Bob Duffy

• 27 years in database sector, 250+ projects

• SQL Server MCA, MCM, MVP
• SSAS Maestro
• Senior Data Platform Consultant with Microsoft 2005-2008
• Database Architect at Prodata SQL Centre of Excellence

http://blogs.prodata.ie/author/bob.aspx
bob@prodata.ie
Agenda
• Gateway Architecture
• On premise gateway installation
• Cloud gateway configuration
• Identity / Security
• Deployment Topologies
• Troubleshooting
• Fun with Power Apps using the gateway
• Q+A
Cloud Data Cloud Source Data

Cloud Source Data

Gateway Architecture
Users

Identity

Azure Active Directory

Cloud Source Data

HTTPS
Queries /
Mashups

Power BI Desktop Power

Power BIBI Service
Service

AppWorkspace
App Workspace
AppApp
Cloud Services and Apps Query
Dashboards
Dashboards Publish
Publish
Dashboards
Dashboards Alerts
Alerts
App
App
Publish
DataSets PBIX Reports
Reports
Reports
Reports Subscriptions
Subscriptions
Workbooks
Workbooks
Workbooks
Workbooks Print/Export
Print/Export
Reports
DataSets
DataSets
DataSets
DataSets Access
Access

Data Gateway Source Settings

On Premise Source Data ON-Premises
Data Gateway

SSAS Models

SQL / CRM / ERP / LOB

Scheduled Refresh (Import)
Excel Query / Import
Direct / Live Query
Files

Oracle

Mainframe
Getting data into Power BI
Option Where is Data Role of Gateway
Import Loaded into PBI Desktop Refresh entire dataset
Live Streamed from Model Run query on model
Direct Query Streamed from Source Run query on Source
Get Data
 How The Gateway Works
Azure Analysis
Power BI Microsoft Flow Power Apps Logic Apps
Services

Query
(DAX/SQL/MDX) Gateway Cloud Service
( In Azure)

Azure Service BUS

(Message Queue)

On premise Data Gateway

Analysis
SQL Excel Files
Services
https://docs.microsoft.com/en-us/power-bi/service-gateway-onprem-indepth
 Installation and Configuration

https://powerbi.microsoft.com/en-us/gateway/
Installation
The On-premise Gateway Service Account
• Only handles connection to cloud and service bus
(Does not need rights to any data sources)
• Connects to internet via computer account.
• Recommendation
• Use default unless very locked down / strict proxy server
The Cloud Gateway Service
• Gateway Installation creates Cloud Gateway
• You have to add Data Sources
• Each Data Source has
• Credentials are used to connect
• Credentials must have query access
Cloud Gateway Demo
SSO Identity for Models
• Only supported on SSAS
• In Azure Identity is via UPN in Azure Active Directory
• Gateway uses impersonation to send UPN to data source
• Most common Error is below (UPN Mapping)
UPN Mapping
• Azure AAD UPN Must match On-premise UPN
• DirSync matches usernames and UPNs
• Eg bob@prodata.ie
• What if it doesn’t?
• UPN Mapping feature in cloud gateway settings
• Change in Active Directory Controller
SSO Identity for Other Sources
• Direct Query ONLY for SQL and SAP Hana
• Supports using Kerberos to flow identity to data source
Implementing RLS
• First get Identity Working
• Test by using USERPRINCIPLENAME() function in dax.
• Add roles in Model with membership to AD groups or users
 RLS
and
Data Security
Deployment Options
• Depends On
• Capacity (Concurrency)
• High Availability
• Need for Isolation

Gateway
DWH
DW Server
and BI1 Appliance
Server BI Server
Gateway Server 2

On Premise
ETL andGateway
Integration On Premise Gateway
Reporting Services
ETL and Integration

Data Warehouse Analysis Services

Data
DWH Warehouse
Server BI Server

ETL and Integration Reporting Services

On Premise Gateway
Reporting Services
Data Warehouse Analysis Services

Analysis Services

On Premise Gateway
 Monitoring and
Troubleshooting
Firewall and Network Considerations
• Azure service Bus Needs these outbound port ranges
• 443, 5671, 5672, 9350-9354
• IP Range is as per Microsoft Datacenter IP List
• Recommendations
• whitelist IP ranges
• Recommendation: avoid proxy servers
• Express Route may need routing configuration

IP Ranges: https://www.microsoft.com/en-us/download/details.aspx?id=41653
Performance and Monitoring
• Windows Performance Object On-Premise data gateway

Performance Counter Usage

# of queries executed /sec Monitor for high usage to baseline
# of queries failed / sec If > 1 queries failing.
# of Mashup queries failed / sec If > 1 refresh failing
# of items in the Service Bus pool If high query back pressure
Process\Processor%\ If CPU% is high need consider
Microsoft.PowerBI.EnterpriseGatway dedicated box and more/better CPU.
*New* Load balancing
Troubleshooting
• Performance counters can show if error events
• On-premise gateway has diagnostics mode to generate logs
• SQL Profiler can trap errors with identity
• Fiddler can show network traffic
• Event Logs can show error messages
• Google and CSS Ticket are good options too ;-)
Fun with Power Apps
and the Gateway
What’s Your Favourite Laptop Survey ?
http://www.sql.ie/Survey
Thank You
Any Q+ A