Last Modified Date: 08 Jul 2022
Environment
- Tableau Server 2020.2 and older.
- Windows Server
Resolution
In order to secure Tableau Server internal communications between nodes in a cluster, the cluster must be protected from external traffic using network security such as a firewall.
Tableau Server does not authenticate a new Zookeeper node when it joins a quorum, so Zookeeper ports need to be in the set of ports that are protected from external communication. The documents linked below address the hardening and configuration of those ports:
Tableau Server-Security Hardening:
https://help.tableau.com/current/server/en-us/security_harden.htm
Tableau Server-Ports:
https://help.tableau.com/current/server/en-us/ports.htm
Cause
The Qualys vulnerability scanner flagged ZooKeeper on a Tableau Server node as "accessible without ACL". This is remedied by ensuring that the ZooKeeper ports are not accessible from computers that are not part of the Tableau Server cluster.Additional Information
For additional information on Zookeeper security, please see the link below.
Apache Zookeeper
https://zookeeper.apache.org/security.html
Thank you for providing your feedback on the effectiveness of the article.
Open new Case
Continue Searching
Knowledge Base
Community
Product Help
Training and Tutorials