cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Regular Visitor

Power BI on-premises data gateway on DMZ?

Does anyone have experience placing the gateway in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet)?

If the data gateway is on a VM in the DMZ and the VM is not joined to the domain/forest then it not will be able to connect to an analysis server I assume since SSAS requires windows authentication. We would still be able to connect to a SQL Server though.

 

Is placing a gateway on the DMZ not a recommended approach? anyone has experience with this approach please.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi @MayAS ,

 

As you said, there are limitations, which are caused by the characteristics of gateways and SSAS.

https://docs.microsoft.com/en-us/data-integration/gateway/service-gateway-onprem-indepth

SSAS and gateways can be installed on different computers in the same domain, and you may resolve this limitation in other complex ways in different domains .

 

Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

3 REPLIES 3
Highlighted
New Member

I have set up a gateway on a DMZ through ESXI. However, we created an SSIS job to copy the neccesary info from a production server to the server on the DMZ so that no access to the network was needed.

Also, you should be able to connect to SSAS via basic auth btw.

https://docs.microsoft.com/en-us/analysis-services/instances/authentication-methodologies-supported-...

Highlighted

Thank you for the information. In this case I would have to create a job that copies the SSAS model to a server on the DMZ which would work.

 

In the case though that the data gateway and SSAS are not on the same domain, it won't work because for data gateway SSAS data sources there seems to be only one option which is a windows user for authentication. I'm assuming that's why Microsoft indicates that for SSAS data sources the data gateway and analysis server have to be on the same domain/forest.

 

See this link

https://docs.microsoft.com/en-us/power-bi/connect-data/service-gateway-enterprise-manage-ssas

 

It has the following two notes

 

"If you have an Analysis Services data source, you need to install the gateway on a computer joined to the same forest/domain as your Analysis Services server."

 

"The Windows account you enter must be a member of the Server Administrator role on the Analysis Services instance you're connecting to. If this account’s password is set to expire, users could get a connection error if the password isn’t updated for the data source"

Highlighted

Hi @MayAS ,

 

As you said, there are limitations, which are caused by the characteristics of gateways and SSAS.

https://docs.microsoft.com/en-us/data-integration/gateway/service-gateway-onprem-indepth

SSAS and gateways can be installed on different computers in the same domain, and you may resolve this limitation in other complex ways in different domains .

 

Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Community Conference

Microsoft Power Platform Communities

Check out the Winners!

secondImage

Create an end-to-end data and analytics solution

Learn how Power BI works with the latest Azure data and analytics innovations at the digital event with Microsoft CEO Satya Nadella.

Top Solution Authors
Top Kudoed Authors