you spin up a new one, it has
a different hardware profile that doesn’t match the settings from the last session. For this reason, you
must enable ATR and set the duration to match the fleet’s maximum session duration.
Master key approach

If your company has a master key, you can create a script that activates Tableau Desktop before opening
user sessions. For more information, refer to Run Scripts Before Streaming Sessions Begin in the
AppStream 2.0 documentation.
Alternative approach
If LBLM is not available, and you don’t have a master key, an architecture is available for using individual
user-based desktop/creator product keys, although this process requires more manual work than the
other approaches. AWS must be able to access a mapping of users to product keys, for example a
database table. Rows in the table are users and their Tableau Desktop license keys. The following two
session scripts are also required:
• Startup script — When users sign in, the script fetches their license key from the database table and
uses it to activate Tableau Desktop.
• Termination script — When user sessions terminate, the script runs the deactivate command to
free up the license key. This step is required because all Tableau licenses have a limited number of
activations (to prevent users from activating the same license key on many machines). By deactivating
before the instance terminates, the license key can be reused the next time the user logs in. For more
information, refer to Deactivate the product key in the Tableau documentation.
Note that this approach is not recommended because it assumes the termination script always runs
before the instance is terminated. If something causes your instances to terminate unexpectedly and the
script is unable to complete, the license activations counter does not decrement. This means that you will
eventually see license activation errors for those users, and the only resolution is through the Tableau
support team (there is no programmatic way). Although this scenario is unlikely, the potential challenges
make this a less desirable approach.
18
Security
For information about how to secure your AppStream 2.0 resources, refer to Security in Amazon
AppStream 2.0.
19
Conclusion
After following this guide, you should understand how to deploy Tableau Desktop on AppStream 2.0,
and what to consider during deployment.
20
Contributors
Contributors to this document include:
• Takashi Binns, Principal Solution Engineer, Salesforce

• Kevin Glover, Senior Product Manager, Salesforce
21
Document history
To be notified about updates to this whitepaper, subscribe to the RSS feed.
Change Description Date
Initial publication (p. 22) Whitepaper first published. November 11, 2021
Note
To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser that you are
using.
22
Notices
Customers are responsible for making their own independent assessment of the information in this
document. This document: (a) is for informational purposes only, (b) represents current AWS product
offerings and practices, which are subject to change without notice, and (c) does not create any
commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services
are provided “as is” without warranties, representations, or conditions of any kind, whether express or
implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements,
and this document is not part of, nor does it modify, any agreement between AWS and its customers.
© 2021 Amazon Web Services, Inc. or its affiliates. All rights reserved.
23
AWS glossary
For the latest AWS terminology, see the AWS glossary in the AWS General Reference.
24

Tableau Desktop On Amazon Appstream2.0

Uploaded by

Copyright:

Available Formats

Tableau Desktop On Amazon Appstream2.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tableau Desktop On Amazon Appstream2.0

Uploaded by

Copyright:

Available Formats

Tableau Desktop on

Amazon AppStream 2.0

Tableau Desktop on Amazon AppStream 2.0: AWS Whitepaper

Tableau Desktop on Amazon

What is Amazon AppStream 2.0?

How does AppStream 2.0 ﬁt with Tableau?

Tableau Prep Builder

Content Migration Tool

What are the prerequisites for this

Step 1: Create your image

1. Open the AppStream 2.0 console at https://console.aws.amazon.com/appstream2 (login required)

The AppStream 2.0 console

Choose the instance type

Conﬁgure network access

Step 2: Customize your image

TableauDesktop-Installer.exe /quiet /norestart ACCEPTEULA=1

Choose Add App

Choose Save settings

Provide a name for your custom image

Review the details for your image

Step 3: Create your ﬂeet

Choose Create Fleet

On the Conﬁgure Fleet page, choose the stream.standard.large instance type

The Conﬁgure Network page

Step 4: Create your stack

Choose Create Stack

The Enable Storage page

The User Settings page

Step 5: Manage users

Single sign-on with SAML 2.0

Active Directory (Optional)

The User Pool page

LBLM and ATR (recommended)

tsm configuration set -k

Your Tableau Server’s license key must allow for LBLM

Master key approach

• Takashi Binns, Principal Solution Engineer, Salesforce

Change Description Date

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.