Restricting Access to MMTE Server
It is an important task to restrict access to your MMTE Server to avoid unauthorized usage of your BI data.
For security reasons, you may want to set up and configure firewall to block all unused ports and control the ports in use, and a server-type antivirus software.
Your network settings must assure that unauthorized and unwanted people/software tools cannot access MMTE Server.
Use only white lists for access control lists (ACLs), not black lists. Close all ports/protocols by default, enable only those you need for good reason.
It is also recommended to switch all connections between software components to SSL-encrypted mode, namely:
- Connection from MMTE Client to MMTE Server
- Connection from MMTE Server to Tableau Server (Tableau System Configuration – Use HTTPS)
- Connection from MMTE Server to PostgreSQL with Tableau Repository (Tableau Postgres – Use SSL)
- Connection from MMTE Server to PostgreSQL with MMDB
- Force Encrypted Connections to MMDB
Access from MMTE Server to outer world should be routed through a corporate proxy. In this case, even if your server is infected with any malware, it will not be able to transmit your data to its owners.
Inbound traffic to MMTE Server is best routed through a load balancer/WAF unit (Citrix, F5, etc), which blocks any suspicious requests.