Alteryx Server Ideas

Hi All,

Is there any plan to create an automated way of publishing apps/workflows to the gallery. This has been a common painpoint for me on several different projects when I explain how manual of a process this is.

I'd imagine this could easily be solved by adding an additional API call to their library. Ideally, you'd be able to point the gallery to a shared folder with workflows you want to push (git repo functionality would even be better), and have it just move the .xml scripts to the server/mongoDB.

Best,

dK

So - one of the biggest challenges that we have with the MongoDB used by Alteryx Server is that we continually have issues with locking (where our admins have to go in and undo locks)

Additionally - the current implementation of MongoDB connectivity does not support full Kerberos authentication which means that we're on a non-compliant install (which in a large enterprise is an uncomfortable place).

Given that a very large amount of what the server does is transactional - it would make sense to have an option to use a large-scale SQL server instead of using Mongo.   For large enterprise customers, there must be flexibility to allow the databases that they have large supported instances of (my strong preference would be MS SQL 2016).

MS SQL natively supports XML so all the canvasses can be stored in native format.   Additionally, MS SQL allows very fast query across XML, and given the clustering and reporting capabilities in MS SQL, this would dramatically increase our ability to self-manage our infra.

Given that Alteryx is looking more and more at large Enterprise customers - a move to a large-scale clustered SQL env as the back-end would be a very positive move.

NOTE: as we consider DB options for a SQL backend - please consider your large-scale enterprise customers.   For example - MS SQL or Oracle or DB2 are all much more prevalent in enterprises than databases like Postgres - so it's important to focus on the enterprise support for the DB that you choose.

+ @Deeksha @avinashbonu @revathi @BenBu

Hi,

I have an existing app in my company's gallery. I updated the app in the gallery to not allow others to download. I just made changes to the desktop version of the app and saved it to the gallery, then went thru the steps of replacing my existing gallery app with the new version (this part I like). BUT, after updating the app, when I went back into the app settings, the option for others to download was checked again. To me, the app should inherit anything that was manually done to it in the gallery, like making it not downloadable. Is it possible to have this changed in a future release?

Thanks!

Use Cases:

1. As a server admin, planned PM outages should be scheduled.  These outages should prevent jobs from beginning execution (window of time) prior to the outage.  Jobs running at the time of the cut-off should be system-cancelled.  
2. As a server admin, unplanned outages should cause running jobs to stop.  At the conclusion of an outage, jobs that are system cancelled should be restarted.

Currently, we use Task Manager to control Alteryx Service (or command line).  An administrative function within Alteryx should support graceful stopping and starting of the service as user jobs are interrupted (or can be) by our activities.  While I currently post messages to users alerting them to admin activities, I am asked why Tableau can restart jobs (admin) and we can't.  Other admins have asked what is "hanging" alteryx service up for a STOP command.  I have explained that all jobs must be stopped in order for a quick restart of the service.  

We're using a single server today (this client) and plan to add workers to the configuration.   It would be helpful to know where work is running and be able to use admin functions across the servers.

Cheers,

Mark

Alteryx server should support certificate authentication internally within the app (i.e. to the internal MongoDB) rather than password based authentication? this is not User Authentication for Gallery and workflows but the Alteryx Application itself and how it authenticates against the MongoDB.  this would allow it to be installed in Very Secure environments that insist on stronger authentication methods.

Aliases are a really powerful tool, particularly when you have multiple environments (EG Test, Prod) and need a published workflow to work without any code changes (In particular in an IT or Release/Change Control model).  By configuring a system alias on your Test and Prod servers, code will dynamically point to the correct server.

However, aliases can be somewhat cumbersome if you have a lot of databases on a server, and those database names change by environment.  Effectively, you end up needing an alias for each Database, which runs into naming convention and standardization issues.

Having the ability to configure a "database value" or a "database alias" would do a lot to help this.  This could either be a file that would be attached (allowing for easy config changes without risk of modifying the underlying code structure) or a secondary tier of aliases, so that a connection string might go from:

aka:SQLSERVER (contains sqlserver and database information)

to:

aka:SQLSERVER||aka:database - so that at runtime Alteryx would evaluate the SQLSERVER alias and the database alias to create the correct connection string for that environment.

Why not?

1. How about having Alteryx Designer with Scheduler (may be hard to do on Server OS)
2. Alteryx Server/Gallery Setup for exercising Admin capabilities..
   
3. Having a Demo Alteryx Connect session capable to interact with multiple online users/testers
4. Alteryx Promote on CloudShare to try and test quick deployment before buying?

Alteryx designer has a 3 hour demo session on CloudShare but no Server, no Connect, no Promote!

 Looking forward to try and test before you buy? Than give me a "like" please...

When a user adds a canvas to the gallery - we need to be able to ask for a set of mandatory attributes on every canvas which are tied to meta-data.

So - in our world, these would be:

- Which business line does this belong to (pick from a list)

- What business process does this belong to (multi-select from a tree)

- Which part of the organization does this belong to (multi-select from an org tree).

- Who is the canvas owner as a developer; and as a Line-of-business owner (there are two different versions of the word "Owner" to us)

Every canvas that's booked into the gallery needs to have these fields added to the canvas so that we can inform the right person if a canvas fails, understand which part of our business is impacted, look at velocity & density analytics; etc.

This then requires a few pieces to be set up on the server up-front:

- Define your meta-data elements (tree; drop-down list; etc).   Admin will need to set this up in the beginning

- Define which meta-data elements are mandatory; and which are optional for every canvas.

- When these meta-data structures change - there needs to be a process that forces the owners to update them again.   For example if we change our org structure, that will invalidate some of the meta-data tagging on assets.

- If a user leaves the firm, owner information needs to be forced to be updated

Happy to talk this one through - for any large corporate env, tagging assets like this is super-critical, and this would need to be flexible because every org has a different set of tagging needs.

cc: @Deeksha @avinashbonu @revathi 

We have the need to bulk-add users, and to bring in their information (full name; location; etc) from Active directory.

Right now, adding users is a 1:1 process which is highly painful.

Desire is to be able to take a list of Kerberos IDs, and bulk add them as users - and then select a group of them and permission either for the gallery; or for designer licenses.

cc: @revathi @avinashbonu @Deeksha

My company, a very large organization, is in the early implementation phase of Alteryx right now. My company requires frequent password changes and we plan on making heavy use of Shared Connections since there are also many shared data sources. Unfortunately, this would mean that every time a credential has changed that affects a workflow, the credential holder would have to contact Server Administration (me), and I would have to update any Shared Connections or other assets that use those credentials. This problem is exacerbated by also having to manage user permissions and which users belong in each Subscription Right now, that is not much of a big deal, but as the number of users begins to scale, this could become a very daunting task.

My current solution is to create Subscriptions for each Department, Group, or Team and give one person from that Subscription Curator permissions. This enables each Department to work more autonomously and reduces the load for Server Admin. The issue is that there is no permission level between the publishing rights of an Artisan and the ubiquitous acces of a Curator. So, with my solution, any one of the Subsription Curators can start using connections they're not supposed to have access to or deleting/stopping scheduled flows, intentionally or otherwise.

I propose that we find a middle ground between Curator and Artisan, a (Studio) Moderator. This person can be assigned one or more subscriptions by a full Curator and will have Curator-like permission, but only to the assigned Subscriptions. This means that they will be able to add/modify Credentials, Connections, and/or Scheduled under the envelope of their Subscriptions, but they won't have access to any others. I believe that this solution will mitigate the possible overflow of tedium to the true Curators while allowing the powerful communal features of Alteryx be used to their full potential.

There is no good way to get server user credentials into a workflow without asking them for it in an App interface.  It would be great if we could have a built in Constant that could be used to silently pass user credentials into a workflow for things like API's or logging user information.

Currently, if you want to change from Built-in to Windows Authentication, you have to:

To switch authentication types, you'll need to start from scratch.


1. Stop the AlteryxService
2. Open a Windows Folder Explorer and go to the directory you have MongoDB loaded (System Settings->Controller->Persistence->Data Folder
3. Rename or delete that folder (a simple backup would be to rename the folder, you can move it to another directory as well)
4. Open the Alteryx Server System Settings and click next to Gallery->General.
5. Select the new Authentication process you would like to use.
6. Finish the System Settings and the new database will be created.

The Gallery and Scheduler databases are closely tied.  Workflows that are uploaded, results created, and schedules created from the Gallery are stored in the Scheduler database.  So you will need to start from scratch on both the Gallery and in the Scheduler.

This is a non-starter for any company that has any amount of time invested in establishing the use of the Gallery.   Starting over is not an option, but improving security, streamlining access protocols as a part of overall data governance is a must.  Please consider fixing the authentication protocol to make it so we don't have to start over.

Thank you,

The shared data connections from the Gallery have been very helpful in centralizing data connection information between desktop users and their workflows when saved to the Gallery. The In-DB tools currently cannot take advantage of the Gallery Data Connections and require a completely separate setup that is both confusing and adds additional connection management work for creation/password changes. 

It would be a great enhancement to Alteryx if all connections for the different types of tools could be centrally managed from the shared Data Connections manager found in the Gallery.

Best regards,

Ryan

Hello Alteryx Devs - 

So, I'm poking around the Atlerxy Gallery API stuff with an eye toward building a set of classes that can interact with workflows without exposing Gallery proper to the community at large.  That being said, I was a little dismayed to find that all interactions require inclusion of *user specific* API Keys and Secrets.  It can be dealt with, but ultimately it means that configuring a middleware tier between the real world and Alteryx server requires an additional hierarchical level; i.e., understanding which of the developers came up with workflow X and having *their* API Key / Secret attached at configuration time.  

Anyways, it might be easier to just have a global trusted key / (super) secret.  If you get that, you can execute a workflow.  

Maybe we have a special studio that people could clone to, and in this way, you'd only have to track a single key/secret outside.  

I mean, the existing system works OK for one offs, but if you wanted to have a (semi) modular system in place, dependence on understanding publishing entity specifics seems to muck things up for no discernible benefit.  Of course, maybe in some places there is benefit to this scheme (?), but it is causing me to craft some weird work arounds early in development, which gives me a sinking feeling.

Or am I doing it wrong? 

Thanks for listening. 

brian

I love the gallery data connection feature - we're going through some big systems architecture changes, resulting in new locations for many datasets. Having a single place in the Gallery Admin area to update connection information works beautifully.

We're running into issues with the gallery-hosted data connections when trying to run some apps on our private gallery though. The trouble comes up when the gallery-hosted data connection appears inside a macro that's part of an app. We get an "Unable to translate alias" error when trying to run these types of apps.

If we have an app using gallery-hosted data connections that are outside of a macro, the gallery is able to resolve the connection alias fine and work properly. The issue only appears when the gallery data connection is part of a macro used inside an app.

We use macros a lot in our app development because it allows us to use standard methods for accomplishing common tasks. Using macros also enables us to set up automated testing workflows to make sure our processes produce expected results. As it is, we're unable to take full advantage of the gallery-hosted data connections because they don't work within macros, and instead have to continue using hardcoded connection strings. These are a bigger maintenance burden as our underlying systems evolve and are updated.

Although the connectivity to the eMail infrastructure is set up on the controller and worker nodes - there is no ability to set up automated alerting for errors on workflows from the server.

We would like to be able to set up the gallery as follows:

- Every job is owned by a user or a distribution list

- If that workflow throws an error or warning (this should be configurable on the server, whether warnings are included), then the author should be e-mailed with a link to the specific workflow and the error log.

This can be done in a round-about way, by running an error-reporting alteryx job after the fact - but this kind of alert needs to go out almost immediately given our dependance on Alteryx for specific SLAs.

cc: @avinashbonu ; @Deeksha ; @revathi

Currently the Gallery's Admin API is a bit light on functionality. It only works with data connections & workflows and not regular server admin functions. Endpoints I'd love to see, but not limited to, are:

• Create/modify/diable users
• Create/modify/delete subscriptions (including assigning users to subscriptions)
• Job status
• Add/modify/delete workflow schedules

Suggested information to be included in audit logs.

A secure audit record of all activities on the system:

1. General user access
2. User creates / modifies / archives / deletes data (ie: history on what the user did)
3. Administrator actions

At minimum the logs should include the following:

1. Unique user identifier
2. Unique data subject identifier
3. Function performed by the users
4. Date/time stamp of what was performed by user

I believe many customers could benefit from this type of audit logging, especially those who are required to obtain specific security certifications for their alteryx deployments.  From what I can see online there does not seem to be out of the box functionality for this. If anyone has implemented any type of audit logging like this please feel free to comment.

Thanks

-Vincent