Alteryx Server Ideas

Please keep in mind that this is a suggestion from a container novice! 🙂

However, our situation is such that our release upgrade deployments are taking significant time to install, test and sign-off from DEV through PROD for the four main life-cycles involved in our server environment. Even if we script the deployment to save time, there's still manual configuration needed to confirm the new version works in the next server environment.

Similar to how Promote can deploy from DEV through PROD using images/containers, my suggestion is to package the Server components into images/containers that can be similarly deployed through the life-cycles. While the container with mongoDB doesn't need to move to the next life-cycle, the containers with the web server, load balancer, and engine nodes could move with the click of a button. And if needed, reverted to prior version with similar ease.

I forgot to ask about this idea at the UX lab during Inspire, but would be very happy to hear if it's already in the pipeline!

Thank you for your consideration!

Hello,

I think there should be option to test save data connection during setup and after. Perfectly, if there was possibility to schedule connectivity check, however, just adding option to test it manually will be the step forward.

Best,

Piotr

Hello,

I can't find an option in Alteryx Server wizard to enable redirection from http to https. Alteryx Service occupies both ports so I can't (and I don't want) to deploy a redirection on port 80. Such feature would be really helpful if it comes out of the box.

Best,

Piotr

We have installed Server on Azure VM and have looked into options such as a replica AD Domain Controller in the Azure environment for authentication, however, we would like to have Server authenticated using Azure AD.  

Within the Mongo database on the Alteryx Server, when using WinAuth,  if you use AD Groups for Permssioning, there is no direct way within the Mongo database to go from the AD Group to the User table.  This is important if you need to report on who, base upon their AD group membership with their associated role is a user.  Example.  AD Group 'Example-AD -Group'  is assigned Permission Curator.  The AD Group contains user 'Jay Smith'.  'Jay Smith'  is on the user Collection.  activeDirectoryPermssions Collection  contains the Ad Groups and permissions.  But,  in order to connect the two collections,  you will need to go externally to define the AD Group memebership to join these two collections together.

I'd love the ability to have one schedule for a workflow at specific times. 

Currently you have to create 4 different schedules if you'd like a workflow to run at 10 am, 3 pm, 5:30 pm and 11:30 pm and doing this makes the "Scheduled Workflow" section of the server not only cluttered, but a lot more difficult to manage.  (like spotting accidentally duplicated schedules- which also happens more often than i'd like :)

Thanks!

We are constantly moving workflows from our Dev environment up to Prod and then back down again to improve them.  Even though we only used Gallery shared data connections, and both environments have the same name for each connection; the connections still break when opening the workflow in the other environment.  This is because designer actually uses an ID code behind the string name instead of the name.  And, even though connections exist by the same name in each environment, the code behind them is different.

I would like a way to be able to specify the data connection code so that I can make the code the same in both environments.

Option to update ownership to any other valid license holder as needed.

Use Case: Currently the canvas owner is marked by default as the user publishing the canvas to production.

However, we have seen instances where the person moves teams and would like to hand it over to another person.

The search for replacing a workflow is poor (and I get that it is probably challenging to write on the back end) but as a result even if I type in the exact title of the workflow (aka copy and paste) Alteryx replace can't find it. Not only does this mean I have multiple workflows with the same name running around (loads of fun with lack of version control) but it also makes this entire thing more frustrating every time I update a workflow (as normally this also means the scheduling of said workflow breaks).

It would be awesome if instead of having to search by title for your workflow that you wish to replace with if you could instead use the URL where Alteryx Gallery put the workflow and then there wouldn't be any confusions about which workflow and you wouldn't have to type.

We're looking to use the worker setting that cancels jobs that run over a certain amount of time. However, In testing we noticed when the server kills the job it does not trigger the workflow event for 'after run with errors'. That said, it does trigger the 'after run without errors' event, but there is no detail in the email as to what happened. This behavior seems counter-intuitive. We primarily use 'after run with errors', so our users could potentially have their workflows cancelled and never hear about it. 

is it possible to do one of the following:

• Trigger the 'after run with errors' workflow event if the server cancels a job
• Have a server notification that emails users when a job is cancelled due to run length

We're currently running server 2019.1, so please ignore this idea if this issue has been resolved in later releases. 

Here is the server setting I am referring to

Hello,

I need to monitor which applications are shared with who on regular basis. We follow the 19.2 subscription model to share applications. 

Can you extend server usage reports to include such data?

Best,

Piotr Zawistowski

The admin (aka curator) needs to be given more control. The admin should have greater control than the users of the system.

My organization is in the Healthcare industry and we have HIPAA laws to abide by when it comes to data. Not all users should be able to see all data. Developers should not have complete control over the data they publish.

Private studio

• admin should be able to control if users can publish to Alteryx gallery (compliant issues occur when our organization's data is shared to outside users)
• admin should be able to control if user can publish to public gallery (compliant issues occur when all users can all see and run workflows)
• admin should be able to delete subscriptions and users

Collections

• admin should be able to create collections so they can manage the collections and what users have access to (devs should not be able to give any user access to their workflows)
• admin should be able to control if users can create new collections (again, compliance issues)
• admin should be able to grant and remove download of workflow rights
• admin should be able to delete connections

Get tips from Tableau as they have admin controls down with their permissions process.

When installing and configuring Alteryx, the wizard allows the administrator to select the Gallery authentication to be used among:

Built-in

Integrated Windows authentication

Integrated Windows authentication with Kerberos

SAML authentication

The note states:

Once an authentication type has been selected, it should not be changed. Changing it may cause technical problems.

The gallery manual states "Once an authentication type has been selected it should not be changed or Gallery functionality may be compromised." 

https://help.alteryx.com/server/current/admin/Configuration/SystemSettings/Gallery.htm?Highlight=%22...

If you are reading this idea suggestion, I hope it is not too late for you. Why allow the user to change the authentication method once the install is completed? What are the options to solve this?

One option would be to grey-out the "Authentication Type" section in the  "Gallery Authentication" screen, so the user is not able to change authentication methods once after the first configuration is set. This would still allow the user to change SAML settings.

Another option, if somehow there is a reason why a user would want to change authentication types even though it is not supported, what about changing the layout to make it more difficult to change the authentication type.

What are your other suggested changes?

This is not relevant if this idea is implemented https://community.alteryx.com/t5/Alteryx-Server-Ideas/Allow-changing-of-Gallery-Authentication-witho...

However, I would imagine that a UI change would be a lot easier to implement that supporting overhauling the user management in the MongoDB.

Mongocontroller.log during its MongoDB dump processing records DB admin password in clear text.    This poses a security risk now only to the company but to the MongoDB itself. 

Is there a security patch ready to be pushed out to eliminate this risk?

Hey Sever Gurus - 

There might times where it would really nice to have a group of workflows that were logically related that you wanted to run without having to invoke a 'run now' for each workflow individually.  Sure, you could technically get there with the Runner macro, but in my case, there are intermittent scenarios in which I'd like to be able to run a set of related workflows to kick the tires, but they run at different schedule frequencies during normal operations.  As it stands now, I have to go hunt through 39239 different workflows, find the 12 associated with project X and tell it to blast away individually.  This brings me a great sadness.  

So what I'd like to be able to have is some flavor of named / logical grouping I could attach to a workflow at upload to scheduling time, I could then tell the scheduler to show me / run everything attached to that grouping.  

Thanks!

brian

We have configured the service account for Alteryx services on workers, controllers and Gallery. Kindly go through the below problem statement and current scenario and help to provide solution.

I will appreciate if we can setup a 30 minutes call and discuss on it.

Purpose/Current Design :

1. Our purpose was to on board the account in EPV-AIM/gMSA solution so that password won’t be hard-coded anywhere in the config for service LAN account.
2. Use same LAN service account to run the workflow on workers and write the output at destination paths [ Shared paths, Mailboxes]
3.  

Problem Statement  :

As we have added service LAN account  in multiple AD groups [ global and local ] it has become member of 440+ groups which has resulted in the approx.. token size to 8421.

Active directory has a limit of having approx.. token size to 10000 (10k) for LAN accounts and after that it will fail to authenticate with AD ; which will result in failure of starting Alteryx services.

Please refer below link to know what exactly issue we are facing and looking solution from Product team[Alteryx].

https://www.jijitechnologies.com/blogs/active-directory-token-bloat

We are looking from the Alteryx team :

1. Find a solution and provide some enhancement where we can use multiple (more than one) LAN accounts to run the workflows.
2. In Large scale when we are running workflows of different team’s it is obvious that LAN ID will be member of multiple AD groups and it will reach to Token bloat threshold.
3. We are looking something which can be provided as solution within the same setup to add multiple accounts or any other solution .

We already explored the option you suggested [https://help.alteryx.com/current/server/credentials] but as per our firm’s password policy we cannot save/use/withdraw privilege account passwords.

Because if we go with the suggested option we have to add the particular accounts in Windows server privilege group [ Log on as service, App_Security Logon locally and run batch job].

To meet compliant policy ; Any account which is privilege should be considered as app to app account and it should be integrated with Microsoft’s gMSA or CyberArk’s EPV-AIM solution to be on boarded account in vault. [ No human interaction with account ]

Feel free to reach out to me for any additional clarifications.

Alteryx server APIs are associated with Subscription ( private or shared studio) and an Artisan could be part a of either a private or shared studio. In an enterprise environment you want the ability of scheduling workflows from private studio ( automation of private workflows) and shared studio ( production automation). You can achieve both in an enterprise environment with governance and control if Artisans ( along with Curators) have the ability to switch subscriptions. This will enable them to publish workflow in their private studio for automating personal workflows and in shared studio for production automation. In this way admin or curator still control the data connection creation and assignment , run as credentials but switching subscriptions can be provided to Artisans as well.

Shared studio's private api key and secret can be setup in other scheduling systems such as Ctrl-M and individual leaving or moving departments will not have any impact  on the scheduling configuration.

The workflow execution log file is locked while execution is in progress. Can we look at making the log file available in read only mode while execution is in progress. This will to triage any performance issues on run time and track the progress on run time, rather than waiting for completion of entire process.